View Single Post
  #5  
Old 17th August 2007, 09:20
tristanlee85 tristanlee85 is offline
Senior Member
 
Join Date: Apr 2006
Posts: 199
Thanks: 3
Thanked 2 Times in 2 Posts
Default

Code:
   Rootkit 'Sin Rootkit'...                                   [ OK ]
   Rootkit 'Slapper'...                                       [ OK ]
   Rootkit 'Sneakin Rootkit'...                               [ OK ]
   Rootkit 'Suckit Rootkit'...                                [ OK ]
   Rootkit 'SunOS Rootkit'...                                 [ OK ]
   Rootkit 'Superkit'...                                      [ OK ]
   Rootkit 'TBD (Telnet BackDoor)'...                         [ OK ]
   Rootkit 'TeLeKiT'...                                       [ OK ]
   Rootkit 'T0rn Rootkit'...                                  [ OK ]
   Rootkit 'Trojanit Kit'...                                  [ OK ]
   Rootkit 'Tuxtendo'...                                      [ OK ]
   Rootkit 'URK'...                                           [ OK ]
   Rootkit 'VcKit'...                                         [ OK ]
   Rootkit 'Volc Rootkit'...                                  [ OK ]
   Rootkit 'X-Org SunOS Rootkit'...                           [ OK ]
   Rootkit 'zaRwT.KiT Rootkit'...                             [ OK ]

* Suspicious files and malware
   Scanning for known rootkit strings                         [ OK ]
   Scanning for known rootkit files                           [ OK ]
   Testing running processes...                               [ OK ]
   Miscellaneous Login backdoors                              [ OK ]
   Miscellaneous directories                                  [ OK ]
   Software related files                                     [ OK ]
   Sniffer logs                                               [ OK ]

[Press <ENTER> to continue]


* Trojan specific characteristics
   shv4
     Checking /etc/rc.d/rc.sysinit
       Test 1                                                 [ Clean ]
       Test 2                                                 [ Clean ]
       Test 3                                                 [ Clean ]
     Checking /etc/inetd.conf                                 [ Not found ]
     Checking /etc/xinetd.conf                                [ Clean ]

* Suspicious file properties
   chmod properties
     Checking /bin/ps                                         [ Clean ]
     Checking /bin/ls                                         [ Clean ]
     Checking /usr/bin/w                                      [ Clean ]
     Checking /usr/bin/who                                    [ Clean ]
     Checking /bin/netstat                                    [ Clean ]
     Checking /bin/login                                      [ Clean ]
   Script replacements
     Checking /bin/ps                                         [ Clean ]
     Checking /bin/ls                                         [ Clean ]
     Checking /usr/bin/w                                      [ Clean ]
     Checking /usr/bin/who                                    [ Clean ]
     Checking /bin/netstat                                    [ Clean ]
     Checking /bin/login                                      [ Clean ]

* OS dependant tests

   Linux
     Checking loaded kernel modules...                        [ OK ]
     Checking file attributes                                 [ OK ]
     Checking LKM module path                                 [ OK ]


Networking
* Check: frequently used backdoors
  Port 2001: Scalper Rootkit                                  [ OK ]
  Port 2006: CB Rootkit                                       [ OK ]
  Port 2128: MRK                                              [ OK ]
  Port 14856: Optic Kit (Tux)                                 [ OK ]
  Port 47107: T0rn Rootkit                                    [ OK ]
  Port 60922: zaRwT.KiT                                       [ OK ]

* Interfaces
     Scanning for promiscuous interfaces...                   [ OK ]

[Press <ENTER> to continue]

System checks
* Allround tests
   Checking hostname... Found. Hostname is server.vasceria.com
   Checking for passwordless user accounts... OK
   Checking for differences in user accounts... Found differences
   Info:
----------------------
> dovecot:x:97:97:dovecot:/usr/libexec/dovecot:/sbin/nologin
> mysql:x:27:27:MySQL Server:/var/lib/mysql:/bin/bash
> admin_fedex:x:10006:10005:Tristan Lee:/home/www/web5:/bin/bash
> tristanlee85:x:10011:10008:Tristan Lee:/home/www/web8:/bin/bash
< admin_fedex:x:10006:10005:Tristan Lee:/home/www/web5:/bin/bash
< forums:x:10025:10025:Tristan:/home/www/web25:/bin/bash
< fdxsql:x:12015:12015::/home/fdxsql:/bin/bash
< tristanlee85:x:10011:10008:Tristan Lee:/home/www/web8:/bin/bash
< mysql:x:27:27:MySQL Server:/var/lib/mysql:/bin/bash
< tebriel:x:10049:10003:Chris:/home/www/web3/user/tebriel:/bin/bash
< dovecot:x:97:97:dovecot:/usr/libexec/dovecot:/sbin/nologin
> forums:x:10025:10025:Tristan:/home/www/web25:/bin/bash
----------------------
   Info: Some items have been added (items marked with '<')
   Info: Some items have been removed (items marked with '>')
   Checking for differences in user groups... Found differences
   Info:
----------------------
< users:x:100:sales,orders,phpbb,tebriel
> users:x:100:sales,orders,phpbb
> dovecot:x:97:
> mysql:x:27:
< fdxsql:x:12015:
< mysql:x:27:
< dovecot:x:97:
----------------------
   Info: Some items have been added (items marked with '<')
   Info: Some items have been removed (items marked with '>')
   Checking boot.local/rc.local file...
     - /etc/rc.local                                          [ OK ]
     - /etc/rc.d/rc.local                                     [ OK ]
     - /usr/local/etc/rc.local                                [ Not found ]
     - /usr/local/etc/rc.d/rc.local                           [ Not found ]
     - /etc/conf.d/local.start                                [ Not found ]
     - /etc/init.d/boot.local                                 [ Not found ]
   Checking rc.d files...
     Processing........................................
               ........................................
               ........................................
               ........................................
               ........................................
               ........................................
               ........................................
               ........................................
               ........................................
               ........................................
               ........................................
               ........................................
               ........................................
               ........................................
               ..................................
   Result rc.d files check                                    [ OK ]
   Checking history files
     Bourne Shell                                             [ OK ]

* Filesystem checks
   Checking /dev for suspicious files...                      [ OK ]
   Scanning for hidden files...                               [ Warning! ]
---------------
/etc/.pwd.lock /dev/.udev
---------------
Please inspect:  /dev/.udev (directory)

[Press <ENTER> to continue]


Application advisories
* Application scan
   Checking Apache2 modules ...                               [ Not found ]
   Checking Apache configuration ...                          [ OK ]

* Application version scan
   - GnuPG 1.4.2.2                                            [ OK ]
   - Apache 2.2.2                                             [ Unknown ]
   - Bind DNS 9.3.2                                           [ OK ]
   - OpenSSL 0.9.8a                                           [ OK ]
   - PHP 5.1.6                                                [ Unknown ]
   - Procmail MTA 3.22                                        [ OK ]
   - ProFTPd 1.3.0                                            [ Unknown ]
   - OpenSSH 4.3p2                                            [ Unknown ]

Your system contains some unknown version numbers. Please run Rootkit Hunter
with the --update parameter or contact us through the Rootkit Hunter mailinglist
at rkhunter-users@lists.sourceforge.net.


Security advisories
* Check: Groups and Accounts
   Searching for /etc/passwd...                               [ Found ]
   Checking users with UID '0' (root)...                      [ OK ]

* Check: SSH
   Searching for sshd_config...
   Found /etc/ssh/sshd_config
   Checking for allowed root login... Watch out Root login possible. Possible risk!
    info: No 'PermitRootLogin' entry found in file /etc/ssh/sshd_config
    Hint: See logfile for more information about this issue
   Checking for allowed protocols...                          [ OK (Only SSH2 allowed) ]

* Check: Events and Logging
   Search for syslog configuration...                         [ OK ]
   Checking for running syslog slave... Unknown HZ value! (94) Assume 100.
Internal error!
                      [ OK ]
   Checking for logging to remote system...                   [ OK (no remote logging) ]

[Press <ENTER> to continue]

---------------------------- Scan results ----------------------------

MD5 scan
Scanned files: 51
Incorrect MD5 checksums: 23

File scan
Scanned files: 342
Possible infected files: 2
Possible rootkits: SHV4 SHV5

Application scan
Vulnerable applications: 0

Scanning took 418 seconds

-----------------------------------------------------------------------

Do you have some problems, undetected rootkits, false positives, ideas
or suggestions? Please e-mail us through the Rootkit Hunter mailinglist
at rkhunter-users@lists.sourceforge.net.

-----------------------------------------------------------------------
Reply With Quote