trcinc1
27th May 2009, 20:26
I just started noticing this output from chkrootkit.
Is this normal? The issue appears right after: 'Searching for suspect PHP files...' A few pages later it continues as normal.
Searching for ESRK rootkit default files... nothing found
Searching for rootedoor... nothing found
Searching for ENYELKM rootkit default files... nothing found
Searching for common ssh-scanners default files... nothing found
Searching for suspect PHP files...
PMA_token |s:32:"597feec2b25e984af078476a65626e4d";PMA_Config|O:10:"PMA_Config":10:{s:14:"default_source";s:30:"./libraries/config.defaul
t.php";s:8:"settings";a:167:{s:14:"PmaAbsoluteUri";s:43:"https://www.mydomain.com:81/phpmyadmin/";s:28:"PmaNoRelation_DisableWarning";
b:0;s:21:"SuhosinDisableWarning";b:0;s:22:"AllowThirdPartyFraming";b:0;s:15:"blowfish_secret";s:0:"";s:13:"ServerDefault";i:1;s:9:"MaxDbLi
st";i:100;s:12:"MaxTableList";i:2 (snip)
";i:15;s:4:"args";a:1:{i:0;s:68:"/home/admispconfig/ispconfig/web/phpmyadmin/libraries/common.inc.php";}s:8:"function";s:12:"require_once"
;}}s:8:"*_hash";s:32:"4e6c84a8dd131339f4d9998cef0428e1";s:10:"*_number";i:2048;s:10:"*_string";s:0:"";s:11:"*_message";s:469:"date_default
_timezone_get() [<a href='function.date-default-timezone-get'>function.date-default-timezone-get</a>]: It is not safe to rely on the syste
m's timezone settings. Please use the date.timezone setting, the TZ environment variable or the date_default_timezone_set() function. In c
ase you used any of those methods and you are still getting this warning, you most likely misspelled the timezone identifier. We selected
'America/Denver' for 'MDT/-6.0/DST' instead";s:16:"*_is_displayed";b:0;s:10:"*_params";a:0:{}s:18:"*_added_messages";a:0:{}}s:32:"a27802b6
Searching for anomalies in shell history files... nothing found
Checking `asp'... not infected (snip)
I am using Debian Lenny - Chkrookit 0.48.
Any ideas??
Is this normal? The issue appears right after: 'Searching for suspect PHP files...' A few pages later it continues as normal.
Searching for ESRK rootkit default files... nothing found
Searching for rootedoor... nothing found
Searching for ENYELKM rootkit default files... nothing found
Searching for common ssh-scanners default files... nothing found
Searching for suspect PHP files...
PMA_token |s:32:"597feec2b25e984af078476a65626e4d";PMA_Config|O:10:"PMA_Config":10:{s:14:"default_source";s:30:"./libraries/config.defaul
t.php";s:8:"settings";a:167:{s:14:"PmaAbsoluteUri";s:43:"https://www.mydomain.com:81/phpmyadmin/";s:28:"PmaNoRelation_DisableWarning";
b:0;s:21:"SuhosinDisableWarning";b:0;s:22:"AllowThirdPartyFraming";b:0;s:15:"blowfish_secret";s:0:"";s:13:"ServerDefault";i:1;s:9:"MaxDbLi
st";i:100;s:12:"MaxTableList";i:2 (snip)
";i:15;s:4:"args";a:1:{i:0;s:68:"/home/admispconfig/ispconfig/web/phpmyadmin/libraries/common.inc.php";}s:8:"function";s:12:"require_once"
;}}s:8:"*_hash";s:32:"4e6c84a8dd131339f4d9998cef0428e1";s:10:"*_number";i:2048;s:10:"*_string";s:0:"";s:11:"*_message";s:469:"date_default
_timezone_get() [<a href='function.date-default-timezone-get'>function.date-default-timezone-get</a>]: It is not safe to rely on the syste
m's timezone settings. Please use the date.timezone setting, the TZ environment variable or the date_default_timezone_set() function. In c
ase you used any of those methods and you are still getting this warning, you most likely misspelled the timezone identifier. We selected
'America/Denver' for 'MDT/-6.0/DST' instead";s:16:"*_is_displayed";b:0;s:10:"*_params";a:0:{}s:18:"*_added_messages";a:0:{}}s:32:"a27802b6
Searching for anomalies in shell history files... nothing found
Checking `asp'... not infected (snip)
I am using Debian Lenny - Chkrookit 0.48.
Any ideas??