LinuxQuestions.org
Welcome to the most active Linux Forum on the web.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices


Reply
  Search this Thread
Old 01-30-2008, 12:45 AM   #1
jim.thornton
Member
 
Registered: May 2007
Posts: 430

Rep: Reputation: 19
Weird results from CHKrootkit


I think I've got some very wierd output from chkrootkit.

Code:
ROOTDIR is `/'
Checking `amd'... not found
Checking `basename'... not infected
Checking `biff'... not found
Checking `chfn'... not infected
Checking `chsh'... not infected
Checking `cron'... not infected
Checking `crontab'... not infected
Checking `date'... not infected
Checking `du'... not infected
Checking `dirname'... not infected
Checking `echo'... not infected
Checking `egrep'... not infected
Checking `env'... not infected
Checking `find'... not infected
Checking `fingerd'... not infected
Checking `gpm'... not found
Checking `grep'... not infected
Checking `hdparm'... not found
Checking `su'... not infected
Checking `ifconfig'... not infected
Checking `inetd'... not tested
Checking `inetdconf'... not found
Checking `identd'... not found
Checking `init'... not infected
Checking `killall'... not infected
Checking `ldsopreload'... can't exec ./strings-static, not tested
Checking `login'... not infected
Checking `ls'... not infected
Checking `lsof'... not infected
Checking `mail'... not infected
Checking `mingetty'... not infected
Checking `netstat'... not infected
Checking `named'... not infected
Checking `passwd'... not infected
Checking `pidof'... not infected
Checking `pop2'... not found
Checking `pop3'... not found
Checking `ps'... not infected
Checking `pstree'... not infected
Checking `rpcinfo'... not infected
Checking `rlogind'... not found
Checking `rshd'... not found
Checking `slogin'... not infected
Checking `sendmail'... not infected
Checking `sshd'... not infected
Checking `syslogd'... not infected
Checking `tar'... not infected
Checking `tcpd'... not infected
Checking `tcpdump'... not infected
Checking `top'... not infected
Checking `telnetd'... not found
Checking `timed'... not found
Checking `traceroute'... not infected
Checking `vdir'... not infected
Checking `w'... not infected
Checking `write'... not infected
Checking `aliens'... no suspect files
Searching for sniffer's logs, it may take a while... nothing found
Searching for HiDrootkit's default dir... nothing found
Searching for t0rn's default files and dirs... nothing found
Searching for t0rn's v8 defaults... nothing found
Searching for Lion Worm default files and dirs... nothing found
Searching for RSHA's default files and dir... nothing found
Searching for RH-Sharpe's default files... nothing found
Searching for Ambient's rootkit (ark) default files and dirs... nothing found
Searching for suspicious files and dirs, it may take a while...
/usr/lib/perl5/5.8.8/i386-linux-thread-multi/.packlist

Searching for LPD Worm files and dirs... nothing found
Searching for Ramen Worm files and dirs... nothing found
Searching for Maniac files and dirs... nothing found
Searching for RK17 files and dirs... nothing found
Searching for Ducoci rootkit... nothing found
Searching for Adore Worm... nothing found
Searching for ShitC Worm... nothing found
Searching for Omega Worm... nothing found
Searching for Sadmind/IIS Worm... nothing found
Searching for MonKit... nothing found
Searching for Showtee... nothing found
Searching for OpticKit... nothing found
Searching for T.R.K... nothing found
Searching for Mithra... nothing found
Searching for LOC rootkit... nothing found
Searching for Romanian rootkit... nothing found
Searching for HKRK rootkit... nothing found
Searching for Suckit rootkit... nothing found
Searching for Volc rootkit... nothing found
Searching for Gold2 rootkit... nothing found
Searching for TC2 Worm default files and dirs... nothing found
Searching for Anonoying rootkit default files and dirs... nothing found
Searching for ZK rootkit default files and dirs... nothing found
Searching for ShKit rootkit default files and dirs... nothing found
Searching for AjaKit rootkit default files and dirs... nothing found
Searching for zaRwT rootkit default files and dirs... nothing found
Searching for Madalin rootkit default files... nothing found
Searching for Fu rootkit default files... nothing found
Searching for ESRK rootkit default files... nothing found
Searching for rootedoor... nothing found
Searching for ENYELKM rootkit default files... nothing found
Searching for common ssh-scanners default files... nothing found
Searching for suspect PHP files...
/tmp/pear/cache/Archive_Tar-1.3.2/Archive/Tar.php
/tmp/pear/cache/PEAR-1.6.1/OS/Guess.php
/tmp/pear/cache/PEAR-1.6.1/System.php
/tmp/pear/cache/PEAR-1.6.1/scripts/peclcmd.php
/tmp/pear/cache/PEAR-1.6.1/scripts/pearcmd.php
/tmp/pear/cache/PEAR-1.6.1/PEAR.php
/tmp/pear/cache/PEAR-1.6.1/PEAR/DependencyDB.php
/tmp/pear/cache/PEAR-1.6.1/PEAR/PackageFile/Parser/v1.php
/tmp/pear/cache/PEAR-1.6.1/PEAR/PackageFile/Parser/v2.php
/tmp/pear/cache/PEAR-1.6.1/PEAR/PackageFile/v1.php
/tmp/pear/cache/PEAR-1.6.1/PEAR/PackageFile/v2.php
/tmp/pear/cache/PEAR-1.6.1/PEAR/PackageFile/Generator/v1.php
/tmp/pear/cache/PEAR-1.6.1/PEAR/PackageFile/Generator/v2.php
/tmp/pear/cache/PEAR-1.6.1/PEAR/PackageFile/v2/Validator.php
/tmp/pear/cache/PEAR-1.6.1/PEAR/PackageFile/v2/rw.php
/tmp/pear/cache/PEAR-1.6.1/PEAR/Common.php
/tmp/pear/cache/PEAR-1.6.1/PEAR/Command/Common.php
/tmp/pear/cache/PEAR-1.6.1/PEAR/Command/Package.php
/tmp/pear/cache/PEAR-1.6.1/PEAR/Command/Auth.php
/tmp/pear/cache/PEAR-1.6.1/PEAR/Command/Test.php
/tmp/pear/cache/PEAR-1.6.1/PEAR/Command/Config.php
/tmp/pear/cache/PEAR-1.6.1/PEAR/Command/Install.php
/tmp/pear/cache/PEAR-1.6.1/PEAR/Command/Mirror.php
/tmp/pear/cache/PEAR-1.6.1/PEAR/Command/Channels.php
/tmp/pear/cache/PEAR-1.6.1/PEAR/Command/Pickle.php
/tmp/pear/cache/PEAR-1.6.1/PEAR/Command/Build.php
/tmp/pear/cache/PEAR-1.6.1/PEAR/Command/Remote.php
/tmp/pear/cache/PEAR-1.6.1/PEAR/Command/Registry.php
/tmp/pear/cache/PEAR-1.6.1/PEAR/Downloader/Package.php
/tmp/pear/cache/PEAR-1.6.1/PEAR/Packager.php
/tmp/pear/cache/PEAR-1.6.1/PEAR/RunTest.php
/tmp/pear/cache/PEAR-1.6.1/PEAR/Frontend/CLI.php
/tmp/pear/cache/PEAR-1.6.1/PEAR/Frontend.php
/tmp/pear/cache/PEAR-1.6.1/PEAR/Installer.php
/tmp/pear/cache/PEAR-1.6.1/PEAR/ChannelFile/Parser.php
/tmp/pear/cache/PEAR-1.6.1/PEAR/Exception.php
/tmp/pear/cache/PEAR-1.6.1/PEAR/Installer/Role.php
/tmp/pear/cache/PEAR-1.6.1/PEAR/Installer/Role/Common.php
/tmp/pear/cache/PEAR-1.6.1/PEAR/Installer/Role/Php.php
/tmp/pear/cache/PEAR-1.6.1/PEAR/Installer/Role/Ext.php
/tmp/pear/cache/PEAR-1.6.1/PEAR/Installer/Role/Data.php
/tmp/pear/cache/PEAR-1.6.1/PEAR/Installer/Role/Test.php
/tmp/pear/cache/PEAR-1.6.1/PEAR/Installer/Role/Doc.php
/tmp/pear/cache/PEAR-1.6.1/PEAR/Installer/Role/Script.php
/tmp/pear/cache/PEAR-1.6.1/PEAR/Installer/Role/Src.php
/tmp/pear/cache/PEAR-1.6.1/PEAR/PackageFile.php
/tmp/pear/cache/PEAR-1.6.1/PEAR/ErrorStack.php
/tmp/pear/cache/PEAR-1.6.1/PEAR/Task/Replace/rw.php
/tmp/pear/cache/PEAR-1.6.1/PEAR/Task/Common.php
/tmp/pear/cache/PEAR-1.6.1/PEAR/Task/Windowseol.php
/tmp/pear/cache/PEAR-1.6.1/PEAR/Task/Windowseol/rw.php
/tmp/pear/cache/PEAR-1.6.1/PEAR/Task/Postinstallscript.php
/tmp/pear/cache/PEAR-1.6.1/PEAR/Task/Postinstallscript/rw.php
/tmp/pear/cache/PEAR-1.6.1/PEAR/Task/Unixeol/rw.php
/tmp/pear/cache/PEAR-1.6.1/PEAR/Task/Unixeol.php
/tmp/pear/cache/PEAR-1.6.1/PEAR/Task/Replace.php
/tmp/pear/cache/PEAR-1.6.1/PEAR/Command.php
/tmp/pear/cache/PEAR-1.6.1/PEAR/Config.php
/tmp/pear/cache/PEAR-1.6.1/PEAR/Dependency2.php
/tmp/pear/cache/PEAR-1.6.1/PEAR/Downloader.php
/tmp/pear/cache/PEAR-1.6.1/PEAR/Validator/PECL.php
/tmp/pear/cache/PEAR-1.6.1/PEAR/Autoloader.php
/tmp/pear/cache/PEAR-1.6.1/PEAR/REST.php
/tmp/pear/cache/PEAR-1.6.1/PEAR/Validate.php
/tmp/pear/cache/PEAR-1.6.1/PEAR/Remote.php
/tmp/pear/cache/PEAR-1.6.1/PEAR/Builder.php
/tmp/pear/cache/PEAR-1.6.1/PEAR/XMLParser.php
/tmp/pear/cache/PEAR-1.6.1/PEAR/ChannelFile.php
/tmp/pear/cache/PEAR-1.6.1/PEAR/Dependency.php
/tmp/pear/cache/PEAR-1.6.1/PEAR/Registry.php
/tmp/pear/cache/PEAR-1.6.1/PEAR/REST/10.php
/tmp/pear/cache/PEAR-1.6.1/PEAR/REST/11.php
/tmp/pear/cache/PEAR-1.6.1/PEAR/REST/13.php
/tmp/pear/cache/Structures_Graph-1.0.2/tests/all-tests.php
/tmp/pear/cache/Structures_Graph-1.0.2/tests/testCase/BasicGraph.php
/tmp/pear/cache/Structures_Graph-1.0.2/Structures/Graph/Node.php
/tmp/pear/cache/Structures_Graph-1.0.2/Structures/Graph/Manipulator/TopologicalSorter.php
/tmp/pear/cache/Structures_Graph-1.0.2/Structures/Graph/Manipulator/AcyclicTest.php

Last edited by jim.thornton; 01-30-2008 at 12:49 AM.
 
Old 01-30-2008, 12:52 AM   #2
jim.thornton
Member
 
Registered: May 2007
Posts: 430

Original Poster
Rep: Reputation: 19
Here's the second half... I don't know why this gargled text is there:

Code:
/tmp/pear/cache/Structures_Graph-1.0.2/Structures/Graph.php
/tmp/pear/cache/Console_Getopt-1.2.3/Console/Getopt.php
<?php
<?php
<?php
<?php
<?php
<?php
<?php
<?php
<?php
<?php
<?php
<?php
<?php
<?php
<?php
<?php
<?php
<?php
<?php
<?php
<?php
<?php
<?php
<?php
<?php
<?php
<?php
<?php
<?php
<?php
<?php
<?php
<?php
<?php
<?php
<?php
<?php
<?php
<?php
<?php
<?php
<?php
<?php
<?php
<?php
<?php
<?php
<?php
<?php
<?php
<?php
<?php
<?php
<?php
<?php
<?php
<?php
<?php
<?php
<?php
<?php
<?php
<?php
<?php
<?php
<?php
<?php
<?php
<?php
<?php
<?php
<?php
<?php
#!/usr/bin/php
<?php
<?php
<?php
<?php
<?php
<?php
IR
__expire_KEY1201499270KEY"/templates/verve/css/csshover.htcTIMEOUT3600__key"/templates/verve/css/csshover.htc__name	resourceCREATE_TIME1201495670UPDATE_COUNTER1alerted_960903_compression1LAST_UPDATE_TIME1201495670/templates/verve/css/cIR
__expire_KEY1201652171KEY"/templates/verve/css/csshover.htcTIMEOUT3600__key"/templates/verve/css/csshover.htc__name	resourceCREATE_TIME1201648571UPDATE_COUNTER1alerted_960903_compression1LAST_UPDATE_TIME1201648571/templates/verve/css/csshover.htcpIR
__expire_KEY1200882261KEY)/templates/moneytime/css/css_content.cssTIMEOUT3600__key)/templates/moneytime/css/css_content.css__name	resourceCREATE_TIME1200878661UPDATE_COUNTER1alerted_960903_compression1LAST_UPDATE_TIME1200878661/templates/IR
__expire_KEY1201498089KEY/phpMyAdmin/phpmyadmin.css.phpTIMEOUT3600__key/phpMyAdmin/phpmyadmin.css.php__name	resourceCREATE_TIME1201494489UPDATE_COUNTER1alerted_960903_compression1LAST_UPDATE_TIME1201494489/phpMyAdmin/phpmyadmin.css.phpIR
__expire_KEY1201673918KEY)/templates/moneytime/css/css_content.cssTIMEOUT3600__key)/templates/moneytime/css/css_content.css__name	resourceCREATE_TIME1201670318UPDATE_COUNTER1alerted_960903_compression1LAST_UPDATE_TIME1201670318/templates/moneytime/css/css_content.cssxVIIR
__expire_KEY1201646896KEY"/includes/js/tabs/tabpane_mini.jsTIMEOUT3600__key"/includes/js/tabs/tabpane_mini.js__name	resourceCREATE_TIME1201643296UPDATE_COUNTER1alerted_960903_compression1LAST_UPDATE_TIME1201643296/includes/js/tabs/tabpane_mini.jsIR
__expire_KEY1201674599KEY*/webmail/skins/default/images/favicon.icoTIMEOUT3600__key*/webmail/skins/default/images/favicon.ico__name	resourceCREATE_TIME1201670999UPDATE_COUNTER1alerted_960903_compression1LAST_UPDATE_TIME1201670999/webmail/skins/default/images/favicon.icoIR
__expire_KEY1201673918KEY(/templates/moneytime/js/md_fontsizer.jsTIMEOUT3600__key(/templates/moneytime/js/md_fontsizer.js__name	resourceCREATE_TIME1201670318UPDATE_COUNTER1alerted_960903_compression1LAST_UPDATE_TIME1201670318/templates/moneytime/js/md_fontsizer.jsxIR
__expire_KEY1200896957KEY/webmail/folders.phpTIMEOUT3600__key/webmail/folders.php__name	resourceCREATE_TIME1200893357UPDATE_COUNTER1alerted_960903_compression1LAST_UPDATE_TIME1200893357/webmail/folders.phpIR
__expire_KEY1200978086KEY /roundcube/program/js/common.jsTIMEOUT3600__key
/roundcube/program/js/common.js__name	resourceCREATE_TIME1200974486UPDATE_COUNTER1alerted_960903_compression1LAST_UPDATE_TIME1200974486/roundcube/program/js/common.jsIR
__expire_KEY1201673919KEY+/mambots/system/jceutils/jscripts/embed.jsTIMEOUT3600__key+/mambots/system/jceutils/jscripts/embed.js__name	resourceCREATE_TIME1201670319UPDATE_COUNTER1alerted_960903_compression1LAST_UPDATE_TIME1201670319/mambots/system/jceutils/jscripts/embed.jsIR
__expire_KEY1200876803KEY/phpMyAdmin/db_import.phpTIMEOUT3600__key/phpMyAdmin/db_import.php__name	resourceCREATE_TIME1200873203UPDATE_COUNTER1alerted_960903_compression1LAST_UPDATE_TIMEIR
__expire_KEY1201503123KEY/administrator/index2.phpTIMEOUT3600__key/administrator/index2.php__name	resourceCREATE_TIME1201499523UPDATE_COUNTER1alerted_960903_compression1LAST_UPDATE_TIME1201499523/administrator/index2.phpIR
__expire_KEY1201655251KEY/administrator/index2.phpTIMEOUT3600__key/administrator/index2.php__name	resourceCREATE_TIME1201651651UPDATE_COUNTER1alerted_960903_compression1LAST_UPDATE_TIME1201651651/administrator/index2.phpIR
__expire_KEY1201631764KEY'/webmail/skins/default/pngbehavior.htcTIMEOUT3600__key'/webmail/skins/default/pngbehavior.htc__name	resourceCREATE_TIME1201628164UPDATE_COUNTER1alerted_960903_compressIR
__expire_KEY1201646642KEY'/webmail/skins/default/pngbehavior.htcTIMEOUT3600__key'/webmail/skins/default/pngbehavior.htc__name	resourceCREATE_TIME1201643042UPDATE_COUNTER1alerted_960903_compression1LAST_UPDATE_TIME1201643042/webmail/skins/default/pIR
 
Old 01-30-2008, 12:52 AM   #3
jim.thornton
Member
 
Registered: May 2007
Posts: 430

Original Poster
Rep: Reputation: 19
Finally, part 3:
Code:
__expire_KEY1201646642KEY'/webmail/skins/default/pngbehavior.htcTIR
__expire_KEY1201665651KEY/robots.txtTIMEOUT3600__key/robots.txt__name	resourceCREATE_TIME1201662051UPDATE_COUNTER1alerted_960903_compression1LAST_UPDATE_TIME1201662051/robots.txtIR
__expire_KEY1201635414KEY$/templates/verve/js/md_fontsizer.jsTIMEOUT3600__key$/templates/verve/js/md_fontsizer.js__name	resourceCREATE_TIME1201631814UPDATE_COUNTER1alerted_960903_compressionIR
__expire_KEY1201652170KEY$/templates/verve/js/md_fontsizer.jsTIMEOUT3600__key$/templates/verve/js/md_fontsizer.js__name	resourceCREATE_TIME1201648570UPDATE_COUNTER1alerted_960903_compression1LAST_UPDATE_TIME1201648570/templates/verve/js/md_fontsizIR
__expire_KEY1201652170KEY$/templates/verve/js/md_fontsizer.jsTIMEOUT3600__key$/templates/verve/js/md_fontsizer.js__name	resourceCREATE_TIME1201648570UPDATE_COUNTER1alerted_960903_compression1LAST_UPDATE_TIME1201648570/templates/verve/js/md_fontsizer.jsIR
__expire_KEY1201498092KEY/phpMyAdmin/index.phpTIMEOUT3600__key/phpMyAdmin/index.php__name	resourceCREATE_TIME1201494492UPDATE_COUNTER1alerted_960903_compression1LAST_UPDATE_TIME1201494492/phpMyAdmin/index.phpIR
__expire_KEY1201633327KEY'/webmail/skins/default/googiespell.cssTIMEOUT3600__key'/webmail/skins/default/googiespell.css__name	resourceCREATE_TIME1201629727UPDATE_COUNTER1alerted_960903_compression1LAST_UPDATE_TIME1201629727/webmail/skins/default/googiespell.cssIR
__expire_KEY1200897186KEY#/webmail/skins/default/splitter.jsTIMEOUT3600__key#/webmail/skins/default/splitter.js__name	resourceCREATE_TIME1200893586UPDATE_COUNTER1alerted_960903_compression1LAST_UPDATE_TIME1200893586/webmail/skins/deIR
__expire_KEY1201646656KEY#/webmail/skins/default/splitter.jsTIMEOUT3600__key#/webmail/skins/default/splitter.js__name	resourceCREATE_TIME1201643056UPDATE_COUNTER1alerted_960903_compression1LAST_UPDATE_TIME1201643056/webmail/skins/default/splitter.jsIR
__expire_KEY1200882887KEY
/phpmyadmin/TIMEOUT3600__key
/phpmyadmin/__name	resourceCREATE_TIME1200879287UPDATE_COUNTER1alerted_960903_compression1LAST_UPDATE_TIME1200879287/phpmyadmin/IR
__expire_KEY1201498093KEY*/phpMyAdmin/themes/original/img/error.icoTIMEOUT3600__key*/phpMyAdmin/themes/original/img/error.ico__name	resourceCREATE_TIME1201494493UPDATE_COUNTER1alerted_960903_comprIR
__expire_KEY1201498093IR
__expire_KEY1201633857KEY /includes/jceutils/payments.htmTIMEOUT3600__key
/includes/jceutils/payments.htm__name	resourceCREATE_TIME1201630257UPDATE_COUNTER1alerted_960903_compression1LAST_UPDATE_TIME1201630257/includes/jceutils/payments.htmNIIR
__expire_KEY1201631764KEY/webmail/program/js/common.jsTIMEOUT3600__key/webmail/program/js/common.js__name	resourceCREATE_TIME1201628164UPDATE_COUNTER1alerted_960903_compression1LAST_UPDATE_TIME1201628164/webmail/program/js/common.jsIR
__expire_KEY1201631725KEY+IR
__expire_KEY1201646642KEY/webmail/program/js/common.jsTIMEOUT3600__key/webmail/program/js/common.js__name	resourceCREATE_TIME1201643042UPDATE_COUNTER1alerted_960903_compression1LAST_UPDATE_TIME1201643042/webmail/program/js/common.jsIR
__expire_KEY1201673919KEY+/mambots/system/jceutils/jscripts/utils.jsTIMEOUT3600__key+/mambots/system/jceutils/jscripts/utils.js__name	resourceCREATE_TIME1201670319UPDATE_COUNTER1alerted_960903_compression1LAST_UPDATE_TIME1201670319/mambots/system/jceutils/jscripts/utils.jsIR
__expire_KEY1200882360KEY
 PMA_token
|s:32:"79765c0876bbfc6324e5928337c4710e";PMA_Config|O:10:"PMA_Config":11:{s:14:"default_source";s:30:"./libraries/config.default.php";s:8:"settings";a:191:{s:14:"PmaAbsoluteUri";s:29:"http://extra6.com/phpMyAdmin/";s:28:"PmaNoRelation_DisableWarning";b:1;s:15:"blowfish_secret";s:0:"";s:13:"ServerDefault";i:1;s:9:"MaxDbList";i:100;s:12:"MaxTableList";i:250;s:27:"MaxCharactersInDisplayedSQL";i:1000;s:6:"OBGzip";s:4:"auto";s:21:"PersistentConnections";b:0;s:8:"ForceSSL";b:0;s:13:"ExecTimeLimit";i:300;s:11:"MemoryLimit";i:0;s:16:"SkipLockedTables";b:0;s:7:"ShowSQL";b:1;s:21:"AllowUserDropDatabase";b:0;s:7:"Confirm";b:1;s:17:"LoginCookieRecall";b:1;s:19:"LoginCookieValidity";i:1800;s:16:"LoginCookieStore";i:0;s:20:"LoginCookieDeleteAll";b:1;s:11:"UseDbSearch";b:1;s:23:"IgnoreMultiSubmitErrors";b:0;s:18:"VerboseMultiSubmit";b:1;s:20:"AllowArbitraryServer";b:0;s:14:"LeftFrameLight";b:1;s:15:"LeftFrameDBTree";b:1;s:20:"LeftFrameDBSeparator";s:1:"_";s:23:"LeftFrameTableSeparator";s:2:"__";s:19:"LeftFrameTableLevel";s:1:"1";s:11:"ShowTooltip";b:1;s:18:"ShowTooltipAliasDB";b:0;s:18:"ShowTooltipAliasTB";b:0;s:15:"LeftDisplayLogo";b:1;s:12:"LeftLogoLink";s:8:"main.php";s:18:"LeftLogoLinkWindow";s:4:"main";s:18:"LeftDisplayServers";b:0;s:18:"DisplayServersList";b:0;s:20:"DisplayDatabasesList";s:4:"auto";s:9:"ShowStats";b:1;s:11:"ShowPhpInfo";b:0;s:14:"ShowServerInfo";b:1;s:15:"ShowChgPassword";b:0;s:12:"ShowCreateDb";b:1;s:13:"SuggestDBName";b:1;s:8:"ShowBlob";b:0;s:19:"NavigationBarIconic";b:1;s:7:"ShowAll";b:0;s:7:"MaxRows";i:30;s:5:"Order";s:3:"ASC";s:13:"ProtectBinary";s:4:"blob";s:18:"ShowFunctionFields";b:1;s:11:"CharEditing";s:5:"input";s:10:"InsertRows";i:2;s:23:"ForeignKeyDropdownOrder";a:2:{i:0;s:10:"content-id";i:1;s:10:"id-content";}s:18:"ForeignKeyMaxLimit";i:100;s:7:"ZipDump";b:1;s:8:"GZipDump";b:1;s:8:"BZipDump";b:1;s:13:"CompressOnFly";b:1;s:9:"LightTabs";b:0;s:16:"PropertiesIconic";b:1;s:20:"PropertiesNumColumns";i:1;s:16:"DefaultTabServer";s:8:"main.php";s:18:"DefaultTabDatabase";s:16:"db_structure.php";s:15:"DefaultTabTable";s:17:"tbl_structure.php";s:6:"Export";a:77:{s:6:"format";s:3:"sql";s:11:"compression";s:4:"none";s:6:"asfile";b:0;s:7:"charset";s:0:"";s:8:"onserver";b:0;s:18:"onserver_overwrite";b:0;s:22:"remember_file_template";b:1;s:19:"file_template_table";s:9:"__TABLE__";s:22:"file_template_database";s:6:"__DB__";s:20:"file_template_server";s:10:"__SERVER__";s:11:"ods_columns";b:0;s:8:"ods_null";s:4:"NULL";s:13:"odt_structure";b:1;s:8:"odt_data";b:1;s:11:"odt_columns";b:1;s:12:"odt_relation";b:1;s:12:"odt_comments";b:1;s:8:"odt_mime";b:1;s:8:"odt_null";s:4:"NULL";s:17:"htmlexcel_columns";b:0;s:14:"htmlexcel_null";s:4:"NULL";s:18:"htmlword_structure";b:1;s:13:"htmlword_data";b:1;s:16:"htmlword_columns";b:0;s:13:"htmlword_null";s:4:"NULL";s:11:"xls_columns";b:0;s:8:"xls_null";s:4:"NULL";s:11:"csv_columns";b:0;s:8:"csv_null";s:4:"NULL";s:13:"csv_separator";s:1:";";s:12:"csv_enclosed";s:6:""";s:11:"csv_escaped";s:1:"\";s:14:"csv_terminated";s:4:"AUTO";s:13:"excel_columns";b:0;s:10:"excel_null";s:4:"NULL";s:13:"excel_edition";s:3:"win";s:15:"latex_structure";b:1;s:10:"latex_data";b:1;s:13:"latex_columns";b:1;s:14:"latex_relation";b:1;s:14:"latex_comments";b:1;s:10:"latex_mime";b:1;s:10:"latex_null";s:13:"\textit{NULL}";s:13:"latex_caption";b:1;s:23:"latex_structure_caption";s:17:"strLatexStructure";s:33:"latex_structure_continued_caption";s:35:"strLatexStructure
strLatexContinued";s:18:"latex_data_caption";s:15:"strLatexContent";s:28:"latex_data_continued_caption";s:33:"strLatexContent
strLatexContinued";s:16:"latex_data_label";s:18:"tab:__TABLE__-data";s:21:"latex_structure_label";s:23:"tab:__TABLE__-structure";s:13:"sql_structure";b:1;s:8:"sql_data";b:1;s:17:"sql_compatibility";s:4:"NONE";s:14:"sql_disable_fk";b:0;s:19:"sql_use_transaction";b:0;s:17:"sql_drop_database";b:0;s:14:"sql_drop_table";b:0;s:17:"sql_if_not_exists";b:0;s:22:"sql_procedure_function";b:0;s:18:"sql_auto_increment";b:1;s:14:"sql_backquotes";b:1;s:9:"sql_dates";b:0;s:12:"sql_relation";b:0;s:11:"sql_columns";b:0;s:11:"sql_delayed";b:0;s:10:"sql_ignore";b:0;s:16:"sql_hex_for_blob";b:1;s:8:"sql_type";s:6:"insert";s:12:"sql_extended";b:0;s:18:"sql_max_query_size";i:50000;s:12:"sql_comments";b:0;s:8:"sql_mime";b:0;s:18:"sql_header_comment";s:0:"";s:13:"pdf_structure";b:0;s:8:"pdf_data";b:1;s:16:"pdf_report_title";s:0:"";s:18:"sql_hex_for_binary";b:1;}s:6:"Import";a:17:{s:6:"format";s:3:"sql";s:15:"allow_interrupt";b:1;s:12:"skip_queries";s:1:"0";s:17:"sql_compatibility";s:4:"NONE";s:11:"csv_replace";b:0;s:14:"csv_terminated";s:1:";";s:12:"csv_enclosed";s:1:""";s:11:"csv_escaped";s:1:"\";s:12:"csv_new_line";s:4:"auto";s:11:"csv_columns";s:0:"";s:11:"ldi_replace";b:0;s:14:"ldi_terminated";s:1:";";s:12:"ldi_enclosed";s:1:""";s:11:"ldi_escaped";s:1:"\";s:12:"ldi_new_line";s:4:"auto";s:11:"ldi_columns";s:0:"";s:16:"ldi_local_option";s:4:"auto";}s:15:"MySQLManualBase";s:33:"http://dev.mysql.com/doc/mysql/en";s:15:"MySQLManualType";s:10:"searchable";s:12:"PDFPageSizes";a:5:{i:0;s:2:"A3";i:1;s:2:"A4";i:2;s:2:"A5";i:3;s:6:"letter";i:4;s:5:"legal";}s:18:"PDFDefaultPageSize";s:2:"A4";s:11:"DefaultLang";s:13:"en-iso-8859-1";s:26:"DefaultConnectionCollation";s:15:"utf8_unicode_ci";s:15:"FilterLanguages";s:0:"";s:14:"DefaultCharset";s:10:"iso-8859-1";s:21:"AllowAnywhereRecoding";b:0;s:14:"RecodingEngine";s:4:"auto";s:16:"IconvExtraParams";s:0:"";s:17:"AvailableCharsets";a:30:{i:0;s:10:"iso-8859-1";i:1;s:10:"iso-8859-2";i:2;s:10:"iso-8859-3";i:3;s:10:"iso-8859-4";i:4;s:10:"iso-8859-5";i:5;s:10:"iso-8859-6";i:6;s:10:"iso-8859-7";i:7;s:10:"iso-8859-8";i:8;s:10:"iso-8859-9";i:9;s:11:"iso-8859-10";i:10;s:11:"iso-8859-11";i:11;s:11:"iso-8859-12";i:12;s:11:"iso-8859-13";i:13;s:11:"iso-8859-14";i:14;s:11:"iso-8859-15";i:15;s:12:"windows-1250";i:16;s:12:"windows-1251";i:17;s:12:"windows-1252";i:18;s:12:"windows-1256";i:19;s:12:"windows-1257";i:20;s:6:"koi8-r";i:21;s:4:"big5";i:22;s:6:"gb2312";i:23;s:5:"utf-8";i:24;s:5:"utf-7";i:25;s:14:"x-user-defined";i:26;s:6:"euc-jp";i:27;s:14:"ks_c_5601-1987";i:28;s:7:"tis-620";i:29;s:9:"SHIFT_JIS";}s:17:"LeftPointerEnable";b:1;s:19:"BrowsePointerEnable";b:1;s:18:"BrowseMarkerEnable";b:1;s:12:"TextareaCols";i:40;s:12:"TextareaRows";i:7;s:22:"LongtextDoubleTextarea";b:1;s:18:"TextareaAutoSelect";b:1;s:16:"CharTextareaCols";i:40;s:16:"CharTextareaRows";i:2;s:16:"CtrlArrowsMoving";b:1;s:10:"LimitChars";i:50;s:18:"ModifyDeleteAtLeft";b:1;s:19:"ModifyDeleteAtRight";b:0;s:14:"DefaultDisplay";s:10:"horizontal";s:18:"DefaultPropDisplay";s:10:"horizontal";s:14:"HeaderFlipType";s:3:"css";s:18:"ShowBrowseComments";b:1;s:20:"ShowPropertyComments";b:1;s:11:"RepeatCells";i:100;s:12:"EditInWindow";b:1;s:16:"QueryWindowWidth";i:600;s:17:"QueryWindowHeight";i:400;s:14:"QueryHistoryDB";b:0;s:17:"QueryWindowDefTab";s:3:"sql";s:15:"QueryHistoryMax";i:25;s:10:"BrowseMIME";b:1;s:13:"MaxExactCount";i:20000;s:18:"MaxExactCountViews";i:0;s:11:"WYSIWYG-PDF";b:1;s:12:"NaturalOrder";b:1;s:10:"TitleTable";s:61:"@HTTP_HOST@
/ @VSERVER@ / @DATABASE@ / @TABLE@ |
@PHPMYADMIN@";s:13:"TitleDatabase";s:51:"@HTTP_HOST@ / @VSERVER@ / @DATABASE@ |
@PHPMYADMIN@";s:11:"TitleServer";s:38:"@HTTP_HOST@ / @VSERVER@ |
@PHPMYADMIN@";s:12:"TitleDefault";s:26:"@HTTP_HOST@ |
@PHPMYADMIN@";s:11:"ErrorIconic";b:1;s:14:"MainPageIconic";b:1;s:14:"ReplaceHelpImg";b:1;s:9:"ThemePath";s:8:"./themes";s:12:"ThemeManager";b:1;s:12:"ThemeDefault";s:8:"original";s:14:"ThemePerServer";b:0;s:17:"DefaultQueryTable";s:24:"SELECT
* FROM %t WHERE
1";s:20:"DefaultQueryDatabase";s:0:"";s:8:"SQLQuery";a:5:{s:4:"Edit";b:1;s:7:"Explain";b:1;s:9:"ShowAsPHP";b:1;s:8:"Validate";b:0;s:7:"Refresh";b:1;}s:9:"UploadDir";s:0:"";s:7:"SaveDir";s:0:"";s:7:"TempDir";s:0:"";s:12:"GD2Available";s:4:"auto";s:14:"TrustedProxies";a:0:{}s:3:"SQP";a:4:{s:7:"fmtType";s:4:"html";s:6:"fmtInd";s:1:"1";s:10:"fmtIndUnit";s:2:"em";s:8:"fmtColor";a:21:{s:7:"comment";s:7:"#808000";s:13:"comment_mysql";s:0:"";s:12:"comment_ansi";s:0:"";s:9:"comment_c";s:0:"";s:5:"digit";s:0:"";s:9:"digit_hex";s:4:"teal";s:13:"digit_integer";s:4:"teal";s:11:"digit_float";s:4:"aqua";s:5:"punct";s:7:"fuchsia";s:5:"alpha";s:0:"";s:16:"alpha_columnTy
pe";s:7:"#FF9900";s:18:"alpha_columnAttrib";s:7:"#0000FF";s:18:"alpha_reservedWord";s:7:"#990099";s:18:"alpha_functionName";s:7:"#FF0000";s:16:"alpha_identifier";s:5:"black";s:13:"alpha_charset";s:7:"#6495ed";s:14:"alpha_variable";s:7:"#800000";s:5:"quote";s:7:"#008000";s:12:"quote_double";s:0:"";s:12:"quote_single";s:0:"";s:14:"quote_backtick";s:0:"";}}s:12:"SQLValidator";a:3:{s:3:"use";b:0;s:8:"username";s:0:"";s:8:"password";s:0:"";}s:3:"DBG";a:2:{s:6:"enable";b:0;s:7:"profile";a:2:{s:6:"enable";b:0;s:9:"threshold";d:0.5;}}s:11:"ColumnTypes";a:27:{i:0;s:7:"VARCHAR";i:1;s:7:"TINYINT";i:2;s:4:"TEXT";i:3;s:4:"DATE";i:4;s:8:"SMALLINT";i:5;s:9:"MEDIUMINT";i:6;s:3:"INT";i:7;s:6:"BIGINT";i:8;s:5:"FLOAT";i:9;s:6:"DOUBLE";i:10;s:7:"DECIMAL";i:11;s:8:"DATETIME";i:12;s:9:"TIMESTAMP";i:13;s:4:"TIME";i:14;s:4:"YEAR";i:15;s:4:"CHAR";i:16;s:8:"TINYBLOB";i:17;s:8:"TINYTEXT";i:18;s:4:"BLOB";i:19;s:10:"MEDIUMBLOB";i:20;s:10:"MEDIUMTEXT";i:21;s:8:"LONGBLOB";i:22;s:8:"LONGTEXT";i:23;s:4:"ENUM";i:24;s:3:"SET";i:25;s:6:"BINARY";i:26;s:9:"VARBINARY";}s:14:"AttributeTypes";a:4:{i:0;s:0:"";i:1;s:6:"BINARY";i:2;s:8:"UNSIGNED";i:3;s:17:"UNSIGNED
ZEROFILL";}s:9:"Functions";a:26:{i:0;s:5:"ASCII";i:1;s:4:"CHAR";i:2;s:7:"SOUNDEX";i:3;s:5:"LCASE";i:4;s:5:"UCASE";i:5;s:3:"NOW";i:6;s:8:"PASSWORD";i:7;s:3:"MD5";i:8;s:4:"SHA1";i:9;s:7:"ENCRYPT";i:10;s:4:"RAND";i:11;s:14:"LAST_INSERT_ID";i:12;s:5:"COUNT";i:13;s:3:"AVG";i:14;s:3:"SUM";i:15;s:7:"CURDATE";i:16;s:7:"CURTIME";i:17;s:9:"FROM_DAYS";i:18;s:13:"FROM_UNIXTIME";i:19;s:10:"PERIOD_ADD";i:20;s:11:"PERIOD_DIFF";i:21;s:7:"TO_DAYS";i:22;s:14:"UNIX_TIMESTAMP";i:23;s:4:"USER";i:24;s:7:"WEEKDAY";i:25;s:6:"CONCAT";}s:19:"RestrictColumnTypes";a:25:{s:7:"VARCHAR";s:9:"FUNC_CHAR";s:7:"TINYINT";s:11:"FUNC_NUMBER";s:4:"TEXT";s:9:"FUNC_CHAR";s:4:"DATE";s:9:"FUNC_DATE";s:8:"SMALLINT";s:11:"FUNC_NUMBER";s:9:"MEDIUMINT";s:11:"FUNC_NUMBER";s:3:"INT";s:11:"FUNC_NUMBER";s:6:"BIGINT";s:11:"FUNC_NUMBER";s:5:"FLOAT";s:11:"FUNC_NUMBER";s:6:"DOUBLE";s:11:"FUNC_NUMBER";s:7:"DECIMAL";s:11:"FUNC_NUMBER";s:8:"DATETIME";s:9:"FUNC_DATE";s:9:"TIMESTAMP";s:9:"FUNC_DATE";s:4:"TIME";s:9:"FUNC_DATE";s:4:"YEAR";s:9:"FUNC_DATE";s:4:"CHAR";s:9:"FUNC_CHAR";s:8:"TINYBLOB";s:9:"FUNC_CHAR";s:8:"TINYTEXT";s:9:"FUNC_CHAR";s:4:"BLOB";s:9:"FUNC_CHAR";s:10:"MEDIUMBLOB";s:9:"FUNC_CHAR";s:10:"MEDIUMTEXT";s:9:"FUNC_CHAR";s:8:"LONGBLOB";s:9:"FUNC_CHAR";s:8:"LONGTEXT";s:9:"FUNC_CHAR";s:4:"ENUM";s:0:"";s:3:"SET";s:0:"";}s:17:"RestrictFunctions";a:3:{s:9:"FUNC_CHAR";a:12:{i:0;s:5:"ASCII";i:1;s:4:"CHAR";i:2;s:7:"SOUNDEX";i:3;s:5:"LCASE";i:4;s:5:"UCASE";i:5;s:8:"PASSWORD";i:6;s:3:"MD5";i:7;s:4:"SHA1";i:8;s:7:"ENCRYPT";i:9;s:14:"LAST_INSERT_ID";i:10;s:4:"USER";i:11;s:6:"CONCAT";}s:9:"FUNC_DATE";a:10:{i:0;s:3:"NOW";i:1;s:7:"CURDATE";i:2;s:7:"CURTIME";i:3;s:9:"FROM_DAYS";i:4;s:13:"FROM_UNIXTIME";i:5;s:10:"PERIOD_ADD";i:6;s:11:"PERIOD_DIFF";i:7;s:7:"TO_DAYS";i:8;s:14:"UNIX_TIMESTAMP";i:9;s:7:"WEEKDAY";}s:11:"FUNC_NUMBER";a:10:{i:0;s:5:"ASCII";i:1;s:4:"CHAR";i:2;s:3:"MD5";i:3;s:4:"SHA1";i:4;s:7:"ENCRYPT";i:5;s:4:"RAND";i:6;s:14:"LAST_INSERT_ID";i:7;s:5:"COUNT";i:8;s:3:"AVG";i:9;s:3:"SUM";}}s:16:"DefaultFunctions";a:4:{s:9:"FUNC_CHAR";s:0:"";s:9:"FUNC_DATE";s:0:"";s:11:"FUNC_NUMBER";s:0:"";s:15:"first_timestamp";s:3:"NOW";}s:12:"NumOperators";a:8:{i:0;s:1:"=";i:1;s:1:">";i:2;s:2:">=";i:3;s:1:"<";i:4;s:2:"<=";i:5;s:2:"!=";i:6;s:4:"LIKE";i:7;s:8:"NOT
LIKE";}s:13:"TextOperators";a:7:{i:0;s:4:"LIKE";i:1;s:10:"LIKE
%...%";i:2;s:8:"NOT
LIKE";i:3;s:1:"=";i:4;s:2:"!=";i:5;s:6:"REGEXP";i:6;s:10:"NOT
REGEXP";}s:13:"EnumOperators";a:2:{i:0;s:1:"=";i:1;s:2:"!=";}s:12:"SetOperators";a:2:{i:0;s:2:"IN";i:1;s:6:"NOT
IN";}s:13:"NullOperators";a:2:{i:0;s:7:"IS NULL";i:1;s:11:"IS NOT
NULL";}s:14:"UnaryOperators";a:2:{s:7:"IS NULL";i:1;s:11:"IS NOT
NULL";i:1;}s:8:"fontsize";s:3:"82%";s:29:"PmaAbsoluteUri_DisableWarning";b:1;s:7:"Servers";a:1:{i:1;a:31:{s:4:"host";s:9:"localhost";s:4:"port";s:0:"";s:6:"socket";s:0:"";s:3:"ssl";b:0;s:12:"connect_type";s:3:"tcp";s:9:"extension";s:5:"mysql";s:8:"compress";b:0;s:11:"controluser";s:0:"";s:11:"controlpass";s:0:"";s:9:"auth_type";s:4:"http";s:4:"user";s:4:"root";s:8:"password";s:0:"";s:13:"SignonSession";s:0:"";s:9:"SignonURL";s:0:"";s:9:"LogoutURL";s:0:"";s:10:"nopassword";b:0;s:7:"only_db";s:0:"";s:7:"hide_db";s:0:"";s:7:"verbose";s:0:"";s:5:"pmadb";s:0:"";s:13:"bookmarktable";s:0:"";s:8:"relation";s:0:"";s:10:"table_info";s:0:"";s:12:"table_coords";s:0:"";s:9:"pdf_pages";s:0:"";s:11:"column_info";s:0:"";s:7:"history";s:0:"";s:15:"designer_coords";s:0:"";s:13:"verbose_check";b:1;s:9:"AllowRoot";b:1;s:9:"AllowDeny";a:2:{s:5:"order";s:0:"";s:5:"rules";a:0:{}}}}s:6:"Server";a:31:{s:4:"host";s:9:"localhost";s:4:"port";s:0:"";s:6:"socket";s:0:"";s:3:"ssl";b:0;s:12:"connect_type";s:3:"tcp";s:9:"extension";s:5:"mysql";s:8:"compress";b:0;s:11:"controluser";s:0:"";s:11:"controlpass";s:0:"";s:9:"auth_type";s:4:"http";s:4:"user";s:15:"theverve_joomla";s:8:"password";s:11:"valleyskate";s:13:"SignonSession";s:0:"";s:9:"SignonURL";s:0:"";s:9:"LogoutURL";s:0:"";s:10:"nopassword";b:0;s:7:"only_db";s:0:"";s:7:"hide_db";s:0:"";s:7:"verbose";s:0:"";s:5:"pmadb";s:0:"";s:13:"bookmarktable";s:0:"";s:8:"relation";s:0:"";s:10:"table_info";s:0:"";s:12:"table_coords";s:0:"";s:9:"pdf_pages";s:0:"";s:11:"column_info";s:0:"";s:7:"history";s:0:"";s:15:"designer_coords";s:0:"";s:13:"verbose_check";b:1;s:9:"AllowRoot";b:1;s:9:"AllowDeny";a:2:{s:5:"order";s:0:"";s:5:"rules";a:0:{}}}s:13:"ShowMysqlInfo";b:0;s:13:"ShowMysqlVars";b:0;s:10:"QueryFrame";b:1;s:12:"QueryFrameJS";b:1;s:17:"ShowHttpHostTitle";b:1;s:16:"SetHttpHostTitle";s:0:"";s:9:"docSQLDir";s:0:"";s:12:"FileRevision";s:17:"$Revision:
2.41
$";s:20:"collation_connection";s:15:"utf8_unicode_ci";s:11:"PMA_VERSION";s:6:"2.11.3";s:17:"PMA_THEME_VERSION";i:2;s:20:"PMA_THEME_GENERATION";i:2;s:19:"PMA_PHP_INT_VERSION";i:50205;s:19:"PMA_PHP_STR_VERSION";s:5:"5.2.5";s:14:"PMA_IS_WINDOWS";i:0;s:10:"PMA_IS_IIS";i:0;s:10:"PMA_IS_GD2";i:1;s:10:"PMA_USR_OS";s:3:"Win";s:19:"PMA_USR_BROWSER_VER";s:3:"5.0";s:21:"PMA_USR_BROWSER_AGENT";s:7:"MOZILLA";s:13:"enable_upload";b:1;s:15:"max_upload_size";i:2097152;s:8:"is_https";b:0;s:9:"NaviWidth";i:200;s:9:"NaviColor";s:7:"#000000";s:14:"NaviBackground";s:7:"#D0DCE0";s:16:"NaviPointerColor";s:7:"#000000";s:21:"NaviPointerBackground";s:7:"#9999CC";s:21:"NaviDatabaseNameColor";s:7:"#0000FF";s:9:"MainColor";s:7:"#000000";s:14:"MainBackground";s:7:"#F5F5F5";s:18:"BrowsePointerColor";s:7:"#000000";s:23:"BrowsePointerBackground";s:7:"#CCFFCC";s:17:"BrowseMarkerColor";s:7:"#000000";s:22:"BrowseMarkerBackground";s:7:"#FFCC99";s:10:"FontFamily";s:10:"sans-serif";s:15:"FontFamilyFixed";s:9:"monospace";s:6:"Border";i:0;s:12:"ThBackground";s:7:"#D3DCE3";s:7:"ThColor";s:7:"#000000";s:5:"BgOne";s:7:"#E5E5E5";s:5:"BgTwo";s:7:"#D5D5D5";s:12:"theme-update";s:8:"original";s:8:"Bookmark";a:0:{}}s:6:"source";s:16:"./config.inc.php";s:12:"source_mtime";i:1200794208;s:20:"default_source_mtime";i:1197118043;s:9:"set_mtime";i:1201494488;s:17:"error_config_file";b:0;s:25:"error_config_default_file";b:0;s:13:"error_pma_uri";b:0;s:14:"default_server";a:31:{s:4:"host";s:9:"localhost";s:4:"port";s:0:"";s:6:"socket";s:0:"";s:3:"ssl";b:0;s:12:"connect_type";s:3:"tcp";s:9:"extension";s:5:"mysql";s:8:"compress";b:0;s:11:"controluser";s:0:"";s:11:"controlpass";s:0:"";s:9:"auth_type";s:6:"config";s:4:"user";s:4:"root";s:8:"password";s:0:"";s:13:"SignonSession";s:0:"";s:9:"SignonURL";s:0:"";s:9:"LogoutURL";s:0:"";s:10:"nopassword";b:0;s:7:"only_db";s:0:"";s:7:"hide_db";s:0:"";s:7:"verbose";s:0:"";s:5:"pmadb";s:0:"";s:13:"bookmarktable";s:0:"";s:8:"relation";s:0:"";s:10:"table_info";s:0:"";s:12:"table_coords";s:0:"";s:9:"pdf_pages";s:0:"";s:11:"column_info";s:0:"";s:7:"history";s:0:"";s:15:"designer_coords";s:0:"";s:13:"verbose_check";b:1;s:9:"AllowRoot";b:1;s:9:"AllowDeny";a:2:{s:5:"order";s:0:"";s:5:"rules";a:0:{}}}s:4:"done";b:0;}PMA_Theme_Manager|O:17:"PMA_Theme_Manager":7:{s:12:"_themes_path";s:8:"./themes";s:6:"themes";a:2:{s:15:"darkblue_orange";O:9:"PMA_Theme":7:{s:7:"version";s:3:"2.9";s:4:"name";s:15:"Darkblue/orange";s:2:"id";s:15:"darkblue_orange";s:4:"path";s:24:"./themes/darkblue_orange";s:8:"img_path";s:29:"./themes/darkb
lue_orange/img/";s:5:"types";a:3:{i:0;s:4:"left";i:1;s:5:"right";i:2;s:5:"print";}s:10:"mtime_info";i:1197118043;}s:8:"original";O:9:"PMA_Theme":7:{s:7:"version";s:3:"2.9";s:4:"name";s:8:"Original";s:2:"id";s:8:"original";s:4:"path";s:17:"./themes/original";s:8:"img_path";s:22:"./themes/original/img/";s:5:"types";a:3:{i:0;s:4:"left";i:1;s:5:"right";i:2;s:5:"print";}s:10:"mtime_info";i:1197118043;}}s:11:"cookie_name";s:9:"pma_theme";s:10:"per_server";b:0;s:12:"active_theme";s:8:"original";s:5:"theme";O:9:"PMA_Theme":7:{s:7:"version";s:3:"2.9";s:4:"name";s:8:"Original";s:2:"id";s:8:"original";s:4:"path";s:17:"./themes/original";s:8:"img_path";s:22:"./themes/original/img/";s:5:"types";a:3:{i:0;s:4:"left";i:1;s:5:"right";i:2;s:5:"print";}s:10:"mtime_info";i:1197118043;}s:13:"theme_default";s:8:"original";}PMA_Theme|r:645;navi_limit_offset|i:0;table_limit_offset|i:0;^

Searching for anomalies in shell history files... nothing found
Checking `asp'... not infected
Checking `bindshell'... not infected
Checking `lkm'... not tested: can't exec
Checking `rexedcs'... not found
Checking `sniffer'... not tested: can't exec ./ifpromisc
Checking `w55808'... not infected
Checking `wted'... not tested: can't exec ./chkwtmp
Checking `scalper'... not infected
Checking `slapper'... not infected
Checking `z2'... not tested: can't exec ./chklastlog
Checking `chkutmp'... not tested: can't exec ./chkutmp
Any help as to why this is doing this would be greatly appreciated.
 
Old 01-30-2008, 08:25 AM   #4
unSpawn
Moderator
 
Registered: May 2001
Posts: 29,415
Blog Entries: 55

Rep: Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600
0. Not the right PWD.
Quote:
Checking `ldsopreload'... can't exec ./strings-static, not tested
This means you didn't run CRT from the directory where it resides and that is a bad idea since it still can't find the compiled helper binaries on its own.


1. Suspicious files.
Quote:
Searching for suspect PHP files...
New in CRT-0.48, the code looks like this:
Code:
   1109       printn "Searching for suspect PHP files... "; fi
   1110       files="`${find} ${ROOTDIR}tmp ${ROOTDIR}var/tmp ${findargs} -name '*.php' 2> /dev/null`"
   1111       fileshead="`${find} ${ROOTDIR}tmp ${ROOTDIR}var/tmp ${findargs} -type f -exec head -1 {} \; | grep php 2> /dev/null`"
This piece of code searches the directorynames "/tmp" and "/var/tmp" for filenames that end in ".php". The first line of each result is then grepped for the string "php" and the result of that is shown.

There are a few problems attached to this:
- it is an inflexible approach: the directorynames are hardcoded in the source, what if you configured another directory?,
- it is crude: only filenames that end in ".php" are found: no variations like say ".php3" or include files or PHP files that just don't have the extension,
- it is not doing anything but signal that a file has the case-sensitive string "php".
- its header says "suspect" but that is only true there should not be any PHP scripts in temporary directories (which shouldn't be the case), but a script is only hostile if the PHP code allows hostile actions.

You'll see false postivies if you run CRT while using /tmp as a temporary directory for unpacking and installing PHP-based applications. Not to promote Rootkit Hunter but that's why I added "suspscan" (which is off by default) to be configurable and only look for terms (updates and additions welcome) that signal hostile intentions.


2. Dunno
I think we're missing some lines before "Searching for anomalies in shell history files... nothing found". Maybe you didn't paste right.
I'd run CRT again in debug mode (cd /wherever/its/installedorcompiled; sh -vx ./chkrootkit --any-args-you-need 2>&1 | tee ./chkrootkit.tee ) and attach that to a post to the crt-users mailing list for Nelson to answer.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
ChkRootkit Results? mexbeachbum Linux - Security 3 07-14-2007 02:52 PM
chkrootkit results rdwinders Linux - Newbie 4 01-22-2007 04:10 PM
Bash - weird results from if The_JinJ Programming 3 02-13-2005 03:11 PM
Weird results with netstat nekromancer Linux - Networking 3 02-17-2004 02:36 AM
Weird results from who and finger cauchy Linux - General 0 10-14-2001 11:54 AM

LinuxQuestions.org > Forums > Linux Forums > Linux - Security

All times are GMT -5. The time now is 10:12 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration