LinuxQuestions.org
Visit Jeremy's Blog.
Home Forums Tutorials Articles Register
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
Reload this Page Understanding chkrootkit run output
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices


Reply
  Search this Thread
Old 07-05-2009, 03:26 AM   #1
ahartman
LQ Newbie
 
Registered: Jul 2009
Posts: 6

Rep: Reputation: 0
Understanding chkrootkit run output

Hello guys

The following is chkrootkits's run output lines
........
...............
...................
chkdirs: nothing detected
Checking `rexedcs'... not found
Checking `sniffer'... lo: not promisc and no packet sniffer sockets
eth0: PACKET SNIFFER(/sbin/dhclient3[2956])
Checking `w55808'... not infected
Checking `wted'... chkwtmp: nothing deleted
Checking `scalper'... not infected
Checking `slapper'... not infected
Checking `z2'... user usr1 deleted or never logged from lastlog!
usr1@njac:~$

Can you comment on the following:

What is this emphasized line about eth0 ?

What is this about 'usr1' being deleted (last line)

Arye
 
Old 07-05-2009, 03:53 AM   #2
jschiwal
LQ Guru
 
Registered: Aug 2001
Location: Fargo, ND
Distribution: SuSE AMD64
Posts: 15,733

Rep: Reputation: 682Reputation: 682Reputation: 682Reputation: 682Reputation: 682Reputation: 682
See if you can validate the dhclient3 program. And check the logs for this usr1 user.

I don't know if dhclient operates in promiscuous mode after receiving an IP address from the DHCP server. You will want to read "/usr/share/doc/chkrootkit/README.FALSE-POSITIVES" if it exists. I've found many posts about false positives for dhclient3 because it is a program that legitimately operates in promiscuous mode (sniffer mode).
 
  


Reply



Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Understanding the output of lspci kushalkoolwal Linux - Hardware 4 07-05-2006 11:35 PM
advice on chkrootkit -q output itaadmiraltyps Linux - Security 2 05-31-2006 11:02 PM
help me to understand the output of chkrootkit ddaas Linux - Security 2 04-19-2005 02:28 AM
Output of chkrootkit Toadman Linux - Security 2 08-14-2003 09:22 PM
Understanding CRON output lhoff Linux - General 1 05-19-2003 01:17 PM

LinuxQuestions.org > Forums > Linux Forums > Linux - Security

All times are GMT -5. The time now is 11:38 AM.

Contact Us - Advertising Info - Rules - Privacy - LQ Merchandise - Donations - Contributing Member - LQ Sitemap -
Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration