LinuxQuestions.org
Download your favorite Linux distribution at LQ ISO.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices

Reply
 
Search this Thread
Old 02-24-2006, 03:27 AM   #1
divukman
Member
 
Registered: Sep 2005
Location: Split, Croatia
Distribution: Gentoo/Debian
Posts: 140
Blog Entries: 8

Rep: Reputation: 15
Question tiger report ?


Hi all,

I have this situation One home server and only ports open to the world are 80 and 25 (and irc-dancerd 'till today)... I've recently installed some security related tools (such as nessus)... Well to get to the point, this morning tiger reported

Code:
From: "Tiger automatic auditor at localhost.localdomain" <root@localhost.localdomain>
To: mito@mito.homelinux.org
Subject: Tiger Auditing Report for localhost.localdomain
Date: Fri, 24 Feb 2006 08:00:24 +0100

# Running chkrootkit (/usr/sbin/chkrootkit) to perform further checks...
NEW: --WARN-- [rootkit004w] Chkrootkit has detected a possible rootkit installation
NEW: Warning: Possible LKM Trojan installed
# Checking for existence of log files...
# Checking running processes
# Performing common access checks for root (in /etc/default/login, /securetty, and /etc/ttytab...
Why would tiger report this, since possibility of rootkit is (as I see it) near 0 (unless I did some sleep-walking)?

ps some googling said it could be a false report, and running manually chkrootkit finds nothing suspicious...however I'm puzzled as to what caused it

Last edited by divukman; 02-24-2006 at 03:49 AM.
 
Old 02-24-2006, 04:23 AM   #2
satinet
Senior Member
 
Registered: Feb 2004
Location: England
Distribution: Slackware 11, Sabayon 3.1
Posts: 1,464

Rep: Reputation: 46
well, i would think it's just that - a false report.

it looks like the automatic root kit detector isn't finding anything anyway.

software like this can be a bit jumpy...
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Ubuntu tiger scan? subjazz Linux - Security 5 02-25-2006 01:56 PM
Lire (log analysis, log report) no report in Mandriva 2005 LE (desktop usage) Emmanuel_uk Mandriva 0 01-16-2006 02:11 AM
gnome on mac os x tiger pieter023 *BSD 1 08-19-2005 06:48 PM
Compiling on Mac Tiger Baryonic Being Other *NIX 1 07-02-2005 03:17 PM
Tiger Jet modem Sandrocchio_0.1 Linux - Hardware 0 12-29-2003 05:22 PM


All times are GMT -5. The time now is 05:15 AM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration