LinuxQuestions.org
Download your favorite Linux distribution at LQ ISO.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie
User Name
Password
Linux - Newbie This Linux forum is for members that are new to Linux.
Just starting out and have a question? If it is not in the man pages or the how-to's this is the place!

Notices


Reply
  Search this Thread
Old 06-16-2008, 01:19 AM   #1
kobin
LQ Newbie
 
Registered: Jun 2008
Posts: 1

Rep: Reputation: 0
chkrootkit scan on a fairly new kubuntu 8.04 desktop


Hey as my first post I would like to say I'm completely new to Linux, I ran a chkrootkit scan on my computer, because if there is one thing life has thought me, nothing is perfectly secure. I was just wondering if I should be worried about any of these.
Code:
root@zach-desktop:/# chkrootkit
ROOTDIR is `/'
Checking `amd'... not found
Checking `basename'... not infected
Checking `biff'... not found
Checking `chfn'... not infected
Checking `chsh'... not infected
Checking `cron'... not infected
Checking `crontab'... not infected
Checking `date'... not infected
Checking `du'... not infected
Checking `dirname'... not infected
Checking `echo'... not infected
Checking `egrep'... not infected
Checking `env'... not infected
Checking `find'... not infected
Checking `fingerd'... not found
Checking `gpm'... not found
Checking `grep'... not infected
Checking `hdparm'... not infected
Checking `su'... not infected
Checking `ifconfig'... not infected
Checking `inetd'... not infected
Checking `inetdconf'... not found
Checking `identd'... not found
Checking `init'... not infected
Checking `killall'... not infected
Checking `ldsopreload'... not infected
Checking `login'... not infected
Checking `ls'... not infected
Checking `lsof'... not infected
Checking `mail'... not found
Checking `mingetty'... not found
Checking `netstat'... not infected
Checking `named'... not found
Checking `passwd'... not infected
Checking `pidof'... not infected
Checking `pop2'... not found
Checking `pop3'... not found
Checking `ps'... not infected
Checking `pstree'... not infected
Checking `rpcinfo'... not infected
Checking `rlogind'... not found
Checking `rshd'... not found
Checking `slogin'... not infected
Checking `sendmail'... not found
Checking `sshd'... not infected
Checking `syslogd'... not infected
Checking `tar'... not infected
Checking `tcpd'... not infected
Checking `tcpdump'... not infected
Checking `top'... not infected
Checking `telnetd'... not found
Checking `timed'... not found
Checking `traceroute'... not found
Checking `vdir'... not infected
Checking `w'... not infected
Checking `write'... not infected
Checking `aliens'... no suspect files
Searching for sniffer's logs, it may take a while... nothing found
Searching for HiDrootkit's default dir... nothing found
Searching for t0rn's default files and dirs... nothing found
Searching for t0rn's v8 defaults... nothing found
Searching for Lion Worm default files and dirs... nothing found
Searching for RSHA's default files and dir... nothing found
Searching for RH-Sharpe's default files... nothing found
Searching for Ambient's rootkit (ark) default files and dirs... nothing found
Searching for suspicious files and dirs, it may take a while...
/usr/lib/jvm/.java-6-openjdk.jinfo
/usr/lib/xulrunner-1.9/.autoreg
/usr/lib/firefox/.autoreg
/lib/modules/2.6.24-18-generic/volatile/.mounted

Searching for LPD Worm files and dirs... nothing found
Searching for Ramen Worm files and dirs... nothing found
Searching for Maniac files and dirs... nothing found
Searching for RK17 files and dirs... nothing found
Searching for Ducoci rootkit... nothing found
Searching for Adore Worm... nothing found
Searching for ShitC Worm... nothing found
Searching for Omega Worm... nothing found
Searching for Sadmind/IIS Worm... nothing found
Searching for MonKit... nothing found
Searching for Showtee... nothing found
Searching for OpticKit... nothing found
Searching for T.R.K... nothing found
Searching for Mithra... nothing found
Searching for OBSD rk v1... nothing found
Searching for LOC rootkit... nothing found
Searching for Romanian rootkit... nothing found
Searching for Suckit rootkit... nothing found
Searching for Volc rootkit... nothing found
Searching for Gold2 rootkit... nothing found
Searching for TC2 Worm default files and dirs... nothing found
Searching for Anonoying rootkit default files and dirs... nothing found
Searching for ZK rootkit default files and dirs... nothing found
Searching for ShKit rootkit default files and dirs... nothing found
Searching for AjaKit rootkit default files and dirs... nothing found
Searching for zaRwT rootkit default files and dirs... nothing found
Searching for Madalin rootkit default files... nothing found
Searching for Fu rootkit default files... nothing found
Searching for ESRK rootkit default files... nothing found
Searching for rootedoor... nothing found
Searching for ENYELKM rootkit default files... nothing found
Searching for anomalies in shell history files... nothing found
Checking `asp'... not infected
Checking `bindshell'... not infected
Checking `lkm'... chkproc: nothing detected
Checking `rexedcs'... not found
Checking `sniffer'... lo: not promisc and no packet sniffer sockets
eth0: PACKET SNIFFER(/sbin/dhclient3[5516])
Checking `w55808'... not infected
Checking `wted'... chkwtmp: nothing deleted
Checking `scalper'... not infected
Checking `slapper'... not infected
Checking `z2'... chklastlog: nothing deleted
If this isn't the place for this post I apologize. Also thank you so much for any advice given.

Last edited by kobin; 06-16-2008 at 01:20 AM. Reason: Spelling error
 
Old 06-16-2008, 05:54 PM   #2
weibullguy
ReliaFree Maintainer
 
Registered: Aug 2004
Location: Kalamazoo, Michigan
Distribution: Slackware-current, Cross Linux from Scratch, Gentoo
Posts: 2,812
Blog Entries: 1

Rep: Reputation: 259Reputation: 259Reputation: 259
No rootkits were found and nothing was found to be infected. What, exactly, do you think you need to be worried about?
 
Old 06-24-2008, 05:32 PM   #3
linuxonbute
Member
 
Registered: May 2005
Location: North lincolnshire
Distribution: Mint 18 Cinnamon
Posts: 47

Rep: Reputation: 19
Quote:
Originally Posted by weibullguy View Post
No rootkits were found and nothing was found to be infected. What, exactly, do you think you need to be worried about?
I don't know about Kobin but I get a similar output to him and what concerns me is this bit :

Searching for suspicious files and dirs, it may take a while...
/usr/lib/jvm/.java-6-openjdk.jinfo
/usr/lib/xulrunner-1.9/.autoreg
/usr/lib/firefox/.autoreg
/lib/modules/2.6.24-18-generic/volatile/.mounted

It offers no comment so what is it reporting these for?

Is it that it doesn't know if these are alright or that it thinks something is wrong with them?
 
Old 06-24-2008, 07:48 PM   #4
unSpawn
Moderator
 
Registered: May 2001
Posts: 29,331
Blog Entries: 55

Rep: Reputation: 3530Reputation: 3530Reputation: 3530Reputation: 3530Reputation: 3530Reputation: 3530Reputation: 3530Reputation: 3530Reputation: 3530Reputation: 3530Reputation: 3530
Quote:
Originally Posted by linuxonbute View Post
/usr/lib/jvm/.java-6-openjdk.jinfo
(..)
Dot files. Ancient and weak way to "hide" files unless one uses 'ls -a'.


Quote:
Originally Posted by linuxonbute View Post
It offers no comment so what is it reporting these for?
It's likely in the docs, the (online) FAQ and the mailing list archives.


Quote:
Originally Posted by linuxonbute View Post
Is it that it doesn't know if these are alright or that it thinks something is wrong with them?
Chkrootkit doesn't do determination. It just lists items for you to investigate, verify and decide if it's OK or not.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
Kubuntu 8.04 desktop settings files Sjonnie48 Linux - Desktop 2 06-15-2008 06:56 PM
How do I configure Kubuntu Desktop? mitchell7man Ubuntu 5 04-10-2007 12:34 AM
Kubuntu Desktop (kubuntu-artwork-usplash) nixFreak Linux - Distributions 1 03-04-2007 08:09 PM
Kubuntu, Desktop blanking acook Ubuntu 1 02-08-2007 06:32 PM
Kubuntu not going to KDE desktop? Bondspy007 Ubuntu 16 03-07-2006 12:44 PM


All times are GMT -5. The time now is 08:25 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration