Skip site navigation (1)Skip section navigation (2)
Date:      Sun, 09 Apr 2006 22:21:31 +0200
From:      Michal Kapalka <michal.kapalka@gmail.com>
To:        Vitaliy K <vitaliy@vox.com.ua>
Cc:        questions@FreeBSD.org
Subject:   Re: chkrootkit
Message-ID:  <44396CCB.6000703@gmail.com>
In-Reply-To: <1788496101.20060409203951@alf-ua.com>
References:  <1788496101.20060409203951@alf-ua.com>

next in thread | previous in thread | raw e-mail | index | archive | help
Hi you can use also this port

/usr/ports/security/rkhunter

after the instalation update the database

rkhunter --update && rkhunter -c

Best regards Michal Kapalka
> ͳ, questions!
>
> I badly know english, beforehand I apologize for the illiteracy.
>
> I ask the help you in the decision of my problem.
>
> I   have   loaded   program   stock-takings   rootkit   from   a  site
> http://www.chkrootkit.org/.
>
> Has  started,  and  has received below resulted result. I am disturbed
> with a line   Checking `date'... INFECTED
>
> # ./chkrootkit
> ROOTDIR is `/'
> Checking `amd'... not infected
> Checking `basename'... not infected
> Checking `biff'... not infected
> Checking `chfn'... not infected
> Checking `chsh'... not infected
> Checking `cron'... not infected
> Checking `date'... INFECTED
> Checking `du'... not infected
> Checking `dirname'... not infected
> Checking `echo'... not infected
> Checking `egrep'... not infected
> Checking `env'... not infected
> Checking `find'... not infected
> Checking `fingerd'... not infected
> Checking `gpm'... not found
> Checking `grep'... not infected
> Checking `hdparm'... not found
> Checking `su'... not infected
> Checking `ifconfig'... not infected
> Checking `inetd'... not infected
> Checking `inetdconf'... not infected
> Checking `identd'... not found
> Checking `init'... not infected
> Checking `killall'... not infected
> Checking `ldsopreload'... not tested
> Checking `login'... not infected
> Checking `ls'... not infected
> Checking `lsof'... not found
> Checking `mail'... not infected
> Checking `mingetty'... not found
> Checking `netstat'... not infected
> Checking `named'... not infected
> Checking `passwd'... not infected
> Checking `pidof'... not found
> Checking `pop2'... not found
> Checking `pop3'... not found
> Checking `ps'... not infected
> Checking `pstree'... not found
> Checking `rpcinfo'... not infected
> Checking `rlogind'... not infected
> Checking `rshd'... not infected
> Checking `slogin'... not infected
> Checking `sendmail'... not infected
> Checking `sshd'... not infected
> Checking `syslogd'... not infected
> Checking `tar'... not infected
> Checking `tcpd'... not infected
> Checking `tcpdump'... not infected
> Checking `top'... not infected
> Checking `telnetd'... not infected
> Checking `timed'... not infected
> Checking `traceroute'... not infected
> Checking `vdir'... not found
> Checking `w'... not infected
> Checking `write'... not infected
> Checking `aliens'... no suspect files
> Searching for sniffer's logs, it may take a while... nothing found
> Searching for HiDrootkit's default dir... nothing found
> Searching for t0rn's default files and dirs... nothing found
> Searching for t0rn's v8 defaults... nothing found
> Searching for Lion Worm default files and dirs... nothing found
> Searching for RSHA's default files and dir... nothing found
> Searching for RH-Sharpe's default files... nothing found
> Searching for Ambient's rootkit (ark) default files and dirs... nothing found
> Searching for suspicious files and dirs, it may take a while... nothing found
> Searching for LPD Worm files and dirs... nothing found
> Searching for Ramen Worm files and dirs... nothing found
> Searching for Maniac files and dirs... nothing found
> Searching for RK17 files and dirs... nothing found
> Searching for Ducoci rootkit... nothing found
> Searching for Adore Worm... nothing found
> Searching for ShitC Worm... nothing found
> Searching for Omega Worm... nothing found
> Searching for Sadmind/IIS Worm... nothing found
> Searching for MonKit... nothing found
> Searching for Showtee... nothing found
> Searching for OpticKit... nothing found
> Searching for T.R.K... nothing found
> Searching for Mithra... nothing found
> Searching for OBSD rk v1... nothing found
> Searching for LOC rootkit ... nothing found
> Searching for Romanian rootkit ... nothing found
> Searching for Suckit rootkit ... nothing found
> Searching for Volc rootkit ... nothing found
> Searching for Gold2 rootkit ... nothing found
> Searching for TC2 Worm default files and dirs... nothing found
> Searching for Anonoying rootkit default files and dirs... nothing found
> Searching for ZK rootkit default files and dirs... nothing found
> Searching for ShKit rootkit default files and dirs... nothing found
> Searching for AjaKit rootkit default files and dirs... nothing found
> Searching for zaRwT rootkit default files and dirs... nothing found
> Searching for anomalies in shell history files... nothing found
> Checking `asp'... not infected
> Checking `bindshell'... not infected
> Checking `lkm'... nothing detected
> Checking `rexedcs'... not found
> Checking `sniffer'... rl0 is not promisc
> plip0 is not promisc
> Checking `w55808'... not infected
> Checking `wted'... nothing deleted
> Checking `scalper'... not infected
> Checking `slapper'... not infected
> Checking `z2'... nothing deleted
>
>
> Mine   FreeBSD:   FreeBSD   server.alf-ua.com   5.2.1-RELEASE  FreeBSD
> 5.2.1-RELEASE     #0:     Wed     Jan    11    12:41:53    GMT    2006
> root@:/usr/src/sys/i386/compile/kernel_11.01.06 i386
>
> Has  come  home, has put same FreeBSD on a domestic computer, the same
> report,   Checking `date'... INFECTED
>
> How to me to be? It is a mistake of developers of the program or yours?
>
> With impatience I wait for your answer.
>
> Beforehand thanks.
>
>
> ______________________________________
>
>  Vitaliy K
>
>  vitaliy@vox.com.ua 
>  http://www.vox.com.ua
>  #icq 251618733 
>
>
>
>
>
> _______________________________________________
> freebsd-questions@freebsd.org mailing list
> http://lists.freebsd.org/mailman/listinfo/freebsd-questions
> To unsubscribe, send any mail to "freebsd-questions-unsubscribe@freebsd.org"
>
>   




Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?44396CCB.6000703>