HowtoForge Forums | HowtoForge - Linux Howtos and Tutorials

HowtoForge Forums | HowtoForge - Linux Howtos and Tutorials (http://www.howtoforge.com/forums/index.php)
-   General (http://www.howtoforge.com/forums/forumdisplay.php?f=15)
-   -   rkhunter warnings (http://www.howtoforge.com/forums/showthread.php?t=44522)

esezako 31st March 2010 14:32
rkhunter warnings
 
Hi, i have problems with mails. When i pass the rkhunter i have this result:

Code:

(14:05:12) Running Rootkit Hunter version 1.3.4 on ns1
(14:05:12)
(14:05:12) Info: Start date is mié mar 31 14:05:12 CEST 2010
(14:05:12)
(14:05:12) Checking configuration file and command-line options...
(14:05:12) Info: Detected operating system is 'Linux'
(14:05:12) Info: Found O/S name: Debian 4.0
(14:05:12) Info: Command line is /usr/local/bin/rkhunter -c
(14:05:12) Info: Environment shell is /bin/bash; rkhunter is using bash
(14:05:12) Info: Using configuration file '/etc/rkhunter.conf'
(14:05:12) Info: Installation directory is '/usr/local'
(14:05:12) Info: Using language 'en'
(14:05:12) Info: Using '/var/lib/rkhunter/db' as the database directory
(14:05:12) Info: Using '/usr/local/lib/rkhunter/scripts' as the support script directory
(14:05:12) Info: Using '/usr/local/sbin /usr/local/bin /usr/sbin /usr/bin /sbin /bin /bin /usr/bin /sbin /usr/sbin /usr/local/bin /usr/local/sbin /usr/libexec /usr/local/libexec' as the command directories
(14:05:12) Info: Using '/' as the root directory by default
(14:05:12) Info: Using '/var/lib/rkhunter/tmp' as the temporary directory
(14:05:13) Info: No mail-on-warning address configured
(14:05:13) Info: X will be automatically detected
(14:05:13) Info: Found the 'diff' command: /usr/bin/diff
(14:05:13) Info: Found the 'file' command: /usr/bin/file
(14:05:13) Info: Found the 'find' command: /usr/bin/find
(14:05:13) Info: Found the 'ifconfig' command: /sbin/ifconfig
(14:05:13) Info: Unable to find the 'ip' command
(14:05:13) Info: Found the 'ldd' command: /usr/bin/ldd
(14:05:13) Info: Found the 'lsattr' command: /usr/bin/lsattr
(14:05:13) Info: Found the 'lsmod' command: /sbin/lsmod
(14:05:13) Info: Unable to find the 'lsof' command
(14:05:13) Info: Found the 'mktemp' command: /bin/mktemp
(14:05:13) Info: Found the 'netstat' command: /bin/netstat
(14:05:13) Info: Found the 'perl' command: /usr/bin/perl
(14:05:13) Info: Found the 'ps' command: /bin/ps
(14:05:13) Info: Found the 'pwd' command: /bin/pwd
(14:05:13) Info: Found the 'readlink' command: /bin/readlink
(14:05:13) Info: Found the 'sort' command: /usr/bin/sort
(14:05:13) Info: Found the 'stat' command: /usr/bin/stat
(14:05:13) Info: Found the 'strings' command: /usr/bin/strings
(14:05:13) Info: Found the 'uniq' command: /usr/bin/uniq
(14:05:13) Info: System is not using prelinking
(14:05:13) Info: Using the '/usr/bin/sha1sum' command for the file hash checks
(14:05:13) Info: Stored hash values used hash function '/usr/bin/sha1sum'
(14:05:13) Info: Stored hash values did not use a package manager
(14:05:13) Info: The hash function field index is set to 1
(14:05:13) Info: No package manager specified: using hash function '/usr/bin/sha1sum'
(14:05:13) Info: Previous file attributes were stored
(14:05:13) Info: Enabled tests are: all
(14:05:13) Info: Disabled tests are: suspscan hidden_procs deleted_files packet_cap_apps
(14:05:13) Info: All ksyms and kallsyms checks will be skipped - neither file is present on the system.
(14:05:13)
(14:05:13) Checking if the O/S has changed since last time...
(14:05:13) Info: Nothing seems to have changed
(14:05:13)
(14:05:13) Starting system checks...
(14:05:13)
(14:05:13) Checking system commands...
(14:05:13) Info: Starting test name 'system_commands'
(14:05:13)
(14:05:13) Performing 'strings' command checks
(14:05:13) Info: Starting test name 'strings'
(14:05:13) Scanning for string /usr/sbin/ntpsx              ( OK )
(14:05:14) Scanning for string /usr/lib/.../ls              ( OK )
(14:05:14) Scanning for string /usr/lib/.../netstat          ( OK )
(14:05:14) Scanning for string /usr/lib/.../lsof            ( OK )
(14:05:14) Scanning for string /usr/lib/.../bkit-ssh/bkit-shdcfg ( OK )
(14:05:14) Scanning for string /usr/lib/.../bkit-ssh/bkit-shhk ( OK )
(14:05:14) Scanning for string /usr/lib/.../bkit-ssh/bkit-pw ( OK )
(14:05:14) Scanning for string /usr/lib/.../bkit-ssh/bkit-shrs ( OK )
(14:05:14) Scanning for string /usr/lib/.../uconf.inv        ( OK )
(14:05:14) Scanning for string /usr/lib/.../psr              ( OK )
(14:05:14) Scanning for string /usr/lib/.../find            ( OK )
(14:05:14) Scanning for string /usr/lib/.../pstree          ( OK )
(14:05:14) Scanning for string /usr/lib/.../slocate          ( OK )
(14:05:14) Scanning for string /usr/lib/.../du              ( OK )
(14:05:14) Scanning for string /usr/lib/.../top              ( OK )
(14:05:14) Scanning for string /usr/lib/...                  ( OK )
(14:05:14) Scanning for string /usr/lib/.../bkit-ssh        ( OK )
(14:05:14) Scanning for string /usr/lib/.bkit-              ( OK )
(14:05:14) Scanning for string /tmp/.bkp                    ( OK )
(14:05:14) Scanning for string /tmp/.cinik                  ( OK )
(14:05:14) Scanning for string /tmp/.font-unix/.cinik        ( OK )
(14:05:14) Scanning for string /lib/.sso                    ( OK )
(14:05:14) Scanning for string /lib/.so                      ( OK )
(14:05:14) Scanning for string /var/run/...dica/clean        ( OK )
(14:05:14) Scanning for string /var/run/...dica/xl          ( OK )
(14:05:14) Scanning for string /var/run/...dica/xdr          ( OK )
(14:05:15) Scanning for string /var/run/...dica/psg          ( OK )
(14:05:15) Scanning for string /var/run/...dica/secure      ( OK )
(14:05:15) Scanning for string /var/run/...dica/rdx          ( OK )
(14:05:15) Scanning for string /var/run/...dica/va          ( OK )
(14:05:15) Scanning for string /var/run/...dica/cl.sh        ( OK )
(14:05:15) Scanning for string /usr/bin/.etc                ( OK )
(14:05:15) Scanning for string /usr/lib/.fx/sched_host.2    ( OK )
(14:05:15) Scanning for string /usr/lib/.fx/random_d.2      ( OK )
(14:05:15) Scanning for string /usr/lib/.fx/set_pid.2        ( OK )
(14:05:15) Scanning for string /usr/lib/.fx/cons.saver      ( OK )
(14:05:15) Scanning for string /usr/lib/.fx/adore/adore/adore.ko ( OK )
(14:05:15) Scanning for string /bin/sysback                  ( OK )
(14:05:15) Scanning for string /usr/local/bin/sysback        ( OK )
(14:05:15) Scanning for string /usr/lib/.tbd                ( OK )
(14:05:15) Scanning for string /dev/.lib/lib/lib/t0rns      ( OK )
(14:05:15) Scanning for string /dev/.lib/lib/lib/du          ( OK )
(14:05:15) Scanning for string /dev/.lib/lib/lib/ls          ( OK )
(14:05:15) Scanning for string /dev/.lib/lib/lib/t0rnsb      ( OK )
(14:05:15) Scanning for string /dev/.lib/lib/lib/ps          ( OK )
(14:05:15) Scanning for string /dev/.lib/lib/lib/t0rnp      ( OK )
(14:05:15) Scanning for string /dev/.lib/lib/lib/find        ( OK )
(14:05:15) Scanning for string /dev/.lib/lib/lib/ifconfig    ( OK )
(14:05:15) Scanning for string /dev/.lib/lib/lib/pg          ( OK )
(14:05:15) Scanning for string /dev/.lib/lib/lib/ssh.tgz    ( OK )
(14:05:16) Scanning for string /dev/.lib/lib/lib/top        ( OK )
(14:05:16) Scanning for string /dev/.lib/lib/lib/sz          ( OK )
(14:05:16) Scanning for string /dev/.lib/lib/lib/login      ( OK )
(14:05:16) Scanning for string /dev/.lib/lib/lib/in.fingerd  ( OK )
(14:05:16) Scanning for string /dev/.lib/lib/lib/1i0n.sh    ( OK )
(14:05:16) Scanning for string /dev/.lib/lib/lib/pstree      ( OK )
(14:05:16) Scanning for string /dev/.lib/lib/lib/in.telnetd  ( OK )
(14:05:16) Scanning for string /dev/.lib/lib/lib/mjy        ( OK )
(14:05:16) Scanning for string /dev/.lib/lib/lib/sush        ( OK )
(14:05:16) Scanning for string /dev/.lib/lib/lib/tfn        ( OK )
(14:05:16) Scanning for string /dev/.lib/lib/lib/name        ( OK )
(14:05:16) Scanning for string /dev/.lib/lib/lib/getip.sh    ( OK )
(14:05:16) Scanning for string /usr/info/.torn/sh*          ( OK )
(14:05:16) Scanning for string /usr/src/.puta/.1addr        ( OK )
(14:05:16) Scanning for string /usr/src/.puta/.1file        ( OK )
(14:05:16) Scanning for string /usr/src/.puta/.1proc        ( OK )
(14:05:16) Scanning for string /usr/src/.puta/.1logz        ( OK )
(14:05:16) Scanning for string /usr/info/.t0rn              ( OK )
(14:05:16) Scanning for string /dev/.lib                    ( OK )
(14:05:16) Scanning for string /dev/.lib/lib                ( OK )
(14:05:16) Scanning for string /dev/.lib/lib/lib            ( OK )
(14:05:16) Scanning for string /dev/.lib/lib/lib/dev        ( OK )
(14:05:16) Scanning for string /dev/.lib/lib/scan            ( OK )
(14:05:17) Scanning for string /usr/src/.puta                ( OK )
(14:05:17) Scanning for string /usr/man/man1/man1            ( OK )
(14:05:17) Scanning for string /usr/man/man1/man1/lib        ( OK )
(14:05:17) Scanning for string /usr/man/man1/man1/lib/.lib  ( OK )
(14:05:17) Scanning for string /usr/man/man1/man1/lib/.lib/.backup ( OK )
(14:05:17)
(14:05:17) Performing 'shared libraries' checks
(14:05:17) Info: Starting test name 'shared_libs'
(14:05:17) Checking for preloading variables                ( None found )
(14:05:17) Checking for preload file                        ( Not found )
(14:05:17) Info: Starting test name 'shared_libs_path'
(14:05:17) Checking LD_LIBRARY_PATH variable                ( Not found )
(14:05:17)
(14:05:17) Performing file properties checks
(14:05:17) Info: Starting test name 'properties'
(14:05:17) Checking for prerequisites                        ( OK )
(14:05:17) /bin/bash                                        ( Warning )
(14:05:17) Warning: The file properties have changed:
(14:05:17)          File: /bin/bash
(14:05:17)          Current inode: 85017415    Stored inode: 54214712
(14:05:17) /bin/cat                                          ( Warning )
(14:05:18) Warning: The file properties have changed:
(14:05:18)          File: /bin/cat
(14:05:18)          Current inode: 85017795    Stored inode: 54214717
(14:05:18) /bin/chmod                                        ( Warning )
(14:05:18) Warning: The file properties have changed:
(14:05:18)          File: /bin/chmod
(14:05:18)          Current inode: 85017814    Stored inode: 54214666
(14:05:18) /bin/chown                                        ( Warning )
(14:05:18) Warning: The file properties have changed:
(14:05:18)          File: /bin/chown
(14:05:18)          Current inode: 85017887    Stored inode: 54214707
(14:05:18) /bin/cp                                          ( Warning )
(14:05:18) Warning: The file properties have changed:
(14:05:18)          File: /bin/cp
(14:05:18)          Current inode: 85017991    Stored inode: 54214718
(14:05:18) /bin/date                                        ( Warning )
(14:05:18) Warning: The file properties have changed:
(14:05:18)          File: /bin/date
(14:05:18)          Current inode: 85018165    Stored inode: 54214662
(14:05:19) /bin/df                                          ( Warning )
(14:05:19) Warning: The file properties have changed:
(14:05:19)          File: /bin/df
(14:05:19)          Current inode: 85018287    Stored inode: 54214709
(14:05:19) /bin/dmesg                                        ( Warning )
(14:05:19) Warning: The file properties have changed:
(14:05:19)          File: /bin/dmesg
(14:05:19)          Current inode: 85018292    Stored inode: 54214664
(14:05:19) /bin/echo                                        ( Warning )
(14:05:19) Warning: The file properties have changed:
(14:05:19)          File: /bin/echo
(14:05:19)          Current inode: 85018294    Stored inode: 54214706
(14:05:19) /bin/ed                                          ( Warning )
(14:05:19) Warning: The file properties have changed:
(14:05:19)          File: /bin/ed
(14:05:19)          Current inode: 85018295    Stored inode: 54214685
(14:05:19) /bin/egrep                                        ( Warning )
(14:05:19) Warning: The file properties have changed:
(14:05:19)          File: /bin/egrep
(14:05:19)          Current inode: 85018296    Stored inode: 54214728
(14:05:20) Warning: The command '/bin/egrep' has been replaced by a script: /bin/egrep: Bourne shell script text executable
(14:05:20) /bin/fgrep                                        ( Warning )
(14:05:20) Warning: The file properties have changed:
(14:05:20)          File: /bin/fgrep
(14:05:20)          Current inode: 85018298    Stored inode: 54214711
(14:05:20) Warning: The command '/bin/fgrep' has been replaced by a script: /bin/fgrep: Bourne shell script text executable
(14:05:20) /bin/fuser                                        ( Warning )
(14:05:20) Warning: The file properties have changed:
(14:05:20)          File: /bin/fuser
(14:05:20)          Current inode: 85018299    Stored inode: 54216329
(14:05:20) /bin/grep                                        ( Warning )
(14:05:20) Warning: The file properties have changed:
(14:05:20)          File: /bin/grep
(14:05:20)          Current inode: 85018300    Stored inode: 54214731
(14:05:20) /bin/kill                                        ( Warning )
(14:05:20) Warning: The file properties have changed:
(14:05:20)          File: /bin/kill
(14:05:20)          Current inode: 85018303    Stored inode: 54214681
(14:05:21) /bin/login                                        ( Warning )
(14:05:21) Warning: The file properties have changed:
(14:05:21)          File: /bin/login
(14:05:21)          Current inode: 85018305    Stored inode: 54215634
(14:05:21) /bin/ls                                          ( Warning )
(14:05:21) Warning: The file properties have changed:
(14:05:21)          File: /bin/ls
(14:05:21)          Current inode: 85018306    Stored inode: 54214696
(14:05:21) /bin/lsmod                                        ( Warning )
(14:05:21) Warning: The file properties have changed:
(14:05:21)          File: /bin/lsmod
(14:05:21)          Current inode: 85018307    Stored inode: 54214670
(14:05:21) /bin/mktemp                                      ( Warning )
(14:05:21) Warning: The file properties have changed:
(14:05:21)          File: /bin/mktemp
(14:05:21)          Current inode: 85018310    Stored inode: 54214727
(14:05:22) /bin/more                                        ( Warning )
(14:05:22) Warning: The file properties have changed:
(14:05:22)          File: /bin/more
(14:05:22)          Current inode: 85018311    Stored inode: 54214697
(14:05:22) /bin/mount                                        ( Warning )
(14:05:22) Warning: The file properties have changed:
(14:05:22)          File: /bin/mount
(14:05:22)          Current inode: 85018312    Stored inode: 54214723
(14:05:22) /bin/mv                                          ( Warning )
(14:05:22) Warning: The file properties have changed:
(14:05:22)          File: /bin/mv
(14:05:22)          Current inode: 85018315    Stored inode: 54214691
(14:05:22) /bin/netstat                                      ( Warning )
(14:05:22) Warning: The file properties have changed:
(14:05:22)          File: /bin/netstat
(14:05:22)          Current inode: 85018318    Stored inode: 54214669
(14:05:22) /bin/ps                                          ( Warning )
(14:05:22) Warning: The file properties have changed:
(14:05:22)          File: /bin/ps
(14:05:23)          Current inode: 85018321    Stored inode: 54214719
(14:05:23) /bin/pwd                                          ( Warning )
(14:05:23) Warning: The file properties have changed:
(14:05:23)          File: /bin/pwd
(14:05:23)          Current inode: 85018322    Stored inode: 54214661
(14:05:23) /bin/readlink                                    ( Warning )
(14:05:23) Warning: The file properties have changed:
(14:05:23)          File: /bin/readlink
(14:05:23)          Current inode: 85018323    Stored inode: 54214676
(14:05:23) /bin/sed                                          ( Warning )
(14:05:23) Warning: The file properties have changed:
(14:05:23)          File: /bin/sed
(14:05:23)          Current inode: 85018327    Stored inode: 54214700
(14:05:23) /bin/sh                                          ( Warning )
(14:05:23) Warning: The file properties have changed:
(14:05:23)          File: /bin/sh
(14:05:23)          Current inode: 85016588    Stored inode: 54214678
(14:05:24) /bin/su                                          ( Warning )
(14:05:24) Warning: The file properties have changed:
(14:05:24)          File: /bin/su
(14:05:24)          Current inode: 85018330    Stored inode: 54215172
(14:05:24) /bin/touch                                        ( Warning )
(14:05:24) Warning: The file properties have changed:
(14:05:24)          File: /bin/touch
(14:05:24)          Current inode: 85018334    Stored inode: 54214726
(14:05:24) /bin/uname                                        ( Warning )
(14:05:24) Warning: The file properties have changed:
(14:05:24)          File: /bin/uname
(14:05:24)          Current inode: 85018337    Stored inode: 54214699
(14:05:24) /bin/which                                        ( Warning )
(14:05:24) Warning: The file properties have changed:
(14:05:24)          File: /bin/which
(14:05:24)          Current inode: 85018339    Stored inode: 54214690
(14:05:24) Warning: The command '/bin/which' has been replaced by a script: /bin/which: Bourne shell script text executable
(14:05:25) /usr/bin/awk                                      ( Warning )
(14:05:25) Warning: The file properties have changed:
(14:05:25)          File: /usr/bin/awk
(14:05:25)          Current inode: 86033381    Stored inode: 54247802
(14:05:25) /usr/bin/basename                                ( Warning )
(14:05:25) Warning: The file properties have changed:
(14:05:25)          File: /usr/bin/basename
(14:05:25)          Current inode: 86036890    Stored inode: 54247714
(14:05:25) /usr/bin/chattr                                  ( Warning )
(14:05:25) Warning: The file properties have changed:
(14:05:25)          File: /usr/bin/chattr
(14:05:25)          Current inode: 86036904    Stored inode: 54247703
(14:05:25) /usr/bin/cut                                      ( Warning )
(14:05:25) Warning: The file properties have changed:
(14:05:25)          File: /usr/bin/cut
(14:05:25)          Current inode: 86036930    Stored inode: 54247669
(14:05:26) /usr/bin/diff                                    ( Warning )
(14:05:26) Warning: The file properties have changed:
(14:05:26)          File: /usr/bin/diff
(14:05:26)          Current inode: 86036958    Stored inode: 54247922
(14:05:26) /usr/bin/dirname                                  ( Warning )
(14:05:26) Warning: The file properties have changed:
(14:05:26)          File: /usr/bin/dirname
(14:05:26)          Current inode: 86036962    Stored inode: 54247768
(14:05:26) /usr/bin/dpkg                                    ( Warning )
(14:05:26) Warning: The file properties have changed:
(14:05:26)          File: /usr/bin/dpkg
(14:05:26)          Current inode: 86036964    Stored inode: 54248313
(14:05:26) /usr/bin/dpkg-query                              ( Warning )
(14:05:26) Warning: The file properties have changed:
(14:05:26)          File: /usr/bin/dpkg-query
(14:05:26)          Current inode: 86036966    Stored inode: 54248315
(14:05:26) /usr/bin/du                                      ( Warning )
(14:05:26) Warning: The file properties have changed:
(14:05:26)          File: /usr/bin/du
(14:05:26)          Current inode: 86036970    Stored inode: 54247793
(14:05:27) /usr/bin/env                                      ( Warning )
(14:05:27) Warning: The file properties have changed:
(14:05:27)          File: /usr/bin/env
(14:05:27)          Current inode: 86036972    Stored inode: 54247849
(14:05:27) /usr/bin/file                                    ( Warning )
(14:05:27) Warning: The file properties have changed:
(14:05:27)          File: /usr/bin/file
(14:05:27)          Current inode: 86036981    Stored inode: 54248083
(14:05:27) /usr/bin/find                                    ( Warning )
(14:05:27) Warning: The file properties have changed:
(14:05:27)          File: /usr/bin/find
(14:05:27)          Current inode: 86036982    Stored inode: 54247872
(14:05:27) /usr/bin/GET                                      ( Warning )
(14:05:27) Warning: The file '/usr/bin/GET' exists on the system, but it is not present in the rkhunter.dat file.
(14:05:27) /usr/bin/groups                                  ( Warning )
(14:05:27) Warning: The file properties have changed:
(14:05:27)          File: /usr/bin/groups
(14:05:27)          Current inode: 86037016    Stored inode: 54247814
(14:05:27) Warning: The command '/usr/bin/groups' has been replaced by a script: /usr/bin/groups: Bourne shell script text executable
(14:05:28) /usr/bin/head                                    ( Warning )
(14:05:28) Warning: The file properties have changed:
(14:05:28)          File: /usr/bin/head
(14:05:28)          Current inode: 86037019    Stored inode: 54247782
(14:05:28) /usr/bin/id                                      ( Warning )
(14:05:28) Warning: The file properties have changed:
(14:05:28)          File: /usr/bin/id
(14:05:28)          Current inode: 86037028    Stored inode: 54247710
(14:05:28) /usr/bin/killall                                  ( Warning )
(14:05:28) Warning: The file properties have changed:
(14:05:28)          File: /usr/bin/killall
(14:05:28)          Current inode: 86037042    Stored inode: 54248781
(14:05:28) /usr/bin/last                                    ( Warning )
(14:05:28) Warning: The file properties have changed:
(14:05:28)          File: /usr/bin/last
(14:05:28)          Current inode: 86037043    Stored inode: 54247612
(14:05:28) /usr/bin/lastlog                                  ( Warning )
(14:05:29) Warning: The file properties have changed:
(14:05:29)          File: /usr/bin/lastlog
(14:05:29)          Current inode: 86037044    Stored inode: 54247488
(14:05:29) /usr/bin/ldd                                      ( Warning )
(14:05:29) Warning: The file properties have changed:
(14:05:29)          File: /usr/bin/ldd
(14:05:29)          Current inode: 57835567    Stored inode: 54248508
(14:05:29)          Current file modification time: 1264097118
(14:05:29)          Stored file modification time : 1232193522
(14:05:29) Warning: The command '/usr/bin/ldd' has been replaced by a script: /usr/bin/ldd: Bourne-Again shell script text executable
(14:05:29) /usr/bin/locate                                  ( Warning )
(14:05:29) Warning: The file properties have changed:
(14:05:29)          File: /usr/bin/locate
(14:05:29)          Current inode: 86037057    Stored inode: 54247731
(14:05:29) /usr/bin/logger                                  ( Warning )
(14:05:29) Warning: The file properties have changed:
(14:05:29)          File: /usr/bin/logger
(14:05:29)          Current inode: 86037059    Stored inode: 54247865
(14:05:29) /usr/bin/lsattr                                  ( Warning )
(14:05:29) Warning: The file properties have changed:
(14:05:30)          File: /usr/bin/lsattr
(14:05:30)          Current inode: 86037063    Stored inode: 54247753
(14:05:30) /usr/bin/lynx                                    ( Warning )
(14:05:30) Warning: The file properties have changed:
(14:05:30)          File: /usr/bin/lynx
(14:05:30)          Current inode: 86033419    Stored inode: 54248732
(14:05:30) /usr/bin/md5sum                                  ( Warning )
(14:05:30) Warning: The file properties have changed:
(14:05:30)          File: /usr/bin/md5sum
(14:05:30)          Current inode: 86037075    Stored inode: 54247797
(14:05:30) /usr/bin/newgrp                                  ( Warning )
(14:05:30) Warning: The file properties have changed:
(14:05:30)          File: /usr/bin/newgrp
(14:05:30)          Current inode: 86037150    Stored inode: 54247465
(14:05:30) /usr/bin/passwd                                  ( Warning )
(14:05:30) Warning: The file properties have changed:
(14:05:30)          File: /usr/bin/passwd
(14:05:30)          Current inode: 86037169    Stored inode: 54247590
(14:05:31) /usr/bin/perl                                    ( Warning )
(14:05:31) Warning: The file properties have changed:
(14:05:31)          File: /usr/bin/perl
(14:05:31)          Current inode: 86037177    Stored inode: 54248353
(14:05:31) /usr/bin/pstree                                  ( Warning )
(14:05:31) Warning: The file properties have changed:
(14:05:31)          File: /usr/bin/pstree
(14:05:31)          Current inode: 86037206    Stored inode: 54248782
(14:05:31) /usr/bin/runcon                                  ( Warning )
(14:05:31) Warning: The file properties have changed:
(14:05:31)          File: /usr/bin/runcon
(14:05:31)          Current inode: 86037226    Stored inode: 54247798
(14:05:31) /usr/bin/sha1sum                                  ( Warning )
(14:05:31) Warning: The file properties have changed:
(14:05:31)          File: /usr/bin/sha1sum
(14:05:31)          Current inode: 86037242    Stored inode: 54247916
(14:05:32) /usr/bin/size                                    ( Warning )
(14:05:32) Warning: The file properties have changed:
(14:05:32)          File: /usr/bin/size
(14:05:32)          Current inode: 86037250    Stored inode: 54248586
(14:05:32) /usr/bin/sort                                    ( Warning )
(14:05:32) Warning: The file properties have changed:
(14:05:32)          File: /usr/bin/sort
(14:05:32)          Current inode: 86037254    Stored inode: 54247826
(14:05:32) /usr/bin/stat                                    ( Warning )
(14:05:32) Warning: The file properties have changed:
(14:05:32)          File: /usr/bin/stat
(14:05:32)          Current inode: 86037266    Stored inode: 54247795
(14:05:32) /usr/bin/strace                                  ( Warning )
(14:05:32) Warning: The file '/usr/bin/strace' exists on the system, but it is not present in the rkhunter.dat file.
(14:05:32) /usr/bin/strings                                  ( Warning )
(14:05:32) Warning: The file properties have changed:
(14:05:32)          File: /usr/bin/strings
(14:05:32)          Current inode: 86037267    Stored inode: 54248589
(14:05:33) /usr/bin/tail                                    ( Warning )
(14:05:33) Warning: The file properties have changed:
(14:05:33)          File: /usr/bin/tail
(14:05:33)          Current inode: 86037272    Stored inode: 54247841
(14:05:33) /usr/bin/test                                    ( Warning )
(14:05:33) Warning: The file properties have changed:
(14:05:33)          File: /usr/bin/test
(14:05:33)          Current inode: 86037276    Stored inode: 54247698
(14:05:33) /usr/bin/top                                      ( Warning )
(14:05:33) Warning: The file properties have changed:
(14:05:33)          File: /usr/bin/top
(14:05:33)          Current inode: 86037281    Stored inode: 54247840
(14:05:33) /usr/bin/touch                                    ( Warning )
(14:05:33) Warning: The file properties have changed:
(14:05:33)          File: /usr/bin/touch
(14:05:33)          Current inode: 86033462    Stored inode: 54247885
(14:05:33) /usr/bin/tr                                      ( Warning )
(14:05:33) Warning: The file properties have changed:
(14:05:33)          File: /usr/bin/tr
(14:05:33)          Current inode: 86037283    Stored inode: 54247876
(14:05:34) /usr/bin/uniq                                    ( Warning )
(14:05:34) Warning: The file properties have changed:
(14:05:34)          File: /usr/bin/uniq
(14:05:34)          Current inode: 86037295    Stored inode: 54247766
(14:05:34) /usr/bin/users                                    ( Warning )
(14:05:34) Warning: The file properties have changed:
(14:05:34)          File: /usr/bin/users
(14:05:34)          Current inode: 86037300    Stored inode: 54247827
(14:05:34) /usr/bin/vmstat                                  ( Warning )
(14:05:34) Warning: The file properties have changed:
(14:05:34)          File: /usr/bin/vmstat
(14:05:34)          Current inode: 86037303    Stored inode: 54247878
(14:05:34) /usr/bin/w                                        ( Warning )
(14:05:34) Warning: The file properties have changed:
(14:05:34)          File: /usr/bin/w
(14:05:34)          Current inode: 86033469    Stored inode: 54247756
(14:05:34) /usr/bin/watch                                    ( Warning )
(14:05:34) Warning: The file properties have changed:
(14:05:35)          File: /usr/bin/watch
(14:05:35)          Current inode: 86037306    Stored inode: 54247794
(14:05:35) /usr/bin/wc                                      ( Warning )
(14:05:35) Warning: The file properties have changed:
(14:05:35)          File: /usr/bin/wc
(14:05:35)          Current inode: 86037307    Stored inode: 54247880
(14:05:35) /usr/bin/wget                                    ( Warning )
(14:05:35) Warning: The file properties have changed:
(14:05:35)          File: /usr/bin/wget
(14:05:35)          Current hash: 8f12c9c7acef809ee696878a754f31c8034bc58b
(14:05:35)          Stored hash : 1cf6b29d4276337be8d03083373f399a280df7ae
(14:05:35)          Current inode: 86048159    Stored inode: 54247727
(14:05:35)          Current file modification time: 1255002588
(14:05:35)          Stored file modification time : 1151512894
(14:05:35) /usr/bin/whatis                                  ( Warning )
(14:05:35) Warning: The file properties have changed:
(14:05:35)          File: /usr/bin/whatis
(14:05:35)          Current inode: 86037310    Stored inode: 54247747
(14:05:35) /usr/bin/whereis                                  ( Warning )
(14:05:35) Warning: The file properties have changed:
(14:05:35)          File: /usr/bin/whereis
(14:05:35)          Current inode: 86037311    Stored inode: 54247696
(14:05:36) /usr/bin/which                                    ( Warning )
(14:05:36) Warning: The file properties have changed:
(14:05:36)          File: /usr/bin/which
(14:05:36)          Current inode: 86033471    Stored inode: 54247755
(14:05:36) /usr/bin/who                                      ( Warning )
(14:05:36) Warning: The file properties have changed:
(14:05:36)          File: /usr/bin/who
(14:05:36)          Current inode: 86037313    Stored inode: 54247728
(14:05:36) /usr/bin/whoami                                  ( Warning )
(14:05:36) Warning: The file properties have changed:
(14:05:36)          File: /usr/bin/whoami
(14:05:36)          Current inode: 86037314    Stored inode: 54247775
(14:05:36) /usr/bin/mawk                                    ( Warning )
(14:05:36) Warning: The file properties have changed:
(14:05:36)          File: /usr/bin/mawk
(14:05:36)          Current inode: 86037073    Stored inode: 54247905
(14:05:36) /usr/bin/lwp-request                              ( Warning )
(14:05:36) Warning: The file '/usr/bin/lwp-request' exists on the system, but it is not present in the rkhunter.dat file.
(14:05:36) Warning: The command '/usr/bin/lwp-request' has been replaced by a script: /usr/bin/lwp-request: perl script text executable
(14:05:37) /usr/bin/lynx.stable                              ( Warning )
(14:05:37) Warning: The file properties have changed:
(14:05:37)          File: /usr/bin/lynx.stable
(14:05:37)          Current inode: 86037065    Stored inode: 54248690
(14:05:37) /usr/bin/w.procps                                ( Warning )
(14:05:37) Warning: The file properties have changed:
(14:05:37)          File: /usr/bin/w.procps
(14:05:37)          Current inode: 86037304    Stored inode: 54247702
(14:05:37) /sbin/depmod                                      ( Warning )
(14:05:37) Warning: The file properties have changed:
(14:05:37)          File: /sbin/depmod
(14:05:37)          Current inode: 86036559    Stored inode: 54215606
(14:05:37) /sbin/ifconfig                                    ( Warning )
(14:05:37) Warning: The file properties have changed:
(14:05:37)          File: /sbin/ifconfig
(14:05:38)          Current inode: 86036571    Stored inode: 54215618
(14:05:38) /sbin/ifdown                                      ( Warning )
(14:05:38) Warning: The file properties have changed:
(14:05:38)          File: /sbin/ifdown
(14:05:38)          Current inode: 86036572    Stored inode: 54215611
(14:05:38) /sbin/ifup                                        ( Warning )
(14:05:38) Warning: The file properties have changed:
(14:05:38)          File: /sbin/ifup
(14:05:38)          Current inode: 86036572    Stored inode: 54215611
(14:05:38) /sbin/init                                        ( Warning )
(14:05:38) Warning: The file properties have changed:
(14:05:38)          File: /sbin/init
(14:05:38)          Current inode: 86036573    Stored inode: 54215254
(14:05:38) /sbin/insmod                                      ( Warning )
(14:05:38) Warning: The file properties have changed:
(14:05:38)          File: /sbin/insmod
(14:05:38)          Current inode: 86036575    Stored inode: 54215574
(14:05:39) /sbin/lsmod                                      ( Warning )
(14:05:39) Warning: The file properties have changed:
(14:05:39)          File: /sbin/lsmod
(14:05:39)          Current inode: 86033356    Stored inode: 54215579
(14:05:39) /sbin/modinfo                                    ( Warning )
(14:05:39) Warning: The file properties have changed:
(14:05:39)          File: /sbin/modinfo
(14:05:39)          Current inode: 86036597    Stored inode: 54215600
(14:05:39) /sbin/modprobe                                    ( Warning )
(14:05:39) Warning: The file properties have changed:
(14:05:39)          File: /sbin/modprobe
(14:05:39)          Current inode: 86036598    Stored inode: 54215581
(14:05:39) /sbin/rmmod                                      ( Warning )
(14:05:39) Warning: The file properties have changed:
(14:05:39)          File: /sbin/rmmod
(14:05:39)          Current inode: 86036607    Stored inode: 54215619
(14:05:40) /sbin/runlevel                                    ( Warning )
(14:05:40) Warning: The file properties have changed:
(14:05:40)          File: /sbin/runlevel
(14:05:40)          Current inode: 86036609    Stored inode: 54215259
(14:05:40) /sbin/sulogin                                    ( Warning )
(14:05:40) Warning: The file properties have changed:
(14:05:40)          File: /sbin/sulogin
(14:05:40)          Current inode: 86036616    Stored inode: 54215308
(14:05:40) /sbin/sysctl                                      ( Warning )
(14:05:40) Warning: The file properties have changed:
(14:05:40)          File: /sbin/sysctl
(14:05:40)          Current inode: 86036618    Stored inode: 54215573
(14:05:40) /sbin/syslogd                                    ( Warning )
(14:05:40) Warning: The file properties have changed:
(14:05:40)          File: /sbin/syslogd
(14:05:40)          Current inode: 86036619    Stored inode: 54215597
(14:05:41) /usr/sbin/adduser                                ( Warning )
(14:05:41) Warning: The file properties have changed:
(14:05:41)          File: /usr/sbin/adduser
(14:05:41)          Current inode: 86043333    Stored inode: 54218263
(14:05:41) Warning: The command '/usr/sbin/adduser' has been replaced by a script: /usr/sbin/adduser: perl script text executable
(14:05:41) /usr/sbin/chroot                                  ( Warning )
(14:05:41) Warning: The file properties have changed:
(14:05:41)          File: /usr/sbin/chroot
(14:05:41)          Current inode: 86043346    Stored inode: 54218255
(14:05:41) /usr/sbin/cron                                    ( Warning )
(14:05:41) Warning: The file properties have changed:
(14:05:41)          File: /usr/sbin/cron
(14:05:41)          Current inode: 86043352    Stored inode: 54218287
(14:05:42) /usr/sbin/groupadd                                ( Warning )
(14:05:42) Warning: The file properties have changed:
(14:05:42)          File: /usr/sbin/groupadd
(14:05:42)          Current inode: 86043370    Stored inode: 54215889
(14:05:42) /usr/sbin/groupdel                                ( Warning )
(14:05:42) Warning: The file properties have changed:
(14:05:42)          File: /usr/sbin/groupdel
(14:05:42)          Current inode: 86043371    Stored inode: 54215980
(14:05:42) /usr/sbin/groupmod                                ( Warning )
(14:05:42) Warning: The file properties have changed:
(14:05:42)          File: /usr/sbin/groupmod
(14:05:42)          Current inode: 86043372    Stored inode: 54215977
(14:05:42) /usr/sbin/grpck                                  ( Warning )
(14:05:42) Warning: The file properties have changed:
(14:05:42)          File: /usr/sbin/grpck
(14:05:42)          Current inode: 86043373    Stored inode: 54215968
(14:05:42) /usr/sbin/inetd                                  ( Warning )
(14:05:42) Warning: The file properties have changed:
(14:05:42)          File: /usr/sbin/inetd
(14:05:42)          Current inode: 86043380    Stored inode: 54218291
(14:05:43) /usr/sbin/nologin                                ( Warning )
(14:05:43) Warning: The file properties have changed:
(14:05:43)          File: /usr/sbin/nologin
(14:05:43)          Current inode: 86043399    Stored inode: 54218046
(14:05:43) /usr/sbin/pwck                                    ( Warning )
(14:05:43) Warning: The file properties have changed:
(14:05:43)          File: /usr/sbin/pwck
(14:05:43)          Current inode: 86043422    Stored inode: 54215970
(14:05:43) /usr/sbin/tcpd                                    ( Warning )
(14:05:43) Warning: The file properties have changed:
(14:05:43)          File: /usr/sbin/tcpd
(14:05:44)          Current inode: 86043457    Stored inode: 54218309
(14:05:44) /usr/sbin/useradd                                ( Warning )
(14:05:44) Warning: The file properties have changed:
(14:05:44)          File: /usr/sbin/useradd
(14:05:44)          Current inode: 86043472    Stored inode: 54215971
(14:05:44) /usr/sbin/userdel                                ( Warning )
(14:05:44) Warning: The file properties have changed:
(14:05:44)          File: /usr/sbin/userdel
(14:05:44)          Current inode: 86043476    Stored inode: 54215887
(14:05:44) /usr/sbin/usermod                                ( Warning )
(14:05:44) Warning: The file properties have changed:
(14:05:44)          File: /usr/sbin/usermod
(14:05:44)          Current inode: 86043477    Stored inode: 54215979
(14:05:44) /usr/sbin/vipw                                    ( Warning )
(14:05:44) Warning: The file properties have changed:
(14:05:44)          File: /usr/sbin/vipw
(14:05:44)          Current inode: 86043480    Stored inode: 54215975
(14:05:45) /usr/local/bin/rkhunter                          ( Warning )
(14:05:45) Warning: The file properties have changed:
(14:05:45)          File: /usr/local/bin/rkhunter
(14:05:45)          Current inode: 86043310    Stored inode: 54216814
(14:12:11)

Have I a rootkit?

esezako 31st March 2010 14:33
part 2 of the log

Code:
(14:12:11) Checking for rootkits...
(14:12:11) Info: Starting test name 'rootkits'
(14:12:11)
(14:12:11) Performing check of known rootkit files and directories
(14:12:11) Info: Starting test name 'known_rkts'
(14:12:11)
(14:12:11) Checking for 55808 Trojan - Variant A...
(14:12:11)  Checking for file '/tmp/.../r'                  ( Not found )
(14:12:11)  Checking for file '/tmp/.../a'                  ( Not found )
(14:12:11) 55808 Trojan - Variant A                          ( Not found )
(14:12:11)
(14:12:11) Checking for ADM Worm...
(14:12:12)  Checking for string 'w0rm'                      ( Not found )
(14:12:12) ADM Worm                                          ( Not found )
(14:12:12)
(14:12:12) Checking for AjaKit Rootkit...
(14:12:12)  Checking for file '/dev/tux/.addr'              ( Not found )
(14:12:12)  Checking for file '/dev/tux/.proc'              ( Not found )
(14:12:12)  Checking for file '/dev/tux/.file'              ( Not found )
(14:12:12)  Checking for file '/lib/.libgh-gh/cleaner'      ( Not found )
(14:12:12)  Checking for file '/lib/.libgh-gh/Patch/patch'  ( Not found )
(14:12:12)  Checking for file '/lib/.libgh-gh/sb0k'        ( Not found )
(14:12:12)  Checking for directory '/dev/tux'              ( Not found )
(14:12:12)  Checking for directory '/lib/.libgh-gh'        ( Not found )
(14:12:12) AjaKit Rootkit                                    ( Not found )
(14:12:12)
(14:12:12) Checking for aPa Kit...
(14:12:12)  Checking for file '/usr/share/.aPa'            ( Not found )
(14:12:12) aPa Kit                                          ( Not found )
(14:12:12)
(14:12:12) Checking for Apache Worm...
(14:12:12)  Checking for file '/bin/.log'                  ( Not found )
(14:12:12) Apache Worm                                      ( Not found )
(14:12:12)
(14:12:12) Checking for Ambient (ark) Rootkit...
(14:12:12)  Checking for file '/usr/lib/.ark?'              ( Not found )
(14:12:12)  Checking for file '/dev/ptyxx/.log'            ( Not found )
(14:12:12)  Checking for file '/dev/ptyxx/.file'            ( Not found )
(14:12:12)  Checking for directory '/dev/ptyxx'            ( Not found )
(14:12:12) Ambient (ark) Rootkit                            ( Not found )
(14:12:12)
(14:12:12) Checking for Balaur Rootkit...
(14:12:13)  Checking for file '/usr/lib/liblog.o'          ( Not found )
(14:12:13)  Checking for directory '/usr/lib/.kinetic'      ( Not found )
(14:12:13)  Checking for directory '/usr/lib/.egcs'        ( Not found )
(14:12:13)  Checking for directory '/usr/lib/.wormie'      ( Not found )
(14:12:13) Balaur Rootkit                                    ( Not found )
(14:12:13)
(14:12:13) Checking for BeastKit Rootkit...
(14:12:13)  Checking for file '/usr/sbin/arobia'            ( Not found )
(14:12:13)  Checking for file '/usr/sbin/idrun'            ( Not found )
(14:12:13)  Checking for file '/usr/lib/elm/arobia/elm'    ( Not found )
(14:12:13)  Checking for file '/usr/lib/elm/arobia/elm/hk'  ( Not found )
(14:12:13)  Checking for file '/usr/lib/elm/arobia/elm/hk.pub' ( Not found )
(14:12:13)  Checking for file '/usr/lib/elm/arobia/elm/sc'  ( Not found )
(14:12:13)  Checking for file '/usr/lib/elm/arobia/elm/sd.pp' ( Not found )
(14:12:13)  Checking for file '/usr/lib/elm/arobia/elm/sdco' ( Not found )
(14:12:13)  Checking for file '/usr/lib/elm/arobia/elm/srsd' ( Not found )
(14:12:13)  Checking for directory '/lib/ldd.so/bktools'    ( Not found )
(14:12:13) BeastKit Rootkit                                  ( Not found )
(14:12:13)
(14:12:13) Checking for beX2 Rootkit...
(14:12:13)  Checking for directory '/usr/include/bex'      ( Not found )
(14:12:13) beX2 Rootkit                                      ( Not found )
(14:12:13)
(14:12:13) Checking for BOBKit Rootkit...
(14:12:13)  Checking for file '/usr/sbin/ntpsx'            ( Not found )
(14:12:13)  Checking for file '/usr/lib/.../ls'            ( Not found )
(14:12:13)  Checking for file '/usr/lib/.../netstat'        ( Not found )
(14:12:14)  Checking for file '/usr/lib/.../lsof'          ( Not found )
(14:12:14)  Checking for file '/usr/lib/.../bkit-ssh/bkit-shdcfg' ( Not found )
(14:12:14)  Checking for file '/usr/lib/.../bkit-ssh/bkit-shhk' ( Not found )
(14:12:14)  Checking for file '/usr/lib/.../bkit-ssh/bkit-pw' ( Not found )
(14:12:14)  Checking for file '/usr/lib/.../bkit-ssh/bkit-shrs' ( Not found )
(14:12:14)  Checking for file '/usr/lib/.../uconf.inv'      ( Not found )
(14:12:14)  Checking for file '/usr/lib/.../psr'            ( Not found )
(14:12:14)  Checking for file '/usr/lib/.../find'          ( Not found )
(14:12:14)  Checking for file '/usr/lib/.../pstree'        ( Not found )
(14:12:14)  Checking for file '/usr/lib/.../slocate'        ( Not found )
(14:12:14)  Checking for file '/usr/lib/.../du'            ( Not found )
(14:12:14)  Checking for file '/usr/lib/.../top'            ( Not found )
(14:12:14)  Checking for directory '/usr/lib/...'          ( Not found )
(14:12:14)  Checking for directory '/usr/lib/.../bkit-ssh'  ( Not found )
(14:12:14)  Checking for directory '/usr/lib/.bkit-'        ( Not found )
(14:12:14)  Checking for directory '/tmp/.bkp'              ( Not found )
(14:12:14) BOBKit Rootkit                                    ( Not found )
(14:12:14)
(14:12:14) Checking for CiNIK Worm (Slapper.B variant)...
(14:12:14)  Checking for file '/tmp/.cinik'                ( Not found )
(14:12:14)  Checking for directory '/tmp/.font-unix/.cinik' ( Not found )
(14:12:14) CiNIK Worm (Slapper.B variant)                    ( Not found )
(14:12:14)
(14:12:14) Checking for Danny-Boy's Abuse Kit...
(14:12:14)  Checking for file '/dev/mdev'                  ( Not found )
(14:12:15)  Checking for file '/usr/lib/libX.a'            ( Not found )
(14:12:15) Danny-Boy's Abuse Kit                            ( Not found )
(14:12:15)
(14:12:15) Checking for Devil RootKit...
(14:12:15)  Checking for file '/var/lib/games/.src'        ( Not found )
(14:12:15)  Checking for file '/dev/dsx'                    ( Not found )
(14:12:15)  Checking for file '/dev/caca'                  ( Not found )
(14:12:15) Devil RootKit                                    ( Not found )
(14:12:15)
(14:12:15) Checking for Dica-Kit Rootkit...
(14:12:15)  Checking for file '/lib/.sso'                  ( Not found )
(14:12:15)  Checking for file '/lib/.so'                    ( Not found )
(14:12:15)  Checking for file '/var/run/...dica/clean'      ( Not found )
(14:12:15)  Checking for file '/var/run/...dica/xl'        ( Not found )
(14:12:15)  Checking for file '/var/run/...dica/xdr'        ( Not found )
(14:12:15)  Checking for file '/var/run/...dica/psg'        ( Not found )
(14:12:15)  Checking for file '/var/run/...dica/secure'    ( Not found )
(14:12:15)  Checking for file '/var/run/...dica/rdx'        ( Not found )
(14:12:15)  Checking for file '/var/run/...dica/va'        ( Not found )
(14:12:15)  Checking for file '/var/run/...dica/cl.sh'      ( Not found )
(14:12:15)  Checking for file '/usr/bin/.etc'              ( Not found )
(14:12:15)  Checking for directory '/var/run/...dica'      ( Not found )
(14:12:15)  Checking for directory '/var/run/...dica/mh'    ( Not found )
(14:12:15)  Checking for directory '/var/run/...dica/scan'  ( Not found )
(14:12:15) Dica-Kit Rootkit                                  ( Not found )
(14:12:15)
(14:12:15) Checking for Dreams Rootkit...
(14:12:15)  Checking for file '/dev/ttyoa'                  ( Not found )
(14:12:16)  Checking for file '/dev/ttyof'                  ( Not found )
(14:12:16)  Checking for file '/dev/ttyop'                  ( Not found )
(14:12:16)  Checking for file '/usr/bin/sense'              ( Not found )
(14:12:16)  Checking for file '/usr/bin/sl2'                ( Not found )
(14:12:16)  Checking for file '/usr/bin/logclear'          ( Not found )
(14:12:16)  Checking for file '/usr/bin/(swapd)'            ( Not found )
(14:12:16)  Checking for file '/usr/bin/snfs'              ( Not found )
(14:12:16)  Checking for file '/usr/lib/libsss'            ( Not found )
(14:12:16)  Checking for directory '/dev/ida/.hpd'          ( Not found )
(14:12:16) Dreams Rootkit                                    ( Not found )
(14:12:16)
(14:12:16) Checking for Duarawkz Rootkit...
(14:12:16)  Checking for file '/usr/bin/duarawkz/loginpass' ( Not found )
(14:12:16)  Checking for directory '/usr/bin/duarawkz'      ( Not found )
(14:12:16) Duarawkz Rootkit                                  ( Not found )
(14:12:16)
(14:12:16) Checking for Enye LKM...
(14:12:16)  Checking for file '/etc/.enyelkmHIDE^IT.ko'    ( Not found )
(14:12:16) Enye LKM                                          ( Not found )
(14:12:16)
(14:12:16) Checking for Flea Linux Rootkit...
(14:12:16)  Checking for file '/etc/ld.so.hash'            ( Not found )
(14:12:16)  Checking for file '/lib/security/.config/ssh/ssh_host_key' ( Not found )
(14:12:16)  Checking for file '/lib/security/.config/ssh/ssh_host_key.pub' ( Not found )
(14:12:16)  Checking for file '/lib/security/.config/ssh/ssh_random_seed' ( Not found )
(14:12:16)  Checking for file '/usr/bin/ssh2d'              ( Not found )
(14:12:16)  Checking for file '/usr/lib/ldlibns.so'        ( Not found )
(14:12:17)  Checking for file '/usr/lib/ldlibpst.so'        ( Not found )
(14:12:17)  Checking for file '/usr/lib/ldlibdu.so'        ( Not found )
(14:12:17)  Checking for file '/usr/lib/ldlibct.so'        ( Not found )
(14:12:17)  Checking for directory '/lib/security/.config/ssh' ( Not found )
(14:12:17)  Checking for directory '/dev/..0'              ( Not found )
(14:12:17)  Checking for directory '/dev/..0/backup'        ( Not found )
(14:12:17) Flea Linux Rootkit                                ( Not found )
(14:12:17)
(14:12:17) Checking for FreeBSD Rootkit...
(14:12:17)  Checking for file '/usr/lib/.fx/sched_host.2'  ( Not found )
(14:12:17)  Checking for file '/usr/lib/.fx/random_d.2'    ( Not found )
(14:12:17)  Checking for file '/usr/lib/.fx/set_pid.2'      ( Not found )
(14:12:17)  Checking for file '/usr/lib/.fx/cons.saver'    ( Not found )
(14:12:17)  Checking for file '/usr/lib/.fx/adore/adore/adore.ko' ( Not found )
(14:12:17)  Checking for file '/bin/sysback'                ( Not found )
(14:12:17)  Checking for file '/usr/local/bin/sysback'      ( Not found )
(14:12:17)  Checking for directory '/usr/lib/.fx'          ( Not found )
(14:12:17)  Checking for directory '/usr/lib/.fx/adore'    ( Not found )
(14:12:17) FreeBSD Rootkit                                  ( Not found )
(14:12:17)
(14:12:17) Checking for Fuck`it Rootkit...
(14:12:17)  Checking for file '/dev/proc/fuckit/hax0r'      ( Not found )
(14:12:17)  Checking for file '/dev/proc/fuckit/hax0rshell' ( Not found )
(14:12:17)  Checking for file '/dev/proc/fuckit/config/lports' ( Not found )
(14:12:17)  Checking for file '/dev/proc/fuckit/config/rports' ( Not found )
(14:12:18)  Checking for file '/dev/proc/fuckit/config/rkconf' ( Not found )
(14:12:18)  Checking for file '/dev/proc/fuckit/config/password' ( Not found )
(14:12:18)  Checking for file '/dev/proc/fuckit/config/progs' ( Not found )
(14:12:18)  Checking for file '/dev/proc/system-bins/init'  ( Not found )
(14:12:18) Fuck`it Rootkit                                  ( Not found )
(14:12:18)
(14:12:18) Checking for GasKit Rootkit...
(14:12:18)  Checking for file '/dev/dev/gaskit/sshd/sshdd'  ( Not found )
(14:12:18)  Checking for directory '/dev/dev'              ( Not found )
(14:12:18)  Checking for directory '/dev/dev/gaskit'        ( Not found )
(14:12:18)  Checking for directory '/dev/dev/gaskit/sshd'  ( Not found )
(14:12:18) GasKit Rootkit                                    ( Not found )
(14:12:18)
(14:12:18) Checking for Heroin LKM...
(14:12:18)  Checking for kernel symbol 'heroin'            ( Skipped )
(14:12:18) Heroin LKM                                        ( Not found )
(14:12:18)
(14:12:18) Checking for HjC Kit...
(14:12:18)  Checking for directory '/dev/.hijackerz'        ( Not found )
(14:12:18) HjC Kit                                          ( Not found )
(14:12:18)
(14:12:18) Checking for ignoKit Rootkit...
(14:12:18)  Checking for file '/lib/defs/p'                ( Not found )
(14:12:18)  Checking for file '/lib/defs/q'                ( Not found )
(14:12:18)  Checking for file '/lib/defs/r'                ( Not found )
(14:12:18)  Checking for file '/lib/defs/s'                ( Not found )
(14:12:18)  Checking for file '/lib/defs/t'                ( Not found )
(14:12:18)  Checking for file '/usr/lib/defs/p'            ( Not found )
(14:12:18)  Checking for file '/usr/lib/defs/q'            ( Not found )
(14:12:19)  Checking for file '/usr/lib/defs/r'            ( Not found )
(14:12:19)  Checking for file '/usr/lib/defs/s'            ( Not found )
(14:12:19)  Checking for file '/usr/lib/defs/t'            ( Not found )
(14:12:19)  Checking for file '/usr/lib/.libigno/pkunsec'  ( Not found )
(14:12:19)  Checking for file '/usr/lib/.libigno/.igno/psybnc/psybnc' ( Not found )
(14:12:19)  Checking for directory '/usr/lib/.libigno'      ( Not found )
(14:12:19)  Checking for directory '/usr/lib/.libigno/.igno' ( Not found )
(14:12:19) ignoKit Rootkit                                  ( Not found )
(14:12:19)
(14:12:19) Checking for ImperalsS-FBRK Rootkit...
(14:12:19)  Checking for directory '/dev/fd/.88'            ( Not found )
(14:12:19)  Checking for directory '/dev/fd/.99'            ( Not found )
(14:12:19) ImperalsS-FBRK Rootkit                            ( Not found )
(14:12:19)
(14:12:19) Checking for IntoXonia-NG Rootkit...
(14:12:19)  Checking for kernel symbol 'funces'            ( Skipped )
(14:12:19)  Checking for kernel symbol 'ixinit'            ( Skipped )
(14:12:19)  Checking for kernel symbol 'tricks'            ( Skipped )
(14:12:19)  Checking for kernel symbol 'kernel_unlink'      ( Skipped )
(14:12:19)  Checking for kernel symbol 'rootme'            ( Skipped )
(14:12:19)  Checking for kernel symbol 'hide_module'        ( Skipped )
(14:12:19)  Checking for kernel symbol 'find_sys_call_tbl'  ( Skipped )
(14:12:19) IntoXonia-NG Rootkit                              ( Not found )
(14:12:19)
(14:12:19) Checking for Irix Rootkit...
(14:12:19)  Checking for directory '/dev/pts/01'            ( Not found )
(14:12:19)  Checking for directory '/dev/pts/01/backup'    ( Not found )
(14:12:20)  Checking for directory '/dev/pts/01/etc'        ( Not found )
(14:12:20)  Checking for directory '/dev/pts/01/tmp'        ( Not found )
(14:12:20) Irix Rootkit                                      ( Not found )
(14:12:20)
(14:12:20) Checking for Kitko Rootkit...
(14:12:20)  Checking for directory '/usr/src/redhat/SRPMS/...' ( Not found )
(14:12:20) Kitko Rootkit                                    ( Not found )
(14:12:20)
(14:12:20) Checking for Knark Rootkit...
(14:12:20)  Checking for file '/proc/knark/pids'            ( Not found )
(14:12:20)  Checking for directory '/proc/knark'            ( Not found )
(14:12:20) Knark Rootkit                                    ( Not found )
(14:12:20)
(14:12:20) Checking for Li0n Worm...
(14:12:20)  Checking for file '/bin/in.telnetd'            ( Not found )
(14:12:20)  Checking for file '/bin/mjy'                    ( Not found )
(14:12:20)  Checking for file '/usr/man/man1/man1/lib/.lib/mjy' ( Not found )
(14:12:20)  Checking for file '/usr/man/man1/man1/lib/.lib/in.telnetd' ( Not found )
(14:12:20)  Checking for file '/usr/man/man1/man1/lib/.lib/.x' ( Not found )
(14:12:20)  Checking for file '/dev/.lib/lib/scan/1i0n.sh'  ( Not found )
(14:12:20)  Checking for file '/dev/.lib/lib/scan/hack.sh'  ( Not found )
(14:12:20)  Checking for file '/dev/.lib/lib/scan/bind'    ( Not found )
(14:12:20)  Checking for file '/dev/.lib/lib/scan/randb'    ( Not found )
(14:12:20)  Checking for file '/dev/.lib/lib/scan/scan.sh'  ( Not found )
(14:12:20)  Checking for file '/dev/.lib/lib/scan/pscan'    ( Not found )
(14:12:20)  Checking for file '/dev/.lib/lib/scan/star.sh'  ( Not found )
(14:12:20)  Checking for file '/dev/.lib/lib/scan/bindx.sh' ( Not found )
(14:12:21)  Checking for file '/dev/.lib/lib/scan/bindname.log' ( Not found )
(14:12:21)  Checking for file '/dev/.lib/lib/1i0n.sh'      ( Not found )
(14:12:21)  Checking for file '/dev/.lib/lib/lib/netstat'  ( Not found )
(14:12:21)  Checking for file '/dev/.lib/lib/lib/dev/.1addr' ( Not found )
(14:12:21)  Checking for file '/dev/.lib/lib/lib/dev/.1logz' ( Not found )
(14:12:21)  Checking for file '/dev/.lib/lib/lib/dev/.1proc' ( Not found )
(14:12:21)  Checking for file '/dev/.lib/lib/lib/dev/.1file' ( Not found )
(14:12:21) Li0n Worm                                        ( Not found )
(14:12:21)
(14:12:21) Checking for Lockit / LJK2 Rootkit...
(14:12:21)  Checking for file '/usr/lib/libmen.oo/.LJK2/ssh_config' ( Not found )
(14:12:21)  Checking for file '/usr/lib/libmen.oo/.LJK2/ssh_host_key' ( Not found )
(14:12:21)  Checking for file '/usr/lib/libmen.oo/.LJK2/ssh_host_key.pub' ( Not found )
(14:12:21)  Checking for file '/usr/lib/libmen.oo/.LJK2/ssh_random_seed*' ( Not found )
(14:12:21)  Checking for file '/usr/lib/libmen.oo/.LJK2/sshd_config' ( Not found )
(14:12:21)  Checking for file '/usr/lib/libmen.oo/.LJK2/backdoor/RK1bd' ( Not found )
(14:12:21)  Checking for file '/usr/lib/libmen.oo/.LJK2/backup/du' ( Not found )
(14:12:21)  Checking for file '/usr/lib/libmen.oo/.LJK2/backup/ifconfig' ( Not found )
(14:12:21)  Checking for file '/usr/lib/libmen.oo/.LJK2/backup/inetd.conf' ( Not found )
(14:12:21)  Checking for file '/usr/lib/libmen.oo/.LJK2/backup/locate' ( Not found )
(14:12:21)  Checking for file '/usr/lib/libmen.oo/.LJK2/backup/login' ( Not found )
(14:12:21)  Checking for file '/usr/lib/libmen.oo/.LJK2/backup/ls' ( Not found )
(14:12:21)  Checking for file '/usr/lib/libmen.oo/.LJK2/backup/netstat' ( Not found )
(14:12:21)  Checking for file '/usr/lib/libmen.oo/.LJK2/backup/ps' ( Not found )
(14:12:22)  Checking for file '/usr/lib/libmen.oo/.LJK2/backup/pstree' ( Not found )
(14:12:22)  Checking for file '/usr/lib/libmen.oo/.LJK2/backup/rc.sysinit' ( Not found )
(14:12:22)  Checking for file '/usr/lib/libmen.oo/.LJK2/backup/syslogd' ( Not found )
(14:12:22)  Checking for file '/usr/lib/libmen.oo/.LJK2/backup/tcpd' ( Not found )
(14:12:22)  Checking for file '/usr/lib/libmen.oo/.LJK2/backup/top' ( Not found )
(14:12:22)  Checking for file '/usr/lib/libmen.oo/.LJK2/clean/RK1sauber' ( Not found )
(14:12:22)  Checking for file '/usr/lib/libmen.oo/.LJK2/clean/RK1wted' ( Not found )
(14:12:22)  Checking for file '/usr/lib/libmen.oo/.LJK2/hack/RK1parser' ( Not found )
(14:12:22)  Checking for file '/usr/lib/libmen.oo/.LJK2/hack/RK1sniff' ( Not found )
(14:12:22)  Checking for file '/usr/lib/libmen.oo/.LJK2/hide/.RK1addr' ( Not found )
(14:12:22)  Checking for file '/usr/lib/libmen.oo/.LJK2/hide/.RK1dir' ( Not found )
(14:12:22)  Checking for file '/usr/lib/libmen.oo/.LJK2/hide/.RK1log' ( Not found )
(14:12:22)  Checking for file '/usr/lib/libmen.oo/.LJK2/hide/.RK1proc' ( Not found )
(14:12:22)  Checking for file '/usr/lib/libmen.oo/.LJK2/hide/RK1phidemod.c' ( Not found )
(14:12:22)  Checking for file '/usr/lib/libmen.oo/.LJK2/modules/README.modules' ( Not found )
(14:12:22)  Checking for file '/usr/lib/libmen.oo/.LJK2/modules/RK1hidem.c' ( Not found )
(14:12:22)  Checking for file '/usr/lib/libmen.oo/.LJK2/modules/RK1phide' ( Not found )
(14:12:22)  Checking for file '/usr/lib/libmen.oo/.LJK2/sshconfig/RK1ssh' ( Not found )
(14:12:22)  Checking for directory '/usr/lib/libmen.oo/.LJK2' ( Not found )
(14:12:22) Lockit / LJK2 Rootkit                            ( Not found )
(14:12:22)
(14:12:22) Checking for Mood-NT Rootkit...
(14:12:22)  Checking for file '/sbin/init__mood-nt-_-_cthulhu' ( Not found )
(14:12:22)  Checking for file '/_cthulhu/mood-nt.init'      ( Not found )
(14:12:23)  Checking for file '/_cthulhu/mood-nt.conf'      ( Not found )
(14:12:23)  Checking for file '/_cthulhu/mood-nt.sniff'    ( Not found )
(14:12:23)  Checking for directory '/_cthulhu'              ( Not found )
(14:12:23) Mood-NT Rootkit                                  ( Not found )
(14:12:23)
(14:12:23) Checking for MRK Rootkit...
(14:12:23)  Checking for file '/dev/ida/.inet/pid'          ( Not found )
(14:12:23)  Checking for file '/dev/ida/.inet/ssh_host_key' ( Not found )
(14:12:23)  Checking for file '/dev/ida/.inet/ssh_random_seed' ( Not found )
(14:12:23)  Checking for file '/dev/ida/.inet/tcp.log'      ( Not found )
(14:12:23)  Checking for directory '/dev/ida/.inet'        ( Not found )
(14:12:23)  Checking for directory '/var/spool/cron/.sh'    ( Not found )
(14:12:23) MRK Rootkit                                      ( Not found )
(14:12:23)
(14:12:23) Checking for Ni0 Rootkit...
(14:12:23)  Checking for file '/var/lock/subsys/...datafile.../...net...' ( Not found )
(14:12:23)  Checking for file '/var/lock/subsys/...datafile.../...port...' ( Not found )
(14:12:23)  Checking for file '/var/lock/subsys/...datafile.../...ps...' ( Not found )
(14:12:23)  Checking for file '/var/lock/subsys/...datafile.../...file...' ( Not found )
(14:12:23)  Checking for directory '/tmp/waza'              ( Not found )
(14:12:23)  Checking for directory '/var/lock/subsys/...datafile...' ( Not found )
(14:12:23)  Checking for directory '/usr/sbin/es'          ( Not found )
(14:12:23) Ni0 Rootkit                                      ( Not found )
(14:12:23)
(14:12:23) Checking for Ohhara Rootkit...
(14:12:23)  Checking for file '/var/lock/subsys/...datafile.../...datafile.../in.smbd.log' ( Not found )
(14:12:23)  Checking for directory '/var/lock/subsys/...datafile...' ( Not found )
(14:12:24)  Checking for directory '/var/lock/subsys/...datafile.../...datafile...' ( Not found )
(14:12:24)  Checking for directory '/var/lock/subsys/...datafile.../...datafile.../bin' ( Not found )
(14:12:24)  Checking for directory '/var/lock/subsys/...datafile.../...datafile.../usr/bin' ( Not found )
(14:12:24)  Checking for directory '/var/lock/subsys/...datafile.../...datafile.../usr/sbin' ( Not found )
(14:12:24)  Checking for directory '/var/lock/subsys/...datafile.../...datafile.../lib/security' ( Not found )
(14:12:24) Ohhara Rootkit                                    ( Not found )
(14:12:24)
(14:12:24) Checking for Optic Kit (Tux) Worm...
(14:12:24)  Checking for directory '/dev/tux'              ( Not found )
(14:12:24)  Checking for directory '/usr/bin/xchk'          ( Not found )
(14:12:24)  Checking for directory '/usr/bin/xsf'          ( Not found )
(14:12:24)  Checking for directory '/usr/bin/ssh2d'        ( Not found )
(14:12:24) Optic Kit (Tux) Worm                              ( Not found )
(14:12:24)
(14:12:24) Checking for Oz Rootkit...
(14:12:24)  Checking for file '/dev/.oz/.nap/rkit/terror'  ( Not found )
(14:12:24)  Checking for directory '/dev/.oz'              ( Not found )
(14:12:24) Oz Rootkit                                        ( Not found )
(14:12:24)
(14:12:24) Checking for Phalanx Rootkit...
(14:12:24)  Checking for file '/usr/share/.home.ph1/cb'    ( Not found )
(14:12:24)  Checking for file '/etc/host.ph1'              ( Not found )
(14:12:24)  Checking for file '/bin/host.ph1'              ( Not found )
(14:12:24)  Checking for file '/usr/share/.home.ph1/phalanx' ( Not found )
(14:12:24)  Checking for directory '/usr/share/.home.ph1'  ( Not found )
(14:12:24) Phalanx Rootkit                                  ( Not found )
(14:12:24)
(14:12:24) Checking for Phalanx Rootkit (strings)...
(14:12:25)  Checking for string 'phalanx'                  ( Not found )
(14:12:25) Phalanx Rootkit (strings)                        ( Not found )
(14:12:25)
(14:12:25) Checking for Phalanx2 Rootkit...
(14:12:25)  Checking for file '/etc/khubd.p2/.p2rc'        ( Not found )
(14:12:25)  Checking for file '/etc/khubd.p2/.phalanx2'    ( Not found )
(14:12:25)  Checking for file '/etc/khubd.p2/.sniff'        ( Not found )
(14:12:25)  Checking for file '/etc/khubd.p2/sshgrab.py'    ( Not found )
(14:12:25)  Checking for file '/etc/lolzz.p2/.p2rc'        ( Not found )
(14:12:25)  Checking for file '/etc/lolzz.p2/.phalanx2'    ( Not found )
(14:12:25)  Checking for file '/etc/lolzz.p2/.sniff'        ( Not found )
(14:12:25)  Checking for file '/etc/lolzz.p2/sshgrab.py'    ( Not found )
(14:12:25)  Checking for directory '/etc/khubd.p2'          ( Not found )
(14:12:25)  Checking for directory '/etc/lolzz.p2'          ( Not found )
(14:12:25) Phalanx2 Rootkit                                  ( Not found )
(14:12:25)
(14:12:25) Checking for Phalanx2 Rootkit (extended tests)...
(14:12:25)  Checking for directory '/etc/khubd.p2'          ( Not found )
(14:12:25)  Checking for directory '/etc/lolzz.p2'          ( Not found )
(14:12:25) Phalanx2 Rootkit (extended tests)                ( Not found )
(14:12:25)
(14:12:25) Checking for Portacelo Rootkit...
(14:12:25)  Checking for file '/var/lib/.../.ak'            ( Not found )
(14:12:25)  Checking for file '/var/lib/.../.hk'            ( Not found )
(14:12:25)  Checking for file '/var/lib/.../.rs'            ( Not found )
(14:12:25)  Checking for file '/var/lib/.../.p'            ( Not found )
(14:12:25)  Checking for file '/var/lib/.../getty'          ( Not found )
(14:12:26)  Checking for file '/var/lib/.../lkt.o'          ( Not found )
(14:12:26)  Checking for file '/var/lib/.../show'          ( Not found )
(14:12:26)  Checking for file '/var/lib/.../nlkt.o'        ( Not found )
(14:12:26)  Checking for file '/var/lib/.../ssshrc'        ( Not found )
(14:12:26)  Checking for file '/var/lib/.../sssh_equiv'    ( Not found )
(14:12:26)  Checking for file '/var/lib/.../sssh_known_hosts' ( Not found )
(14:12:26)  Checking for file '/var/lib/.../sssh_pid'      ( Not found )
(14:12:26)  Checking for file '~/.sssh/known_hosts'        ( Not found )
(14:12:26) Portacelo Rootkit                                ( Not found )
(14:12:26)
(14:12:26) Checking for R3dstorm Toolkit...
(14:12:26)  Checking for file '/var/log/tk02/see_all'      ( Not found )
(14:12:26)  Checking for file '/bin/.../sshd/sbin/sshd1'    ( Not found )
(14:12:26)  Checking for file '/bin/.../hate/sk'            ( Not found )
(14:12:26)  Checking for file '/bin/.../see_all'            ( Not found )
(14:12:26)  Checking for directory '/var/log/tk02'          ( Not found )
(14:12:26)  Checking for directory '/var/log/tk02/old'      ( Not found )
(14:12:26)  Checking for directory '/bin/...'              ( Not found )
(14:12:26) R3dstorm Toolkit                                  ( Not found )
(14:12:26)
(14:12:26) Checking for RH-Sharpe's Rootkit...
(14:12:26)  Checking for file '/bin/lps'                    ( Not found )
(14:12:26)  Checking for file '/usr/bin/lpstree'            ( Not found )
(14:12:26)  Checking for file '/usr/bin/ltop'              ( Not found )
(14:12:26)  Checking for file '/usr/bin/lkillall'          ( Not found )
(14:12:27)  Checking for file '/usr/bin/ldu'                ( Not found )
(14:12:27)  Checking for file '/usr/bin/lnetstat'          ( Not found )
(14:12:27)  Checking for file '/usr/bin/wp'                ( Not found )
(14:12:27)  Checking for file '/usr/bin/shad'              ( Not found )
(14:12:27)  Checking for file '/usr/bin/vadim'              ( Not found )
(14:12:27)  Checking for file '/usr/bin/slice'              ( Not found )
(14:12:27)  Checking for file '/usr/bin/cleaner'            ( Not found )
(14:12:27)  Checking for file '/usr/include/rpcsvc/du'      ( Not found )
(14:12:27) RH-Sharpe's Rootkit                              ( Not found )
(14:12:27)
(14:12:27) Checking for RSHA's Rootkit...
(14:12:27)  Checking for file '/bin/kr4p'                  ( Not found )
(14:12:27)  Checking for file '/usr/bin/n3tstat'            ( Not found )
(14:12:27)  Checking for file '/usr/bin/chsh2'              ( Not found )
(14:12:27)  Checking for file '/usr/bin/slice2'            ( Not found )
(14:12:27)  Checking for file '/usr/src/linux/arch/alpha/lib/.lib/.1proc' ( Not found )
(14:12:27)  Checking for file '/etc/rc.d/arch/alpha/lib/.lib/.1addr' ( Not found )
(14:12:27)  Checking for directory '/etc/rc.d/rsha'        ( Not found )
(14:12:27)  Checking for directory '/etc/rc.d/arch/alpha/lib/.lib' ( Not found )
(14:12:27) RSHA's Rootkit                                    ( Not found )
(14:12:27)
(14:12:27) Checking for Scalper Worm...
(14:12:27)  Checking for file '/tmp/.a'                    ( Not found )
(14:12:27)  Checking for file '/tmp/.uua'                  ( Not found )
(14:12:27) Scalper Worm                                      ( Not found )
(14:12:28)
(14:12:28) Checking for Sebek LKM...
(14:12:28)  Checking for kernel symbol 'adore or sebek'    ( Skipped )
(14:12:28) Sebek LKM                                        ( Not found )
(14:12:28)
(14:12:28) Checking for Shutdown Rootkit...
(14:12:28)  Checking for file '/usr/man/man5/.. /.dir/scannah/asus' ( Not found )
(14:12:28)  Checking for file '/usr/man/man5/.. /.dir/see'  ( Not found )
(14:12:28)  Checking for file '/usr/man/man5/.. /.dir/nscd' ( Not found )
(14:12:28)  Checking for file '/usr/man/man5/.. /.dir/alpd' ( Not found )
(14:12:28)  Checking for file '/etc/rc.d/rc.local '        ( Not found )
(14:12:28)  Checking for directory '/usr/man/man5/.. /.dir' ( Not found )
(14:12:28)  Checking for directory '/usr/man/man5/.. /.dir/scannah' ( Not found )
(14:12:28)  Checking for directory '/etc/rc.d/rc0.d/.. /.dir' ( Not found )
(14:12:28) Shutdown Rootkit                                  ( Not found )
(14:12:28)
(14:12:28) Checking for SHV4 Rootkit...
(14:12:28)  Checking for file '/etc/ld.so.hash'            ( Not found )
(14:12:28)  Checking for file '/lib/libext-2.so.7'          ( Not found )
(14:12:28)  Checking for file '/lib/lidps1.so'              ( Not found )
(14:12:28)  Checking for file '/usr/sbin/xntps'            ( Not found )
(14:12:28)  Checking for directory '/lib/security/.config'  ( Not found )
(14:12:28)  Checking for directory '/lib/security/.config/ssh' ( Not found )
(14:12:28) SHV4 Rootkit                                      ( Not found )
(14:12:28)
(14:12:28) Checking for SHV5 Rootkit...
(14:12:28)  Checking for file '/etc/sh.conf'                ( Not found )
(14:12:28)  Checking for file '/dev/srd0'                  ( Not found )
(14:12:29)  Checking for directory '/usr/lib/libsh'        ( Not found )
(14:12:29) SHV5 Rootkit                                      ( Not found )
(14:12:29)
(14:12:29) Checking for Sin Rootkit...
(14:12:29)  Checking for file '/dev/.haos/haos1/.f/Denyed'  ( Not found )
(14:12:29)  Checking for file '/dev/ttyoa'                  ( Not found )
(14:12:29)  Checking for file '/dev/ttyof'                  ( Not found )
(14:12:29)  Checking for file '/dev/ttyop'                  ( Not found )
(14:12:29)  Checking for file '/dev/ttyos'                  ( Not found )
(14:12:29)  Checking for file '/usr/lib/.lib'              ( Not found )
(14:12:29)  Checking for file '/usr/lib/sn/.X'              ( Not found )
(14:12:29)  Checking for file '/usr/lib/sn/.sys'            ( Not found )
(14:12:29)  Checking for file '/usr/lib/ld/.X'              ( Not found )
(14:12:29)  Checking for file '/usr/man/man1/...'          ( Not found )
(14:12:29)  Checking for file '/usr/man/man1/.../.m'        ( Not found )
(14:12:29)  Checking for file '/usr/man/man1/.../.w'        ( Not found )
(14:12:29)  Checking for directory '/usr/lib/sn'            ( Not found )
(14:12:29)  Checking for directory '/usr/lib/man1/...'      ( Not found )
(14:12:29)  Checking for directory '/dev/.haos'            ( Not found )
(14:12:29) Sin Rootkit                                      ( Not found )
(14:12:29)
(14:12:29) Checking for Slapper Worm...
(14:12:29)  Checking for file '/tmp/.bugtraq'              ( Not found )
(14:12:29)  Checking for file '/tmp/.uubugtraq'            ( Not found )
(14:12:29)  Checking for file '/tmp/.bugtraq.c'            ( Not found )
(14:12:30)  Checking for file '/tmp/httpd'                  ( Not found )
(14:12:30)  Checking for file '/tmp/.unlock'                ( Not found )
(14:12:30)  Checking for file '/tmp/update'                ( Not found )
(14:12:30)  Checking for file '/tmp/.cinik'                ( Not found )
(14:12:30)  Checking for file '/tmp/.b'                    ( Not found )
(14:12:30) Slapper Worm                                      ( Not found )
(14:12:30)
(14:12:30) Checking for Sneakin Rootkit...
(14:12:30)  Checking for directory '/tmp/.X11-unix/.../rk'  ( Not found )
(14:12:30) Sneakin Rootkit                                  ( Not found )
(14:12:30)
(14:12:30) Checking for Suckit Rootkit...
(14:12:30)  Checking for file '/sbin/initsk12'              ( Not found )
(14:12:30)  Checking for file '/sbin/initxrk'              ( Not found )
(14:12:30)  Checking for file '/usr/bin/null'              ( Not found )
(14:12:30)  Checking for file '/usr/share/locale/sk/.sk12/sk' ( Not found )
(14:12:30)  Checking for file '/etc/rc.d/rc0.d/S23kmdac'    ( Not found )
(14:12:30)  Checking for file '/etc/rc.d/rc1.d/S23kmdac'    ( Not found )
(14:12:30)  Checking for file '/etc/rc.d/rc2.d/S23kmdac'    ( Not found )
(14:12:30)  Checking for file '/etc/rc.d/rc3.d/S23kmdac'    ( Not found )
(14:12:30)  Checking for file '/etc/rc.d/rc4.d/S23kmdac'    ( Not found )
(14:12:30)  Checking for file '/etc/rc.d/rc5.d/S23kmdac'    ( Not found )
(14:12:30)  Checking for file '/etc/rc.d/rc6.d/S23kmdac'    ( Not found )
(14:12:30)  Checking for directory '/dev/sdhu0/tehdrakg'    ( Not found )
(14:12:30)  Checking for directory '/etc/.MG'              ( Not found )
(14:12:30)  Checking for directory '/usr/share/locale/sk/.sk12' ( Not found )
(14:12:31)  Checking for directory '/usr/lib/perl5/site_perl/i386-linux/auto/TimeDate/.packlist' ( Not found )
(14:12:31) Suckit Rootkit                                    ( Not found )
(14:12:31)
(14:12:31) Checking for SunOS Rootkit...
(14:12:31)  Checking for file '/etc/ld.so.hash'            ( Not found )
(14:12:31)  Checking for file '/lib/libext-2.so.7'          ( Not found )
(14:12:31)  Checking for file '/usr/bin/ssh2d'              ( Not found )
(14:12:31)  Checking for file '/bin/xlogin'                ( Not found )
(14:12:31)  Checking for file '/usr/lib/crth.o'            ( Not found )
(14:12:31)  Checking for file '/usr/lib/crtz.o'            ( Not found )
(14:12:31)  Checking for file '/sbin/login'                ( Not found )
(14:12:31)  Checking for file '/lib/security/.config/sn'    ( Not found )
(14:12:31)  Checking for file '/lib/security/.config/lpsched' ( Not found )
(14:12:31)  Checking for file '/dev/kmod'                  ( Not found )
(14:12:31)  Checking for file '/dev/dos'                    ( Not found )
(14:12:31) SunOS Rootkit                                    ( Not found )
(14:12:31)
(14:12:31) Checking for SunOS / NSDAP Rootkit...
(14:12:31)  Checking for file '/usr/lib/vold/nsdap/.kit'    ( Not found )
(14:12:31)  Checking for file '/usr/lib/vold/nsdap/defines' ( Not found )
(14:12:31)  Checking for file '/usr/lib/vold/nsdap/patcher' ( Not found )
(14:12:31)  Checking for file '/usr/lib/vold/nsdap/pg'      ( Not found )
(14:12:31)  Checking for file '/usr/lib/vold/nsdap/cleaner' ( Not found )
(14:12:31)  Checking for file '/usr/lib/vold/nsdap/utime'  ( Not found )
(14:12:31)  Checking for file '/usr/lib/vold/nsdap/crypt'  ( Not found )
(14:12:32)  Checking for file '/usr/lib/vold/nsdap/findkit' ( Not found )
(14:12:32)  Checking for file '/usr/lib/vold/nsdap/sn2'    ( Not found )
(14:12:32)  Checking for file '/usr/lib/vold/nsdap/sniffload' ( Not found )
(14:12:32)  Checking for file '/usr/lib/vold/nsdap/runsniff' ( Not found )
(14:12:32)  Checking for file '/usr/lib/lpset'              ( Not found )
(14:12:32)  Checking for directory '/usr/lib/vold/nsdap'    ( Not found )
(14:12:32) SunOS / NSDAP Rootkit                            ( Not found )

esezako 31st March 2010 14:34
part 3 of the log

Code:
(14:12:32)
(14:12:32) Checking for Superkit Rootkit...
(14:12:32)  Checking for file '/usr/man/.sman/sk'          ( Not found )
(14:12:32) Superkit Rootkit                                  ( Not found )
(14:12:32)
(14:12:32) Checking for TBD (Telnet BackDoor)...
(14:12:32)  Checking for file '/usr/lib/.tbd'              ( Not found )
(14:12:32) TBD (Telnet BackDoor)                            ( Not found )
(14:12:32)
(14:12:32) Checking for TeLeKiT Rootkit...
(14:12:32)  Checking for file '/usr/man/man3/.../TeLeKiT/bin/sniff' ( Not found )
(14:12:32)  Checking for file '/usr/man/man3/.../TeLeKiT/bin/telnetd' ( Not found )
(14:12:32)  Checking for file '/usr/man/man3/.../TeLeKiT/bin/teleulo' ( Not found )
(14:12:32)  Checking for file '/usr/man/man3/.../cl'        ( Not found )
(14:12:32)  Checking for file '/dev/ptyr'                  ( Not found )
(14:12:32)  Checking for file '/dev/ptyp'                  ( Not found )
(14:12:32)  Checking for file '/dev/ptyq'                  ( Not found )
(14:12:32)  Checking for file '/dev/hda06'                  ( Not found )
(14:12:32)  Checking for file '/usr/info/libc1.so'          ( Not found )
(14:12:33)  Checking for directory '/usr/man/man3/...'      ( Not found )
(14:12:33)  Checking for directory '/usr/man/man3/.../lsniff' ( Not found )
(14:12:33)  Checking for directory '/usr/man/man3/.../TeLeKiT' ( Not found )
(14:12:33) TeLeKiT Rootkit                                  ( Not found )
(14:12:33)
(14:12:33) Checking for T0rn Rootkit...
(14:12:33)  Checking for file '/dev/.lib/lib/lib/t0rns'    ( Not found )
(14:12:33)  Checking for file '/dev/.lib/lib/lib/du'        ( Not found )
(14:12:33)  Checking for file '/dev/.lib/lib/lib/ls'        ( Not found )
(14:12:33)  Checking for file '/dev/.lib/lib/lib/t0rnsb'    ( Not found )
(14:12:33)  Checking for file '/dev/.lib/lib/lib/ps'        ( Not found )
(14:12:33)  Checking for file '/dev/.lib/lib/lib/t0rnp'    ( Not found )
(14:12:33)  Checking for file '/dev/.lib/lib/lib/find'      ( Not found )
(14:12:33)  Checking for file '/dev/.lib/lib/lib/ifconfig'  ( Not found )
(14:12:33)  Checking for file '/dev/.lib/lib/lib/pg'        ( Not found )
(14:12:33)  Checking for file '/dev/.lib/lib/lib/ssh.tgz'  ( Not found )
(14:12:33)  Checking for file '/dev/.lib/lib/lib/top'      ( Not found )
(14:12:33)  Checking for file '/dev/.lib/lib/lib/sz'        ( Not found )
(14:12:33)  Checking for file '/dev/.lib/lib/lib/login'    ( Not found )
(14:12:33)  Checking for file '/dev/.lib/lib/lib/in.fingerd' ( Not found )
(14:12:33)  Checking for file '/dev/.lib/lib/lib/1i0n.sh'  ( Not found )
(14:12:33)  Checking for file '/dev/.lib/lib/lib/pstree'    ( Not found )
(14:12:33)  Checking for file '/dev/.lib/lib/lib/in.telnetd' ( Not found )
(14:12:33)  Checking for file '/dev/.lib/lib/lib/mjy'      ( Not found )
(14:12:34)  Checking for file '/dev/.lib/lib/lib/sush'      ( Not found )
(14:12:34)  Checking for file '/dev/.lib/lib/lib/tfn'      ( Not found )
(14:12:34)  Checking for file '/dev/.lib/lib/lib/name'      ( Not found )
(14:12:34)  Checking for file '/dev/.lib/lib/lib/getip.sh'  ( Not found )
(14:12:34)  Checking for file '/usr/info/.torn/sh*'        ( Not found )
(14:12:34)  Checking for file '/usr/src/.puta/.1addr'      ( Not found )
(14:12:34)  Checking for file '/usr/src/.puta/.1file'      ( Not found )
(14:12:34)  Checking for file '/usr/src/.puta/.1proc'      ( Not found )
(14:12:34)  Checking for file '/usr/src/.puta/.1logz'      ( Not found )
(14:12:34)  Checking for file '/usr/info/.t0rn'            ( Not found )
(14:12:34)  Checking for directory '/dev/.lib'              ( Not found )
(14:12:34)  Checking for directory '/dev/.lib/lib'          ( Not found )
(14:12:34)  Checking for directory '/dev/.lib/lib/lib'      ( Not found )
(14:12:34)  Checking for directory '/dev/.lib/lib/lib/dev'  ( Not found )
(14:12:34)  Checking for directory '/dev/.lib/lib/scan'    ( Not found )
(14:12:34)  Checking for directory '/usr/src/.puta'        ( Not found )
(14:12:34)  Checking for directory '/usr/man/man1/man1'    ( Not found )
(14:12:34)  Checking for directory '/usr/man/man1/man1/lib' ( Not found )
(14:12:34)  Checking for directory '/usr/man/man1/man1/lib/.lib' ( Not found )
(14:12:34)  Checking for directory '/usr/man/man1/man1/lib/.lib/.backup' ( Not found )
(14:12:34) T0rn Rootkit                                      ( Not found )
(14:12:34)
(14:12:34) Checking for Trojanit Kit...
(14:12:34)  Checking for file '/bin/.ls'                    ( Not found )
(14:12:35)  Checking for file '/bin/.ps'                    ( Not found )
(14:12:35)  Checking for file '/bin/.netstat'              ( Not found )
(14:12:35)  Checking for file '/usr/bin/.nop'              ( Not found )
(14:12:35)  Checking for file '/usr/bin/.who'              ( Not found )
(14:12:35) Trojanit Kit                                      ( Not found )
(14:12:35)
(14:12:35) Checking for Tuxtendo Rootkit...
(14:12:35)  Checking for file '/dev/tux/.addr'              ( Not found )
(14:12:35)  Checking for file '/dev/tux/.cron'              ( Not found )
(14:12:35)  Checking for file '/dev/tux/.file'              ( Not found )
(14:12:35)  Checking for file '/dev/tux/.log'              ( Not found )
(14:12:35)  Checking for file '/dev/tux/.proc'              ( Not found )
(14:12:35)  Checking for file '/dev/tux/backup/crontab'    ( Not found )
(14:12:35)  Checking for file '/dev/tux/backup/df'          ( Not found )
(14:12:35)  Checking for file '/dev/tux/backup/dir'        ( Not found )
(14:12:35)  Checking for file '/dev/tux/backup/find'        ( Not found )
(14:12:35)  Checking for file '/dev/tux/backup/ifconfig'    ( Not found )
(14:12:35)  Checking for file '/dev/tux/backup/locate'      ( Not found )
(14:12:35)  Checking for file '/dev/tux/backup/netstat'    ( Not found )
(14:12:35)  Checking for file '/dev/tux/backup/ps'          ( Not found )
(14:12:35)  Checking for file '/dev/tux/backup/pstree'      ( Not found )
(14:12:35)  Checking for file '/dev/tux/backup/syslogd'    ( Not found )
(14:12:35)  Checking for file '/dev/tux/backup/tcpd'        ( Not found )
(14:12:35)  Checking for file '/dev/tux/backup/top'        ( Not found )
(14:12:36)  Checking for file '/dev/tux/backup/updatedb'    ( Not found )
(14:12:36)  Checking for file '/dev/tux/backup/vdir'        ( Not found )
(14:12:36)  Checking for directory '/dev/tux'              ( Not found )
(14:12:36)  Checking for directory '/dev/tux/ssh2'          ( Not found )
(14:12:36)  Checking for directory '/dev/tux/backup'        ( Not found )
(14:12:36) Tuxtendo Rootkit                                  ( Not found )
(14:12:36)
(14:12:36) Checking for URK Rootkit...
(14:12:36)  Checking for file '/usr/man/man1/xxxxxxbin/find' ( Not found )
(14:12:36)  Checking for file '/usr/man/man1/xxxxxxbin/du'  ( Not found )
(14:12:36)  Checking for file '/usr/man/man1/xxxxxxbin/ps'  ( Not found )
(14:12:36)  Checking for file '/tmp/conf.inf'              ( Not found )
(14:12:36)  Checking for directory '/usr/man/man1/xxxxxxbin' ( Not found )
(14:12:36) URK Rootkit                                      ( Not found )
(14:12:36)
(14:12:36) Checking for Vampire Rootkit...
(14:12:36)  Checking for kernel symbol 'new_getdents'      ( Skipped )
(14:12:36)  Checking for kernel symbol 'old_getdents'      ( Skipped )
(14:12:36)  Checking for kernel symbol 'should_hide_file_name' ( Skipped )
(14:12:36)  Checking for kernel symbol 'should_hide_task_name' ( Skipped )
(14:12:36) Vampire Rootkit                                  ( Not found )
(14:12:36)
(14:12:36) Checking for VcKit Rootkit...
(14:12:36)  Checking for directory '/usr/include/linux/modules/lib.so' ( Not found )
(14:12:36)  Checking for directory '/usr/include/linux/modules/lib.so/bin' ( Not found )
(14:12:36) VcKit Rootkit                                    ( Not found )
(14:12:36)
(14:12:36) Checking for Volc Rootkit...
(14:12:37)  Checking for directory '/var/spool/.recent'    ( Not found )
(14:12:37)  Checking for directory '/var/spool/.recent/.files' ( Not found )
(14:12:37)  Checking for directory '/usr/lib/volc'          ( Not found )
(14:12:37)  Checking for directory '/usr/lib/volc/backup'  ( Not found )
(14:12:37) Volc Rootkit                                      ( Not found )
(14:12:37)
(14:12:37) Checking for X-Org SunOS Rootkit...
(14:12:37)  Checking for file '/usr/lib/libX.a/bin/tmpfl'  ( Not found )
(14:12:37)  Checking for file '/usr/lib/libX.a/bin/rps'    ( Not found )
(14:12:37)  Checking for file '/usr/bin/srload'            ( Not found )
(14:12:37)  Checking for file '/usr/lib/libX.a/bin/sparcv7/rps' ( Not found )
(14:12:37)  Checking for file '/usr/sbin/modcheck'          ( Not found )
(14:12:37)  Checking for directory '/usr/lib/libX.a'        ( Not found )
(14:12:37)  Checking for directory '/usr/lib/libX.a/bin'    ( Not found )
(14:12:37)  Checking for directory '/usr/lib/libX.a/bin/sparcv7' ( Not found )
(14:12:37)  Checking for directory '/usr/share/man...'      ( Not found )
(14:12:37) X-Org SunOS Rootkit                              ( Not found )
(14:12:37)
(14:12:37) Checking for zaRwT.KiT Rootkit...
(14:12:37)  Checking for file '/dev/rd/s/sendmeil'          ( Not found )
(14:12:37)  Checking for file '/dev/ttyf'                  ( Not found )
(14:12:37)  Checking for file '/dev/ttyp'                  ( Not found )
(14:12:37)  Checking for file '/dev/ttyn'                  ( Not found )
(14:12:37)  Checking for file '/rk/tulz'                    ( Not found )
(14:12:37)  Checking for directory '/rk'                    ( Not found )
(14:12:37)  Checking for directory '/dev/rd/s'              ( Not found )
(14:12:38) zaRwT.KiT Rootkit                                ( Not found )
(14:12:38)
(14:12:38) Performing additional rootkit checks
(14:12:38) Info: Starting test name 'additional_rkts'
(14:12:38)
(14:12:38)  Performing Suckit Rookit additional checks
(14:12:38)    Checking hard link count on '/sbin/init'      ( OK )
(14:12:38)    Checking for hidden file extensions          ( None found )
(14:12:38)    Running skdet command                        ( Skipped )
(14:12:38) Info: Unable to find the 'skdet' command
(14:12:38)  Suckit Rookit additional checks                ( OK )
(14:12:38)
(14:12:38)  Performing check of possible rootkit files and directories
(14:12:38) Info: Starting test name 'possible_rkt_files'
(14:12:38)    Checking for file '/dev/sdr0'                ( Not found )
(14:12:38)    Checking for file '/tmp/.syshackfile'        ( Not found )
(14:12:38)    Checking for file '/tmp/.bash_history'        ( Not found )
(14:12:38)    Checking for file '/usr/info/.clib'          ( Not found )
(14:12:38)    Checking for file '/usr/sbin/tcp.log'        ( Not found )
(14:12:38)    Checking for file '/usr/bin/take/pid'        ( Not found )
(14:12:38)    Checking for file '/sbin/create'              ( Not found )
(14:12:38)    Checking for file '/dev/ttypz'                ( Not found )
(14:12:38)    Checking for directory '/usr/bin/take'        ( Not found )
(14:12:38)    Checking for directory '/usr/src/.lib'        ( Not found )
(14:12:39)    Checking for directory '/usr/share/man/man1/.1c' ( Not found )
(14:12:39)    Checking for directory '/lib/lblip.tk'        ( Not found )
(14:12:39)    Checking for directory '/usr/sbin/...'        ( Not found )
(14:12:39)    Checking for directory '/usr/share/.gun'      ( Not found )
(14:12:39)  Checking for possible rootkit files and directories ( None found )
(14:12:39)
(14:12:39)  Performing check for possible rootkit strings
(14:12:39) Info: Starting test name 'possible_rkt_strings'
(14:12:39) Info: Using system startup paths: /etc/rc.local /etc/init.d /etc/inittab
(14:12:39)    Checking for string '/dev/proc/fuckit'        ( Not found )
(14:12:39)    Checking for string 'FUCK'                    ( Not found )
(14:12:39)    Checking for string 'backdoor'                ( Not found )
(14:12:39)    Checking for string 'vt200'                  ( Not found )
(14:12:39)    Checking for string '/usr/bin/xstat'          ( Not found )
(14:12:39)    Checking for string '/bin/envpc'              ( Not found )
(14:12:39)    Checking for string 'L4m3r0x'                ( Not found )
(14:12:39)    Checking for string '/usr/lib/.tbd'          ( Not found )
(14:12:39)    Checking for string '/dev/ptyxx/.file'        ( Not found )
(14:12:40)    Checking for string '/dev/sgk'                ( Not found )
(14:12:40)    Checking for string '/var/lock/subsys/...datafile...' ( Not found )
(14:12:40)    Checking for string '/usr/lib/.tbd'          ( Not found )
(14:12:40)    Checking for string '/dev/proc/fuckit'        ( Not found )
(14:12:40)    Checking for string '/lib/.sso'              ( Not found )
(14:12:40)    Checking for string '/var/lock/subsys/...datafile...' ( Not found )
(14:12:40)    Checking for string '/dev/caca'              ( Not found )
(14:12:40)    Checking for string '/dev/ttyoa'              ( Not found )
(14:12:40)    Checking for string 'syg'                    ( Not found )
(14:12:40)    Checking for string '/dev/pts/01'            ( Not found )
(14:12:40)    Checking for string 'tw33dl3'                ( Not found )
(14:12:40)    Checking for string 'psniff'                  ( Not found )
(14:12:40)    Checking for string '/var/lock/subsys/...datafile...' ( Not found )
(14:12:40)    Checking for string '/dev/ptyxx'              ( Not found )
(14:12:41)    Checking for string 'promiscuous'            ( Not found )
(14:12:41)    Checking for string '/usr/lib/.tbd'          ( Not found )
(14:12:41)    Checking for string '/dev/xdta'              ( Not found )
(14:12:41)    Checking for string '/usr/lib/.tbd'          ( Not found )
(14:12:41)    Checking for string 'in.inetd'                ( Not found )
(14:12:41)    Checking for string '#<HIDE_.*>'              ( Not found )
(14:12:42)    Checking for string 'bin/xchk'                ( Not found )
(14:12:42)    Checking for string 'bin/xsf'                ( Not found )
(14:12:42)  Checking for possible rootkit strings          ( None found )
(14:12:42)
(14:12:42) Performing malware checks
(14:12:42) Info: Starting test name 'malware'
(14:12:42)
(14:12:42) Info: Test 'deleted_files' disabled at users request.
(14:12:42) Info: Starting test name 'running_procs'
(14:12:42)  Checking running processes for suspicious files ( Skipped )
(14:12:42) Info: Unable to find the 'lsof' command
(14:12:43)
(14:12:43) Info: Test 'hidden_procs' disabled at users request.
(14:12:43)
(14:12:43) Info: Test 'suspscan' disabled at users request.
(14:12:43)
(14:12:43)  Performing check for login backdoors
(14:12:43) Info: Starting test name 'other_malware'
(14:12:43)    Checking for '/bin/.login'                    ( Not found )
(14:12:43)    Checking for '/sbin/.login'                  ( Not found )
(14:12:43)  Checking for login backdoors                    ( None found )
(14:12:43)
(14:12:43)  Performing check for suspicious directories
(14:12:43)    Checking for directory '/usr/X11R6/bin/.,/copy' ( Not found )
(14:12:43)    Checking for directory '/dev/rd/cdb'          ( Not found )
(14:12:43)  Checking for suspicious directories            ( None found )
(14:12:43)
(14:12:43)  Checking for software intrusions                ( Skipped )
(14:12:43) Info: Check skipped - tripwire not installed
(14:12:43)
(14:12:43)  Performing check for sniffer log files
(14:12:43)    Checking for file '/usr/lib/libice.log'      ( Not found )
(14:12:43)  Checking for sniffer log files                  ( None found )
(14:12:43)
(14:12:43) Performing trojan specific checks
(14:12:43) Info: Starting test name 'trojans'
(14:12:43) Info: Using inetd configuration file '/etc/inetd.conf'
(14:12:43)  Checking for enabled inetd services            ( OK )
(14:12:43)
(14:12:43)  Performing check for enabled xinetd services
(14:12:43)  Checking for enabled xinetd services            ( Skipped )
(14:12:43) Info: Check skipped - file '/etc/xinetd.conf' does not exist.
(14:12:43)  Checking for Apache backdoor                    ( Not found )
(14:12:43)
(14:12:43) Performing Linux specific checks
(14:12:43) Info: Starting test name 'os_specific'
(14:12:44)  Checking loaded kernel modules                  ( Warning )
(14:12:44) Warning: No output found from the lsmod command or the /proc/modules file:
(14:12:44)          /proc/modules output:
(14:12:44)          lsmod output:
(14:12:44) Info: Using modules pathname of '/lib/modules'
(14:12:44)  Checking kernel module names                    ( Skipped )
(14:12:44) Warning: The kernel modules directory '/lib/modules' is missing or empty.
(14:14:50)
(14:14:50) Checking the network...
(14:14:50) Info: Starting test name 'network'
(14:14:50) Info: Starting test name 'ports'
(14:14:50)
(14:14:50) Performing check for backdoor ports
(14:14:50) Info: Disabling pathnames and '*' in PORT_WHITELIST setting: no 'lsof' command present.
(14:14:51)  Checking for TCP port 1524                      ( Not found )
(14:14:52)  Checking for TCP port 1984                      ( Not found )
(14:14:53)  Checking for UDP port 2001                      ( Not found )
(14:14:54)  Checking for TCP port 2006                      ( Not found )
(14:14:55)  Checking for TCP port 2128                      ( Not found )
(14:14:55)  Checking for TCP port 6666                      ( Not found )
(14:14:56)  Checking for TCP port 6667                      ( Not found )
(14:14:57)  Checking for TCP port 6668                      ( Not found )
(14:14:58)  Checking for TCP port 6669                      ( Not found )
(14:14:59)  Checking for TCP port 7000                      ( Not found )
(14:15:00)  Checking for TCP port 13000                    ( Not found )
(14:15:00)  Checking for TCP port 14856                    ( Not found )
(14:15:01)  Checking for TCP port 25000                    ( Not found )
(14:15:02)  Checking for TCP port 29812                    ( Not found )
(14:15:03)  Checking for TCP port 31337                    ( Not found )
(14:15:04)  Checking for TCP port 33369                    ( Not found )
(14:15:05)  Checking for TCP port 47107                    ( Not found )
(14:15:06)  Checking for TCP port 47018                    ( Not found )
(14:15:07)  Checking for TCP port 60922                    ( Not found )
(14:15:08)  Checking for TCP port 62883                    ( Not found )
(14:15:09)  Checking for TCP port 65535                    ( Not found )
(14:15:09)
(14:15:09) Performing checks on the network interfaces
(14:15:09) Info: Starting test name 'promisc'
(14:15:09) Info: Promiscuous network interface check using 'ip' command skipped - unable to find the 'ip' command.
(14:15:09)  Checking for promiscuous interfaces            ( None found )
(14:15:09)
(14:15:09) Info: Test 'packet_cap_apps' disabled at users request.
(14:15:18)
(14:15:18) Checking the local host...
(14:15:18) Info: Starting test name 'local_host'
(14:15:18)
(14:15:18) Performing system boot checks
(14:15:18) Info: Starting test name 'startup_files'
(14:15:18)  Checking for local host name                    ( Found )
(14:15:18) Info: Starting test name 'startup_malware'
(14:15:18)  Checking for system startup files              ( Found )
(14:15:19)  Checking system startup files for malware      ( None found )
(14:15:19)
(14:15:19) Performing group and account checks
(14:15:19) Info: Starting test name 'group_accounts'
(14:15:19)  Checking for passwd file                        ( Found )
(14:15:19) Info: Found password file: /etc/passwd
(14:15:19)  Checking for root equivalent (UID 0) accounts  ( Warning )
(14:15:19) Warning: Account 'borja' is root equivalent (UID = 0)
(14:15:19) Info: Found shadow file: /etc/shadow
(14:15:19)  Checking for passwordless accounts              ( None found )
(14:15:20) Info: Starting test name 'passwd_changes'
(14:15:20)  Checking for passwd file changes                ( None found )
(14:15:20) Info: Starting test name 'group_changes'
(14:15:20)  Checking for group file changes                ( None found )
(14:15:20)  Checking root account shell history files      ( OK )
(14:15:20)
(14:15:20) Performing system configuration file checks
(14:15:20) Info: Starting test name 'system_configs'
(14:15:20)  Checking for SSH configuration file            ( Found )
(14:15:20) Info: Found SSH configuration file: /etc/ssh/sshd_config
(14:15:20) Info: Rkhunter option ALLOW_SSH_ROOT_USER set to 'no'.
(14:15:20) Info: Rkhunter option ALLOW_SSH_PROT_V1 set to '0'.
(14:15:20)  Checking if SSH root access is allowed          ( Warning )
(14:15:20) Warning: The SSH and rkhunter configuration options should be the same:
(14:15:20)          SSH configuration option 'PermitRootLogin': yes
(14:15:20)          Rkhunter configuration option 'ALLOW_SSH_ROOT_USER': no
(14:15:20)  Checking if SSH protocol v1 is allowed          ( Not allowed )
(14:15:20)  Checking for running syslog daemon              ( Found )
(14:15:20)  Checking for syslog configuration file          ( Found )
(14:15:20) Info: Found syslog configuration file: /etc/syslog.conf
(14:15:20)  Checking if syslog remote logging is allowed    ( Not allowed )
(14:15:20)
(14:15:20) Performing filesystem checks
(14:15:20) Info: Starting test name 'filesystem'
(14:15:20) Info: SCAN_MODE_DEV set to 'THOROUGH'
(14:15:21)  Checking /dev for suspicious file types        ( Warning )
(14:15:21) Warning: Suspicious file types found in /dev:
(14:15:21)          /dev/shm/network/ifstate: ASCII text
(14:15:21)  Checking for hidden files and directories      ( None found )
(14:15:33)
(14:15:33) Checking application versions...
(14:15:33) Info: Starting test name 'apps'
(14:15:34) Info: Application 'exim' not found.
(14:15:34)  Checking version of GnuPG                      ( OK )
(14:15:34) Info: Application 'gpg' version '1.4.6' found.
(14:15:34)  Checking version of Apache                      ( Warning )
(14:15:34) Warning: Application 'httpd', version '2.2.3', is out of date, and possibly a security risk.
(14:15:34)  Checking version of Bind DNS                    ( Warning )
(14:15:34) Warning: Application 'named', version '9.3.4', is out of date, and possibly a security risk.
(14:15:34)  Checking version of OpenSSL                    ( Warning )
(14:15:34) Warning: Application 'openssl', version '0.9.8c', is out of date, and possibly a security risk.
(14:15:34)  Checking version of PHP                        ( Warning )
(14:15:34) Warning: Application 'php', version '5.2.0', is out of date, and possibly a security risk.
(14:15:34)  Checking version of Procmail MTA                ( OK )
(14:15:35) Info: Application 'procmail' version '3.22' found.
(14:15:35)  Checking version of ProFTPd                    ( OK )
(14:15:35) Info: Application 'proftpd' version '1.3.0' found.
(14:15:35)  Checking version of OpenSSH                    ( Warning )
(14:15:35) Warning: Application 'sshd', version '4.3p2', is out of date, and possibly a security risk.
(14:15:35) Info: Applications checked: 8 out of 9
(14:15:35)
(14:15:35) System checks summary
(14:15:35) =====================
(14:15:35)
(14:15:35) File properties checks...
(14:15:35) Files checked: 119
(14:15:35) Suspect files: 119
(14:15:35)
(14:15:35) Rootkit checks...
(14:15:35) Rootkits checked : 114
(14:15:35) Possible rootkits: 0
(14:15:35)
(14:15:35) Applications checks...
(14:15:35) Applications checked: 8
(14:15:35) Suspect applications: 5
(14:15:35)
(14:15:35) The system checks took: 10 minutes and 22 seconds
(14:15:35)
(14:15:35) Info: End date is mié mar 31 14:15:35 CEST 2010

falko 1st April 2010 14:53
The changed files in part 1 of your log don't look good.
Can you update rkhunter...
Code:
rkhunter -u
and run rkhunter again? Do you get the same results then?

esezako 5th April 2010 10:12
Hi, Falko
i execute after "rkhunter --update" and i obtain the same result.
My distribution is a debian etch in a container of openvz (with proxmox). Can are this a issue?
PD: the distribution of the fisical server with proxmox is a debian lenny.

esezako 6th April 2010 14:04
some idea to solve the problem?
I experimenting mailing problems

falko 6th April 2010 15:12
Quote:
Originally Posted by esezako (Post 224185)
My distribution is a debian etch in a container of openvz (with proxmox).
This could be the reason, but I'm not sure...

SamTzu 27th September 2011 07:28
Looks normal.

You have run the original rkhunter check on a different host then migrated the virtual machine then ran the check on the new system again... and this is the result. Different hardware, different inodes.

It's a good policy to do 'rkhunter --propupd' before and after the migration.


All times are GMT +2. The time now is 20:51.

Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2013, vBulletin Solutions, Inc.