LinuxQuestions.org
Help answer threads with 0 replies.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Distributions > Debian
User Name
Password
Debian This forum is for the discussion of Debian Linux.

Notices


Reply
  Search this Thread
Old 06-09-2008, 04:34 PM   #1
frenchn00b
Senior Member
 
Registered: Jun 2007
Location: E.U., Mountains :-)
Distribution: Debian, Etch, the greatest
Posts: 2,546

Rep: Reputation: 57
Help, Debian stable, getting crazy. Using up the /var/log in full space... :(


Hello,

The Debian stable, is getting crazy. Using up the /var/log in full space...
Please find the 780MB .. files that are generated for I dont know which reason...

http://img116.imageshack.us/img116/9...apshot1gw2.png

thanks
Happy Tux
 
Old 06-09-2008, 04:38 PM   #2
AlucardZero
Senior Member
 
Registered: May 2006
Location: USA
Distribution: Debian
Posts: 4,824

Rep: Reputation: 615Reputation: 615Reputation: 615Reputation: 615Reputation: 615Reputation: 615
um.. what are you asking?

I found them, they're on the top of that screenshot. Your system is processing a lot of mail.
 
Old 06-09-2008, 04:46 PM   #3
frenchn00b
Senior Member
 
Registered: Jun 2007
Location: E.U., Mountains :-)
Distribution: Debian, Etch, the greatest
Posts: 2,546

Original Poster
Rep: Reputation: 57
Quote:
Originally Posted by AlucardZero View Post
um.. what are you asking?

I found them, they're on the top of that screenshot. Your system is processing a lot of mail.
ahhh that's very strange... would you know how to check that sendmail box?
 
Old 06-09-2008, 04:55 PM   #4
Dutch Master
Senior Member
 
Registered: Dec 2005
Posts: 1,686

Rep: Reputation: 124Reputation: 124
Disconnect this machine from the internet right now... You may be abused as relay to spam others! Then you can figure out what went wrong....
 
Old 06-09-2008, 05:18 PM   #5
frenchn00b
Senior Member
 
Registered: Jun 2007
Location: E.U., Mountains :-)
Distribution: Debian, Etch, the greatest
Posts: 2,546

Original Poster
Rep: Reputation: 57
Quote:
Originally Posted by Dutch Master View Post
Disconnect this machine from the internet right now... You may be abused as relay to spam others! Then you can figure out what went wrong....
thanks a LOT LOT !! Done...
I hope that's not a big mess this machine ...

I dont know what to first start to check ?

Last edited by frenchn00b; 06-09-2008 at 05:20 PM.
 
Old 06-09-2008, 06:17 PM   #6
Dutch Master
Senior Member
 
Registered: Dec 2005
Posts: 1,686

Rep: Reputation: 124Reputation: 124
Note that I can't be sure if your machine is abused for spamming, but it never hurts to investigate...

The obvious first step is to look at the logs: see if there are any messages relayed to others, that is: these are send but not addressed to you so your mailserver forwards them further. If that's the case, look at your config file. There are plenty online tutorials available that teach you how to make your mailserver safe, I won't go into that.

Did you note a drop in activity as you disconnected the machine from the internet? If there is, it's a sure sign it was abused in some way.

Next step: get a trusted LiveCD to investigate the integrity of your system. I.e. is the machine still controlled by you or by someone else? In the latter case, you've been 'rootkitted', that means someone took control of your system by installing special software that appears you control it, but effectively opens it up to whomever managed to install the rootkit on your system. Professionals use several programs, but Rootkit Hunter is a firm favorite for many. Secure LiveCD for this type of intrusion is Helix Mind you, the latest release is nearly a year old. Probably better to search for more up to date systems. But it gives you at least an idea of what's going on...
 
Old 06-10-2008, 01:02 PM   #7
frenchn00b
Senior Member
 
Registered: Jun 2007
Location: E.U., Mountains :-)
Distribution: Debian, Etch, the greatest
Posts: 2,546

Original Poster
Rep: Reputation: 57
Quote:
Originally Posted by Dutch Master View Post
Note that I can't be sure if your machine is abused for spamming, but it never hurts to investigate...

The obvious first step is to look at the logs: see if there are any messages relayed to others, that is: these are send but not addressed to you so your mailserver forwards them further. If that's the case, look at your config file. There are plenty online tutorials available that teach you how to make your mailserver safe, I won't go into that.

Did you note a drop in activity as you disconnected the machine from the internet? If there is, it's a sure sign it was abused in some way.

Next step: get a trusted LiveCD to investigate the integrity of your system. I.e. is the machine still controlled by you or by someone else? In the latter case, you've been 'rootkitted', that means someone took control of your system by installing special software that appears you control it, but effectively opens it up to whomever managed to install the rootkit on your system. Professionals use several programs, but Rootkit Hunter is a firm favorite for many. Secure LiveCD for this type of intrusion is Helix Mind you, the latest release is nearly a year old. Probably better to search for more up to date systems. But it gives you at least an idea of what's going on...
I will look today in details

changes happened when I installed this :
http://yellowprotoss.ye.funpic.org/website/jailkit/ <- is there traces of hackers in those files that I got ???

and ktorrent for the first time (donwloads where into ~/downloads for sure)

...
(my next questions are coming ... )
 
Old 06-10-2008, 01:39 PM   #8
frenchn00b
Senior Member
 
Registered: Jun 2007
Location: E.U., Mountains :-)
Distribution: Debian, Etch, the greatest
Posts: 2,546

Original Poster
Rep: Reputation: 57
ahh also, I ran this as root, since the guy asked for it:
http://benow.ca/downloads/benow-burninator.jar
(he gave me a modified version, that is still in my machine)

and also, my output gives this:
Code:
mail.err:

Jun 10 00:09:21 localhost sm-mta[13780]: m586VWX7001861: SYSERR(root): Cannot exec /usr/sbin/sensible-mda: No such file or directory
Jun 10 00:09:21 localhost sm-mta[13781]: m568j9rg019460: SYSERR(root): Cannot exec /usr/sbin/sensible-mda: No such file or directory
Jun 10 00:09:21 localhost sm-mta[13782]: m588j6Pv019152: SYSERR(root): Cannot exec /usr/sbin/sensible-mda: No such file or directory
Jun 10 00:09:21 localhost sm-mta[13783]: m5671isx001951: SYSERR(root): Cannot exec /usr/sbin/sensible-mda: No such file or directory
Jun 10 00:09:21 localhost sm-mta[13784]: m588o5j0025191: SYSERR(root): Cannot exec /usr/sbin/sensible-mda: No such file or directory
Jun 10 00:09:21 localhost sm-mta[13785]: m5671ism001951: SYSERR(root): Cannot exec /usr/sbin/sensible-mda: No such file or directory
Jun 10 00:09:21 localhost sm-mta[13786]: m5671it2001951: SYSERR(root

): Cannot exec /usr/sbin/sensible-mda: No such file or directory
Jun 10 00:09:21 localhost sm-mta[13787]: m586LWhB024100: SYSERR(root): Cannot exec /usr/sbin/sensible-mda: No such file or directory
Jun 10 00:09:21 localhost sm-mta[13788]: m5671it1001951: SYSERR(root): Cannot exec /usr/sbin/sensible-mda: No such file or directory
Jun 10 00:09:21 localhost sm-mta[13789]: m586VWX3001861: SYSERR(root): Cannot exec /usr/sbin/sensible-mda: No such file or directory
Jun 10 00:09:21 localhost sm-mta[13790]: m5671iss001951: SYSERR(root): Cannot exec /usr/sbin/sensible-mda: No such file or directory
Jun 10 00:09:21 localhost sm-mta[13791]: m586VWX6001861: SYSERR(root): Cannot exec /usr/sbin/sensible-mda: No such file or directory
Jun 10 00:09:21 localhost sm-mta[13792]: m5671isu001951: SYSERR(root): Cannot exec /usr/sbin/sensible-mda: No such file or directory
Jun 10 00:09:21 localhost sm-mta[13793]: m586VWX1001861: SYSERR(root): Cannot exec /usr/sbin/sensible-mda: No such file or directory
Jun 10 00:09:22 localhost sm-mta[13794]: m5671isv001951: SYSERR(root): Cannot exec /usr/sbin/sensible-mda: No such file or directory
Jun 10 00:09:22 localhost sm-mta[13795]: m586VWWx001861: SYSERR(root): Cannot exec /usr/sbin/sensible-mda: No such file or directory
Jun 10 00:09:22 localhost sm-mta[13796]: m586VWX2001861: SYSERR(root): Cannot exec /usr/sbin/sensible-mda: No such file or directory
Jun 10 00:09:22 localhost sm-mta[13797]: m5671it0001951: SYSERR(root): Cannot exec /usr/sbin/sensible-mda: No such file or directory
Jun 10 00:09:22 localhost sm-mta[13798]: m586VWWp001861: SYSERR(root): Cannot exec /usr/sbin/sensible-mda: No such file or directory
Jun 10 00:09:22 localhost sm-mta[13799]: m568ViHp004304: SYSERR(root): Cannot exec /usr/sbin/sensible-mda: No such file or directory
Jun 10 00:09:22 localhost sm-mta[13802]: m568e68M012959: SYSERR(root): Cannot exec /usr/sbin/sensible-mda: No such file or directory
Jun 10 00:09:22 localhost sm-mta[13803]: m586VWWv001861: SYSERR(root): Cannot exec /usr/sbin/sensible-mda: No such file or directory
Jun 10 00:09:22 localhost sm-mta[13804]: m568U7Ho002576: SYSERR(root): Cannot exec /usr/sbin/sensible-mda: No such file or directory
Jun 10 00:09:22 localhost sm-mta[13805]: m588e77S014411: SYSERR(root): Cannot exec /usr/sbin/sensible-mda: No such file or directory
Jun 10 00:09:22 localhost sm-mta[13806]: m588Z5rT009098: SYSERR(root): Cannot exec /usr/sbin/sensible-mda: No such file or directory
Jun 10 00:09:22 localhost sm-mta[13807]: m568Z7S7007437: SYSERR(root): Cannot exec /usr/sbin/sensible-mda: No such file or directory
Jun 10 00:09:22 localhost sm-mta[13808]: m566piAq023047: SYSERR(root): Cannot exec /usr/sbin/sensible-mda: No such file or directory
Jun 10 00:09:22 localhost sm-mta[13809]: m586LWh8024100: SYSERR(root): Cannot exec /usr/sbin/sensible-mda: No such file or directory
Jun 10 00:09:22 localhost sm-mta[13811]: m586LWh9024100: SYSERR(root): Cannot exec /usr/sbin/sensible-mda: No such file or directory
Jun 10 00:09:22 localhost sm-mta[13812]: m566piB2023047: SYSERR(root): Cannot exec /usr/sbin/sensible-mda: No such file or directory
Jun 10 00:09:22 localhost sm-mta[13813]: m586LWh7024100: SYSERR(root): Cannot exec /usr/sbin/sensible-mda: No such file or directory
Jun 10 00:09:23 localhost sm-mta[13814]: m5671isn001951: SYSERR(root): Cannot exec /usr/sbin/sensible-mda: No such file or directory
Jun 10 00:09:23 localhost sm-mta[13815]: m586LWhA024100: SYSERR(root): Cannot exec /usr/sbin/sensible-mda: No such file or directory
Jun 10 00:09:23 localhost sm-mta[13816]: m5671isf001951: SYSERR(root): Cannot exec /usr/sbin/sensible-mda: No such file or directory
Jun 10 00:09:23 localhost sm-mta[13817]: m586LWhD024100: SYSERR(root): Cannot exec /usr/sbin/sensible-mda: No such file or directory
Jun 10 00:09:23 localhost sm-mta[13818]: m5671isj001951: SYSERR(root): Cannot exec /usr/sbin/sensible-mda: No such file or directory
Jun 10 00:09:23 localhost sm-mta[13819]: m586LWhG024100: SYSERR(root): Cannot exec /usr/sbin/sensible-mda: No such file or directory


mail.warn
Jun 10 00:09:21 localhost sm-mta[13780]: m586VWX7001861: SYSERR(root): Cannot exec /usr/sbin/sensible-mda: No such file or directory
Jun 10 00:09:21 localhost sm-mta[13781]: m568j9rg019460: SYSERR(root): Cannot exec /usr/sbin/sensible-mda: No such file or directory
Jun 10 00:09:21 localhost sm-mta[13782]: m588j6Pv019152: SYSERR(root): Cannot exec /usr/sbin/sensible-mda: No such file or directory
Jun 10 00:09:21 localhost sm-mta[13783]: m5671isx001951: SYSERR(root): Cannot exec /usr/sbin/sensible-mda: No such file or directory
Jun 10 00:09:21 localhost sm-mta[13784]: m588o5j0025191: SYSERR(root): Cannot exec /usr/sbin/sensible-mda: No such file or directory
Jun 10 00:09:21 localhost sm-mta[13785]: m5671ism001951: SYSERR(root): Cannot exec /usr/sbin/sensible-mda: No such file or directory
Jun 10 00:09:21 localhost sm-mta[13786]: m5671it2001951: SYSERR(root

): Cannot exec /usr/sbin/sensible-mda: No such file or directory
Jun 10 00:09:21 localhost sm-mta[13787]: m586LWhB024100: SYSERR(root): Cannot exec /usr/sbin/sensible-mda: No such file or directory
Jun 10 00:09:21 localhost sm-mta[13788]: m5671it1001951: SYSERR(root): Cannot exec /usr/sbin/sensible-mda: No such file or directory
Jun 10 00:09:21 localhost sm-mta[13789]: m586VWX3001861: SYSERR(root): Cannot exec /usr/sbin/sensible-mda: No such file or directory
Jun 10 00:09:21 localhost sm-mta[13790]: m5671iss001951: SYSERR(root): Cannot exec /usr/sbin/sensible-mda: No such file or directory
Jun 10 00:09:21 localhost sm-mta[13791]: m586VWX6001861: SYSERR(root): Cannot exec /usr/sbin/sensible-mda: No such file or directory
Jun 10 00:09:21 localhost sm-mta[13792]: m5671isu001951: SYSERR(root): Cannot exec /usr/sbin/sensible-mda: No such file or directory
Jun 10 00:09:21 localhost sm-mta[13793]: m586VWX1001861: SYSERR(root): Cannot exec /usr/sbin/sensible-mda: No such file or directory
Jun 10 00:09:22 localhost sm-mta[13794]: m5671isv001951: SYSERR(root): Cannot exec /usr/sbin/sensible-mda: No such file or directory
Jun 10 00:09:22 localhost sm-mta[13795]: m586VWWx001861: SYSERR(root): Cannot exec /usr/sbin/sensible-mda: No such file or directory
Jun 10 00:09:22 localhost sm-mta[13796]: m586VWX2001861: SYSERR(root): Cannot exec /usr/sbin/sensible-mda: No such file or directory
Jun 10 00:09:22 localhost sm-mta[13797]: m5671it0001951: SYSERR(root): Cannot exec /usr/sbin/sensible-mda: No such file or directory
Jun 10 00:09:22 localhost sm-mta[13798]: m586VWWp001861: SYSERR(root): Cannot exec /usr/sbin/sensible-mda: No such file or directory
Jun 10 00:09:22 localhost sm-mta[13799]: m568ViHp004304: SYSERR(root): Cannot exec /usr/sbin/sensible-mda: No such file or directory
Jun 10 00:09:22 localhost sm-mta[13802]: m568e68M012959: SYSERR(root): Cannot exec /usr/sbin/sensible-mda: No such file or directory
Jun 10 00:09:22 localhost sm-mta[13803]: m586VWWv001861: SYSERR(root): Cannot exec /usr/sbin/sensible-mda: No such file or directory
Jun 10 00:09:22 localhost sm-mta[13804]: m568U7Ho002576: SYSERR(root): Cannot exec /usr/sbin/sensible-mda: No such file or directory
Jun 10 00:09:22 localhost sm-mta[13805]: m588e77S014411: SYSERR(root): Cannot exec /usr/sbin/sensible-mda: No such file or directory
Jun 10 00:09:22 localhost sm-mta[13806]: m588Z5rT009098: SYSERR(root): Cannot exec /usr/sbin/sensible-mda: No such file or directory
Jun 10 00:09:22 localhost sm-mta[13807]: m568Z7S7007437: SYSERR(root): Cannot exec /usr/sbin/sensible-mda: No such file or directory
Jun 10 00:09:22 localhost sm-mta[13808]: m566piAq023047: SYSERR(root): Cannot exec /usr/sbin/sensible-mda: No such file or directory
Jun 10 00:09:22 localhost sm-mta[13809]: m586LWh8024100: SYSERR(root): Cannot exec /usr/sbin/sensible-mda: No such file or directory
Jun 10 00:09:22 localhost sm-mta[13811]: m586LWh9024100: SYSERR(root): Cannot exec /usr/sbin/sensible-mda: No such file or directory
Jun 10 00:09:22 localhost sm-mta[13812]: m566piB2023047: SYSERR(root): Cannot exec /usr/sbin/sensible-mda: No such file or directory
Jun 10 00:09:22 localhost sm-mta[13813]: m586LWh7024100: SYSERR(root): Cannot exec /usr/sbin/sensible-mda: No such file or directory
Jun 10 00:09:23 localhost sm-mta[13814]: m5671isn001951: SYSERR(root): Cannot exec /usr/sbin/sensible-mda: No such file or directory
Jun 10 00:09:23 localhost sm-mta[13815]: m586LWhA024100: SYSERR(root): Cannot exec /usr/sbin/sensible-mda: No such file or directory
Jun 10 00:09:23 localhost sm-mta[13816]: m5671isf001951: SYSERR(root): Cannot exec /usr/sbin/sensible-mda: No such file or directory
Jun 10 00:09:23 localhost sm-mta[13817]: m586LWhD024100: SYSERR(root): Cannot exec /usr/sbin/sensible-mda: No such file or directory
Jun 10 00:09:23 localhost sm-mta[13818]: m5671isj001951: SYSERR(root): Cannot exec /usr/sbin/sensible-mda: No such file or directory
Jun 10 00:09:23 localhost sm-mta[13819]: m586LWhG024100: SYSERR(root): Cannot exec /usr/sbin/sensible-mda: No such file or directory
Is it bad doctor ?
(thats not a funny story )
 
Old 06-10-2008, 01:41 PM   #9
frenchn00b
Senior Member
 
Registered: Jun 2007
Location: E.U., Mountains :-)
Distribution: Debian, Etch, the greatest
Posts: 2,546

Original Poster
Rep: Reputation: 57
Sorry for rtfm, I am n00b still. Takes years to understand linux from windows.
http://readthefuckingmanual.net/error/402/

but the question to master is :
1/ "what could have suddenly happened to the machine? nothing has been accessed, since I never touched it just for ssh or just a samba to get a file... "

2/ is it infected?

3/ how to install rootkit wihout the net with debian stable (to buy, get the dvd, or few packages since no apt-get)?

I need a Master in Linux...

Last edited by frenchn00b; 06-10-2008 at 01:44 PM.
 
Old 06-10-2008, 01:57 PM   #10
frenchn00b
Senior Member
 
Registered: Jun 2007
Location: E.U., Mountains :-)
Distribution: Debian, Etch, the greatest
Posts: 2,546

Original Poster
Rep: Reputation: 57
OK, got the deb of rkhunter, on debian package, was easy to install :
Code:
dpkg -i rkhunt... lala .deb
Code:
[20:53:13] Running Rootkit Hunter 1.2.9 on XXXXXXXXXXX
[20:53:13] 
Rootkit Hunter 1.2.9, Copyright 2003-2006, Michael Boelen

Under active development by the Rootkit Hunter project team. For reporting
bugs, updates, patches, comments and questions see: rkhunter.sourceforge.net

Rootkit Hunter comes with ABSOLUTELY NO WARRANTY. This is free software,
and you are welcome to redistribute it under the terms of the GNU General
Public License. See LICENSE for details.

[20:53:13] Info: Shell /bin/bash
[20:53:13] ------------------------ Configuration check --------------------------
[20:53:13] Parsing configuration file (/etc/rkhunter.conf)
[20:53:13] Info: No mail-on-warning address configured
[20:53:13] Info: Using /var/lib/rkhunter/tmp as temporary directory
[20:53:13] Info: Using /var/lib/rkhunter/db as database directory
[20:53:13] Info: Using '/usr/sbin /usr/bin /usr/local/bin /usr/local/sbin /bin /sbin /sw/bin /usr/local/libexec /usr/libexec' as binary directory
[20:53:13] -------------------------- Application scan ---------------------------
[20:53:13] Found /usr/bin/find
[20:53:13] Found /usr/bin/lynx
[20:53:13] Found /usr/bin/lsattr
[20:53:13] Found /usr/bin/lsof
[20:53:13] Found /usr/bin/md5sum
[20:53:13] Found /usr/bin/nmap
[20:53:13] Found /usr/bin/stat
[20:53:13] Found /usr/bin/strings
[20:53:13] Found /usr/bin/wget
[20:53:13] Found /usr/bin/perl (version 5.8.8)
[20:53:13] Found /bin/ip
[20:53:13] Found /bin/ls
[20:53:13] Found /bin/lsmod
[20:53:13] Found /bin/ps
[20:53:13] Found /bin/readlink
[20:53:13] Found /sbin/ip
[20:53:13] Found /sbin/ifconfig
[20:53:13] Found /sbin/lsmod
[20:53:13] Info: WGET found
[20:53:13] Info: NMAP found
[20:53:13] Info: LSOF found
[20:53:13] Info: ip found
[20:53:13] Application scan ended
[20:53:13] ---------------------------- System checks ----------------------------
[20:53:13] Info: kernel is 2.6
[20:53:13] Info: Found /etc/debian_version
[20:53:13] Warning: This operating system is not fully supported!
[20:53:13] All MD5 checks will be skipped!
[20:53:13] Info: Full OS name = Debian 4.0 (i386)
[20:53:13] Info: OS ID = NA
[20:53:13] Info: Perl version 5.8.8 found
[20:53:13] Info: using /var/lib/rkhunter/tmp as temporary directory
[20:53:13] Info: UID is zero (root)
[20:53:13] Info: ksyms file check will be skipped (/proc/ksyms not available on this system)
[20:53:13] ---------------------------- File checks -----------------------------
[20:53:13] Checking /var/lib/rkhunter/db/md5blacklist.dat... OK
[20:53:13] Checking /var/lib/rkhunter/db/mirrors.dat... OK
[20:53:13] Checking /var/lib/rkhunter/db/programs_bad.dat... OK
[20:53:13] Checking /var/lib/rkhunter/db/programs_good.dat... OK
[20:53:13] ------------------------------ Selftests ------------------------------
[20:53:13] Strings selftest: scanning for string /usr/sbin/ntpsx... OK
[20:53:14] Strings selftest: scanning for string /usr/lib/.../ls... OK
[20:53:14] Strings selftest: scanning for string /usr/lib/.../netstat... OK
[20:53:14] Strings selftest: scanning for string /usr/lib/.../lsof... OK
[20:53:14] Strings selftest: scanning for string /usr/lib/.../bkit-ssh/bkit-shdcfg... OK
[20:53:14] Strings selftest: scanning for string /usr/lib/.../bkit-ssh/bkit-shhk... OK
[20:53:14] Strings selftest: scanning for string /usr/lib/.../bkit-ssh/bkit-pw... OK
[20:53:14] Strings selftest: scanning for string /usr/lib/.../bkit-ssh/bkit-shrs... OK
[20:53:14] Strings selftest: scanning for string /usr/lib/.../uconf.inv... OK
[20:53:14] Strings selftest: scanning for string /usr/lib/.../psr... OK
[20:53:14] Strings selftest: scanning for string /usr/lib/.../find... OK
[20:53:14] Strings selftest: scanning for string /usr/lib/.../pstree... OK
[20:53:14] Strings selftest: scanning for string /usr/lib/.../slocate... OK
[20:53:14] Strings selftest: scanning for string /usr/lib/.../du... OK
[20:53:14] Strings selftest: scanning for string /usr/lib/.../top... OK
[20:53:14] Strings selftest: scanning for string /usr/lib/...... OK
[20:53:14] Strings selftest: scanning for string /usr/lib/.../bkit-ssh... OK
[20:53:14] Strings selftest: scanning for string /usr/lib/.bkit-... OK
[20:53:14] Strings selftest: scanning for string /tmp/.bkp... OK
[20:53:14] Strings selftest: scanning for string /tmp/.cinik... OK
[20:53:14] Strings selftest: scanning for string /tmp/.font-unix/.cinik... OK
[20:53:14] Strings selftest: scanning for string /lib/.sso... OK
[20:53:14] Strings selftest: scanning for string /lib/.so... OK
[20:53:14] Strings selftest: scanning for string /var/run/...dica/clean... OK
[20:53:14] Strings selftest: scanning for string /var/run/...dica/xl... OK
[20:53:14] Strings selftest: scanning for string /var/run/...dica/xdr... OK
[20:53:14] Strings selftest: scanning for string /var/run/...dica/psg... OK
[20:53:14] Strings selftest: scanning for string /var/run/...dica/secure... OK
[20:53:14] Strings selftest: scanning for string /var/run/...dica/rdx... OK
[20:53:14] Strings selftest: scanning for string /var/run/...dica/va... OK
[20:53:14] Strings selftest: scanning for string /var/run/...dica/cl.sh... OK
[20:53:14] Strings selftest: scanning for string /usr/bin/.etc... OK
[20:53:14] Strings selftest: scanning for string /usr/lib/.fx/sched_host.2... OK
[20:53:14] Strings selftest: scanning for string /usr/lib/.fx/random_d.2... OK
[20:53:14] Strings selftest: scanning for string /usr/lib/.fx/set_pid.2... OK
[20:53:14] Strings selftest: scanning for string /usr/lib/.fx/cons.saver... OK
[20:53:14] Strings selftest: scanning for string /usr/lib/.fx/adore/adore/adore.ko... OK
[20:53:14] Strings selftest: scanning for string /bin/sysback... OK
[20:53:14] Strings selftest: scanning for string /usr/local/bin/sysback... OK
[20:53:14] Strings selftest: scanning for string /usr/lib/.tbd... OK
[20:53:14] Strings selftest: scanning for string /dev/.lib/lib/lib/t0rns... OK
[20:53:14] Strings selftest: scanning for string /dev/.lib/lib/lib/du... OK
[20:53:14] Strings selftest: scanning for string /dev/.lib/lib/lib/ls... OK
[20:53:14] Strings selftest: scanning for string /dev/.lib/lib/lib/t0rnsb... OK
[20:53:14] Strings selftest: scanning for string /dev/.lib/lib/lib/ps... OK
[20:53:14] Strings selftest: scanning for string /dev/.lib/lib/lib/t0rnp... OK
[20:53:14] Strings selftest: scanning for string /dev/.lib/lib/lib/find... OK
[20:53:14] Strings selftest: scanning for string /dev/.lib/lib/lib/ifconfig... OK
[20:53:14] Strings selftest: scanning for string /dev/.lib/lib/lib/pg... OK
[20:53:14] Strings selftest: scanning for string /dev/.lib/lib/lib/ssh.tgz... OK
[20:53:14] Strings selftest: scanning for string /dev/.lib/lib/lib/top... OK
[20:53:14] Strings selftest: scanning for string /dev/.lib/lib/lib/sz... OK
[20:53:14] Strings selftest: scanning for string /dev/.lib/lib/lib/login... OK
[20:53:14] Strings selftest: scanning for string /dev/.lib/lib/lib/in.fingerd... OK
[20:53:14] Strings selftest: scanning for string /dev/.lib/lib/lib/1i0n.sh... OK
[20:53:14] Strings selftest: scanning for string /dev/.lib/lib/lib/pstree... OK
[20:53:14] Strings selftest: scanning for string /dev/.lib/lib/lib/in.telnetd... OK
[20:53:14] Strings selftest: scanning for string /dev/.lib/lib/lib/mjy... OK
[20:53:14] Strings selftest: scanning for string /dev/.lib/lib/lib/sush... OK
[20:53:14] Strings selftest: scanning for string /dev/.lib/lib/lib/tfn... OK
[20:53:14] Strings selftest: scanning for string /dev/.lib/lib/lib/name... OK
[20:53:14] Strings selftest: scanning for string /dev/.lib/lib/lib/getip.sh... OK
[20:53:14] Strings selftest: scanning for string /usr/info/.torn/sh*... OK
[20:53:14] Strings selftest: scanning for string /usr/src/.puta/... OK
[20:53:14] Strings selftest: scanning for string /usr/src/.puta/.1addr... OK
[20:53:14] Strings selftest: scanning for string /usr/src/.puta/.1file... OK
[20:53:14] Strings selftest: scanning for string /usr/src/.puta/.1proc... OK
[20:53:14] Strings selftest: scanning for string /usr/src/.puta/.1logz... OK
[20:53:14] Strings selftest: scanning for string /usr/info/.t0rn/... OK
[20:53:14] Strings selftest: scanning for string /dev/.lib/... OK
[20:53:14] Strings selftest: scanning for string /dev/.lib/lib/... OK
[20:53:14] Strings selftest: scanning for string /dev/.lib/lib/lib/... OK
[20:53:14] Strings selftest: scanning for string /dev/.lib/lib/lib/dev/... OK
[20:53:14] Strings selftest: scanning for string /dev/.lib/lib/scan/... OK
[20:53:14] Strings selftest: scanning for string /usr/src/.puta/... OK
[20:53:14] Strings selftest: scanning for string /usr/man/man1/man1/... OK
[20:53:14] Strings selftest: scanning for string /usr/man/man1/man1/lib/... OK
[20:53:14] Strings selftest: scanning for string /usr/man/man1/man1/lib/.lib/... OK
[20:53:14] Strings selftest: scanning for string /usr/man/man1/man1/lib/.lib/.backup/... OK
[20:53:14] ---------------------------- MD5 hash tests ---------------------------
[20:53:14] MD5 test skipped!
[20:53:14] ------------------------------ Rootkits ------------------------------
[20:53:15] *** Start scan 55808 Trojan - Variant A ***
[20:53:15]   - File /tmp/.../r... OK. Not found.
[20:53:15]   - File /tmp/.../a... OK. Not found.
[20:53:15] Checking /etc/passwd for presence of ADM worm
OK
[20:53:15] *** Start scan AjaKit ***
[20:53:15]   - File /dev/tux/.addr... OK. Not found.
[20:53:15]   - File /dev/tux/.proc... OK. Not found.
[20:53:15]   - File /dev/tux/.file... OK. Not found.
[20:53:15]   - File /lib/.libgh-gh/cleaner... OK. Not found.
[20:53:15]   - File /lib/.libgh-gh/Patch/patch... OK. Not found.
[20:53:15]   - File /lib/.libgh-gh/sb0k... OK. Not found.
[20:53:15]   - Directory /dev/tux... OK. Not found.
[20:53:15]   - Directory /lib/.libgh-gh... OK. Not found.
[20:53:15] *** Start scan aPa Kit ***
[20:53:15]   - File /usr/share/.aPa... OK. Not found.
[20:53:15] *** Start scan Apache Worm ***
[20:53:15]   - File /bin/.log... OK. Not found.
[20:53:15] *** Start scan Ambient (ark) Rootkit ***
[20:53:15]   - File /usr/lib/.ark?... OK. Not found.
[20:53:15]   - File /dev/ptyxx/.log... OK. Not found.
[20:53:15]   - File /dev/ptyxx/.file... OK. Not found.
[20:53:15]   - Directory /dev/ptyxx... OK. Not found.
[20:53:15] *** Start scan Balaur Rootkit ***
[20:53:15]   - File /usr/lib/liblog.o... OK. Not found.
[20:53:15]   - Directory /usr/lib/.kinetic... OK. Not found.
[20:53:15]   - Directory /usr/lib/.egcs... OK. Not found.
[20:53:15]   - Directory /usr/lib/.wormie... OK. Not found.
[20:53:15] *** Start scan BeastKit ***
[20:53:15]   - File /usr/sbin/arobia... OK. Not found.
[20:53:15]   - File /usr/sbin/idrun... OK. Not found.
[20:53:15]   - File /usr/lib/elm/arobia/elm... OK. Not found.
[20:53:15]   - File /usr/lib/elm/arobia/elm/hk... OK. Not found.
[20:53:15]   - File /usr/lib/elm/arobia/elm/hk.pub... OK. Not found.
[20:53:15]   - File /usr/lib/elm/arobia/elm/sc... OK. Not found.
[20:53:15]   - File /usr/lib/elm/arobia/elm/sd.pp... OK. Not found.
[20:53:15]   - File /usr/lib/elm/arobia/elm/sdco... OK. Not found.
[20:53:15]   - File /usr/lib/elm/arobia/elm/srsd... OK. Not found.
[20:53:15]   - Directory /lib/ldd.so/bktools... OK. Not found.
[20:53:15] *** Start scan beX2 ***
[20:53:15]   - Directory //usr/include/bex... OK. Not found.
[20:53:15] *** Start scan BOBKit ***
[20:53:15]   - File /usr/sbin/ntpsx... OK. Not found.
[20:53:15]   - File /usr/lib/.../ls... OK. Not found.
[20:53:15]   - File /usr/lib/.../netstat... OK. Not found.
[20:53:15]   - File /usr/lib/.../lsof... OK. Not found.
[20:53:15]   - File /usr/lib/.../bkit-ssh/bkit-shdcfg... OK. Not found.
[20:53:15]   - File /usr/lib/.../bkit-ssh/bkit-shhk... OK. Not found.
[20:53:15]   - File /usr/lib/.../bkit-ssh/bkit-pw... OK. Not found.
[20:53:15]   - File /usr/lib/.../bkit-ssh/bkit-shrs... OK. Not found.
[20:53:15]   - File /usr/lib/.../uconf.inv... OK. Not found.
[20:53:15]   - File /usr/lib/.../psr... OK. Not found.
[20:53:15]   - File /usr/lib/.../find... OK. Not found.
[20:53:15]   - File /usr/lib/.../pstree... OK. Not found.
[20:53:15]   - File /usr/lib/.../slocate... OK. Not found.
[20:53:15]   - File /usr/lib/.../du... OK. Not found.
[20:53:15]   - File /usr/lib/.../top... OK. Not found.
[20:53:15]   - Directory /usr/lib/...... OK. Not found.
[20:53:15]   - Directory /usr/lib/.../bkit-ssh... OK. Not found.
[20:53:15]   - Directory /usr/lib/.bkit-... OK. Not found.
[20:53:15]   - Directory /tmp/.bkp... OK. Not found.
[20:53:15] *** Start scan CiNIK Worm (Slapper.B variant) ***
[20:53:15]   - File /tmp/.cinik... OK. Not found.
[20:53:15] *** Start scan Danny-Boy's Abuse Kit ***
[20:53:15] *** Start scan Devil RootKit ***
[20:53:15]   - File /var/lib/games/.src... OK. Not found.
[20:53:15]   - File /dev/dsx... OK. Not found.
[20:53:15]   - File /dev/caca... OK. Not found.
[20:53:15] *** Start scan Dica ***
[20:53:15]   - File /lib/.sso... OK. Not found.
[20:53:15]   - File /lib/.so... OK. Not found.
[20:53:15]   - File /var/run/...dica/clean... OK. Not found.
[20:53:15]   - File /var/run/...dica/xl... OK. Not found.
[20:53:15]   - File /var/run/...dica/xdr... OK. Not found.
[20:53:15]   - File /var/run/...dica/psg... OK. Not found.
[20:53:15]   - File /var/run/...dica/secure... OK. Not found.
[20:53:15]   - File /var/run/...dica/rdx... OK. Not found.
[20:53:15]   - File /var/run/...dica/va... OK. Not found.
[20:53:15]   - File /var/run/...dica/cl.sh... OK. Not found.
[20:53:15]   - File /usr/bin/.etc... OK. Not found.
[20:53:15]   - Directory /var/run/...dica... OK. Not found.
[20:53:15]   - Directory /var/run/...dica/mh... OK. Not found.
[20:53:15]   - Directory /var/run/...dica/scan... OK. Not found.
[20:53:15] *** Start scan Dreams Rootkit ***
[20:53:15]   - File /dev/ttyoa... OK. Not found.
[20:53:15]   - File /dev/ttyof... OK. Not found.
[20:53:15]   - File /dev/ttyop... OK. Not found.
[20:53:15]   - File /usr/bin/sense... OK. Not found.

Last edited by unSpawn; 06-11-2008 at 06:32 AM. Reason: BB code
 
Old 06-10-2008, 01:58 PM   #11
frenchn00b
Senior Member
 
Registered: Jun 2007
Location: E.U., Mountains :-)
Distribution: Debian, Etch, the greatest
Posts: 2,546

Original Poster
Rep: Reputation: 57
Code:
[20:53:15]   - File /usr/bin/sl2... OK. Not found.
[20:53:15]   - File /usr/bin/logclear... OK. Not found.
[20:53:15]   - File /usr/bin/(swapd)... OK. Not found.
[20:53:15]   - File /usr/bin/snfs... OK. Not found.
[20:53:15]   - File /usr/lib/libsss... OK. Not found.
[20:53:15]   - Directory /dev/ida/.hpd... OK. Not found.
[20:53:15] *** Start scan Duarawkz ***
[20:53:15]   - File /usr/bin/duarawkz/loginpass... OK. Not found.
[20:53:15]   - Directory /usr/bin/duarawkz... OK. Not found.
[20:53:15] *** Start scan Flea Linux Rootkit ***
[20:53:15]   - File /etc/ld.so.hash... OK. Not found.
[20:53:15]   - File /lib/security/.config/ssh/ssh_host_key... OK. Not found.
[20:53:15]   - File /lib/security/.config/ssh/ssh_host_key.pub... OK. Not found.
[20:53:16]   - File /lib/security/.config/ssh/ssh_random_seed... OK. Not found.
[20:53:16]   - File /usr/bin/ssh2d... OK. Not found.
[20:53:16]   - File /usr/lib/ldlibns.so... OK. Not found.
[20:53:16]   - File /usr/lib/ldlibpst.so... OK. Not found.
[20:53:16]   - File /usr/lib/ldlibdu.so... OK. Not found.
[20:53:16]   - File /usr/lib/ldlibct.so... OK. Not found.
[20:53:16]   - Directory /lib/security/.config/ssh... OK. Not found.
[20:53:16]   - Directory /dev/..0... OK. Not found.
[20:53:16]   - Directory /dev/..0/backup... OK. Not found.
[20:53:16] *** Start scan FreeBSD Rootkit ***
[20:53:16]   - File /usr/lib/.fx/sched_host.2... OK. Not found.
[20:53:16]   - File /usr/lib/.fx/random_d.2... OK. Not found.
[20:53:16]   - File /usr/lib/.fx/set_pid.2... OK. Not found.
[20:53:16]   - File /usr/lib/.fx/cons.saver... OK. Not found.
[20:53:16]   - File /usr/lib/.fx/adore/adore/adore.ko... OK. Not found.
[20:53:16]   - File /bin/sysback... OK. Not found.
[20:53:16]   - File /usr/local/bin/sysback... OK. Not found.
[20:53:16]   - Directory /usr/lib/.fx... OK. Not found.
[20:53:16]   - Directory /usr/lib/.fx/adore... OK. Not found.
[20:53:16] *** Start scan Fuck`it Rootkit ***
[20:53:16]   - File /dev/proc/fuckit/hax0r... OK. Not found.
[20:53:16]   - File /dev/proc/fuckit/hax0rshell... OK. Not found.
[20:53:16]   - File /dev/proc/fuckit/config/lports... OK. Not found.
[20:53:16]   - File /dev/proc/fuckit/config/rports... OK. Not found.
[20:53:16]   - File /dev/proc/fuckit/config/rkconf... OK. Not found.
[20:53:16]   - File /dev/proc/fuckit/config/password... OK. Not found.
[20:53:16]   - File /dev/proc/fuckit/config/progs... OK. Not found.
[20:53:16]   - File /dev/proc/system-bins/init... OK. Not found.
[20:53:16] *** Start scan GasKit ***
[20:53:16]   - File /dev/dev/gaskit/sshd/sshdd... OK. Not found.
[20:53:16]   - Directory /dev/dev... OK. Not found.
[20:53:16]   - Directory /dev/dev/gaskit... OK. Not found.
[20:53:16]   - Directory /dev/dev/gaskit/sshd... OK. Not found.
[20:53:16] *** Start scan Heroin LKM ***
[20:53:16] *** Start scan HjC Kit ***
[20:53:16]   - Directory /dev/.hijackerz... OK. Not found.
[20:53:16] *** Start scan ignoKit ***
[20:53:16]   - File /lib/defs/p... OK. Not found.
[20:53:16]   - File /lib/defs/q... OK. Not found.
[20:53:16]   - File /lib/defs/r... OK. Not found.
[20:53:16]   - File /lib/defs/s... OK. Not found.
[20:53:16]   - File /lib/defs/t... OK. Not found.
[20:53:16]   - File /usr/lib/defs/p... OK. Not found.
[20:53:16]   - File /usr/lib/defs/p... OK. Not found.
[20:53:16]   - File /usr/lib/defs/p... OK. Not found.
[20:53:16]   - File /usr/lib/defs/p... OK. Not found.
[20:53:16]   - File /usr/lib/defs/p... OK. Not found.
[20:53:16]   - File /usr/lib/.libigno/pkunsec... OK. Not found.
[20:53:16]   - File /usr/lib/.libigno/.igno/psybnc/psybnc... OK. Not found.
[20:53:16]   - Directory /usr/lib/.libigno... OK. Not found.
[20:53:16]   - Directory /usr/lib/.libigno/.igno/... OK. Not found.
[20:53:16] *** Start scan ImperalsS-FBRK ***
[20:53:16]   - Directory /dev/fd/.88... OK. Not found.
[20:53:16]   - Directory /dev/fd/.99... OK. Not found.
[20:53:16] *** Start scan Irix Rootkit ***
[20:53:16]   - Directory /dev/pts/01... OK. Not found.
[20:53:16]   - Directory /dev/pts/01/backup... OK. Not found.
[20:53:16]   - Directory /dev/pts/01/etc... OK. Not found.
[20:53:16]   - Directory /dev/pts/01/tmp... OK. Not found.
[20:53:16] *** Start scan Kitko ***
[20:53:16]   - Directory /usr/src/redhat/SRPMS/...... OK. Not found.
[20:53:16] *** Start scan Knark ***
[20:53:16]   - File /proc/knark/pids... OK. Not found.
[20:53:16]   - Directory /proc/knark... OK. Not found.
[20:53:16] *** Start scan Li0n Worm ***
[20:53:16]   - File /bin/in.telnetd... OK. Not found.
[20:53:16]   - File /bin/mjy... OK. Not found.
[20:53:16]   - File /usr/man/man1/man1/lib/.lib/mjy... OK. Not found.
[20:53:16]   - File /usr/man/man1/man1/lib/.lib/in.telnetd... OK. Not found.
[20:53:16]   - File /usr/man/man1/man1/lib/.lib/.x... OK. Not found.
[20:53:16]   - File /dev/.lib/lib/scan/1i0n.sh... OK. Not found.
[20:53:16]   - File /dev/.lib/lib/scan/hack.sh... OK. Not found.
[20:53:16]   - File /dev/.lib/lib/scan/bind... OK. Not found.
[20:53:16]   - File /dev/.lib/lib/scan/randb... OK. Not found.
[20:53:16]   - File /dev/.lib/lib/scan/scan.sh... OK. Not found.
[20:53:16]   - File /dev/.lib/lib/scan/pscan... OK. Not found.
[20:53:16]   - File /dev/.lib/lib/scan/star.sh... OK. Not found.
[20:53:16]   - File /dev/.lib/lib/scan/bindx.sh... OK. Not found.
[20:53:16]   - File /dev/.lib/lib/scan/bindname.log... OK. Not found.
[20:53:16]   - File /dev/.lib/lib/1i0n.sh... OK. Not found.
[20:53:16]   - File /dev/.lib/lib/lib/netstat... OK. Not found.
[20:53:16]   - File /dev/.lib/lib/lib/dev/.1addr... OK. Not found.
[20:53:16]   - File /dev/.lib/lib/lib/dev/.1logz... OK. Not found.
[20:53:16]   - File /dev/.lib/lib/lib/dev/.1proc... OK. Not found.
[20:53:16]   - File /dev/.lib/lib/lib/dev/.1file... OK. Not found.
[20:53:16] *** Start scan Lockit / LJK2 ***
[20:53:16]   - File /usr/lib/libmen.oo/.LJK2/ssh_config... OK. Not found.
[20:53:16]   - File /usr/lib/libmen.oo/.LJK2/ssh_host_key... OK. Not found.
[20:53:16]   - File /usr/lib/libmen.oo/.LJK2/ssh_host_key.pub... OK. Not found.
[20:53:16]   - File /usr/lib/libmen.oo/.LJK2/ssh_random_seed*... OK. Not found.
[20:53:16]   - File /usr/lib/libmen.oo/.LJK2/sshd_config... OK. Not found.
[20:53:16]   - File /usr/lib/libmen.oo/.LJK2/backdoor/RK1bd... OK. Not found.
[20:53:16]   - File /usr/lib/libmen.oo/.LJK2/backup/du... OK. Not found.
[20:53:16]   - File /usr/lib/libmen.oo/.LJK2/backup/ifconfig... OK. Not found.
[20:53:16]   - File /usr/lib/libmen.oo/.LJK2/backup/inetd.conf... OK. Not found.
[20:53:16]   - File /usr/lib/libmen.oo/.LJK2/backup/locate... OK. Not found.
[20:53:16]   - File /usr/lib/libmen.oo/.LJK2/backup/login... OK. Not found.
[20:53:16]   - File /usr/lib/libmen.oo/.LJK2/backup/ls... OK. Not found.
[20:53:16]   - File /usr/lib/libmen.oo/.LJK2/backup/netstat... OK. Not found.
[20:53:16]   - File /usr/lib/libmen.oo/.LJK2/backup/ps... OK. Not found.
[20:53:16]   - File /usr/lib/libmen.oo/.LJK2/backup/pstree... OK. Not found.
[20:53:16]   - File /usr/lib/libmen.oo/.LJK2/backup/rc.sysinit... OK. Not found.
[20:53:16]   - File /usr/lib/libmen.oo/.LJK2/backup/syslogd... OK. Not found.
[20:53:16]   - File /usr/lib/libmen.oo/.LJK2/backup/tcpd... OK. Not found.
[20:53:16]   - File /usr/lib/libmen.oo/.LJK2/backup/top... OK. Not found.
[20:53:16]   - File /usr/lib/libmen.oo/.LJK2/clean/RK1sauber... OK. Not found.
[20:53:16]   - File /usr/lib/libmen.oo/.LJK2/clean/RK1wted... OK. Not found.
[20:53:16]   - File /usr/lib/libmen.oo/.LJK2/hack/RK1parser... OK. Not found.
[20:53:16]   - File /usr/lib/libmen.oo/.LJK2/hack/RK1sniff... OK. Not found.
[20:53:16]   - File /usr/lib/libmen.oo/.LJK2/hide/.RK1addr... OK. Not found.
[20:53:16]   - File /usr/lib/libmen.oo/.LJK2/hide/.RK1dir... OK. Not found.
[20:53:16]   - File /usr/lib/libmen.oo/.LJK2/hide/.RK1log... OK. Not found.
[20:53:16]   - File /usr/lib/libmen.oo/.LJK2/hide/.RK1proc... OK. Not found.
[20:53:16]   - File /usr/lib/libmen.oo/.LJK2/hide/RK1phidemod.c... OK. Not found.
[20:53:16]   - File /usr/lib/libmen.oo/.LJK2/modules/README.modules... OK. Not found.
[20:53:16]   - File /usr/lib/libmen.oo/.LJK2/modules/RK1hidem.c... OK. Not found.
[20:53:16]   - File /usr/lib/libmen.oo/.LJK2/modules/RK1phide... OK. Not found.
[20:53:16]   - File /usr/lib/libmen.oo/.LJK2/sshconfig/RK1ssh... OK. Not found.
[20:53:16]   - Directory /usr/lib/libmen.oo/.LJK2... OK. Not found.
[20:53:16] *** Start scan MRK ***
[20:53:16]   - File /dev/ida/.inet/pid... OK. Not found.
[20:53:16]   - File /dev/ida/.inet/ssh_host_key... OK. Not found.
[20:53:16]   - File /dev/ida/.inet/ssh_random_seed... OK. Not found.
[20:53:16]   - File /dev/ida/.inet/tcp.log... OK. Not found.
[20:53:16]   - Directory /dev/ida/.inet... OK. Not found.
[20:53:16]   - Directory /var/spool/cron/.sh... OK. Not found.
[20:53:16] *** Start scan Ni0 Rootkit ***
[20:53:16]   - File /var/lock/subsys/...datafile.../...net...... OK. Not found.
[20:53:16]   - File /var/lock/subsys/...datafile.../...port...... OK. Not found.
[20:53:16]   - File /var/lock/subsys/...datafile.../...ps...... OK. Not found.
[20:53:17]   - File /var/lock/subsys/...datafile.../...file...... OK. Not found.
[20:53:17]   - Directory /tmp/waza... OK. Not found.
[20:53:17]   - Directory /var/lock/subsys/...datafile...... OK. Not found.
[20:53:17]   - Directory /usr/sbin/es... OK. Not found.
[20:53:17] *** Start scan RootKit for SunOS / NSDAP ***
[20:53:17]   - File /usr/lib/vold/nsdap/.kit... OK. Not found.
[20:53:17]   - File /usr/lib/vold/nsdap/defines... OK. Not found.
[20:53:17]   - File /usr/lib/vold/nsdap/patcher... OK. Not found.
[20:53:17]   - File /usr/lib/vold/nsdap/pg... OK. Not found.
[20:53:17]   - File /usr/lib/vold/nsdap/cleaner... OK. Not found.
[20:53:17]   - File /usr/lib/vold/nsdap/utime... OK. Not found.
[20:53:17]   - File /usr/lib/vold/nsdap/crypt... OK. Not found.
[20:53:17]   - File /usr/lib/vold/nsdap/findkit... OK. Not found.
[20:53:17]   - File /usr/lib/vold/nsdap/sn2... OK. Not found.
[20:53:17]   - File /usr/lib/vold/nsdap/sniffload... OK. Not found.
[20:53:17]   - File /usr/lib/vold/nsdap/runsniff... OK. Not found.
[20:53:17]   - File /usr/lib/lpset... OK. Not found.
[20:53:17]   - Directory /usr/lib/vold/nsdap... OK. Not found.
[20:53:17] *** Start scan Optic Kit (Tux) ***
[20:53:17]   - Directory /dev/tux... OK. Not found.
[20:53:17]   - Directory /usr/bin/xchk... OK. Not found.
[20:53:17]   - Directory /usr/bin/xsf... OK. Not found.
[20:53:17]   - Directory /usr/bin/ssh2d... OK. Not found.
[20:53:17] *** Start scan Oz Rootkit ***
[20:53:17]   - File /dev/.oz/.nap/rkit/terror... OK. Not found.
[20:53:17]   - Directory /dev/.oz... OK. Not found.
[20:53:17] *** Start scan Portacelo ***
[20:53:17]   - File /var/lib/.../.ak... OK. Not found.
[20:53:17]   - File /var/lib/.../.hk... OK. Not found.
[20:53:17]   - File /var/lib/.../.rs... OK. Not found.
[20:53:17]   - File /var/lib/.../.p... OK. Not found.
[20:53:17]   - File /var/lib/.../getty... OK. Not found.
[20:53:17]   - File /var/lib/.../lkt.o... OK. Not found.
[20:53:17]   - File /var/lib/.../show... OK. Not found.
[20:53:17]   - File /var/lib/.../nlkt.o... OK. Not found.
[20:53:17]   - File /var/lib/.../ssshrc... OK. Not found.
[20:53:17]   - File /var/lib/.../sssh_equiv... OK. Not found.
[20:53:17]   - File /var/lib/.../sssh_known_hosts... OK. Not found.
[20:53:17]   - File /var/lib/.../sssh_pid... OK. Not found.
[20:53:17]   - File ~/.sssh/known_hosts... OK. Not found.
[20:53:17] *** Start scan R3dstorm Toolkit ***
[20:53:17]   - File /var/log/tk02/see_all... OK. Not found.
[20:53:17]   - File /bin/.../sshd/sbin/sshd1... OK. Not found.
[20:53:17]   - File /bin/.../hate/sk... OK. Not found.
[20:53:17]   - File /bin/.../see_all... OK. Not found.
[20:53:17]   - Directory /var/log/tk02... OK. Not found.
[20:53:17]   - Directory /var/log/tk02/old... OK. Not found.
[20:53:17]   - Directory /bin/...... OK. Not found.
[20:53:17] *** Start scan RH-Sharpe's rootkit ***
[20:53:17]   - File /bin/lps... OK. Not found.
[20:53:17]   - File /usr/bin/lpstree... OK. Not found.
[20:53:17]   - File /usr/bin/ltop... OK. Not found.
[20:53:17]   - File /usr/bin/lkillall... OK. Not found.
[20:53:17]   - File /usr/bin/ldu... OK. Not found.
[20:53:17]   - File /usr/bin/lnetstat... OK. Not found.
[20:53:17]   - File /usr/bin/wp... OK. Not found.
[20:53:17]   - File /usr/bin/shad... OK. Not found.
[20:53:17]   - File /usr/bin/vadim... OK. Not found.
[20:53:17]   - File /usr/bin/slice... OK. Not found.
[20:53:17]   - File /usr/bin/cleaner... OK. Not found.
[20:53:17]   - File /usr/include/rpcsvc/du... OK. Not found.
[20:53:17] *** Start scan RSHA's rootkit ***
[20:53:17]   - File /bin/kr4p... OK. Not found.
[20:53:17]   - File /usr/bin/n3tstat... OK. Not found.
[20:53:17]   - File /usr/bin/chsh2... OK. Not found.
[20:53:17]   - File /usr/bin/slice2... OK. Not found.
[20:53:17]   - File /usr/src/linux/arch/alpha/lib/.lib/.1proc... OK. Not found.
[20:53:17]   - File /etc/rc.d/arch/alpha/lib/.lib/.1addr... OK. Not found.
[20:53:17]   - Directory /etc/rc.d/rsha... OK. Not found.
[20:53:17]   - Directory /etc/rc.d/arch/alpha/lib/.lib... OK. Not found.
[20:53:17] Debug: Sebek LKM
[20:53:17] *** Start scan Scalper Worm ***
[20:53:17]   - File /tmp/.a... OK. Not found.
[20:53:17]   - File /tmp/.uua... OK. Not found.
[20:53:17] *** Start scan Shutdown ***
[20:53:17]   - File /usr/man/man5/.. /.dir/scannah/asus... OK. Not found.
[20:53:17]   - File /usr/man/man5/.. /.dir/see... OK. Not found.
[20:53:17]   - File /usr/man/man5/.. /.dir/nscd... OK. Not found.
[20:53:17]   - File /usr/man/man5/.. /.dir/alpd... OK. Not found.
[20:53:17]   - File /etc/rc.d/rc.local ... OK. Not found.
[20:53:17]   - Directory /usr/man/man5/.. /.dir/... OK. Not found.
[20:53:17]   - Directory /usr/man/man5/.. /.dir/scannah... OK. Not found.
[20:53:17]   - Directory /etc/rc.d/rc0.d/.. /.dir... OK. Not found.
[20:53:17] *** Start scan SHV4 ***
[20:53:17]   - File /etc/ld.so.hash... OK. Not found.
[20:53:17]   - File /lib/libext-2.so.7... OK. Not found.
[20:53:18]   - File /lib/lidps1.so... OK. Not found.
[20:53:18]   - File /usr/sbin/xntps... OK. Not found.
[20:53:18]   - Directory /lib/security/.config... OK. Not found.
[20:53:18]   - Directory /lib/security/.config/ssh... OK. Not found.
[20:53:18] *** Start scan SHV5 ***
[20:53:18]   - File /etc/sh.conf... OK. Not found.
[20:53:18]   - File /dev/srd0... OK. Not found.
[20:53:18]   - Directory /usr/lib/libsh... OK. Not found.
[20:53:18] *** Start scan Sin Rootkit ***
[20:53:18]   - File /dev/.haos/haos1/.f/Denyed... OK. Not found.
[20:53:18]   - File /dev/ttyoa... OK. Not found.
[20:53:18]   - File /dev/ttyof... OK. Not found.
[20:53:18]   - File /dev/ttyop... OK. Not found.
[20:53:18]   - File /dev/ttyos... OK. Not found.
[20:53:18]   - File /usr/lib/.lib... OK. Not found.
[20:53:18]   - File /usr/lib/sn/.X... OK. Not found.
[20:53:18]   - File /usr/lib/sn/.sys... OK. Not found.
[20:53:18]   - File /usr/lib/ld/.X... OK. Not found.
[20:53:18]   - File /usr/man/man1/...... OK. Not found.
[20:53:18]   - File /usr/man/man1/.../.m... OK. Not found.
[20:53:18]   - File /usr/man/man1/.../.w... OK. Not found.
[20:53:18]   - Directory /usr/lib/sn... OK. Not found.
[20:53:18]   - Directory /usr/lib/man1/...... OK. Not found.
[20:53:18]   - Directory /dev/.haos... OK. Not found.
[20:53:18] *** Start scan Slapper ***
[20:53:18]   - File /tmp/.bugtraq... OK. Not found.
[20:53:18]   - File /tmp/.uubugtraq... OK. Not found.
[20:53:18]   - File /tmp/.bugtraq.c... OK. Not found.
[20:53:18]   - File /tmp/httpd... OK. Not found.
[20:53:18]   - File /tmp/.unlock... OK. Not found.
[20:53:18]   - File /tmp/update... OK. Not found.
[20:53:18]   - File /tmp/.cinik... OK. Not found.
[20:53:18]   - File /tmp/.b... OK. Not found.
[20:53:18] *** Start scan Sneakin Rootkit ***
[20:53:18]   - Directory /tmp/.X11-unix/.../rk... OK. Not found.
[20:53:18] *** Start scan Suckit Rootkit ***
[20:53:18]   - File /sbin/initsk12... OK. Not found.
[20:53:18]   - File /sbin/initxrk... OK. Not found.
[20:53:18]   - File /usr/bin/null... OK. Not found.
[20:53:18]   - File /usr/share/locale/sk/.sk12/sk... OK. Not found.
[20:53:18]   - File /etc/rc.d/rc0.d/S23kmdac... OK. Not found.
[20:53:18]   - File /etc/rc.d/rc1.d/S23kmdac... OK. Not found.
[20:53:18]   - File /etc/rc.d/rc2.d/S23kmdac... OK. Not found.
[20:53:18]   - File /etc/rc.d/rc3.d/S23kmdac... OK. Not found.
[20:53:18]   - File /etc/rc.d/rc4.d/S23kmdac... OK. Not found.
[20:53:18]   - File /etc/rc.d/rc5.d/S23kmdac... OK. Not found.
[20:53:18]   - File /etc/rc.d/rc6.d/S23kmdac... OK. Not found.
[20:53:18]   - Directory /dev/sdhu0/tehdrakg... OK. Not found.
[20:53:18]   - Directory /etc/.MG... OK. Not found.
[20:53:18]   - Directory /usr/share/locale/sk/.sk12... OK. Not found.
[20:53:18]   - Directory /usr/lib/perl5/site_perl/i386-linux/auto/TimeDate/.packlist... OK. Not found.
[20:53:18] *** Start scan SunOS Rootkit ***
[20:53:18]   - File /etc/ld.so.hash... OK. Not found.
[20:53:18]   - File /lib/libext-2.so.7... OK. Not found.
[20:53:18]   - File /usr/bin/ssh2d... OK. Not found.
[20:53:18]   - File /bin/xlogin... OK. Not found.
[20:53:18]   - File /usr/lib/crth.o... OK. Not found.
[20:53:18]   - File /usr/lib/crtz.o... OK. Not found.
[20:53:18]   - File /sbin/login... OK. Not found.
[20:53:18]   - File /lib/security/.config/sn... OK. Not found.
[20:53:18]   - File /lib/security/.config/lpsched... OK. Not found.
[20:53:18]   - File /dev/kmod... OK. Not found.
[20:53:18]   - File /dev/dos... OK. Not found.
[20:53:18] *** Start scan Superkit ***
[20:53:18]   - File /usr/man/.sman/sk... OK. Not found.
[20:53:18] *** Start scan TBD (Telnet BackDoor) ***
[20:53:18]   - File /usr/lib/.tbd... OK. Not found.
[20:53:18] *** Start scan TeLeKiT ***
[20:53:18]   - File /usr/man/man3/.../TeLeKiT/bin/sniff... OK. Not found.
[20:53:18]   - File /usr/man/man3/.../TeLeKiT/bin/telnetd... OK. Not found.
[20:53:18]   - File /usr/man/man3/.../TeLeKiT/bin/teleulo... OK. Not found.
[20:53:18]   - File /usr/man/man3/.../cl... OK. Not found.
[20:53:18]   - File /dev/ptyr... OK. Not found.
[20:53:18]   - File /dev/ptyp... OK. Not found.
[20:53:18]   - File /dev/ptyq... OK. Not found.
[20:53:18]   - File /dev/hda06... OK. Not found.
[20:53:18]   - File /usr/info/libc1.so... OK. Not found.
[20:53:18]   - Directory /usr/man/man3/...... OK. Not found.
[20:53:18]   - Directory /usr/man/man3/.../lsniff... OK. Not found.
[20:53:18]   - Directory /usr/man/man3/.../TeLeKiT... OK. Not found.
[20:53:18] *** Start scan T0rn Rootkit ***
[20:53:18]   - File /dev/.lib/lib/lib/t0rns... OK. Not found.
[20:53:18]   - File /dev/.lib/lib/lib/du... OK. Not found.
[20:53:18]   - File /dev/.lib/lib/lib/ls... OK. Not found.
[20:53:18]   - File /dev/.lib/lib/lib/t0rnsb... OK. Not found.
[20:53:18]   - File /dev/.lib/lib/lib/ps... OK. Not found.
[20:53:18]   - File /dev/.lib/lib/lib/t0rnp... OK. Not found.
[20:53:18]   - File /dev/.lib/lib/lib/find... OK. Not found.
[20:53:18]   - File /dev/.lib/lib/lib/ifconfig... OK. Not found.
[20:53:18]   - File /dev/.lib/lib/lib/pg... OK. Not found.
[20:53:18]   - File /dev/.lib/lib/lib/ssh.tgz... OK. Not found.
[20:53:18]   - File /dev/.lib/lib/lib/top... OK. Not found.
[20:53:18]   - File /dev/.lib/lib/lib/sz... OK. Not found.
[20:53:18]   - File /dev/.lib/lib/lib/login... OK. Not found.
[20:53:18]   - File /dev/.lib/lib/lib/in.fingerd... OK. Not found.
[20:53:18]   - File /dev/.lib/lib/lib/1i0n.sh... OK. Not found.
[20:53:18]   - File /dev/.lib/lib/lib/pstree... OK. Not found.
[20:53:18]   - File /dev/.lib/lib/lib/in.telnetd... OK. Not found.
[20:53:18]   - File /dev/.lib/lib/lib/mjy... OK. Not found.
[20:53:18]   - File /dev/.lib/lib/lib/sush... OK. Not found.
[20:53:18]   - File /dev/.lib/lib/lib/tfn... OK. Not found.
[20:53:18]   - File /dev/.lib/lib/lib/name... OK. Not found.
[20:53:18]   - File /dev/.lib/lib/lib/getip.sh... OK. Not found.
[20:53:18]   - File /usr/info/.torn/sh*... OK. Not found.
[20:53:18]   - File /usr/src/.puta/... OK. Not found.
[20:53:18]   - File /usr/src/.puta/.1addr... OK. Not found.
[20:53:18]   - File /usr/src/.puta/.1file... OK. Not found.
[20:53:18]   - File /usr/src/.puta/.1proc... OK. Not found.
[20:53:18]   - File /usr/src/.puta/.1logz... OK. Not found.
[20:53:18]   - File /usr/info/.t0rn/... OK. Not found.
[20:53:18]   - Directory /dev/.lib/... OK. Not found.
[20:53:18]   - Directory /dev/.lib/lib/... OK. Not found.
[20:53:18]   - Directory /dev/.lib/lib/lib/... OK. Not found.
[20:53:18]   - Directory /dev/.lib/lib/lib/dev/... OK. Not found.
[20:53:18]   - Directory /dev/.lib/lib/scan/... OK. Not found.
[20:53:18]   - Directory /usr/src/.puta/... OK. Not found.
[20:53:18]   - Directory /usr/man/man1/man1/... OK. Not found.
[20:53:18]   - Directory /usr/man/man1/man1/lib/... OK. Not found.
[20:53:18]   - Directory /usr/man/man1/man1/lib/.lib/... OK. Not found.
[20:53:18]   - Directory /usr/man/man1/man1/lib/.lib/.backup/... OK. Not found.
[20:53:18] *** Start scan Trojanit Kit ***
[20:53:18]   - File /bin/.ls... OK. Not found.
[20:53:18]   - File /bin/.ps... OK. Not found.
[20:53:18]   - File /bin/.netstat... OK. Not found.
[20:53:18]   - File /usr/bin/.nop... OK. Not found.
[20:53:19]   - File /usr/bin/.who... OK. Not found.
[20:53:19] *** Start scan Tuxtendo ***
[20:53:19]   - File /dev/tux/.addr... OK. Not found.
[20:53:19]   - File /dev/tux/.cron... OK. Not found.
[20:53:19]   - File /dev/tux/.file... OK. Not found.
[20:53:19]   - File /dev/tux/.log... OK. Not found.
[20:53:19]   - File /dev/tux/.proc... OK. Not found.
[20:53:19]   - File /dev/tux/backup/crontab... OK. Not found.
[20:53:19]   - File /dev/tux/backup/df... OK. Not found.
[20:53:19]   - File /dev/tux/backup/dir... OK. Not found.
[20:53:19]   - File /dev/tux/backup/find... OK. Not found.
[20:53:19]   - File /dev/tux/backup/ifconfig... OK. Not found.
[20:53:19]   - File /dev/tux/backup/locate... OK. Not found.
[20:53:19]   - File /dev/tux/backup/netstat... OK. Not found.
[20:53:19]   - File /dev/tux/backup/ps... OK. Not found.
[20:53:19]   - File /dev/tux/backup/pstree... OK. Not found.

Last edited by unSpawn; 06-11-2008 at 06:38 AM. Reason: BB code tags
 
Old 06-10-2008, 01:58 PM   #12
frenchn00b
Senior Member
 
Registered: Jun 2007
Location: E.U., Mountains :-)
Distribution: Debian, Etch, the greatest
Posts: 2,546

Original Poster
Rep: Reputation: 57
Code:
[20:53:19]   - File /dev/tux/backup/syslogd... OK. Not found.
[20:53:19]   - File /dev/tux/backup/tcpd... OK. Not found.
[20:53:19]   - File /dev/tux/backup/top... OK. Not found.
[20:53:19]   - File /dev/tux/backup/updatedb... OK. Not found.
[20:53:19]   - File /dev/tux/backup/vdir... OK. Not found.
[20:53:19]   - Directory /dev/tux... OK. Not found.
[20:53:19]   - Directory /dev/tux/ssh2... OK. Not found.
[20:53:19]   - Directory /dev/tux/backup... OK. Not found.
[20:53:19] *** Start scan URK ***
[20:53:19]   - File /usr/man/man1/xxxxxxbin/find... OK. Not found.
[20:53:19]   - File /usr/man/man1/xxxxxxbin/du... OK. Not found.
[20:53:19]   - File /usr/man/man1/xxxxxxbin/ps... OK. Not found.
[20:53:19]   - File /tmp/conf.inf... OK. Not found.
[20:53:19]   - Directory /usr/man/man1/xxxxxxbin... OK. Not found.
[20:53:19] *** Start scan VcKit ***
[20:53:19]   - Directory /usr/include/linux/modules/lib.so... OK. Not found.
[20:53:19]   - Directory /usr/include/linux/modules/lib.so/bin... OK. Not found.
[20:53:19] *** Start scan Volc Rootkit ***
[20:53:19]   - Directory /var/spool/.recent... OK. Not found.
[20:53:19]   - Directory /var/spool/.recent/.files... OK. Not found.
[20:53:19]   - Directory /usr/lib/volc... OK. Not found.
[20:53:19]   - Directory /usr/lib/volc/backup... OK. Not found.
[20:53:19] *** Start scan X-Org SunOS Rootkit ***
[20:53:19]   - File /usr/lib/libX.a/bin/tmpfl... OK. Not found.
[20:53:19]   - File /usr/lib/libX.a/bin/rps... OK. Not found.
[20:53:19]   - File /usr/bin/srload... OK. Not found.
[20:53:19]   - File /usr/lib/libX.a/bin/sparcv7/rps... OK. Not found.
[20:53:19]   - File /usr/sbin/modcheck... OK. Not found.
[20:53:19]   - Directory /usr/lib/libX.a... OK. Not found.
[20:53:19]   - Directory /usr/lib/libX.a/bin... OK. Not found.
[20:53:19]   - Directory /usr/lib/libX.a/bin/sparcv7... OK. Not found.
[20:53:19]   - Directory /usr/share/man...... OK. Not found.
[20:53:19] *** Start scan zaRwT.KiT Rootkit ***
[20:53:19]   - File /dev/rd/s/sendmeil... OK. Not found.
[20:53:19]   - File /dev/ttyf... OK. Not found.
[20:53:19]   - File /dev/ttyp... OK. Not found.
[20:53:19]   - File /dev/ttyn... OK. Not found.
[20:53:19]   - File /rk/tulz... OK. Not found.
[20:53:19]   - Directory /rk... OK. Not found.
[20:53:19]   - Directory /dev/rd/s... OK. Not found.
[20:53:19] ------------------------------ Malware ------------------------------
[20:53:19] Start scan for common used known (and unknown) rootkit files...
[20:53:19] [Start string tests]
[20:53:19] /sbin/init clean (string: /dev/proc/fuckit)
[20:53:19] /sbin/init clean (string: FUCK)
[20:53:19] /sbin/init clean (string: backdoor)
[20:53:19] /bin/login clean (string: vt200)
[20:53:19] /bin/login clean (string: /usr/bin/xstat)
[20:53:19] /bin/login clean (string: /bin/envpc)
[20:53:19] /bin/login clean (string: l4m3r0x)
[20:53:19] /bin/login clean (string: /usr/lib/.tbd)
[20:53:19] /bin/ls clean (string: /dev/ptyxx/.file)
[20:53:19] /bin/ls clean (string: /dev/sgk)
[20:53:19] /bin/ls clean (string: /var/lock/subsys/...datafile...)
[20:53:19] /bin/ls clean (string: /usr/lib/.tbd)
[20:53:19] /bin/netstat clean (string: /dev/proc/fuckit)
[20:53:19] /bin/netstat clean (string: /lib/.sso)
[20:53:19] /bin/netstat clean (string: /var/lock/subsys/...datafile...)
[20:53:19] /bin/netstat clean (string: /dev/caca)
[20:53:19] /bin/netstat clean (string: /dev/ttyoa)
[20:53:19] /bin/netstat clean (string: syg)
[20:53:20] /bin/ps clean (string: /dev/pts/01)
[20:53:20] /bin/ps clean (string: tw33dl3)
[20:53:20] /bin/ps clean (string: psniff)
[20:53:20] /bin/ps clean (string: /var/lock/subsys/...datafile...)
[20:53:20] /usr/sbin/rpc.nfsd clean (string: cant open log)
[20:53:20] /usr/sbin/rpc.nfsd clean (string: sniff.pid)
[20:53:20] /usr/sbin/rpc.nfsd clean (string: tcp.log)
[20:53:20] /usr/sbin/sshd clean (string: /dev/ptyxx)
[20:53:20] /sbin/syslogd clean (string: promiscuous)
[20:53:20] /sbin/syslogd clean (string: /usr/lib/.tbd)
[20:53:20] /usr/sbin/tcpd clean (string: /dev/xdta)
[20:53:20] /usr/bin/top clean (string: /usr/lib/.tbd)
[20:53:20] All files are OK
[20:53:20] [End string tests]
[20:53:20] Scanning for presence of /dev/sdr0 (file)... OK (not found)
[20:53:20] Scanning for presence of /tmp/.syshackfile (file)... OK (not found)
[20:53:20] Scanning for presence of /tmp/.bash_history (file)... OK (not found)
[20:53:20] Scanning for presence of /usr/info/.clib (file)... OK (not found)
[20:53:20] Scanning for presence of /usr/sbin/tcp.log (file)... OK (not found)
[20:53:20] Scanning for presence of /usr/bin/take/pid (file)... OK (not found)
[20:53:20] Scanning for presence of /sbin/create (file)... OK (not found)
[20:53:20] Scanning for presence of /dev/ttypz (file)... OK (not found)
[20:53:20] Scanning for presence of /usr/bin/take (dir)... OK (not found)
[20:53:20] Scanning for presence of /usr/src/.lib (dir)... OK (not found)
[20:53:20] Scanning for presence of /usr/share/man/man1/.1c (dir)... OK (not found)
[20:53:20] Scanning for presence of /lib/lblip.tk (dir)... OK (not found)
[20:53:20] Scanning for presence of /usr/sbin/... (dir)... OK (not found)
[20:53:20] Scanning for presence of /usr/share/.gun (dir)... OK (not found)
[20:53:20] -------------------------- Open files tests ---------------------------
[20:53:20] Scanning running processes... OK
[20:53:21] Scanned for 'backdoor|adore.so|mod_rootme.so|phide_mod.o|lbk.ko|vlogger.o|cleaner.o|mod_klgr.o|hydra|hydra.restore'
[20:53:21] ----------------------- Login backdoors check -------------------------
[20:53:21] Checking /usr/X11R6/bin/.,/copy/... [ OK ] Not found
[20:53:21] Checking /dev/rd... [ OK ] Not found
[20:53:21] Scanning for software related files and intrusions...
[20:53:21] Checking /usr/lib/libice.log... [ OK ] Not found
[20:53:29] Skipped xinetd tests (not Linux or file doesn't exists)
[20:53:29] Checking /usr/bin/netstat... Not found
[20:53:29] Checking /bin/ps... [ OK ]
[20:53:29] Checking /bin/ls... [ OK ]
[20:53:29] Checking /usr/bin/w... [ OK ]
[20:53:29] Checking /usr/bin/who... [ OK ]
[20:53:29] Checking /bin/netstat... [ OK ]
[20:53:29] Checking /usr/bin/netstat... Not found
[20:53:29] Checking /bin/login... [ OK ]
[20:53:29] --------------------------- File attributes ---------------------------
[20:53:29] Checking /usr/sbin file attributes
[20:53:30] Checking /usr/bin file attributes
[20:53:38] Checking /usr/local/bin file attributes
[20:53:38] Checking /usr/local/sbin file attributes
[20:53:38] Checking /bin file attributes
[20:53:39] Checking /sbin file attributes
[20:53:39] Checking /sw/bin file attributes
[20:53:39] Checking /usr/local/libexec file attributes
[20:53:39] Checking /usr/libexec file attributes
[20:53:39] ----------------------------- LKM modules -----------------------------
[20:53:40] ------------------------------- Backdoors -----------------------------
[20:53:41] Checking network interfaces (promiscuous mode)... [ OK ]
[20:53:41] Performed successful test with `ip`
[20:53:41] ---------------------------- System checks ----------------------------
[20:53:41] Checking for passwordless user accounts... 
[20:53:41] ---------------------------- History files ----------------------------
[20:53:42] Start scanning for hidden files in /dev...
[20:53:42] Value of hiddendirs: /dev/.static
/dev/.udev
/dev/.initramfs
/dev/.initramfs-tools
[20:53:42] End of scanning /dev
[20:53:42] Start scanning for hidden files in /bin...
[20:53:42] Value of hiddendirs: 
[20:53:42] End of scanning /bin
[20:53:42] Start scanning for hidden files in /usr...
[20:53:42] Value of hiddendirs: 
[20:53:42] End of scanning /usr
[20:53:42] Start scanning for hidden files in /usr/man...
[20:53:42] End of scanning /usr/man
[20:53:42] Start scanning for hidden files in /usr/man/man1...
[20:53:42] End of scanning /usr/man/man1
[20:53:42] Start scanning for hidden files in /usr/man/man8...
[20:53:42] End of scanning /usr/man/man8
[20:53:42] Start scanning for hidden files in /usr/bin...
[20:53:42] Value of hiddendirs: /usr/bin/.autoscanning.swp
[20:53:42] End of scanning /usr/bin
[20:53:42] Start scanning for hidden files in /usr/sbin...
[20:53:42] Value of hiddendirs: 
[20:53:42] End of scanning /usr/sbin
[20:53:42] Start scanning for hidden files in /sbin...
[20:53:42] Value of hiddendirs: 
[20:53:42] End of scanning /sbin
[20:53:42] Start scanning for hidden files in /etc...
[20:53:42] Value of hiddendirs: /etc/.pwd.lock
/etc/.java
[20:53:42] End of scanning /etc
[20:53:42] Hidden file/dir /etc/.pwd.lock [empty] seems to be OK
[20:53:42] Added /etc/.java (directory) to list of unknown hidden files/dirs
[20:53:42] Added /usr/bin/.autoscanning.swp (data) to list of unknown hidden files/dirs
[20:53:42] Added /dev/.static (directory) to list of unknown hidden files/dirs
[20:53:42] Added /dev/.udev (directory) to list of unknown hidden files/dirs
[20:53:42] Added /dev/.initramfs (directory) to list of unknown hidden files/dirs
[20:53:42] Hidden file/dir /dev/.initramfs-tools [empty] seems to be OK
[20:53:42] WARNING, found:  /etc/.java (directory)  /usr/bin/.autoscanning.swp (data)  /dev/.static (directory)  /dev/.udev (directory)  /dev/.initramfs (directory) 
[20:53:50] ------------------------ Application advisories -----------------------
[20:53:50] Checking Apache2 modules in /etc/apache2/mods-enabled /etc/apache2/mods-enabled/alias.load... OK
[20:53:50] Checking Apache2 modules in /etc/apache2/mods-enabled /etc/apache2/mods-enabled/auth_basic.load... OK
[20:53:50] Checking Apache2 modules in /etc/apache2/mods-enabled /etc/apache2/mods-enabled/authn_file.load... OK
[20:53:50] Checking Apache2 modules in /etc/apache2/mods-enabled /etc/apache2/mods-enabled/authz_default.load... OK
[20:53:50] Checking Apache2 modules in /etc/apache2/mods-enabled /etc/apache2/mods-enabled/authz_groupfile.load... OK
[20:53:50] Checking Apache2 modules in /etc/apache2/mods-enabled /etc/apache2/mods-enabled/authz_host.load... OK
[20:53:50] Checking Apache2 modules in /etc/apache2/mods-enabled /etc/apache2/mods-enabled/authz_user.load... OK
[20:53:50] Checking Apache2 modules in /etc/apache2/mods-enabled /etc/apache2/mods-enabled/autoindex.load... OK
[20:53:50] Checking Apache2 modules in /etc/apache2/mods-enabled /etc/apache2/mods-enabled/cgi.load... OK
[20:53:50] Checking Apache2 modules in /etc/apache2/mods-enabled /etc/apache2/mods-enabled/dir.conf... OK
[20:53:50] Checking Apache2 modules in /etc/apache2/mods-enabled /etc/apache2/mods-enabled/dir.load... OK
[20:53:50] Checking Apache2 modules in /etc/apache2/mods-enabled /etc/apache2/mods-enabled/env.load... OK
[20:53:50] Checking Apache2 modules in /etc/apache2/mods-enabled /etc/apache2/mods-enabled/mime.load... OK
[20:53:50] Checking Apache2 modules in /etc/apache2/mods-enabled /etc/apache2/mods-enabled/negotiation.load... OK
[20:53:50] Checking Apache2 modules in /etc/apache2/mods-enabled /etc/apache2/mods-enabled/setenvif.load... OK
[20:53:50] Checking Apache2 modules in /etc/apache2/mods-enabled /etc/apache2/mods-enabled/status.load... OK
[20:53:50] ---------------------- Application version check ----------------------
[20:53:50] ----------------------------------------------------------
[20:53:50] Scanning Exim%%MTA...
[20:53:50] Application not found
[20:53:50] ----------------------------------------------------------
[20:53:50] Scanning GnuPG...
[20:53:51] /usr/bin/gpg found
[20:53:51] No information available. Unknown version number
[20:53:51] ----------------------------------------------------------
[20:53:51] Scanning Apache...
[20:53:51] Application not found
[20:53:51] ----------------------------------------------------------
[20:53:51] Scanning Bind%%DNS...
[20:53:51] Application not found
[20:53:51] ----------------------------------------------------------
[20:53:51] Scanning OpenSSL...
[20:53:51] /usr/bin/openssl found
[20:53:51] No information available. Unknown version number
[20:53:51] ----------------------------------------------------------
[20:53:51] Scanning PHP...
[20:53:51] /usr/bin/php found
[20:53:51] No information available. Unknown version number
[20:53:51] ----------------------------------------------------------
[20:53:51] Scanning Procmail%%MTA...
[20:53:51] /usr/bin/procmail found
[20:53:51] Version 3.22 is available in non-vulnerable group and seems to be OK!
[20:53:51] ----------------------------------------------------------
[20:53:51] Scanning ProFTPd...
[20:53:51] Application not found
[20:53:51] ----------------------------------------------------------
[20:53:51] Scanning OpenSSH...
[20:53:51] /usr/sbin/sshd found
[20:53:51] No information available. Unknown version number
[20:53:51] ------------------------- Security advisories -------------------------
[20:53:51] Info: Found 'PermitRootLogin no' or 'PermitRootLogin without-password' in SSH configuration file /etc/ssh/sshd_config
[20:53:57] MD5 scan skipped
[20:53:57] Rootkits scanned for: 55808 Trojan - Variant A, AjaKit, aPa Kit, Apache Worm, Ambient (ark) Rootkit, Balaur Rootkit, BeastKit, beX2, BOBKit, CiNIK Worm (Slapper.B variant), Danny-Boy's Abuse Kit, Devil RootKit, Dica, Dreams Rootkit, Duarawkz, Flea Linux Rootkit, FreeBSD Rootkit, Fuck`it Rootkit, GasKit, Heroin LKM, HjC Kit, ignoKit, ImperalsS-FBRK, Irix Rootkit, Kitko, Knark, Li0n Worm, Lockit / LJK2, MRK, Ni0 Rootkit, RootKit for SunOS / NSDAP, Optic Kit (Tux), Oz Rootkit, Portacelo, R3dstorm Toolkit, RH-Sharpe's rootkit, RSHA's rootkit, Scalper Worm, Shutdown, SHV4, SHV5, Sin Rootkit, Slapper, Sneakin Rootkit, Suckit Rootkit, SunOS Rootkit, Superkit, TBD (Telnet BackDoor), TeLeKiT, T0rn Rootkit, Trojanit Kit, Tuxtendo, URK, VcKit, Volc Rootkit, X-Org SunOS Rootkit, zaRwT.KiT Rootkit
[20:53:57] 0 vulnerable applications found

Last edited by unSpawn; 06-11-2008 at 06:42 AM. Reason: BB code tags
 
Old 06-10-2008, 02:53 PM   #13
farslayer
LQ Guru
 
Registered: Oct 2005
Location: Northeast Ohio
Distribution: linuxdebian
Posts: 7,243
Blog Entries: 5

Rep: Reputation: 190Reputation: 190
Quote:
Sensible-mda is a Debian addition in the sendmail package and has been split out in hopes that it might be useful for other MTA packages.

Sensible-mda is called by the MTA, and will in turn call whichever of the following MDAs that it finds (in this order): procmail, maildrop, deliver, mail.local
So it looks like something you installed is attempting to send an email using this sendmail wrapper which you do not have installed so it is just spewing errors like mad..
Code:
username@it-etch:~$ aptitude search sensible-mda
p   sensible-mda                    - Mail Delivery Agent wrapper
Easy way to cure the error would be to simply install sensible-mda.. the question then is what is trying to use it ?
I didn't bother to look at what it was that you recently manually installed.. what is that package supposed to be/do ?

Torrent software, Automated burning/archiving software, Jail software.. are you building some sort of high volume warez repository ? ?

Last edited by farslayer; 06-10-2008 at 02:57 PM.
 
Old 06-10-2008, 03:03 PM   #14
frenchn00b
Senior Member
 
Registered: Jun 2007
Location: E.U., Mountains :-)
Distribution: Debian, Etch, the greatest
Posts: 2,546

Original Poster
Rep: Reputation: 57
Quote:
Originally Posted by farslayer View Post
So it looks like something you installed is attempting to send an email using this sendmail wrapper which you do not have installed so it is just spewing errors like mad..
Code:
username@it-etch:~$ aptitude search sensible-mda
p   sensible-mda                    - Mail Delivery Agent wrapper
Easy way to cure the error would be to simply install sensible-mda.. the question then is what is trying to use it ?
I didn't bother to look at what it was that you recently manually installed.. what is that package supposed to be/do ?

Torrent software, Automated burning/archiving software, Jail software.. are you building some sort of high volume warez repository ? ?
not not not at all.

- ktorrent was to first give a try. I downloaded a elive linux to try it.
- burning since I have had a big big crash of one harddisk, and cannot recover it !!
just because in my fstab I put 0 0
instead of 0 1
(I need space due to photorec)

- and finally jail was to get more security for my ssh.

well as you may see, all tentatives even positive :
Sucked

Sad to say.
 
Old 06-10-2008, 07:52 PM   #15
farslayer
LQ Guru
 
Registered: Oct 2005
Location: Northeast Ohio
Distribution: linuxdebian
Posts: 7,243
Blog Entries: 5

Rep: Reputation: 190Reputation: 190
Had to ask was an interesting group of programs mentioned in the thread....
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
disk space full because alot of files in /var/spool/clientmqueue folder k0nsole.c Linux - Software 4 03-21-2016 09:26 AM
Can Samhain log my entries in /var/log/secure and /var/log/mesage to a central server abefroman Linux - Software 2 04-13-2008 04:13 PM
/var/log/messages filling up space. Asim Ahmed Linux - Newbie 1 04-09-2008 01:10 AM
First full update for Debian Etch (stable) jens Debian 1 08-17-2007 05:10 PM
/var/log/messages going crazy -- udev Poetics Slackware 7 01-21-2006 01:49 PM

LinuxQuestions.org > Forums > Linux Forums > Linux - Distributions > Debian

All times are GMT -5. The time now is 09:46 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration