LinuxQuestions.org
Download your favorite Linux distribution at LQ ISO.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices


Reply
  Search this Thread
Old 06-09-2006, 08:15 PM   #1
Fcm
LQ Newbie
 
Registered: Aug 2004
Posts: 18

Rep: Reputation: 0
What does this mean ?


Using chkrootkit

Checking `chkutmp'... The tty of the following user process(es) were not found
in /var/run/utmp !
! RUID PID TTY CMD
! root 5470 tty7 /usr/X11R6/bin/X -nolisten tcp :0 vt7 -auth /var/lib/xdm/authdir/authfiles/A:0-kKRlPV
chkutmp: nothing deleted

Checking my internet useage my system appears to upload to somewhere after midnight,could this be connected ?

How can i find out where my system is uploading to?

Thanks.
 
Old 06-09-2006, 09:12 PM   #2
jschiwal
LQ Guru
 
Registered: Aug 2001
Location: Fargo, ND
Distribution: SuSE AMD64
Posts: 15,733

Rep: Reputation: 682Reputation: 682Reputation: 682Reputation: 682Reputation: 682Reputation: 682
The chkrootkit response looks OK to me. That command is how X windows is started on vt/7.

Do you have an autoupdate program running in the background, or starting in a cron job?
 
Old 06-09-2006, 09:21 PM   #3
Fcm
LQ Newbie
 
Registered: Aug 2004
Posts: 18

Original Poster
Rep: Reputation: 0
jshchiwal - I have klamav auto update running.

Do you know how i can find out where my system is uploading to ?

Thanks.
 
Old 06-10-2006, 09:45 AM   #4
jschiwal
LQ Guru
 
Registered: Aug 2001
Location: Fargo, ND
Distribution: SuSE AMD64
Posts: 15,733

Rep: Reputation: 682Reputation: 682Reputation: 682Reputation: 682Reputation: 682Reputation: 682
How do you know that something is being uploaded?

If you have a router, and it has logging, you could turn on logging and look at the outgoing log. This should provide you with an IP address, even in the case where your computers logs where being compromised.
Also check your logs and setups to find out what to expect.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



LinuxQuestions.org > Forums > Linux Forums > Linux - Security

All times are GMT -5. The time now is 04:39 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration