View the Most Wanted LQ Wiki articles.
Go Back > Forums > Linux Forums > Linux - Security
User Name
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.


LinkBack Search this Thread
Old 04-16-2005, 02:34 PM   #1
Registered: Oct 2004
Location: Romania
Distribution: Ubuntu server, FreeBsd
Posts: 452

Rep: Reputation: 30
help me to understand the output of chkrootkit

The output of chkrootkit -q is:

/usr/lib/perl5/5.8.5/i386-linux-thread-multi/.packlist /usr/lib/perl5/site_perl/5.8.5/i386-linux-thread-multi/auto/DCOP/.packlist /usr/lib/perl5/vendor_perl/5.8.3/i386-linux-thread-multi/auto/NKF/.packlist /usr/lib/perl5/vendor_perl/5.8.5/i386-linux-thread-multi/auto/Gaim/.packlist /usr/lib/perl5/vendor_perl/5.8.5/i386-linux-thread-multi/auto/mod_perl/.packlist /usr/lib/qt-3.3/etc/settings/.qtrc.lock /usr/lib/qt-3.3/etc/settings/.qt_plugins_3.3rc.lock /lib/modules/2.6.9-1.667/build/.config /lib/modules/2.6.9-1.667/build/scripts/genksyms/.lex.o.cmd /lib/modules/2.6.9-1.667/build/scripts/genksyms/.genksyms.cmd /lib/modules/2.6.9-1.667/build/scripts/genksyms/.parse.o.cmd /lib/modules/2.6.9-1.667/build/scripts/genksyms/.genksyms.o.cmd /lib/modules/2.6.9-1.667/build/scripts/kconfig/ /lib/modules/2.6.9-1.667/build/scripts/kconfig/.conf.o.cmd /lib/modules/2.6.9-1.667/build/scripts/kconfig/.conf.cmd /lib/modules/2.6.9-1.667/build/scripts/kconfig/.mconf.o.cmd /lib/modules/2.6.9-1.667/build/scripts/kconfig/ /lib/modules/2.6.9-1.667/build/scripts/mod/.modpost.o.cmd /lib/modules/2.6.9-1.667/build/scripts/mod/.empty.o.cmd /lib/modules/2.6.9-1.667/build/scripts/mod/.file2alias.o.cmd /lib/modules/2.6.9-1.667/build/scripts/mod/.modpost.cmd /lib/modules/2.6.9-1.667/build/scripts/mod/.mk_elfconfig.cmd /lib/modules/2.6.9-1.667/build/scripts/mod/.elfconfig.h.cmd /lib/modules/2.6.9-1.667/build/scripts/mod/.sumversion.o.cmd /lib/modules/2.6.9-1.667/build/scripts/.conmakehash.cmd /lib/modules/2.6.9-1.667/build/scripts/.pnmtologo.cmd /lib/modules/2.6.9-1.667/build/scripts/basic/.docproc.cmd /lib/modules/2.6.9-1.667/build/scripts/basic/.split-include.cmd /lib/modules/2.6.9-1.667/build/scripts/basic/.fixdep.cmd /lib/modules/2.6.9-1.667/build/scripts/.kallsyms.cmd

ppp0: PF_PACKET(/sbin/pppoe, /snort/bin/snort)
The tty of the following user process(es) were not found
in /var/run/utmp !
! root 2696 tty4 /sbin/mingetty tty4
! root 2709 tty5 /sbin/mingetty tty5
! root 2817 tty6 /sbin/mingetty tty6

1) That are those files from lib?
2) What about my ttys?

Old 04-18-2005, 05:41 PM   #2
Registered: Aug 2004
Location: Norfolk VA
Distribution: Slackware 11
Posts: 230

Rep: Reputation: 30
Maybe remove the "-q" argument.
Thats the "quiet" argument, when I ran chkrootkit it told me, not infected, nothing found ,etc.

Maybe that argument is removing the yes/no that you want to see.
Old 04-19-2005, 02:28 AM   #3
Registered: Oct 2004
Location: Romania
Distribution: Ubuntu server, FreeBsd
Posts: 452

Original Poster
Rep: Reputation: 30
without -q option chkrootkit is more verbose. It returns those messages and also other messages: not infected, nothing found etc..


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off
Trackbacks are Off
Pingbacks are On
Refbacks are Off

Similar Threads
Thread Thread Starter Forum Replies Last Post
when I ./chkrootkit it says .... chemichael Fedora 2 08-18-2005 11:48 PM
cannot understand some dmesg output ninadb Slackware 8 06-29-2005 04:49 PM
chkrootkit ? jmanjeff Linux - Security 2 05-31-2005 11:15 PM
chkrootkit-0.45 aaru_ali Mandriva 1 04-25-2005 02:21 AM
Output of chkrootkit Toadman Linux - Security 2 08-14-2003 09:22 PM

All times are GMT -5. The time now is 12:15 AM.

Main Menu
Write for LQ is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration