Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here. |
Notices |
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
Are you new to LinuxQuestions.org? Visit the following links:
Site Howto |
Site FAQ |
Sitemap |
Register Now
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
|
 |
06-09-2006, 08:15 PM
|
#1
|
LQ Newbie
Registered: Aug 2004
Posts: 18
Rep:
|
What does this mean ?
Using chkrootkit
Checking `chkutmp'... The tty of the following user process(es) were not found
in /var/run/utmp !
! RUID PID TTY CMD
! root 5470 tty7 /usr/X11R6/bin/X -nolisten tcp :0 vt7 -auth /var/lib/xdm/authdir/authfiles/A:0-kKRlPV
chkutmp: nothing deleted
Checking my internet useage my system appears to upload to somewhere after midnight,could this be connected ?
How can i find out where my system is uploading to?
Thanks.
|
|
|
06-09-2006, 09:12 PM
|
#2
|
LQ Guru
Registered: Aug 2001
Location: Fargo, ND
Distribution: SuSE AMD64
Posts: 15,733
|
The chkrootkit response looks OK to me. That command is how X windows is started on vt/7.
Do you have an autoupdate program running in the background, or starting in a cron job?
|
|
|
06-09-2006, 09:21 PM
|
#3
|
LQ Newbie
Registered: Aug 2004
Posts: 18
Original Poster
Rep:
|
jshchiwal - I have klamav auto update running.
Do you know how i can find out where my system is uploading to ?
Thanks.
|
|
|
06-10-2006, 09:45 AM
|
#4
|
LQ Guru
Registered: Aug 2001
Location: Fargo, ND
Distribution: SuSE AMD64
Posts: 15,733
|
How do you know that something is being uploaded?
If you have a router, and it has logging, you could turn on logging and look at the outgoing log. This should provide you with an IP address, even in the case where your computers logs where being compromised.
Also check your logs and setups to find out what to expect.
|
|
|
All times are GMT -5. The time now is 04:39 PM.
|
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.
|
Latest Threads
LQ News
|
|