I ran chrootkit and found the following:
Checking `amd'... not found
Checking `ldsopreload'... can't exec ./strings-static, not tested
Checking `sniffer'... eth0: PF_PACKET(/sbin/dhclient)
then I ran nmap and found the following:
Starting nmap 3.50 (
http://www.insecure.org/nmap/ ) at 2004-07-13 10:55 EDT
Host localhost (127.0.0.1) appears to be up ... good.
Initiating SYN Stealth Scan against localhost (127.0.0.1) at 10:55
Adding open port 952/tcp
Adding open port 445/tcp
Adding open port 139/tcp
Adding open port 908/tcp
Adding open port 111/tcp
Adding open port 2049/tcp
Adding open port 25/tcp
Adding open port 6000/tcp
The SYN Stealth Scan took 2 seconds to scan 1659 ports.
Interesting ports on localhost (127.0.0.1):
(The 1651 ports scanned but not shown below are in state: closed)
PORT STATE SERVICE
25/tcp open smtp
111/tcp open rpcbind
139/tcp open netbios-ssn
445/tcp open microsoft-ds
908/tcp open unknown
952/tcp open unknown
2049/tcp open nfs
6000/tcp open X11
I have shorewall installed and just a few weeks ago i installed tripwire