LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Linux - Security (https://www.linuxquestions.org/questions/linux-security-4/)
-   -   tiger report ? (https://www.linuxquestions.org/questions/linux-security-4/tiger-report-419005/)

divukman 02-24-2006 03:27 AM
tiger report ?
 
Hi all,

I have this situation ;) One home server and only ports open to the world are 80 and 25 (and irc-dancerd 'till today)... I've recently installed some security related tools (such as nessus)... Well to get to the point, this morning tiger reported

Code:
From: "Tiger automatic auditor at localhost.localdomain" <root@localhost.localdomain>
To: mito@mito.homelinux.org
Subject: Tiger Auditing Report for localhost.localdomain
Date: Fri, 24 Feb 2006 08:00:24 +0100

# Running chkrootkit (/usr/sbin/chkrootkit) to perform further checks...
NEW: --WARN-- [rootkit004w] Chkrootkit has detected a possible rootkit installation
NEW: Warning: Possible LKM Trojan installed
# Checking for existence of log files...
# Checking running processes
# Performing common access checks for root (in /etc/default/login, /securetty, and /etc/ttytab...
Why would tiger report this, since possibility of rootkit is (as I see it) near 0 (unless I did some sleep-walking)?

ps some googling said it could be a false report, and running manually chkrootkit finds nothing suspicious...however I'm puzzled as to what caused it

satinet 02-24-2006 04:23 AM
well, i would think it's just that - a false report.

it looks like the automatic root kit detector isn't finding anything anyway.

software like this can be a bit jumpy...


All times are GMT -5. The time now is 12:41 AM.