LinuxQuestions.org
Did you know LQ has a Linux Hardware Compatibility List?
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices

Reply
 
Search this Thread
Old 04-16-2005, 02:34 PM   #1
ddaas
Member
 
Registered: Oct 2004
Location: Romania
Distribution: Ubuntu server, FreeBsd
Posts: 453

Rep: Reputation: 30
help me to understand the output of chkrootkit


The output of chkrootkit -q is:

/usr/lib/perl5/5.8.5/i386-linux-thread-multi/.packlist /usr/lib/perl5/site_perl/5.8.5/i386-linux-thread-multi/auto/DCOP/.packlist /usr/lib/perl5/vendor_perl/5.8.3/i386-linux-thread-multi/auto/NKF/.packlist /usr/lib/perl5/vendor_perl/5.8.5/i386-linux-thread-multi/auto/Gaim/.packlist /usr/lib/perl5/vendor_perl/5.8.5/i386-linux-thread-multi/auto/mod_perl/.packlist /usr/lib/qt-3.3/etc/settings/.qtrc.lock /usr/lib/qt-3.3/etc/settings/.qt_plugins_3.3rc.lock /lib/modules/2.6.9-1.667/build/.config /lib/modules/2.6.9-1.667/build/scripts/genksyms/.lex.o.cmd /lib/modules/2.6.9-1.667/build/scripts/genksyms/.genksyms.cmd /lib/modules/2.6.9-1.667/build/scripts/genksyms/.parse.o.cmd /lib/modules/2.6.9-1.667/build/scripts/genksyms/.genksyms.o.cmd /lib/modules/2.6.9-1.667/build/scripts/kconfig/.zconf.tab.o.cmd /lib/modules/2.6.9-1.667/build/scripts/kconfig/.conf.o.cmd /lib/modules/2.6.9-1.667/build/scripts/kconfig/.conf.cmd /lib/modules/2.6.9-1.667/build/scripts/kconfig/.mconf.o.cmd /lib/modules/2.6.9-1.667/build/scripts/kconfig/.libkconfig.so.cmd /lib/modules/2.6.9-1.667/build/scripts/mod/.modpost.o.cmd /lib/modules/2.6.9-1.667/build/scripts/mod/.empty.o.cmd /lib/modules/2.6.9-1.667/build/scripts/mod/.file2alias.o.cmd /lib/modules/2.6.9-1.667/build/scripts/mod/.modpost.cmd /lib/modules/2.6.9-1.667/build/scripts/mod/.mk_elfconfig.cmd /lib/modules/2.6.9-1.667/build/scripts/mod/.elfconfig.h.cmd /lib/modules/2.6.9-1.667/build/scripts/mod/.sumversion.o.cmd /lib/modules/2.6.9-1.667/build/scripts/.conmakehash.cmd /lib/modules/2.6.9-1.667/build/scripts/.pnmtologo.cmd /lib/modules/2.6.9-1.667/build/scripts/basic/.docproc.cmd /lib/modules/2.6.9-1.667/build/scripts/basic/.split-include.cmd /lib/modules/2.6.9-1.667/build/scripts/basic/.fixdep.cmd /lib/modules/2.6.9-1.667/build/scripts/.kallsyms.cmd

ppp0: PF_PACKET(/sbin/pppoe, /snort/bin/snort)
The tty of the following user process(es) were not found
in /var/run/utmp !
! RUID PID TTY CMD
! root 2696 tty4 /sbin/mingetty tty4
! root 2709 tty5 /sbin/mingetty tty5
! root 2817 tty6 /sbin/mingetty tty6

1) That are those files from lib?
2) What about my ttys?


Thanks
 
Old 04-18-2005, 05:41 PM   #2
username17
Member
 
Registered: Aug 2004
Location: Norfolk VA
Distribution: Slackware 11
Posts: 230

Rep: Reputation: 30
Maybe remove the "-q" argument.
Thats the "quiet" argument, when I ran chkrootkit it told me, not infected, nothing found ,etc.

Maybe that argument is removing the yes/no that you want to see.
GL
 
Old 04-19-2005, 02:28 AM   #3
ddaas
Member
 
Registered: Oct 2004
Location: Romania
Distribution: Ubuntu server, FreeBsd
Posts: 453

Original Poster
Rep: Reputation: 30
without -q option chkrootkit is more verbose. It returns those messages and also other messages: not infected, nothing found etc..
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
when I ./chkrootkit it says .... chemichael Fedora 2 08-18-2005 11:48 PM
cannot understand some dmesg output ninadb Slackware 8 06-29-2005 04:49 PM
chkrootkit ? jmanjeff Linux - Security 2 05-31-2005 11:15 PM
chkrootkit-0.45 aaru_ali Mandriva 1 04-25-2005 02:21 AM
Output of chkrootkit Toadman Linux - Security 2 08-14-2003 09:22 PM


All times are GMT -5. The time now is 11:52 AM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration