Focus on Linux
understanding chkrootkit and rkhunter logs May 08 2007 09:56AM
acattelan gmail com (4 replies)
Hi,

I'm sorry for asking a totally newbie question but I haven't found an answer to this. I'm really curious and concerned about what is reported by the chkrootkit and rkhunter on my Debian Etch home server.

Here's what I get when I run them:

CHKROOTKIT:

Searching for suspicious files and dirs, it may take a while...

/usr/lib/xulrunner/.autoreg

/lib/init/rw/.ramfs

Checking `sniffer'... lo: not promisc and no packet sniffer sockets

eth0: PACKET SNIFFER(/sbin/dhclient[2181])

In the system mail I also get this:

/etc/cron.daily/chkrootkit:

The following suspicious files and directories were found:

/usr/lib/xulrunner/.autoreg

/lib/init/rw/.ramfs

eth0: PACKET SNIFFER(/sbin/dhclient[2136])

RKHUNTER reports this:

* Filesystem checks

Checking /dev for suspicious files... [ OK ]

Scanning for hidden files... [ Warning! ]

---------------

/etc/.pwd.lock /dev/.static

/dev/.udev

/dev/.initramfs

/dev/.initramfs-tools

---------------

Please inspect: /dev/.static (directory) /dev/.udev (directory) /dev/.initramfs (directory)

Is this something to be worried about? How can I investigate further into these two issues?

Thanks,

Ale.

[ reply ]
Re: understanding chkrootkit and rkhunter logs May 09 2007 04:17PM
Clinton E. Troutman (clint troutman sbcglobal net)
Re: understanding chkrootkit and rkhunter logs May 09 2007 07:19AM
Oren Held (oren held org il)
Re: understanding chkrootkit and rkhunter logs May 09 2007 06:57AM
Juergen Repolusk (juergen repolusk inso tuwien ac at)
Re: understanding chkrootkit and rkhunter logs May 08 2007 05:12PM
SZTANYIK Bence Tamas (bence infsec hu)


 

Privacy Statement
Copyright 2010, SecurityFocus