#1  
Old 31st March 2010, 14:32
esezako esezako is offline
Senior Member
 
Join Date: Dec 2008
Posts: 176
Thanks: 16
Thanked 4 Times in 3 Posts
Default rkhunter warnings

Hi, i have problems with mails. When i pass the rkhunter i have this result:

Code:
(14:05:12) Running Rootkit Hunter version 1.3.4 on ns1
(14:05:12)
(14:05:12) Info: Start date is mié mar 31 14:05:12 CEST 2010
(14:05:12)
(14:05:12) Checking configuration file and command-line options...
(14:05:12) Info: Detected operating system is 'Linux'
(14:05:12) Info: Found O/S name: Debian 4.0
(14:05:12) Info: Command line is /usr/local/bin/rkhunter -c
(14:05:12) Info: Environment shell is /bin/bash; rkhunter is using bash
(14:05:12) Info: Using configuration file '/etc/rkhunter.conf'
(14:05:12) Info: Installation directory is '/usr/local'
(14:05:12) Info: Using language 'en'
(14:05:12) Info: Using '/var/lib/rkhunter/db' as the database directory
(14:05:12) Info: Using '/usr/local/lib/rkhunter/scripts' as the support script directory
(14:05:12) Info: Using '/usr/local/sbin /usr/local/bin /usr/sbin /usr/bin /sbin /bin /bin /usr/bin /sbin /usr/sbin /usr/local/bin /usr/local/sbin /usr/libexec /usr/local/libexec' as the command directories
(14:05:12) Info: Using '/' as the root directory by default
(14:05:12) Info: Using '/var/lib/rkhunter/tmp' as the temporary directory
(14:05:13) Info: No mail-on-warning address configured
(14:05:13) Info: X will be automatically detected
(14:05:13) Info: Found the 'diff' command: /usr/bin/diff
(14:05:13) Info: Found the 'file' command: /usr/bin/file
(14:05:13) Info: Found the 'find' command: /usr/bin/find
(14:05:13) Info: Found the 'ifconfig' command: /sbin/ifconfig
(14:05:13) Info: Unable to find the 'ip' command
(14:05:13) Info: Found the 'ldd' command: /usr/bin/ldd
(14:05:13) Info: Found the 'lsattr' command: /usr/bin/lsattr
(14:05:13) Info: Found the 'lsmod' command: /sbin/lsmod
(14:05:13) Info: Unable to find the 'lsof' command
(14:05:13) Info: Found the 'mktemp' command: /bin/mktemp
(14:05:13) Info: Found the 'netstat' command: /bin/netstat
(14:05:13) Info: Found the 'perl' command: /usr/bin/perl
(14:05:13) Info: Found the 'ps' command: /bin/ps
(14:05:13) Info: Found the 'pwd' command: /bin/pwd
(14:05:13) Info: Found the 'readlink' command: /bin/readlink
(14:05:13) Info: Found the 'sort' command: /usr/bin/sort
(14:05:13) Info: Found the 'stat' command: /usr/bin/stat
(14:05:13) Info: Found the 'strings' command: /usr/bin/strings
(14:05:13) Info: Found the 'uniq' command: /usr/bin/uniq
(14:05:13) Info: System is not using prelinking
(14:05:13) Info: Using the '/usr/bin/sha1sum' command for the file hash checks
(14:05:13) Info: Stored hash values used hash function '/usr/bin/sha1sum'
(14:05:13) Info: Stored hash values did not use a package manager
(14:05:13) Info: The hash function field index is set to 1
(14:05:13) Info: No package manager specified: using hash function '/usr/bin/sha1sum'
(14:05:13) Info: Previous file attributes were stored
(14:05:13) Info: Enabled tests are: all
(14:05:13) Info: Disabled tests are: suspscan hidden_procs deleted_files packet_cap_apps
(14:05:13) Info: All ksyms and kallsyms checks will be skipped - neither file is present on the system.
(14:05:13)
(14:05:13) Checking if the O/S has changed since last time...
(14:05:13) Info: Nothing seems to have changed
(14:05:13)
(14:05:13) Starting system checks...
(14:05:13)
(14:05:13) Checking system commands...
(14:05:13) Info: Starting test name 'system_commands'
(14:05:13)
(14:05:13) Performing 'strings' command checks
(14:05:13) Info: Starting test name 'strings'
(14:05:13) Scanning for string /usr/sbin/ntpsx               ( OK )
(14:05:14) Scanning for string /usr/lib/.../ls               ( OK )
(14:05:14) Scanning for string /usr/lib/.../netstat          ( OK )
(14:05:14) Scanning for string /usr/lib/.../lsof             ( OK )
(14:05:14) Scanning for string /usr/lib/.../bkit-ssh/bkit-shdcfg ( OK )
(14:05:14) Scanning for string /usr/lib/.../bkit-ssh/bkit-shhk ( OK )
(14:05:14) Scanning for string /usr/lib/.../bkit-ssh/bkit-pw ( OK )
(14:05:14) Scanning for string /usr/lib/.../bkit-ssh/bkit-shrs ( OK )
(14:05:14) Scanning for string /usr/lib/.../uconf.inv        ( OK )
(14:05:14) Scanning for string /usr/lib/.../psr              ( OK )
(14:05:14) Scanning for string /usr/lib/.../find             ( OK )
(14:05:14) Scanning for string /usr/lib/.../pstree           ( OK )
(14:05:14) Scanning for string /usr/lib/.../slocate          ( OK )
(14:05:14) Scanning for string /usr/lib/.../du               ( OK )
(14:05:14) Scanning for string /usr/lib/.../top              ( OK )
(14:05:14) Scanning for string /usr/lib/...                  ( OK )
(14:05:14) Scanning for string /usr/lib/.../bkit-ssh         ( OK )
(14:05:14) Scanning for string /usr/lib/.bkit-               ( OK )
(14:05:14) Scanning for string /tmp/.bkp                     ( OK )
(14:05:14) Scanning for string /tmp/.cinik                   ( OK )
(14:05:14) Scanning for string /tmp/.font-unix/.cinik        ( OK )
(14:05:14) Scanning for string /lib/.sso                     ( OK )
(14:05:14) Scanning for string /lib/.so                      ( OK )
(14:05:14) Scanning for string /var/run/...dica/clean        ( OK )
(14:05:14) Scanning for string /var/run/...dica/xl           ( OK )
(14:05:14) Scanning for string /var/run/...dica/xdr          ( OK )
(14:05:15) Scanning for string /var/run/...dica/psg          ( OK )
(14:05:15) Scanning for string /var/run/...dica/secure       ( OK )
(14:05:15) Scanning for string /var/run/...dica/rdx          ( OK )
(14:05:15) Scanning for string /var/run/...dica/va           ( OK )
(14:05:15) Scanning for string /var/run/...dica/cl.sh        ( OK )
(14:05:15) Scanning for string /usr/bin/.etc                 ( OK )
(14:05:15) Scanning for string /usr/lib/.fx/sched_host.2     ( OK )
(14:05:15) Scanning for string /usr/lib/.fx/random_d.2       ( OK )
(14:05:15) Scanning for string /usr/lib/.fx/set_pid.2        ( OK )
(14:05:15) Scanning for string /usr/lib/.fx/cons.saver       ( OK )
(14:05:15) Scanning for string /usr/lib/.fx/adore/adore/adore.ko ( OK )
(14:05:15) Scanning for string /bin/sysback                  ( OK )
(14:05:15) Scanning for string /usr/local/bin/sysback        ( OK )
(14:05:15) Scanning for string /usr/lib/.tbd                 ( OK )
(14:05:15) Scanning for string /dev/.lib/lib/lib/t0rns       ( OK )
(14:05:15) Scanning for string /dev/.lib/lib/lib/du          ( OK )
(14:05:15) Scanning for string /dev/.lib/lib/lib/ls          ( OK )
(14:05:15) Scanning for string /dev/.lib/lib/lib/t0rnsb      ( OK )
(14:05:15) Scanning for string /dev/.lib/lib/lib/ps          ( OK )
(14:05:15) Scanning for string /dev/.lib/lib/lib/t0rnp       ( OK )
(14:05:15) Scanning for string /dev/.lib/lib/lib/find        ( OK )
(14:05:15) Scanning for string /dev/.lib/lib/lib/ifconfig    ( OK )
(14:05:15) Scanning for string /dev/.lib/lib/lib/pg          ( OK )
(14:05:15) Scanning for string /dev/.lib/lib/lib/ssh.tgz     ( OK )
(14:05:16) Scanning for string /dev/.lib/lib/lib/top         ( OK )
(14:05:16) Scanning for string /dev/.lib/lib/lib/sz          ( OK )
(14:05:16) Scanning for string /dev/.lib/lib/lib/login       ( OK )
(14:05:16) Scanning for string /dev/.lib/lib/lib/in.fingerd  ( OK )
(14:05:16) Scanning for string /dev/.lib/lib/lib/1i0n.sh     ( OK )
(14:05:16) Scanning for string /dev/.lib/lib/lib/pstree      ( OK )
(14:05:16) Scanning for string /dev/.lib/lib/lib/in.telnetd  ( OK )
(14:05:16) Scanning for string /dev/.lib/lib/lib/mjy         ( OK )
(14:05:16) Scanning for string /dev/.lib/lib/lib/sush        ( OK )
(14:05:16) Scanning for string /dev/.lib/lib/lib/tfn         ( OK )
(14:05:16) Scanning for string /dev/.lib/lib/lib/name        ( OK )
(14:05:16) Scanning for string /dev/.lib/lib/lib/getip.sh    ( OK )
(14:05:16) Scanning for string /usr/info/.torn/sh*           ( OK )
(14:05:16) Scanning for string /usr/src/.puta/.1addr         ( OK )
(14:05:16) Scanning for string /usr/src/.puta/.1file         ( OK )
(14:05:16) Scanning for string /usr/src/.puta/.1proc         ( OK )
(14:05:16) Scanning for string /usr/src/.puta/.1logz         ( OK )
(14:05:16) Scanning for string /usr/info/.t0rn               ( OK )
(14:05:16) Scanning for string /dev/.lib                     ( OK )
(14:05:16) Scanning for string /dev/.lib/lib                 ( OK )
(14:05:16) Scanning for string /dev/.lib/lib/lib             ( OK )
(14:05:16) Scanning for string /dev/.lib/lib/lib/dev         ( OK )
(14:05:16) Scanning for string /dev/.lib/lib/scan            ( OK )
(14:05:17) Scanning for string /usr/src/.puta                ( OK )
(14:05:17) Scanning for string /usr/man/man1/man1            ( OK )
(14:05:17) Scanning for string /usr/man/man1/man1/lib        ( OK )
(14:05:17) Scanning for string /usr/man/man1/man1/lib/.lib   ( OK )
(14:05:17) Scanning for string /usr/man/man1/man1/lib/.lib/.backup ( OK )
(14:05:17)
(14:05:17) Performing 'shared libraries' checks
(14:05:17) Info: Starting test name 'shared_libs'
(14:05:17) Checking for preloading variables                 ( None found )
(14:05:17) Checking for preload file                         ( Not found )
(14:05:17) Info: Starting test name 'shared_libs_path'
(14:05:17) Checking LD_LIBRARY_PATH variable                 ( Not found )
(14:05:17)
(14:05:17) Performing file properties checks
(14:05:17) Info: Starting test name 'properties'
(14:05:17) Checking for prerequisites                        ( OK )
(14:05:17) /bin/bash                                         ( Warning )
(14:05:17) Warning: The file properties have changed:
(14:05:17)          File: /bin/bash
(14:05:17)          Current inode: 85017415    Stored inode: 54214712
(14:05:17) /bin/cat                                          ( Warning )
(14:05:18) Warning: The file properties have changed:
(14:05:18)          File: /bin/cat
(14:05:18)          Current inode: 85017795    Stored inode: 54214717
(14:05:18) /bin/chmod                                        ( Warning )
(14:05:18) Warning: The file properties have changed:
(14:05:18)          File: /bin/chmod
(14:05:18)          Current inode: 85017814    Stored inode: 54214666
(14:05:18) /bin/chown                                        ( Warning )
(14:05:18) Warning: The file properties have changed:
(14:05:18)          File: /bin/chown
(14:05:18)          Current inode: 85017887    Stored inode: 54214707
(14:05:18) /bin/cp                                           ( Warning )
(14:05:18) Warning: The file properties have changed:
(14:05:18)          File: /bin/cp
(14:05:18)          Current inode: 85017991    Stored inode: 54214718
(14:05:18) /bin/date                                         ( Warning )
(14:05:18) Warning: The file properties have changed:
(14:05:18)          File: /bin/date
(14:05:18)          Current inode: 85018165    Stored inode: 54214662
(14:05:19) /bin/df                                           ( Warning )
(14:05:19) Warning: The file properties have changed:
(14:05:19)          File: /bin/df
(14:05:19)          Current inode: 85018287    Stored inode: 54214709
(14:05:19) /bin/dmesg                                        ( Warning )
(14:05:19) Warning: The file properties have changed:
(14:05:19)          File: /bin/dmesg
(14:05:19)          Current inode: 85018292    Stored inode: 54214664
(14:05:19) /bin/echo                                         ( Warning )
(14:05:19) Warning: The file properties have changed:
(14:05:19)          File: /bin/echo
(14:05:19)          Current inode: 85018294    Stored inode: 54214706
(14:05:19) /bin/ed                                           ( Warning )
(14:05:19) Warning: The file properties have changed:
(14:05:19)          File: /bin/ed
(14:05:19)          Current inode: 85018295    Stored inode: 54214685
(14:05:19) /bin/egrep                                        ( Warning )
(14:05:19) Warning: The file properties have changed:
(14:05:19)          File: /bin/egrep
(14:05:19)          Current inode: 85018296    Stored inode: 54214728
(14:05:20) Warning: The command '/bin/egrep' has been replaced by a script: /bin/egrep: Bourne shell script text executable
(14:05:20) /bin/fgrep                                        ( Warning )
(14:05:20) Warning: The file properties have changed:
(14:05:20)          File: /bin/fgrep
(14:05:20)          Current inode: 85018298    Stored inode: 54214711
(14:05:20) Warning: The command '/bin/fgrep' has been replaced by a script: /bin/fgrep: Bourne shell script text executable
(14:05:20) /bin/fuser                                        ( Warning )
(14:05:20) Warning: The file properties have changed:
(14:05:20)          File: /bin/fuser
(14:05:20)          Current inode: 85018299    Stored inode: 54216329
(14:05:20) /bin/grep                                         ( Warning )
(14:05:20) Warning: The file properties have changed:
(14:05:20)          File: /bin/grep
(14:05:20)          Current inode: 85018300    Stored inode: 54214731
(14:05:20) /bin/kill                                         ( Warning )
(14:05:20) Warning: The file properties have changed:
(14:05:20)          File: /bin/kill
(14:05:20)          Current inode: 85018303    Stored inode: 54214681
(14:05:21) /bin/login                                        ( Warning )
(14:05:21) Warning: The file properties have changed:
(14:05:21)          File: /bin/login
(14:05:21)          Current inode: 85018305    Stored inode: 54215634
(14:05:21) /bin/ls                                           ( Warning )
(14:05:21) Warning: The file properties have changed:
(14:05:21)          File: /bin/ls
(14:05:21)          Current inode: 85018306    Stored inode: 54214696
(14:05:21) /bin/lsmod                                        ( Warning )
(14:05:21) Warning: The file properties have changed:
(14:05:21)          File: /bin/lsmod
(14:05:21)          Current inode: 85018307    Stored inode: 54214670
(14:05:21) /bin/mktemp                                       ( Warning )
(14:05:21) Warning: The file properties have changed:
(14:05:21)          File: /bin/mktemp
(14:05:21)          Current inode: 85018310    Stored inode: 54214727
(14:05:22) /bin/more                                         ( Warning )
(14:05:22) Warning: The file properties have changed:
(14:05:22)          File: /bin/more
(14:05:22)          Current inode: 85018311    Stored inode: 54214697
(14:05:22) /bin/mount                                        ( Warning )
(14:05:22) Warning: The file properties have changed:
(14:05:22)          File: /bin/mount
(14:05:22)          Current inode: 85018312    Stored inode: 54214723
(14:05:22) /bin/mv                                           ( Warning )
(14:05:22) Warning: The file properties have changed:
(14:05:22)          File: /bin/mv
(14:05:22)          Current inode: 85018315    Stored inode: 54214691
(14:05:22) /bin/netstat                                      ( Warning )
(14:05:22) Warning: The file properties have changed:
(14:05:22)          File: /bin/netstat
(14:05:22)          Current inode: 85018318    Stored inode: 54214669
(14:05:22) /bin/ps                                           ( Warning )
(14:05:22) Warning: The file properties have changed:
(14:05:22)          File: /bin/ps
(14:05:23)          Current inode: 85018321    Stored inode: 54214719
(14:05:23) /bin/pwd                                          ( Warning )
(14:05:23) Warning: The file properties have changed:
(14:05:23)          File: /bin/pwd
(14:05:23)          Current inode: 85018322    Stored inode: 54214661
(14:05:23) /bin/readlink                                     ( Warning )
(14:05:23) Warning: The file properties have changed:
(14:05:23)          File: /bin/readlink
(14:05:23)          Current inode: 85018323    Stored inode: 54214676
(14:05:23) /bin/sed                                          ( Warning )
(14:05:23) Warning: The file properties have changed:
(14:05:23)          File: /bin/sed
(14:05:23)          Current inode: 85018327    Stored inode: 54214700
(14:05:23) /bin/sh                                           ( Warning )
(14:05:23) Warning: The file properties have changed:
(14:05:23)          File: /bin/sh
(14:05:23)          Current inode: 85016588    Stored inode: 54214678
(14:05:24) /bin/su                                           ( Warning )
(14:05:24) Warning: The file properties have changed:
(14:05:24)          File: /bin/su
(14:05:24)          Current inode: 85018330    Stored inode: 54215172
(14:05:24) /bin/touch                                        ( Warning )
(14:05:24) Warning: The file properties have changed:
(14:05:24)          File: /bin/touch
(14:05:24)          Current inode: 85018334    Stored inode: 54214726
(14:05:24) /bin/uname                                        ( Warning )
(14:05:24) Warning: The file properties have changed:
(14:05:24)          File: /bin/uname
(14:05:24)          Current inode: 85018337    Stored inode: 54214699
(14:05:24) /bin/which                                        ( Warning )
(14:05:24) Warning: The file properties have changed:
(14:05:24)          File: /bin/which
(14:05:24)          Current inode: 85018339    Stored inode: 54214690
(14:05:24) Warning: The command '/bin/which' has been replaced by a script: /bin/which: Bourne shell script text executable
(14:05:25) /usr/bin/awk                                      ( Warning )
(14:05:25) Warning: The file properties have changed:
(14:05:25)          File: /usr/bin/awk
(14:05:25)          Current inode: 86033381    Stored inode: 54247802
(14:05:25) /usr/bin/basename                                 ( Warning )
(14:05:25) Warning: The file properties have changed:
(14:05:25)          File: /usr/bin/basename
(14:05:25)          Current inode: 86036890    Stored inode: 54247714
(14:05:25) /usr/bin/chattr                                   ( Warning )
(14:05:25) Warning: The file properties have changed:
(14:05:25)          File: /usr/bin/chattr
(14:05:25)          Current inode: 86036904    Stored inode: 54247703
(14:05:25) /usr/bin/cut                                      ( Warning )
(14:05:25) Warning: The file properties have changed:
(14:05:25)          File: /usr/bin/cut
(14:05:25)          Current inode: 86036930    Stored inode: 54247669
(14:05:26) /usr/bin/diff                                     ( Warning )
(14:05:26) Warning: The file properties have changed:
(14:05:26)          File: /usr/bin/diff
(14:05:26)          Current inode: 86036958    Stored inode: 54247922
(14:05:26) /usr/bin/dirname                                  ( Warning )
(14:05:26) Warning: The file properties have changed:
(14:05:26)          File: /usr/bin/dirname
(14:05:26)          Current inode: 86036962    Stored inode: 54247768
(14:05:26) /usr/bin/dpkg                                     ( Warning )
(14:05:26) Warning: The file properties have changed:
(14:05:26)          File: /usr/bin/dpkg
(14:05:26)          Current inode: 86036964    Stored inode: 54248313
(14:05:26) /usr/bin/dpkg-query                               ( Warning )
(14:05:26) Warning: The file properties have changed:
(14:05:26)          File: /usr/bin/dpkg-query
(14:05:26)          Current inode: 86036966    Stored inode: 54248315
(14:05:26) /usr/bin/du                                       ( Warning )
(14:05:26) Warning: The file properties have changed:
(14:05:26)          File: /usr/bin/du
(14:05:26)          Current inode: 86036970    Stored inode: 54247793
(14:05:27) /usr/bin/env                                      ( Warning )
(14:05:27) Warning: The file properties have changed:
(14:05:27)          File: /usr/bin/env
(14:05:27)          Current inode: 86036972    Stored inode: 54247849
(14:05:27) /usr/bin/file                                     ( Warning )
(14:05:27) Warning: The file properties have changed:
(14:05:27)          File: /usr/bin/file
(14:05:27)          Current inode: 86036981    Stored inode: 54248083
(14:05:27) /usr/bin/find                                     ( Warning )
(14:05:27) Warning: The file properties have changed:
(14:05:27)          File: /usr/bin/find
(14:05:27)          Current inode: 86036982    Stored inode: 54247872
(14:05:27) /usr/bin/GET                                      ( Warning )
(14:05:27) Warning: The file '/usr/bin/GET' exists on the system, but it is not present in the rkhunter.dat file.
(14:05:27) /usr/bin/groups                                   ( Warning )
(14:05:27) Warning: The file properties have changed:
(14:05:27)          File: /usr/bin/groups
(14:05:27)          Current inode: 86037016    Stored inode: 54247814
(14:05:27) Warning: The command '/usr/bin/groups' has been replaced by a script: /usr/bin/groups: Bourne shell script text executable
(14:05:28) /usr/bin/head                                     ( Warning )
(14:05:28) Warning: The file properties have changed:
(14:05:28)          File: /usr/bin/head
(14:05:28)          Current inode: 86037019    Stored inode: 54247782
(14:05:28) /usr/bin/id                                       ( Warning )
(14:05:28) Warning: The file properties have changed:
(14:05:28)          File: /usr/bin/id
(14:05:28)          Current inode: 86037028    Stored inode: 54247710
(14:05:28) /usr/bin/killall                                  ( Warning )
(14:05:28) Warning: The file properties have changed:
(14:05:28)          File: /usr/bin/killall
(14:05:28)          Current inode: 86037042    Stored inode: 54248781
(14:05:28) /usr/bin/last                                     ( Warning )
(14:05:28) Warning: The file properties have changed:
(14:05:28)          File: /usr/bin/last
(14:05:28)          Current inode: 86037043    Stored inode: 54247612
(14:05:28) /usr/bin/lastlog                                  ( Warning )
(14:05:29) Warning: The file properties have changed:
(14:05:29)          File: /usr/bin/lastlog
(14:05:29)          Current inode: 86037044    Stored inode: 54247488
(14:05:29) /usr/bin/ldd                                      ( Warning )
(14:05:29) Warning: The file properties have changed:
(14:05:29)          File: /usr/bin/ldd
(14:05:29)          Current inode: 57835567    Stored inode: 54248508
(14:05:29)          Current file modification time: 1264097118
(14:05:29)          Stored file modification time : 1232193522
(14:05:29) Warning: The command '/usr/bin/ldd' has been replaced by a script: /usr/bin/ldd: Bourne-Again shell script text executable
(14:05:29) /usr/bin/locate                                   ( Warning )
(14:05:29) Warning: The file properties have changed:
(14:05:29)          File: /usr/bin/locate
(14:05:29)          Current inode: 86037057    Stored inode: 54247731
(14:05:29) /usr/bin/logger                                   ( Warning )
(14:05:29) Warning: The file properties have changed:
(14:05:29)          File: /usr/bin/logger
(14:05:29)          Current inode: 86037059    Stored inode: 54247865
(14:05:29) /usr/bin/lsattr                                   ( Warning )
(14:05:29) Warning: The file properties have changed:
(14:05:30)          File: /usr/bin/lsattr
(14:05:30)          Current inode: 86037063    Stored inode: 54247753
(14:05:30) /usr/bin/lynx                                     ( Warning )
(14:05:30) Warning: The file properties have changed:
(14:05:30)          File: /usr/bin/lynx
(14:05:30)          Current inode: 86033419    Stored inode: 54248732
(14:05:30) /usr/bin/md5sum                                   ( Warning )
(14:05:30) Warning: The file properties have changed:
(14:05:30)          File: /usr/bin/md5sum
(14:05:30)          Current inode: 86037075    Stored inode: 54247797
(14:05:30) /usr/bin/newgrp                                   ( Warning )
(14:05:30) Warning: The file properties have changed:
(14:05:30)          File: /usr/bin/newgrp
(14:05:30)          Current inode: 86037150    Stored inode: 54247465
(14:05:30) /usr/bin/passwd                                   ( Warning )
(14:05:30) Warning: The file properties have changed:
(14:05:30)          File: /usr/bin/passwd
(14:05:30)          Current inode: 86037169    Stored inode: 54247590
(14:05:31) /usr/bin/perl                                     ( Warning )
(14:05:31) Warning: The file properties have changed:
(14:05:31)          File: /usr/bin/perl
(14:05:31)          Current inode: 86037177    Stored inode: 54248353
(14:05:31) /usr/bin/pstree                                   ( Warning )
(14:05:31) Warning: The file properties have changed:
(14:05:31)          File: /usr/bin/pstree
(14:05:31)          Current inode: 86037206    Stored inode: 54248782
(14:05:31) /usr/bin/runcon                                   ( Warning )
(14:05:31) Warning: The file properties have changed:
(14:05:31)          File: /usr/bin/runcon
(14:05:31)          Current inode: 86037226    Stored inode: 54247798
(14:05:31) /usr/bin/sha1sum                                  ( Warning )
(14:05:31) Warning: The file properties have changed:
(14:05:31)          File: /usr/bin/sha1sum
(14:05:31)          Current inode: 86037242    Stored inode: 54247916
(14:05:32) /usr/bin/size                                     ( Warning )
(14:05:32) Warning: The file properties have changed:
(14:05:32)          File: /usr/bin/size
(14:05:32)          Current inode: 86037250    Stored inode: 54248586
(14:05:32) /usr/bin/sort                                     ( Warning )
(14:05:32) Warning: The file properties have changed:
(14:05:32)          File: /usr/bin/sort
(14:05:32)          Current inode: 86037254    Stored inode: 54247826
(14:05:32) /usr/bin/stat                                     ( Warning )
(14:05:32) Warning: The file properties have changed:
(14:05:32)          File: /usr/bin/stat
(14:05:32)          Current inode: 86037266    Stored inode: 54247795
(14:05:32) /usr/bin/strace                                   ( Warning )
(14:05:32) Warning: The file '/usr/bin/strace' exists on the system, but it is not present in the rkhunter.dat file.
(14:05:32) /usr/bin/strings                                  ( Warning )
(14:05:32) Warning: The file properties have changed:
(14:05:32)          File: /usr/bin/strings
(14:05:32)          Current inode: 86037267    Stored inode: 54248589
(14:05:33) /usr/bin/tail                                     ( Warning )
(14:05:33) Warning: The file properties have changed:
(14:05:33)          File: /usr/bin/tail
(14:05:33)          Current inode: 86037272    Stored inode: 54247841
(14:05:33) /usr/bin/test                                     ( Warning )
(14:05:33) Warning: The file properties have changed:
(14:05:33)          File: /usr/bin/test
(14:05:33)          Current inode: 86037276    Stored inode: 54247698
(14:05:33) /usr/bin/top                                      ( Warning )
(14:05:33) Warning: The file properties have changed:
(14:05:33)          File: /usr/bin/top
(14:05:33)          Current inode: 86037281    Stored inode: 54247840
(14:05:33) /usr/bin/touch                                    ( Warning )
(14:05:33) Warning: The file properties have changed:
(14:05:33)          File: /usr/bin/touch
(14:05:33)          Current inode: 86033462    Stored inode: 54247885
(14:05:33) /usr/bin/tr                                       ( Warning )
(14:05:33) Warning: The file properties have changed:
(14:05:33)          File: /usr/bin/tr
(14:05:33)          Current inode: 86037283    Stored inode: 54247876
(14:05:34) /usr/bin/uniq                                     ( Warning )
(14:05:34) Warning: The file properties have changed:
(14:05:34)          File: /usr/bin/uniq
(14:05:34)          Current inode: 86037295    Stored inode: 54247766
(14:05:34) /usr/bin/users                                    ( Warning )
(14:05:34) Warning: The file properties have changed:
(14:05:34)          File: /usr/bin/users
(14:05:34)          Current inode: 86037300    Stored inode: 54247827
(14:05:34) /usr/bin/vmstat                                   ( Warning )
(14:05:34) Warning: The file properties have changed:
(14:05:34)          File: /usr/bin/vmstat
(14:05:34)          Current inode: 86037303    Stored inode: 54247878
(14:05:34) /usr/bin/w                                        ( Warning )
(14:05:34) Warning: The file properties have changed:
(14:05:34)          File: /usr/bin/w
(14:05:34)          Current inode: 86033469    Stored inode: 54247756
(14:05:34) /usr/bin/watch                                    ( Warning )
(14:05:34) Warning: The file properties have changed:
(14:05:35)          File: /usr/bin/watch
(14:05:35)          Current inode: 86037306    Stored inode: 54247794
(14:05:35) /usr/bin/wc                                       ( Warning )
(14:05:35) Warning: The file properties have changed:
(14:05:35)          File: /usr/bin/wc
(14:05:35)          Current inode: 86037307    Stored inode: 54247880
(14:05:35) /usr/bin/wget                                     ( Warning )
(14:05:35) Warning: The file properties have changed:
(14:05:35)          File: /usr/bin/wget
(14:05:35)          Current hash: 8f12c9c7acef809ee696878a754f31c8034bc58b
(14:05:35)          Stored hash : 1cf6b29d4276337be8d03083373f399a280df7ae
(14:05:35)          Current inode: 86048159    Stored inode: 54247727
(14:05:35)          Current file modification time: 1255002588
(14:05:35)          Stored file modification time : 1151512894
(14:05:35) /usr/bin/whatis                                   ( Warning )
(14:05:35) Warning: The file properties have changed:
(14:05:35)          File: /usr/bin/whatis
(14:05:35)          Current inode: 86037310    Stored inode: 54247747
(14:05:35) /usr/bin/whereis                                  ( Warning )
(14:05:35) Warning: The file properties have changed:
(14:05:35)          File: /usr/bin/whereis
(14:05:35)          Current inode: 86037311    Stored inode: 54247696
(14:05:36) /usr/bin/which                                    ( Warning )
(14:05:36) Warning: The file properties have changed:
(14:05:36)          File: /usr/bin/which
(14:05:36)          Current inode: 86033471    Stored inode: 54247755
(14:05:36) /usr/bin/who                                      ( Warning )
(14:05:36) Warning: The file properties have changed:
(14:05:36)          File: /usr/bin/who
(14:05:36)          Current inode: 86037313    Stored inode: 54247728
(14:05:36) /usr/bin/whoami                                   ( Warning )
(14:05:36) Warning: The file properties have changed:
(14:05:36)          File: /usr/bin/whoami
(14:05:36)          Current inode: 86037314    Stored inode: 54247775
(14:05:36) /usr/bin/mawk                                     ( Warning )
(14:05:36) Warning: The file properties have changed:
(14:05:36)          File: /usr/bin/mawk
(14:05:36)          Current inode: 86037073    Stored inode: 54247905
(14:05:36) /usr/bin/lwp-request                              ( Warning )
(14:05:36) Warning: The file '/usr/bin/lwp-request' exists on the system, but it is not present in the rkhunter.dat file.
(14:05:36) Warning: The command '/usr/bin/lwp-request' has been replaced by a script: /usr/bin/lwp-request: perl script text executable
(14:05:37) /usr/bin/lynx.stable                              ( Warning )
(14:05:37) Warning: The file properties have changed:
(14:05:37)          File: /usr/bin/lynx.stable
(14:05:37)          Current inode: 86037065    Stored inode: 54248690
(14:05:37) /usr/bin/w.procps                                 ( Warning )
(14:05:37) Warning: The file properties have changed:
(14:05:37)          File: /usr/bin/w.procps
(14:05:37)          Current inode: 86037304    Stored inode: 54247702
(14:05:37) /sbin/depmod                                      ( Warning )
(14:05:37) Warning: The file properties have changed:
(14:05:37)          File: /sbin/depmod
(14:05:37)          Current inode: 86036559    Stored inode: 54215606
(14:05:37) /sbin/ifconfig                                    ( Warning )
(14:05:37) Warning: The file properties have changed:
(14:05:37)          File: /sbin/ifconfig
(14:05:38)          Current inode: 86036571    Stored inode: 54215618
(14:05:38) /sbin/ifdown                                      ( Warning )
(14:05:38) Warning: The file properties have changed:
(14:05:38)          File: /sbin/ifdown
(14:05:38)          Current inode: 86036572    Stored inode: 54215611
(14:05:38) /sbin/ifup                                        ( Warning )
(14:05:38) Warning: The file properties have changed:
(14:05:38)          File: /sbin/ifup
(14:05:38)          Current inode: 86036572    Stored inode: 54215611
(14:05:38) /sbin/init                                        ( Warning )
(14:05:38) Warning: The file properties have changed:
(14:05:38)          File: /sbin/init
(14:05:38)          Current inode: 86036573    Stored inode: 54215254
(14:05:38) /sbin/insmod                                      ( Warning )
(14:05:38) Warning: The file properties have changed:
(14:05:38)          File: /sbin/insmod
(14:05:38)          Current inode: 86036575    Stored inode: 54215574
(14:05:39) /sbin/lsmod                                       ( Warning )
(14:05:39) Warning: The file properties have changed:
(14:05:39)          File: /sbin/lsmod
(14:05:39)          Current inode: 86033356    Stored inode: 54215579
(14:05:39) /sbin/modinfo                                     ( Warning )
(14:05:39) Warning: The file properties have changed:
(14:05:39)          File: /sbin/modinfo
(14:05:39)          Current inode: 86036597    Stored inode: 54215600
(14:05:39) /sbin/modprobe                                    ( Warning )
(14:05:39) Warning: The file properties have changed:
(14:05:39)          File: /sbin/modprobe
(14:05:39)          Current inode: 86036598    Stored inode: 54215581
(14:05:39) /sbin/rmmod                                       ( Warning )
(14:05:39) Warning: The file properties have changed:
(14:05:39)          File: /sbin/rmmod
(14:05:39)          Current inode: 86036607    Stored inode: 54215619
(14:05:40) /sbin/runlevel                                    ( Warning )
(14:05:40) Warning: The file properties have changed:
(14:05:40)          File: /sbin/runlevel
(14:05:40)          Current inode: 86036609    Stored inode: 54215259
(14:05:40) /sbin/sulogin                                     ( Warning )
(14:05:40) Warning: The file properties have changed:
(14:05:40)          File: /sbin/sulogin
(14:05:40)          Current inode: 86036616    Stored inode: 54215308
(14:05:40) /sbin/sysctl                                      ( Warning )
(14:05:40) Warning: The file properties have changed:
(14:05:40)          File: /sbin/sysctl
(14:05:40)          Current inode: 86036618    Stored inode: 54215573
(14:05:40) /sbin/syslogd                                     ( Warning )
(14:05:40) Warning: The file properties have changed:
(14:05:40)          File: /sbin/syslogd
(14:05:40)          Current inode: 86036619    Stored inode: 54215597
(14:05:41) /usr/sbin/adduser                                 ( Warning )
(14:05:41) Warning: The file properties have changed:
(14:05:41)          File: /usr/sbin/adduser
(14:05:41)          Current inode: 86043333    Stored inode: 54218263
(14:05:41) Warning: The command '/usr/sbin/adduser' has been replaced by a script: /usr/sbin/adduser: perl script text executable
(14:05:41) /usr/sbin/chroot                                  ( Warning )
(14:05:41) Warning: The file properties have changed:
(14:05:41)          File: /usr/sbin/chroot
(14:05:41)          Current inode: 86043346    Stored inode: 54218255
(14:05:41) /usr/sbin/cron                                    ( Warning )
(14:05:41) Warning: The file properties have changed:
(14:05:41)          File: /usr/sbin/cron
(14:05:41)          Current inode: 86043352    Stored inode: 54218287
(14:05:42) /usr/sbin/groupadd                                ( Warning )
(14:05:42) Warning: The file properties have changed:
(14:05:42)          File: /usr/sbin/groupadd
(14:05:42)          Current inode: 86043370    Stored inode: 54215889
(14:05:42) /usr/sbin/groupdel                                ( Warning )
(14:05:42) Warning: The file properties have changed:
(14:05:42)          File: /usr/sbin/groupdel
(14:05:42)          Current inode: 86043371    Stored inode: 54215980
(14:05:42) /usr/sbin/groupmod                                ( Warning )
(14:05:42) Warning: The file properties have changed:
(14:05:42)          File: /usr/sbin/groupmod
(14:05:42)          Current inode: 86043372    Stored inode: 54215977
(14:05:42) /usr/sbin/grpck                                   ( Warning )
(14:05:42) Warning: The file properties have changed:
(14:05:42)          File: /usr/sbin/grpck
(14:05:42)          Current inode: 86043373    Stored inode: 54215968
(14:05:42) /usr/sbin/inetd                                   ( Warning )
(14:05:42) Warning: The file properties have changed:
(14:05:42)          File: /usr/sbin/inetd
(14:05:42)          Current inode: 86043380    Stored inode: 54218291
(14:05:43) /usr/sbin/nologin                                 ( Warning )
(14:05:43) Warning: The file properties have changed:
(14:05:43)          File: /usr/sbin/nologin
(14:05:43)          Current inode: 86043399    Stored inode: 54218046
(14:05:43) /usr/sbin/pwck                                    ( Warning )
(14:05:43) Warning: The file properties have changed:
(14:05:43)          File: /usr/sbin/pwck
(14:05:43)          Current inode: 86043422    Stored inode: 54215970
(14:05:43) /usr/sbin/tcpd                                    ( Warning )
(14:05:43) Warning: The file properties have changed:
(14:05:43)          File: /usr/sbin/tcpd
(14:05:44)          Current inode: 86043457    Stored inode: 54218309
(14:05:44) /usr/sbin/useradd                                 ( Warning )
(14:05:44) Warning: The file properties have changed:
(14:05:44)          File: /usr/sbin/useradd
(14:05:44)          Current inode: 86043472    Stored inode: 54215971
(14:05:44) /usr/sbin/userdel                                 ( Warning )
(14:05:44) Warning: The file properties have changed:
(14:05:44)          File: /usr/sbin/userdel
(14:05:44)          Current inode: 86043476    Stored inode: 54215887
(14:05:44) /usr/sbin/usermod                                 ( Warning )
(14:05:44) Warning: The file properties have changed:
(14:05:44)          File: /usr/sbin/usermod
(14:05:44)          Current inode: 86043477    Stored inode: 54215979
(14:05:44) /usr/sbin/vipw                                    ( Warning )
(14:05:44) Warning: The file properties have changed:
(14:05:44)          File: /usr/sbin/vipw
(14:05:44)          Current inode: 86043480    Stored inode: 54215975
(14:05:45) /usr/local/bin/rkhunter                           ( Warning )
(14:05:45) Warning: The file properties have changed:
(14:05:45)          File: /usr/local/bin/rkhunter
(14:05:45)          Current inode: 86043310    Stored inode: 54216814
(14:12:11)

Have I a rootkit?
Reply With Quote
Sponsored Links
  #2  
Old 31st March 2010, 14:33
esezako esezako is offline
Senior Member
 
Join Date: Dec 2008
Posts: 176
Thanks: 16
Thanked 4 Times in 3 Posts
Default

part 2 of the log

Code:
(14:12:11) Checking for rootkits...
(14:12:11) Info: Starting test name 'rootkits'
(14:12:11)
(14:12:11) Performing check of known rootkit files and directories
(14:12:11) Info: Starting test name 'known_rkts'
(14:12:11)
(14:12:11) Checking for 55808 Trojan - Variant A...
(14:12:11)   Checking for file '/tmp/.../r'                  ( Not found )
(14:12:11)   Checking for file '/tmp/.../a'                  ( Not found )
(14:12:11) 55808 Trojan - Variant A                          ( Not found )
(14:12:11)
(14:12:11) Checking for ADM Worm...
(14:12:12)   Checking for string 'w0rm'                      ( Not found )
(14:12:12) ADM Worm                                          ( Not found )
(14:12:12)
(14:12:12) Checking for AjaKit Rootkit...
(14:12:12)   Checking for file '/dev/tux/.addr'              ( Not found )
(14:12:12)   Checking for file '/dev/tux/.proc'              ( Not found )
(14:12:12)   Checking for file '/dev/tux/.file'              ( Not found )
(14:12:12)   Checking for file '/lib/.libgh-gh/cleaner'      ( Not found )
(14:12:12)   Checking for file '/lib/.libgh-gh/Patch/patch'  ( Not found )
(14:12:12)   Checking for file '/lib/.libgh-gh/sb0k'         ( Not found )
(14:12:12)   Checking for directory '/dev/tux'               ( Not found )
(14:12:12)   Checking for directory '/lib/.libgh-gh'         ( Not found )
(14:12:12) AjaKit Rootkit                                    ( Not found )
(14:12:12)
(14:12:12) Checking for aPa Kit...
(14:12:12)   Checking for file '/usr/share/.aPa'             ( Not found )
(14:12:12) aPa Kit                                           ( Not found )
(14:12:12)
(14:12:12) Checking for Apache Worm...
(14:12:12)   Checking for file '/bin/.log'                   ( Not found )
(14:12:12) Apache Worm                                       ( Not found )
(14:12:12)
(14:12:12) Checking for Ambient (ark) Rootkit...
(14:12:12)   Checking for file '/usr/lib/.ark?'              ( Not found )
(14:12:12)   Checking for file '/dev/ptyxx/.log'             ( Not found )
(14:12:12)   Checking for file '/dev/ptyxx/.file'            ( Not found )
(14:12:12)   Checking for directory '/dev/ptyxx'             ( Not found )
(14:12:12) Ambient (ark) Rootkit                             ( Not found )
(14:12:12)
(14:12:12) Checking for Balaur Rootkit...
(14:12:13)   Checking for file '/usr/lib/liblog.o'           ( Not found )
(14:12:13)   Checking for directory '/usr/lib/.kinetic'      ( Not found )
(14:12:13)   Checking for directory '/usr/lib/.egcs'         ( Not found )
(14:12:13)   Checking for directory '/usr/lib/.wormie'       ( Not found )
(14:12:13) Balaur Rootkit                                    ( Not found )
(14:12:13)
(14:12:13) Checking for BeastKit Rootkit...
(14:12:13)   Checking for file '/usr/sbin/arobia'            ( Not found )
(14:12:13)   Checking for file '/usr/sbin/idrun'             ( Not found )
(14:12:13)   Checking for file '/usr/lib/elm/arobia/elm'     ( Not found )
(14:12:13)   Checking for file '/usr/lib/elm/arobia/elm/hk'  ( Not found )
(14:12:13)   Checking for file '/usr/lib/elm/arobia/elm/hk.pub' ( Not found )
(14:12:13)   Checking for file '/usr/lib/elm/arobia/elm/sc'  ( Not found )
(14:12:13)   Checking for file '/usr/lib/elm/arobia/elm/sd.pp' ( Not found )
(14:12:13)   Checking for file '/usr/lib/elm/arobia/elm/sdco' ( Not found )
(14:12:13)   Checking for file '/usr/lib/elm/arobia/elm/srsd' ( Not found )
(14:12:13)   Checking for directory '/lib/ldd.so/bktools'    ( Not found )
(14:12:13) BeastKit Rootkit                                  ( Not found )
(14:12:13)
(14:12:13) Checking for beX2 Rootkit...
(14:12:13)   Checking for directory '/usr/include/bex'       ( Not found )
(14:12:13) beX2 Rootkit                                      ( Not found )
(14:12:13)
(14:12:13) Checking for BOBKit Rootkit...
(14:12:13)   Checking for file '/usr/sbin/ntpsx'             ( Not found )
(14:12:13)   Checking for file '/usr/lib/.../ls'             ( Not found )
(14:12:13)   Checking for file '/usr/lib/.../netstat'        ( Not found )
(14:12:14)   Checking for file '/usr/lib/.../lsof'           ( Not found )
(14:12:14)   Checking for file '/usr/lib/.../bkit-ssh/bkit-shdcfg' ( Not found )
(14:12:14)   Checking for file '/usr/lib/.../bkit-ssh/bkit-shhk' ( Not found )
(14:12:14)   Checking for file '/usr/lib/.../bkit-ssh/bkit-pw' ( Not found )
(14:12:14)   Checking for file '/usr/lib/.../bkit-ssh/bkit-shrs' ( Not found )
(14:12:14)   Checking for file '/usr/lib/.../uconf.inv'      ( Not found )
(14:12:14)   Checking for file '/usr/lib/.../psr'            ( Not found )
(14:12:14)   Checking for file '/usr/lib/.../find'           ( Not found )
(14:12:14)   Checking for file '/usr/lib/.../pstree'         ( Not found )
(14:12:14)   Checking for file '/usr/lib/.../slocate'        ( Not found )
(14:12:14)   Checking for file '/usr/lib/.../du'             ( Not found )
(14:12:14)   Checking for file '/usr/lib/.../top'            ( Not found )
(14:12:14)   Checking for directory '/usr/lib/...'           ( Not found )
(14:12:14)   Checking for directory '/usr/lib/.../bkit-ssh'  ( Not found )
(14:12:14)   Checking for directory '/usr/lib/.bkit-'        ( Not found )
(14:12:14)   Checking for directory '/tmp/.bkp'              ( Not found )
(14:12:14) BOBKit Rootkit                                    ( Not found )
(14:12:14)
(14:12:14) Checking for CiNIK Worm (Slapper.B variant)...
(14:12:14)   Checking for file '/tmp/.cinik'                 ( Not found )
(14:12:14)   Checking for directory '/tmp/.font-unix/.cinik' ( Not found )
(14:12:14) CiNIK Worm (Slapper.B variant)                    ( Not found )
(14:12:14)
(14:12:14) Checking for Danny-Boy's Abuse Kit...
(14:12:14)   Checking for file '/dev/mdev'                   ( Not found )
(14:12:15)   Checking for file '/usr/lib/libX.a'             ( Not found )
(14:12:15) Danny-Boy's Abuse Kit                             ( Not found )
(14:12:15)
(14:12:15) Checking for Devil RootKit...
(14:12:15)   Checking for file '/var/lib/games/.src'         ( Not found )
(14:12:15)   Checking for file '/dev/dsx'                    ( Not found )
(14:12:15)   Checking for file '/dev/caca'                   ( Not found )
(14:12:15) Devil RootKit                                     ( Not found )
(14:12:15)
(14:12:15) Checking for Dica-Kit Rootkit...
(14:12:15)   Checking for file '/lib/.sso'                   ( Not found )
(14:12:15)   Checking for file '/lib/.so'                    ( Not found )
(14:12:15)   Checking for file '/var/run/...dica/clean'      ( Not found )
(14:12:15)   Checking for file '/var/run/...dica/xl'         ( Not found )
(14:12:15)   Checking for file '/var/run/...dica/xdr'        ( Not found )
(14:12:15)   Checking for file '/var/run/...dica/psg'        ( Not found )
(14:12:15)   Checking for file '/var/run/...dica/secure'     ( Not found )
(14:12:15)   Checking for file '/var/run/...dica/rdx'        ( Not found )
(14:12:15)   Checking for file '/var/run/...dica/va'         ( Not found )
(14:12:15)   Checking for file '/var/run/...dica/cl.sh'      ( Not found )
(14:12:15)   Checking for file '/usr/bin/.etc'               ( Not found )
(14:12:15)   Checking for directory '/var/run/...dica'       ( Not found )
(14:12:15)   Checking for directory '/var/run/...dica/mh'    ( Not found )
(14:12:15)   Checking for directory '/var/run/...dica/scan'  ( Not found )
(14:12:15) Dica-Kit Rootkit                                  ( Not found )
(14:12:15)
(14:12:15) Checking for Dreams Rootkit...
(14:12:15)   Checking for file '/dev/ttyoa'                  ( Not found )
(14:12:16)   Checking for file '/dev/ttyof'                  ( Not found )
(14:12:16)   Checking for file '/dev/ttyop'                  ( Not found )
(14:12:16)   Checking for file '/usr/bin/sense'              ( Not found )
(14:12:16)   Checking for file '/usr/bin/sl2'                ( Not found )
(14:12:16)   Checking for file '/usr/bin/logclear'           ( Not found )
(14:12:16)   Checking for file '/usr/bin/(swapd)'            ( Not found )
(14:12:16)   Checking for file '/usr/bin/snfs'               ( Not found )
(14:12:16)   Checking for file '/usr/lib/libsss'             ( Not found )
(14:12:16)   Checking for directory '/dev/ida/.hpd'          ( Not found )
(14:12:16) Dreams Rootkit                                    ( Not found )
(14:12:16)
(14:12:16) Checking for Duarawkz Rootkit...
(14:12:16)   Checking for file '/usr/bin/duarawkz/loginpass' ( Not found )
(14:12:16)   Checking for directory '/usr/bin/duarawkz'      ( Not found )
(14:12:16) Duarawkz Rootkit                                  ( Not found )
(14:12:16)
(14:12:16) Checking for Enye LKM...
(14:12:16)   Checking for file '/etc/.enyelkmHIDE^IT.ko'     ( Not found )
(14:12:16) Enye LKM                                          ( Not found )
(14:12:16)
(14:12:16) Checking for Flea Linux Rootkit...
(14:12:16)   Checking for file '/etc/ld.so.hash'             ( Not found )
(14:12:16)   Checking for file '/lib/security/.config/ssh/ssh_host_key' ( Not found )
(14:12:16)   Checking for file '/lib/security/.config/ssh/ssh_host_key.pub' ( Not found )
(14:12:16)   Checking for file '/lib/security/.config/ssh/ssh_random_seed' ( Not found )
(14:12:16)   Checking for file '/usr/bin/ssh2d'              ( Not found )
(14:12:16)   Checking for file '/usr/lib/ldlibns.so'         ( Not found )
(14:12:17)   Checking for file '/usr/lib/ldlibpst.so'        ( Not found )
(14:12:17)   Checking for file '/usr/lib/ldlibdu.so'         ( Not found )
(14:12:17)   Checking for file '/usr/lib/ldlibct.so'         ( Not found )
(14:12:17)   Checking for directory '/lib/security/.config/ssh' ( Not found )
(14:12:17)   Checking for directory '/dev/..0'               ( Not found )
(14:12:17)   Checking for directory '/dev/..0/backup'        ( Not found )
(14:12:17) Flea Linux Rootkit                                ( Not found )
(14:12:17)
(14:12:17) Checking for FreeBSD Rootkit...
(14:12:17)   Checking for file '/usr/lib/.fx/sched_host.2'   ( Not found )
(14:12:17)   Checking for file '/usr/lib/.fx/random_d.2'     ( Not found )
(14:12:17)   Checking for file '/usr/lib/.fx/set_pid.2'      ( Not found )
(14:12:17)   Checking for file '/usr/lib/.fx/cons.saver'     ( Not found )
(14:12:17)   Checking for file '/usr/lib/.fx/adore/adore/adore.ko' ( Not found )
(14:12:17)   Checking for file '/bin/sysback'                ( Not found )
(14:12:17)   Checking for file '/usr/local/bin/sysback'      ( Not found )
(14:12:17)   Checking for directory '/usr/lib/.fx'           ( Not found )
(14:12:17)   Checking for directory '/usr/lib/.fx/adore'     ( Not found )
(14:12:17) FreeBSD Rootkit                                   ( Not found )
(14:12:17)
(14:12:17) Checking for Fuck`it Rootkit...
(14:12:17)   Checking for file '/dev/proc/fuckit/hax0r'      ( Not found )
(14:12:17)   Checking for file '/dev/proc/fuckit/hax0rshell' ( Not found )
(14:12:17)   Checking for file '/dev/proc/fuckit/config/lports' ( Not found )
(14:12:17)   Checking for file '/dev/proc/fuckit/config/rports' ( Not found )
(14:12:18)   Checking for file '/dev/proc/fuckit/config/rkconf' ( Not found )
(14:12:18)   Checking for file '/dev/proc/fuckit/config/password' ( Not found )
(14:12:18)   Checking for file '/dev/proc/fuckit/config/progs' ( Not found )
(14:12:18)   Checking for file '/dev/proc/system-bins/init'  ( Not found )
(14:12:18) Fuck`it Rootkit                                   ( Not found )
(14:12:18)
(14:12:18) Checking for GasKit Rootkit...
(14:12:18)   Checking for file '/dev/dev/gaskit/sshd/sshdd'  ( Not found )
(14:12:18)   Checking for directory '/dev/dev'               ( Not found )
(14:12:18)   Checking for directory '/dev/dev/gaskit'        ( Not found )
(14:12:18)   Checking for directory '/dev/dev/gaskit/sshd'   ( Not found )
(14:12:18) GasKit Rootkit                                    ( Not found )
(14:12:18)
(14:12:18) Checking for Heroin LKM...
(14:12:18)   Checking for kernel symbol 'heroin'             ( Skipped )
(14:12:18) Heroin LKM                                        ( Not found )
(14:12:18)
(14:12:18) Checking for HjC Kit...
(14:12:18)   Checking for directory '/dev/.hijackerz'        ( Not found )
(14:12:18) HjC Kit                                           ( Not found )
(14:12:18)
(14:12:18) Checking for ignoKit Rootkit...
(14:12:18)   Checking for file '/lib/defs/p'                 ( Not found )
(14:12:18)   Checking for file '/lib/defs/q'                 ( Not found )
(14:12:18)   Checking for file '/lib/defs/r'                 ( Not found )
(14:12:18)   Checking for file '/lib/defs/s'                 ( Not found )
(14:12:18)   Checking for file '/lib/defs/t'                 ( Not found )
(14:12:18)   Checking for file '/usr/lib/defs/p'             ( Not found )
(14:12:18)   Checking for file '/usr/lib/defs/q'             ( Not found )
(14:12:19)   Checking for file '/usr/lib/defs/r'             ( Not found )
(14:12:19)   Checking for file '/usr/lib/defs/s'             ( Not found )
(14:12:19)   Checking for file '/usr/lib/defs/t'             ( Not found )
(14:12:19)   Checking for file '/usr/lib/.libigno/pkunsec'   ( Not found )
(14:12:19)   Checking for file '/usr/lib/.libigno/.igno/psybnc/psybnc' ( Not found )
(14:12:19)   Checking for directory '/usr/lib/.libigno'      ( Not found )
(14:12:19)   Checking for directory '/usr/lib/.libigno/.igno' ( Not found )
(14:12:19) ignoKit Rootkit                                   ( Not found )
(14:12:19)
(14:12:19) Checking for ImperalsS-FBRK Rootkit...
(14:12:19)   Checking for directory '/dev/fd/.88'            ( Not found )
(14:12:19)   Checking for directory '/dev/fd/.99'            ( Not found )
(14:12:19) ImperalsS-FBRK Rootkit                            ( Not found )
(14:12:19)
(14:12:19) Checking for IntoXonia-NG Rootkit...
(14:12:19)   Checking for kernel symbol 'funces'             ( Skipped )
(14:12:19)   Checking for kernel symbol 'ixinit'             ( Skipped )
(14:12:19)   Checking for kernel symbol 'tricks'             ( Skipped )
(14:12:19)   Checking for kernel symbol 'kernel_unlink'      ( Skipped )
(14:12:19)   Checking for kernel symbol 'rootme'             ( Skipped )
(14:12:19)   Checking for kernel symbol 'hide_module'        ( Skipped )
(14:12:19)   Checking for kernel symbol 'find_sys_call_tbl'  ( Skipped )
(14:12:19) IntoXonia-NG Rootkit                              ( Not found )
(14:12:19)
(14:12:19) Checking for Irix Rootkit...
(14:12:19)   Checking for directory '/dev/pts/01'            ( Not found )
(14:12:19)   Checking for directory '/dev/pts/01/backup'     ( Not found )
(14:12:20)   Checking for directory '/dev/pts/01/etc'        ( Not found )
(14:12:20)   Checking for directory '/dev/pts/01/tmp'        ( Not found )
(14:12:20) Irix Rootkit                                      ( Not found )
(14:12:20)
(14:12:20) Checking for Kitko Rootkit...
(14:12:20)   Checking for directory '/usr/src/redhat/SRPMS/...' ( Not found )
(14:12:20) Kitko Rootkit                                     ( Not found )
(14:12:20)
(14:12:20) Checking for Knark Rootkit...
(14:12:20)   Checking for file '/proc/knark/pids'            ( Not found )
(14:12:20)   Checking for directory '/proc/knark'            ( Not found )
(14:12:20) Knark Rootkit                                     ( Not found )
(14:12:20)
(14:12:20) Checking for Li0n Worm...
(14:12:20)   Checking for file '/bin/in.telnetd'             ( Not found )
(14:12:20)   Checking for file '/bin/mjy'                    ( Not found )
(14:12:20)   Checking for file '/usr/man/man1/man1/lib/.lib/mjy' ( Not found )
(14:12:20)   Checking for file '/usr/man/man1/man1/lib/.lib/in.telnetd' ( Not found )
(14:12:20)   Checking for file '/usr/man/man1/man1/lib/.lib/.x' ( Not found )
(14:12:20)   Checking for file '/dev/.lib/lib/scan/1i0n.sh'  ( Not found )
(14:12:20)   Checking for file '/dev/.lib/lib/scan/hack.sh'  ( Not found )
(14:12:20)   Checking for file '/dev/.lib/lib/scan/bind'     ( Not found )
(14:12:20)   Checking for file '/dev/.lib/lib/scan/randb'    ( Not found )
(14:12:20)   Checking for file '/dev/.lib/lib/scan/scan.sh'  ( Not found )
(14:12:20)   Checking for file '/dev/.lib/lib/scan/pscan'    ( Not found )
(14:12:20)   Checking for file '/dev/.lib/lib/scan/star.sh'  ( Not found )
(14:12:20)   Checking for file '/dev/.lib/lib/scan/bindx.sh' ( Not found )
(14:12:21)   Checking for file '/dev/.lib/lib/scan/bindname.log' ( Not found )
(14:12:21)   Checking for file '/dev/.lib/lib/1i0n.sh'       ( Not found )
(14:12:21)   Checking for file '/dev/.lib/lib/lib/netstat'   ( Not found )
(14:12:21)   Checking for file '/dev/.lib/lib/lib/dev/.1addr' ( Not found )
(14:12:21)   Checking for file '/dev/.lib/lib/lib/dev/.1logz' ( Not found )
(14:12:21)   Checking for file '/dev/.lib/lib/lib/dev/.1proc' ( Not found )
(14:12:21)   Checking for file '/dev/.lib/lib/lib/dev/.1file' ( Not found )
(14:12:21) Li0n Worm                                         ( Not found )
(14:12:21)
(14:12:21) Checking for Lockit / LJK2 Rootkit...
(14:12:21)   Checking for file '/usr/lib/libmen.oo/.LJK2/ssh_config' ( Not found )
(14:12:21)   Checking for file '/usr/lib/libmen.oo/.LJK2/ssh_host_key' ( Not found )
(14:12:21)   Checking for file '/usr/lib/libmen.oo/.LJK2/ssh_host_key.pub' ( Not found )
(14:12:21)   Checking for file '/usr/lib/libmen.oo/.LJK2/ssh_random_seed*' ( Not found )
(14:12:21)   Checking for file '/usr/lib/libmen.oo/.LJK2/sshd_config' ( Not found )
(14:12:21)   Checking for file '/usr/lib/libmen.oo/.LJK2/backdoor/RK1bd' ( Not found )
(14:12:21)   Checking for file '/usr/lib/libmen.oo/.LJK2/backup/du' ( Not found )
(14:12:21)   Checking for file '/usr/lib/libmen.oo/.LJK2/backup/ifconfig' ( Not found )
(14:12:21)   Checking for file '/usr/lib/libmen.oo/.LJK2/backup/inetd.conf' ( Not found )
(14:12:21)   Checking for file '/usr/lib/libmen.oo/.LJK2/backup/locate' ( Not found )
(14:12:21)   Checking for file '/usr/lib/libmen.oo/.LJK2/backup/login' ( Not found )
(14:12:21)   Checking for file '/usr/lib/libmen.oo/.LJK2/backup/ls' ( Not found )
(14:12:21)   Checking for file '/usr/lib/libmen.oo/.LJK2/backup/netstat' ( Not found )
(14:12:21)   Checking for file '/usr/lib/libmen.oo/.LJK2/backup/ps' ( Not found )
(14:12:22)   Checking for file '/usr/lib/libmen.oo/.LJK2/backup/pstree' ( Not found )
(14:12:22)   Checking for file '/usr/lib/libmen.oo/.LJK2/backup/rc.sysinit' ( Not found )
(14:12:22)   Checking for file '/usr/lib/libmen.oo/.LJK2/backup/syslogd' ( Not found )
(14:12:22)   Checking for file '/usr/lib/libmen.oo/.LJK2/backup/tcpd' ( Not found )
(14:12:22)   Checking for file '/usr/lib/libmen.oo/.LJK2/backup/top' ( Not found )
(14:12:22)   Checking for file '/usr/lib/libmen.oo/.LJK2/clean/RK1sauber' ( Not found )
(14:12:22)   Checking for file '/usr/lib/libmen.oo/.LJK2/clean/RK1wted' ( Not found )
(14:12:22)   Checking for file '/usr/lib/libmen.oo/.LJK2/hack/RK1parser' ( Not found )
(14:12:22)   Checking for file '/usr/lib/libmen.oo/.LJK2/hack/RK1sniff' ( Not found )
(14:12:22)   Checking for file '/usr/lib/libmen.oo/.LJK2/hide/.RK1addr' ( Not found )
(14:12:22)   Checking for file '/usr/lib/libmen.oo/.LJK2/hide/.RK1dir' ( Not found )
(14:12:22)   Checking for file '/usr/lib/libmen.oo/.LJK2/hide/.RK1log' ( Not found )
(14:12:22)   Checking for file '/usr/lib/libmen.oo/.LJK2/hide/.RK1proc' ( Not found )
(14:12:22)   Checking for file '/usr/lib/libmen.oo/.LJK2/hide/RK1phidemod.c' ( Not found )
(14:12:22)   Checking for file '/usr/lib/libmen.oo/.LJK2/modules/README.modules' ( Not found )
(14:12:22)   Checking for file '/usr/lib/libmen.oo/.LJK2/modules/RK1hidem.c' ( Not found )
(14:12:22)   Checking for file '/usr/lib/libmen.oo/.LJK2/modules/RK1phide' ( Not found )
(14:12:22)   Checking for file '/usr/lib/libmen.oo/.LJK2/sshconfig/RK1ssh' ( Not found )
(14:12:22)   Checking for directory '/usr/lib/libmen.oo/.LJK2' ( Not found )
(14:12:22) Lockit / LJK2 Rootkit                             ( Not found )
(14:12:22)
(14:12:22) Checking for Mood-NT Rootkit...
(14:12:22)   Checking for file '/sbin/init__mood-nt-_-_cthulhu' ( Not found )
(14:12:22)   Checking for file '/_cthulhu/mood-nt.init'      ( Not found )
(14:12:23)   Checking for file '/_cthulhu/mood-nt.conf'      ( Not found )
(14:12:23)   Checking for file '/_cthulhu/mood-nt.sniff'     ( Not found )
(14:12:23)   Checking for directory '/_cthulhu'              ( Not found )
(14:12:23) Mood-NT Rootkit                                   ( Not found )
(14:12:23)
(14:12:23) Checking for MRK Rootkit...
(14:12:23)   Checking for file '/dev/ida/.inet/pid'          ( Not found )
(14:12:23)   Checking for file '/dev/ida/.inet/ssh_host_key' ( Not found )
(14:12:23)   Checking for file '/dev/ida/.inet/ssh_random_seed' ( Not found )
(14:12:23)   Checking for file '/dev/ida/.inet/tcp.log'      ( Not found )
(14:12:23)   Checking for directory '/dev/ida/.inet'         ( Not found )
(14:12:23)   Checking for directory '/var/spool/cron/.sh'    ( Not found )
(14:12:23) MRK Rootkit                                       ( Not found )
(14:12:23)
(14:12:23) Checking for Ni0 Rootkit...
(14:12:23)   Checking for file '/var/lock/subsys/...datafile.../...net...' ( Not found )
(14:12:23)   Checking for file '/var/lock/subsys/...datafile.../...port...' ( Not found )
(14:12:23)   Checking for file '/var/lock/subsys/...datafile.../...ps...' ( Not found )
(14:12:23)   Checking for file '/var/lock/subsys/...datafile.../...file...' ( Not found )
(14:12:23)   Checking for directory '/tmp/waza'              ( Not found )
(14:12:23)   Checking for directory '/var/lock/subsys/...datafile...' ( Not found )
(14:12:23)   Checking for directory '/usr/sbin/es'           ( Not found )
(14:12:23) Ni0 Rootkit                                       ( Not found )
(14:12:23)
(14:12:23) Checking for Ohhara Rootkit...
(14:12:23)   Checking for file '/var/lock/subsys/...datafile.../...datafile.../in.smbd.log' ( Not found )
(14:12:23)   Checking for directory '/var/lock/subsys/...datafile...' ( Not found )
(14:12:24)   Checking for directory '/var/lock/subsys/...datafile.../...datafile...' ( Not found )
(14:12:24)   Checking for directory '/var/lock/subsys/...datafile.../...datafile.../bin' ( Not found )
(14:12:24)   Checking for directory '/var/lock/subsys/...datafile.../...datafile.../usr/bin' ( Not found )
(14:12:24)   Checking for directory '/var/lock/subsys/...datafile.../...datafile.../usr/sbin' ( Not found )
(14:12:24)   Checking for directory '/var/lock/subsys/...datafile.../...datafile.../lib/security' ( Not found )
(14:12:24) Ohhara Rootkit                                    ( Not found )
(14:12:24)
(14:12:24) Checking for Optic Kit (Tux) Worm...
(14:12:24)   Checking for directory '/dev/tux'               ( Not found )
(14:12:24)   Checking for directory '/usr/bin/xchk'          ( Not found )
(14:12:24)   Checking for directory '/usr/bin/xsf'           ( Not found )
(14:12:24)   Checking for directory '/usr/bin/ssh2d'         ( Not found )
(14:12:24) Optic Kit (Tux) Worm                              ( Not found )
(14:12:24)
(14:12:24) Checking for Oz Rootkit...
(14:12:24)   Checking for file '/dev/.oz/.nap/rkit/terror'   ( Not found )
(14:12:24)   Checking for directory '/dev/.oz'               ( Not found )
(14:12:24) Oz Rootkit                                        ( Not found )
(14:12:24)
(14:12:24) Checking for Phalanx Rootkit...
(14:12:24)   Checking for file '/usr/share/.home.ph1/cb'     ( Not found )
(14:12:24)   Checking for file '/etc/host.ph1'               ( Not found )
(14:12:24)   Checking for file '/bin/host.ph1'               ( Not found )
(14:12:24)   Checking for file '/usr/share/.home.ph1/phalanx' ( Not found )
(14:12:24)   Checking for directory '/usr/share/.home.ph1'   ( Not found )
(14:12:24) Phalanx Rootkit                                   ( Not found )
(14:12:24)
(14:12:24) Checking for Phalanx Rootkit (strings)...
(14:12:25)   Checking for string 'phalanx'                   ( Not found )
(14:12:25) Phalanx Rootkit (strings)                         ( Not found )
(14:12:25)
(14:12:25) Checking for Phalanx2 Rootkit...
(14:12:25)   Checking for file '/etc/khubd.p2/.p2rc'         ( Not found )
(14:12:25)   Checking for file '/etc/khubd.p2/.phalanx2'     ( Not found )
(14:12:25)   Checking for file '/etc/khubd.p2/.sniff'        ( Not found )
(14:12:25)   Checking for file '/etc/khubd.p2/sshgrab.py'    ( Not found )
(14:12:25)   Checking for file '/etc/lolzz.p2/.p2rc'         ( Not found )
(14:12:25)   Checking for file '/etc/lolzz.p2/.phalanx2'     ( Not found )
(14:12:25)   Checking for file '/etc/lolzz.p2/.sniff'        ( Not found )
(14:12:25)   Checking for file '/etc/lolzz.p2/sshgrab.py'    ( Not found )
(14:12:25)   Checking for directory '/etc/khubd.p2'          ( Not found )
(14:12:25)   Checking for directory '/etc/lolzz.p2'          ( Not found )
(14:12:25) Phalanx2 Rootkit                                  ( Not found )
(14:12:25)
(14:12:25) Checking for Phalanx2 Rootkit (extended tests)...
(14:12:25)   Checking for directory '/etc/khubd.p2'          ( Not found )
(14:12:25)   Checking for directory '/etc/lolzz.p2'          ( Not found )
(14:12:25) Phalanx2 Rootkit (extended tests)                 ( Not found )
(14:12:25)
(14:12:25) Checking for Portacelo Rootkit...
(14:12:25)   Checking for file '/var/lib/.../.ak'            ( Not found )
(14:12:25)   Checking for file '/var/lib/.../.hk'            ( Not found )
(14:12:25)   Checking for file '/var/lib/.../.rs'            ( Not found )
(14:12:25)   Checking for file '/var/lib/.../.p'             ( Not found )
(14:12:25)   Checking for file '/var/lib/.../getty'          ( Not found )
(14:12:26)   Checking for file '/var/lib/.../lkt.o'          ( Not found )
(14:12:26)   Checking for file '/var/lib/.../show'           ( Not found )
(14:12:26)   Checking for file '/var/lib/.../nlkt.o'         ( Not found )
(14:12:26)   Checking for file '/var/lib/.../ssshrc'         ( Not found )
(14:12:26)   Checking for file '/var/lib/.../sssh_equiv'     ( Not found )
(14:12:26)   Checking for file '/var/lib/.../sssh_known_hosts' ( Not found )
(14:12:26)   Checking for file '/var/lib/.../sssh_pid'       ( Not found )
(14:12:26)   Checking for file '~/.sssh/known_hosts'         ( Not found )
(14:12:26) Portacelo Rootkit                                 ( Not found )
(14:12:26)
(14:12:26) Checking for R3dstorm Toolkit...
(14:12:26)   Checking for file '/var/log/tk02/see_all'       ( Not found )
(14:12:26)   Checking for file '/bin/.../sshd/sbin/sshd1'    ( Not found )
(14:12:26)   Checking for file '/bin/.../hate/sk'            ( Not found )
(14:12:26)   Checking for file '/bin/.../see_all'            ( Not found )
(14:12:26)   Checking for directory '/var/log/tk02'          ( Not found )
(14:12:26)   Checking for directory '/var/log/tk02/old'      ( Not found )
(14:12:26)   Checking for directory '/bin/...'               ( Not found )
(14:12:26) R3dstorm Toolkit                                  ( Not found )
(14:12:26)
(14:12:26) Checking for RH-Sharpe's Rootkit...
(14:12:26)   Checking for file '/bin/lps'                    ( Not found )
(14:12:26)   Checking for file '/usr/bin/lpstree'            ( Not found )
(14:12:26)   Checking for file '/usr/bin/ltop'               ( Not found )
(14:12:26)   Checking for file '/usr/bin/lkillall'           ( Not found )
(14:12:27)   Checking for file '/usr/bin/ldu'                ( Not found )
(14:12:27)   Checking for file '/usr/bin/lnetstat'           ( Not found )
(14:12:27)   Checking for file '/usr/bin/wp'                 ( Not found )
(14:12:27)   Checking for file '/usr/bin/shad'               ( Not found )
(14:12:27)   Checking for file '/usr/bin/vadim'              ( Not found )
(14:12:27)   Checking for file '/usr/bin/slice'              ( Not found )
(14:12:27)   Checking for file '/usr/bin/cleaner'            ( Not found )
(14:12:27)   Checking for file '/usr/include/rpcsvc/du'      ( Not found )
(14:12:27) RH-Sharpe's Rootkit                               ( Not found )
(14:12:27)
(14:12:27) Checking for RSHA's Rootkit...
(14:12:27)   Checking for file '/bin/kr4p'                   ( Not found )
(14:12:27)   Checking for file '/usr/bin/n3tstat'            ( Not found )
(14:12:27)   Checking for file '/usr/bin/chsh2'              ( Not found )
(14:12:27)   Checking for file '/usr/bin/slice2'             ( Not found )
(14:12:27)   Checking for file '/usr/src/linux/arch/alpha/lib/.lib/.1proc' ( Not found )
(14:12:27)   Checking for file '/etc/rc.d/arch/alpha/lib/.lib/.1addr' ( Not found )
(14:12:27)   Checking for directory '/etc/rc.d/rsha'         ( Not found )
(14:12:27)   Checking for directory '/etc/rc.d/arch/alpha/lib/.lib' ( Not found )
(14:12:27) RSHA's Rootkit                                    ( Not found )
(14:12:27)
(14:12:27) Checking for Scalper Worm...
(14:12:27)   Checking for file '/tmp/.a'                     ( Not found )
(14:12:27)   Checking for file '/tmp/.uua'                   ( Not found )
(14:12:27) Scalper Worm                                      ( Not found )
(14:12:28)
(14:12:28) Checking for Sebek LKM...
(14:12:28)   Checking for kernel symbol 'adore or sebek'     ( Skipped )
(14:12:28) Sebek LKM                                         ( Not found )
(14:12:28)
(14:12:28) Checking for Shutdown Rootkit...
(14:12:28)   Checking for file '/usr/man/man5/.. /.dir/scannah/asus' ( Not found )
(14:12:28)   Checking for file '/usr/man/man5/.. /.dir/see'  ( Not found )
(14:12:28)   Checking for file '/usr/man/man5/.. /.dir/nscd' ( Not found )
(14:12:28)   Checking for file '/usr/man/man5/.. /.dir/alpd' ( Not found )
(14:12:28)   Checking for file '/etc/rc.d/rc.local '         ( Not found )
(14:12:28)   Checking for directory '/usr/man/man5/.. /.dir' ( Not found )
(14:12:28)   Checking for directory '/usr/man/man5/.. /.dir/scannah' ( Not found )
(14:12:28)   Checking for directory '/etc/rc.d/rc0.d/.. /.dir' ( Not found )
(14:12:28) Shutdown Rootkit                                  ( Not found )
(14:12:28)
(14:12:28) Checking for SHV4 Rootkit...
(14:12:28)   Checking for file '/etc/ld.so.hash'             ( Not found )
(14:12:28)   Checking for file '/lib/libext-2.so.7'          ( Not found )
(14:12:28)   Checking for file '/lib/lidps1.so'              ( Not found )
(14:12:28)   Checking for file '/usr/sbin/xntps'             ( Not found )
(14:12:28)   Checking for directory '/lib/security/.config'  ( Not found )
(14:12:28)   Checking for directory '/lib/security/.config/ssh' ( Not found )
(14:12:28) SHV4 Rootkit                                      ( Not found )
(14:12:28)
(14:12:28) Checking for SHV5 Rootkit...
(14:12:28)   Checking for file '/etc/sh.conf'                ( Not found )
(14:12:28)   Checking for file '/dev/srd0'                   ( Not found )
(14:12:29)   Checking for directory '/usr/lib/libsh'         ( Not found )
(14:12:29) SHV5 Rootkit                                      ( Not found )
(14:12:29)
(14:12:29) Checking for Sin Rootkit...
(14:12:29)   Checking for file '/dev/.haos/haos1/.f/Denyed'  ( Not found )
(14:12:29)   Checking for file '/dev/ttyoa'                  ( Not found )
(14:12:29)   Checking for file '/dev/ttyof'                  ( Not found )
(14:12:29)   Checking for file '/dev/ttyop'                  ( Not found )
(14:12:29)   Checking for file '/dev/ttyos'                  ( Not found )
(14:12:29)   Checking for file '/usr/lib/.lib'               ( Not found )
(14:12:29)   Checking for file '/usr/lib/sn/.X'              ( Not found )
(14:12:29)   Checking for file '/usr/lib/sn/.sys'            ( Not found )
(14:12:29)   Checking for file '/usr/lib/ld/.X'              ( Not found )
(14:12:29)   Checking for file '/usr/man/man1/...'           ( Not found )
(14:12:29)   Checking for file '/usr/man/man1/.../.m'        ( Not found )
(14:12:29)   Checking for file '/usr/man/man1/.../.w'        ( Not found )
(14:12:29)   Checking for directory '/usr/lib/sn'            ( Not found )
(14:12:29)   Checking for directory '/usr/lib/man1/...'      ( Not found )
(14:12:29)   Checking for directory '/dev/.haos'             ( Not found )
(14:12:29) Sin Rootkit                                       ( Not found )
(14:12:29)
(14:12:29) Checking for Slapper Worm...
(14:12:29)   Checking for file '/tmp/.bugtraq'               ( Not found )
(14:12:29)   Checking for file '/tmp/.uubugtraq'             ( Not found )
(14:12:29)   Checking for file '/tmp/.bugtraq.c'             ( Not found )
(14:12:30)   Checking for file '/tmp/httpd'                  ( Not found )
(14:12:30)   Checking for file '/tmp/.unlock'                ( Not found )
(14:12:30)   Checking for file '/tmp/update'                 ( Not found )
(14:12:30)   Checking for file '/tmp/.cinik'                 ( Not found )
(14:12:30)   Checking for file '/tmp/.b'                     ( Not found )
(14:12:30) Slapper Worm                                      ( Not found )
(14:12:30)
(14:12:30) Checking for Sneakin Rootkit...
(14:12:30)   Checking for directory '/tmp/.X11-unix/.../rk'  ( Not found )
(14:12:30) Sneakin Rootkit                                   ( Not found )
(14:12:30)
(14:12:30) Checking for Suckit Rootkit...
(14:12:30)   Checking for file '/sbin/initsk12'              ( Not found )
(14:12:30)   Checking for file '/sbin/initxrk'               ( Not found )
(14:12:30)   Checking for file '/usr/bin/null'               ( Not found )
(14:12:30)   Checking for file '/usr/share/locale/sk/.sk12/sk' ( Not found )
(14:12:30)   Checking for file '/etc/rc.d/rc0.d/S23kmdac'    ( Not found )
(14:12:30)   Checking for file '/etc/rc.d/rc1.d/S23kmdac'    ( Not found )
(14:12:30)   Checking for file '/etc/rc.d/rc2.d/S23kmdac'    ( Not found )
(14:12:30)   Checking for file '/etc/rc.d/rc3.d/S23kmdac'    ( Not found )
(14:12:30)   Checking for file '/etc/rc.d/rc4.d/S23kmdac'    ( Not found )
(14:12:30)   Checking for file '/etc/rc.d/rc5.d/S23kmdac'    ( Not found )
(14:12:30)   Checking for file '/etc/rc.d/rc6.d/S23kmdac'    ( Not found )
(14:12:30)   Checking for directory '/dev/sdhu0/tehdrakg'    ( Not found )
(14:12:30)   Checking for directory '/etc/.MG'               ( Not found )
(14:12:30)   Checking for directory '/usr/share/locale/sk/.sk12' ( Not found )
(14:12:31)   Checking for directory '/usr/lib/perl5/site_perl/i386-linux/auto/TimeDate/.packlist' ( Not found )
(14:12:31) Suckit Rootkit                                    ( Not found )
(14:12:31)
(14:12:31) Checking for SunOS Rootkit...
(14:12:31)   Checking for file '/etc/ld.so.hash'             ( Not found )
(14:12:31)   Checking for file '/lib/libext-2.so.7'          ( Not found )
(14:12:31)   Checking for file '/usr/bin/ssh2d'              ( Not found )
(14:12:31)   Checking for file '/bin/xlogin'                 ( Not found )
(14:12:31)   Checking for file '/usr/lib/crth.o'             ( Not found )
(14:12:31)   Checking for file '/usr/lib/crtz.o'             ( Not found )
(14:12:31)   Checking for file '/sbin/login'                 ( Not found )
(14:12:31)   Checking for file '/lib/security/.config/sn'    ( Not found )
(14:12:31)   Checking for file '/lib/security/.config/lpsched' ( Not found )
(14:12:31)   Checking for file '/dev/kmod'                   ( Not found )
(14:12:31)   Checking for file '/dev/dos'                    ( Not found )
(14:12:31) SunOS Rootkit                                     ( Not found )
(14:12:31)
(14:12:31) Checking for SunOS / NSDAP Rootkit...
(14:12:31)   Checking for file '/usr/lib/vold/nsdap/.kit'    ( Not found )
(14:12:31)   Checking for file '/usr/lib/vold/nsdap/defines' ( Not found )
(14:12:31)   Checking for file '/usr/lib/vold/nsdap/patcher' ( Not found )
(14:12:31)   Checking for file '/usr/lib/vold/nsdap/pg'      ( Not found )
(14:12:31)   Checking for file '/usr/lib/vold/nsdap/cleaner' ( Not found )
(14:12:31)   Checking for file '/usr/lib/vold/nsdap/utime'   ( Not found )
(14:12:31)   Checking for file '/usr/lib/vold/nsdap/crypt'   ( Not found )
(14:12:32)   Checking for file '/usr/lib/vold/nsdap/findkit' ( Not found )
(14:12:32)   Checking for file '/usr/lib/vold/nsdap/sn2'     ( Not found )
(14:12:32)   Checking for file '/usr/lib/vold/nsdap/sniffload' ( Not found )
(14:12:32)   Checking for file '/usr/lib/vold/nsdap/runsniff' ( Not found )
(14:12:32)   Checking for file '/usr/lib/lpset'              ( Not found )
(14:12:32)   Checking for directory '/usr/lib/vold/nsdap'    ( Not found )
(14:12:32) SunOS / NSDAP Rootkit                             ( Not found )
Reply With Quote
  #3  
Old 31st March 2010, 14:34
esezako esezako is offline
Senior Member
 
Join Date: Dec 2008
Posts: 176
Thanks: 16
Thanked 4 Times in 3 Posts
Default

part 3 of the log

Code:
(14:12:32)
(14:12:32) Checking for Superkit Rootkit...
(14:12:32)   Checking for file '/usr/man/.sman/sk'           ( Not found )
(14:12:32) Superkit Rootkit                                  ( Not found )
(14:12:32)
(14:12:32) Checking for TBD (Telnet BackDoor)...
(14:12:32)   Checking for file '/usr/lib/.tbd'               ( Not found )
(14:12:32) TBD (Telnet BackDoor)                             ( Not found )
(14:12:32)
(14:12:32) Checking for TeLeKiT Rootkit...
(14:12:32)   Checking for file '/usr/man/man3/.../TeLeKiT/bin/sniff' ( Not found )
(14:12:32)   Checking for file '/usr/man/man3/.../TeLeKiT/bin/telnetd' ( Not found )
(14:12:32)   Checking for file '/usr/man/man3/.../TeLeKiT/bin/teleulo' ( Not found )
(14:12:32)   Checking for file '/usr/man/man3/.../cl'        ( Not found )
(14:12:32)   Checking for file '/dev/ptyr'                   ( Not found )
(14:12:32)   Checking for file '/dev/ptyp'                   ( Not found )
(14:12:32)   Checking for file '/dev/ptyq'                   ( Not found )
(14:12:32)   Checking for file '/dev/hda06'                  ( Not found )
(14:12:32)   Checking for file '/usr/info/libc1.so'          ( Not found )
(14:12:33)   Checking for directory '/usr/man/man3/...'      ( Not found )
(14:12:33)   Checking for directory '/usr/man/man3/.../lsniff' ( Not found )
(14:12:33)   Checking for directory '/usr/man/man3/.../TeLeKiT' ( Not found )
(14:12:33) TeLeKiT Rootkit                                   ( Not found )
(14:12:33)
(14:12:33) Checking for T0rn Rootkit...
(14:12:33)   Checking for file '/dev/.lib/lib/lib/t0rns'     ( Not found )
(14:12:33)   Checking for file '/dev/.lib/lib/lib/du'        ( Not found )
(14:12:33)   Checking for file '/dev/.lib/lib/lib/ls'        ( Not found )
(14:12:33)   Checking for file '/dev/.lib/lib/lib/t0rnsb'    ( Not found )
(14:12:33)   Checking for file '/dev/.lib/lib/lib/ps'        ( Not found )
(14:12:33)   Checking for file '/dev/.lib/lib/lib/t0rnp'     ( Not found )
(14:12:33)   Checking for file '/dev/.lib/lib/lib/find'      ( Not found )
(14:12:33)   Checking for file '/dev/.lib/lib/lib/ifconfig'  ( Not found )
(14:12:33)   Checking for file '/dev/.lib/lib/lib/pg'        ( Not found )
(14:12:33)   Checking for file '/dev/.lib/lib/lib/ssh.tgz'   ( Not found )
(14:12:33)   Checking for file '/dev/.lib/lib/lib/top'       ( Not found )
(14:12:33)   Checking for file '/dev/.lib/lib/lib/sz'        ( Not found )
(14:12:33)   Checking for file '/dev/.lib/lib/lib/login'     ( Not found )
(14:12:33)   Checking for file '/dev/.lib/lib/lib/in.fingerd' ( Not found )
(14:12:33)   Checking for file '/dev/.lib/lib/lib/1i0n.sh'   ( Not found )
(14:12:33)   Checking for file '/dev/.lib/lib/lib/pstree'    ( Not found )
(14:12:33)   Checking for file '/dev/.lib/lib/lib/in.telnetd' ( Not found )
(14:12:33)   Checking for file '/dev/.lib/lib/lib/mjy'       ( Not found )
(14:12:34)   Checking for file '/dev/.lib/lib/lib/sush'      ( Not found )
(14:12:34)   Checking for file '/dev/.lib/lib/lib/tfn'       ( Not found )
(14:12:34)   Checking for file '/dev/.lib/lib/lib/name'      ( Not found )
(14:12:34)   Checking for file '/dev/.lib/lib/lib/getip.sh'  ( Not found )
(14:12:34)   Checking for file '/usr/info/.torn/sh*'         ( Not found )
(14:12:34)   Checking for file '/usr/src/.puta/.1addr'       ( Not found )
(14:12:34)   Checking for file '/usr/src/.puta/.1file'       ( Not found )
(14:12:34)   Checking for file '/usr/src/.puta/.1proc'       ( Not found )
(14:12:34)   Checking for file '/usr/src/.puta/.1logz'       ( Not found )
(14:12:34)   Checking for file '/usr/info/.t0rn'             ( Not found )
(14:12:34)   Checking for directory '/dev/.lib'              ( Not found )
(14:12:34)   Checking for directory '/dev/.lib/lib'          ( Not found )
(14:12:34)   Checking for directory '/dev/.lib/lib/lib'      ( Not found )
(14:12:34)   Checking for directory '/dev/.lib/lib/lib/dev'  ( Not found )
(14:12:34)   Checking for directory '/dev/.lib/lib/scan'     ( Not found )
(14:12:34)   Checking for directory '/usr/src/.puta'         ( Not found )
(14:12:34)   Checking for directory '/usr/man/man1/man1'     ( Not found )
(14:12:34)   Checking for directory '/usr/man/man1/man1/lib' ( Not found )
(14:12:34)   Checking for directory '/usr/man/man1/man1/lib/.lib' ( Not found )
(14:12:34)   Checking for directory '/usr/man/man1/man1/lib/.lib/.backup' ( Not found )
(14:12:34) T0rn Rootkit                                      ( Not found )
(14:12:34)
(14:12:34) Checking for Trojanit Kit...
(14:12:34)   Checking for file '/bin/.ls'                    ( Not found )
(14:12:35)   Checking for file '/bin/.ps'                    ( Not found )
(14:12:35)   Checking for file '/bin/.netstat'               ( Not found )
(14:12:35)   Checking for file '/usr/bin/.nop'               ( Not found )
(14:12:35)   Checking for file '/usr/bin/.who'               ( Not found )
(14:12:35) Trojanit Kit                                      ( Not found )
(14:12:35)
(14:12:35) Checking for Tuxtendo Rootkit...
(14:12:35)   Checking for file '/dev/tux/.addr'              ( Not found )
(14:12:35)   Checking for file '/dev/tux/.cron'              ( Not found )
(14:12:35)   Checking for file '/dev/tux/.file'              ( Not found )
(14:12:35)   Checking for file '/dev/tux/.log'               ( Not found )
(14:12:35)   Checking for file '/dev/tux/.proc'              ( Not found )
(14:12:35)   Checking for file '/dev/tux/backup/crontab'     ( Not found )
(14:12:35)   Checking for file '/dev/tux/backup/df'          ( Not found )
(14:12:35)   Checking for file '/dev/tux/backup/dir'         ( Not found )
(14:12:35)   Checking for file '/dev/tux/backup/find'        ( Not found )
(14:12:35)   Checking for file '/dev/tux/backup/ifconfig'    ( Not found )
(14:12:35)   Checking for file '/dev/tux/backup/locate'      ( Not found )
(14:12:35)   Checking for file '/dev/tux/backup/netstat'     ( Not found )
(14:12:35)   Checking for file '/dev/tux/backup/ps'          ( Not found )
(14:12:35)   Checking for file '/dev/tux/backup/pstree'      ( Not found )
(14:12:35)   Checking for file '/dev/tux/backup/syslogd'     ( Not found )
(14:12:35)   Checking for file '/dev/tux/backup/tcpd'        ( Not found )
(14:12:35)   Checking for file '/dev/tux/backup/top'         ( Not found )
(14:12:36)   Checking for file '/dev/tux/backup/updatedb'    ( Not found )
(14:12:36)   Checking for file '/dev/tux/backup/vdir'        ( Not found )
(14:12:36)   Checking for directory '/dev/tux'               ( Not found )
(14:12:36)   Checking for directory '/dev/tux/ssh2'          ( Not found )
(14:12:36)   Checking for directory '/dev/tux/backup'        ( Not found )
(14:12:36) Tuxtendo Rootkit                                  ( Not found )
(14:12:36)
(14:12:36) Checking for URK Rootkit...
(14:12:36)   Checking for file '/usr/man/man1/xxxxxxbin/find' ( Not found )
(14:12:36)   Checking for file '/usr/man/man1/xxxxxxbin/du'  ( Not found )
(14:12:36)   Checking for file '/usr/man/man1/xxxxxxbin/ps'  ( Not found )
(14:12:36)   Checking for file '/tmp/conf.inf'               ( Not found )
(14:12:36)   Checking for directory '/usr/man/man1/xxxxxxbin' ( Not found )
(14:12:36) URK Rootkit                                       ( Not found )
(14:12:36)
(14:12:36) Checking for Vampire Rootkit...
(14:12:36)   Checking for kernel symbol 'new_getdents'       ( Skipped )
(14:12:36)   Checking for kernel symbol 'old_getdents'       ( Skipped )
(14:12:36)   Checking for kernel symbol 'should_hide_file_name' ( Skipped )
(14:12:36)   Checking for kernel symbol 'should_hide_task_name' ( Skipped )
(14:12:36) Vampire Rootkit                                   ( Not found )
(14:12:36)
(14:12:36) Checking for VcKit Rootkit...
(14:12:36)   Checking for directory '/usr/include/linux/modules/lib.so' ( Not found )
(14:12:36)   Checking for directory '/usr/include/linux/modules/lib.so/bin' ( Not found )
(14:12:36) VcKit Rootkit                                     ( Not found )
(14:12:36)
(14:12:36) Checking for Volc Rootkit...
(14:12:37)   Checking for directory '/var/spool/.recent'     ( Not found )
(14:12:37)   Checking for directory '/var/spool/.recent/.files' ( Not found )
(14:12:37)   Checking for directory '/usr/lib/volc'          ( Not found )
(14:12:37)   Checking for directory '/usr/lib/volc/backup'   ( Not found )
(14:12:37) Volc Rootkit                                      ( Not found )
(14:12:37)
(14:12:37) Checking for X-Org SunOS Rootkit...
(14:12:37)   Checking for file '/usr/lib/libX.a/bin/tmpfl'   ( Not found )
(14:12:37)   Checking for file '/usr/lib/libX.a/bin/rps'     ( Not found )
(14:12:37)   Checking for file '/usr/bin/srload'             ( Not found )
(14:12:37)   Checking for file '/usr/lib/libX.a/bin/sparcv7/rps' ( Not found )
(14:12:37)   Checking for file '/usr/sbin/modcheck'          ( Not found )
(14:12:37)   Checking for directory '/usr/lib/libX.a'        ( Not found )
(14:12:37)   Checking for directory '/usr/lib/libX.a/bin'    ( Not found )
(14:12:37)   Checking for directory '/usr/lib/libX.a/bin/sparcv7' ( Not found )
(14:12:37)   Checking for directory '/usr/share/man...'      ( Not found )
(14:12:37) X-Org SunOS Rootkit                               ( Not found )
(14:12:37)
(14:12:37) Checking for zaRwT.KiT Rootkit...
(14:12:37)   Checking for file '/dev/rd/s/sendmeil'          ( Not found )
(14:12:37)   Checking for file '/dev/ttyf'                   ( Not found )
(14:12:37)   Checking for file '/dev/ttyp'                   ( Not found )
(14:12:37)   Checking for file '/dev/ttyn'                   ( Not found )
(14:12:37)   Checking for file '/rk/tulz'                    ( Not found )
(14:12:37)   Checking for directory '/rk'                    ( Not found )
(14:12:37)   Checking for directory '/dev/rd/s'              ( Not found )
(14:12:38) zaRwT.KiT Rootkit                                 ( Not found )
(14:12:38)
(14:12:38) Performing additional rootkit checks
(14:12:38) Info: Starting test name 'additional_rkts'
(14:12:38)
(14:12:38)   Performing Suckit Rookit additional checks
(14:12:38)     Checking hard link count on '/sbin/init'      ( OK )
(14:12:38)     Checking for hidden file extensions           ( None found )
(14:12:38)     Running skdet command                         ( Skipped )
(14:12:38) Info: Unable to find the 'skdet' command
(14:12:38)   Suckit Rookit additional checks                 ( OK )
(14:12:38)
(14:12:38)   Performing check of possible rootkit files and directories
(14:12:38) Info: Starting test name 'possible_rkt_files'
(14:12:38)     Checking for file '/dev/sdr0'                 ( Not found )
(14:12:38)     Checking for file '/tmp/.syshackfile'         ( Not found )
(14:12:38)     Checking for file '/tmp/.bash_history'        ( Not found )
(14:12:38)     Checking for file '/usr/info/.clib'           ( Not found )
(14:12:38)     Checking for file '/usr/sbin/tcp.log'         ( Not found )
(14:12:38)     Checking for file '/usr/bin/take/pid'         ( Not found )
(14:12:38)     Checking for file '/sbin/create'              ( Not found )
(14:12:38)     Checking for file '/dev/ttypz'                ( Not found )
(14:12:38)     Checking for directory '/usr/bin/take'        ( Not found )
(14:12:38)     Checking for directory '/usr/src/.lib'        ( Not found )
(14:12:39)     Checking for directory '/usr/share/man/man1/.1c' ( Not found )
(14:12:39)     Checking for directory '/lib/lblip.tk'        ( Not found )
(14:12:39)     Checking for directory '/usr/sbin/...'        ( Not found )
(14:12:39)     Checking for directory '/usr/share/.gun'      ( Not found )
(14:12:39)   Checking for possible rootkit files and directories ( None found )
(14:12:39)
(14:12:39)   Performing check for possible rootkit strings
(14:12:39) Info: Starting test name 'possible_rkt_strings'
(14:12:39) Info: Using system startup paths: /etc/rc.local /etc/init.d /etc/inittab
(14:12:39)     Checking for string '/dev/proc/fuckit'        ( Not found )
(14:12:39)     Checking for string 'FUCK'                    ( Not found )
(14:12:39)     Checking for string 'backdoor'                ( Not found )
(14:12:39)     Checking for string 'vt200'                   ( Not found )
(14:12:39)     Checking for string '/usr/bin/xstat'          ( Not found )
(14:12:39)     Checking for string '/bin/envpc'              ( Not found )
(14:12:39)     Checking for string 'L4m3r0x'                 ( Not found )
(14:12:39)     Checking for string '/usr/lib/.tbd'           ( Not found )
(14:12:39)     Checking for string '/dev/ptyxx/.file'        ( Not found )
(14:12:40)     Checking for string '/dev/sgk'                ( Not found )
(14:12:40)     Checking for string '/var/lock/subsys/...datafile...' ( Not found )
(14:12:40)     Checking for string '/usr/lib/.tbd'           ( Not found )
(14:12:40)     Checking for string '/dev/proc/fuckit'        ( Not found )
(14:12:40)     Checking for string '/lib/.sso'               ( Not found )
(14:12:40)     Checking for string '/var/lock/subsys/...datafile...' ( Not found )
(14:12:40)     Checking for string '/dev/caca'               ( Not found )
(14:12:40)     Checking for string '/dev/ttyoa'              ( Not found )
(14:12:40)     Checking for string 'syg'                     ( Not found )
(14:12:40)     Checking for string '/dev/pts/01'             ( Not found )
(14:12:40)     Checking for string 'tw33dl3'                 ( Not found )
(14:12:40)     Checking for string 'psniff'                  ( Not found )
(14:12:40)     Checking for string '/var/lock/subsys/...datafile...' ( Not found )
(14:12:40)     Checking for string '/dev/ptyxx'              ( Not found )
(14:12:41)     Checking for string 'promiscuous'             ( Not found )
(14:12:41)     Checking for string '/usr/lib/.tbd'           ( Not found )
(14:12:41)     Checking for string '/dev/xdta'               ( Not found )
(14:12:41)     Checking for string '/usr/lib/.tbd'           ( Not found )
(14:12:41)     Checking for string 'in.inetd'                ( Not found )
(14:12:41)     Checking for string '#<HIDE_.*>'              ( Not found )
(14:12:42)     Checking for string 'bin/xchk'                ( Not found )
(14:12:42)     Checking for string 'bin/xsf'                 ( Not found )
(14:12:42)   Checking for possible rootkit strings           ( None found )
(14:12:42)
(14:12:42) Performing malware checks
(14:12:42) Info: Starting test name 'malware'
(14:12:42)
(14:12:42) Info: Test 'deleted_files' disabled at users request.
(14:12:42) Info: Starting test name 'running_procs'
(14:12:42)   Checking running processes for suspicious files ( Skipped )
(14:12:42) Info: Unable to find the 'lsof' command
(14:12:43)
(14:12:43) Info: Test 'hidden_procs' disabled at users request.
(14:12:43)
(14:12:43) Info: Test 'suspscan' disabled at users request.
(14:12:43)
(14:12:43)   Performing check for login backdoors
(14:12:43) Info: Starting test name 'other_malware'
(14:12:43)     Checking for '/bin/.login'                    ( Not found )
(14:12:43)     Checking for '/sbin/.login'                   ( Not found )
(14:12:43)   Checking for login backdoors                    ( None found )
(14:12:43)
(14:12:43)   Performing check for suspicious directories
(14:12:43)     Checking for directory '/usr/X11R6/bin/.,/copy' ( Not found )
(14:12:43)     Checking for directory '/dev/rd/cdb'          ( Not found )
(14:12:43)   Checking for suspicious directories             ( None found )
(14:12:43)
(14:12:43)   Checking for software intrusions                ( Skipped )
(14:12:43) Info: Check skipped - tripwire not installed
(14:12:43)
(14:12:43)   Performing check for sniffer log files
(14:12:43)     Checking for file '/usr/lib/libice.log'       ( Not found )
(14:12:43)   Checking for sniffer log files                  ( None found )
(14:12:43)
(14:12:43) Performing trojan specific checks
(14:12:43) Info: Starting test name 'trojans'
(14:12:43) Info: Using inetd configuration file '/etc/inetd.conf'
(14:12:43)   Checking for enabled inetd services             ( OK )
(14:12:43)
(14:12:43)   Performing check for enabled xinetd services
(14:12:43)   Checking for enabled xinetd services            ( Skipped )
(14:12:43) Info: Check skipped - file '/etc/xinetd.conf' does not exist.
(14:12:43)   Checking for Apache backdoor                    ( Not found )
(14:12:43)
(14:12:43) Performing Linux specific checks
(14:12:43) Info: Starting test name 'os_specific'
(14:12:44)   Checking loaded kernel modules                  ( Warning )
(14:12:44) Warning: No output found from the lsmod command or the /proc/modules file:
(14:12:44)          /proc/modules output: 
(14:12:44)          lsmod output: 
(14:12:44) Info: Using modules pathname of '/lib/modules'
(14:12:44)   Checking kernel module names                    ( Skipped )
(14:12:44) Warning: The kernel modules directory '/lib/modules' is missing or empty.
(14:14:50)
(14:14:50) Checking the network...
(14:14:50) Info: Starting test name 'network'
(14:14:50) Info: Starting test name 'ports'
(14:14:50)
(14:14:50) Performing check for backdoor ports
(14:14:50) Info: Disabling pathnames and '*' in PORT_WHITELIST setting: no 'lsof' command present.
(14:14:51)   Checking for TCP port 1524                      ( Not found )
(14:14:52)   Checking for TCP port 1984                      ( Not found )
(14:14:53)   Checking for UDP port 2001                      ( Not found )
(14:14:54)   Checking for TCP port 2006                      ( Not found )
(14:14:55)   Checking for TCP port 2128                      ( Not found )
(14:14:55)   Checking for TCP port 6666                      ( Not found )
(14:14:56)   Checking for TCP port 6667                      ( Not found )
(14:14:57)   Checking for TCP port 6668                      ( Not found )
(14:14:58)   Checking for TCP port 6669                      ( Not found )
(14:14:59)   Checking for TCP port 7000                      ( Not found )
(14:15:00)   Checking for TCP port 13000                     ( Not found )
(14:15:00)   Checking for TCP port 14856                     ( Not found )
(14:15:01)   Checking for TCP port 25000                     ( Not found )
(14:15:02)   Checking for TCP port 29812                     ( Not found )
(14:15:03)   Checking for TCP port 31337                     ( Not found )
(14:15:04)   Checking for TCP port 33369                     ( Not found )
(14:15:05)   Checking for TCP port 47107                     ( Not found )
(14:15:06)   Checking for TCP port 47018                     ( Not found )
(14:15:07)   Checking for TCP port 60922                     ( Not found )
(14:15:08)   Checking for TCP port 62883                     ( Not found )
(14:15:09)   Checking for TCP port 65535                     ( Not found )
(14:15:09)
(14:15:09) Performing checks on the network interfaces
(14:15:09) Info: Starting test name 'promisc'
(14:15:09) Info: Promiscuous network interface check using 'ip' command skipped - unable to find the 'ip' command.
(14:15:09)   Checking for promiscuous interfaces             ( None found )
(14:15:09)
(14:15:09) Info: Test 'packet_cap_apps' disabled at users request.
(14:15:18)
(14:15:18) Checking the local host...
(14:15:18) Info: Starting test name 'local_host'
(14:15:18)
(14:15:18) Performing system boot checks
(14:15:18) Info: Starting test name 'startup_files'
(14:15:18)   Checking for local host name                    ( Found )
(14:15:18) Info: Starting test name 'startup_malware'
(14:15:18)   Checking for system startup files               ( Found )
(14:15:19)   Checking system startup files for malware       ( None found )
(14:15:19)
(14:15:19) Performing group and account checks
(14:15:19) Info: Starting test name 'group_accounts'
(14:15:19)   Checking for passwd file                        ( Found )
(14:15:19) Info: Found password file: /etc/passwd
(14:15:19)   Checking for root equivalent (UID 0) accounts   ( Warning )
(14:15:19) Warning: Account 'borja' is root equivalent (UID = 0)
(14:15:19) Info: Found shadow file: /etc/shadow
(14:15:19)   Checking for passwordless accounts              ( None found )
(14:15:20) Info: Starting test name 'passwd_changes'
(14:15:20)   Checking for passwd file changes                ( None found )
(14:15:20) Info: Starting test name 'group_changes'
(14:15:20)   Checking for group file changes                 ( None found )
(14:15:20)   Checking root account shell history files       ( OK )
(14:15:20)
(14:15:20) Performing system configuration file checks
(14:15:20) Info: Starting test name 'system_configs'
(14:15:20)   Checking for SSH configuration file             ( Found )
(14:15:20) Info: Found SSH configuration file: /etc/ssh/sshd_config
(14:15:20) Info: Rkhunter option ALLOW_SSH_ROOT_USER set to 'no'.
(14:15:20) Info: Rkhunter option ALLOW_SSH_PROT_V1 set to '0'.
(14:15:20)   Checking if SSH root access is allowed          ( Warning )
(14:15:20) Warning: The SSH and rkhunter configuration options should be the same:
(14:15:20)          SSH configuration option 'PermitRootLogin': yes
(14:15:20)          Rkhunter configuration option 'ALLOW_SSH_ROOT_USER': no
(14:15:20)   Checking if SSH protocol v1 is allowed          ( Not allowed )
(14:15:20)   Checking for running syslog daemon              ( Found )
(14:15:20)   Checking for syslog configuration file          ( Found )
(14:15:20) Info: Found syslog configuration file: /etc/syslog.conf
(14:15:20)   Checking if syslog remote logging is allowed    ( Not allowed )
(14:15:20)
(14:15:20) Performing filesystem checks
(14:15:20) Info: Starting test name 'filesystem'
(14:15:20) Info: SCAN_MODE_DEV set to 'THOROUGH'
(14:15:21)   Checking /dev for suspicious file types         ( Warning )
(14:15:21) Warning: Suspicious file types found in /dev:
(14:15:21)          /dev/shm/network/ifstate: ASCII text
(14:15:21)   Checking for hidden files and directories       ( None found )
(14:15:33)
(14:15:33) Checking application versions...
(14:15:33) Info: Starting test name 'apps'
(14:15:34) Info: Application 'exim' not found.
(14:15:34)   Checking version of GnuPG                       ( OK )
(14:15:34) Info: Application 'gpg' version '1.4.6' found.
(14:15:34)   Checking version of Apache                      ( Warning )
(14:15:34) Warning: Application 'httpd', version '2.2.3', is out of date, and possibly a security risk.
(14:15:34)   Checking version of Bind DNS                    ( Warning )
(14:15:34) Warning: Application 'named', version '9.3.4', is out of date, and possibly a security risk.
(14:15:34)   Checking version of OpenSSL                     ( Warning )
(14:15:34) Warning: Application 'openssl', version '0.9.8c', is out of date, and possibly a security risk.
(14:15:34)   Checking version of PHP                         ( Warning )
(14:15:34) Warning: Application 'php', version '5.2.0', is out of date, and possibly a security risk.
(14:15:34)   Checking version of Procmail MTA                ( OK )
(14:15:35) Info: Application 'procmail' version '3.22' found.
(14:15:35)   Checking version of ProFTPd                     ( OK )
(14:15:35) Info: Application 'proftpd' version '1.3.0' found.
(14:15:35)   Checking version of OpenSSH                     ( Warning )
(14:15:35) Warning: Application 'sshd', version '4.3p2', is out of date, and possibly a security risk.
(14:15:35) Info: Applications checked: 8 out of 9
(14:15:35)
(14:15:35) System checks summary
(14:15:35) =====================
(14:15:35)
(14:15:35) File properties checks...
(14:15:35) Files checked: 119
(14:15:35) Suspect files: 119
(14:15:35)
(14:15:35) Rootkit checks...
(14:15:35) Rootkits checked : 114
(14:15:35) Possible rootkits: 0
(14:15:35)
(14:15:35) Applications checks...
(14:15:35) Applications checked: 8
(14:15:35) Suspect applications: 5
(14:15:35)
(14:15:35) The system checks took: 10 minutes and 22 seconds
(14:15:35)
(14:15:35) Info: End date is mié mar 31 14:15:35 CEST 2010
Reply With Quote
  #4  
Old 1st April 2010, 14:53
falko falko is offline
Super Moderator
 
Join Date: Apr 2005
Location: Lüneburg, Germany
Posts: 41,701
Thanks: 1,900
Thanked 2,741 Times in 2,575 Posts
Default

The changed files in part 1 of your log don't look good.
Can you update rkhunter...
Code:
rkhunter -u
and run rkhunter again? Do you get the same results then?
__________________
Falko
--
Download the ISPConfig 3 Manual! | Check out the ISPConfig 3 Billing Module!

FB: http://www.facebook.com/howtoforge

nginx-Webhosting: Timme Hosting | Follow me on:
Reply With Quote
  #5  
Old 5th April 2010, 10:12
esezako esezako is offline
Senior Member
 
Join Date: Dec 2008
Posts: 176
Thanks: 16
Thanked 4 Times in 3 Posts
Default

Hi, Falko
i execute after "rkhunter --update" and i obtain the same result.
My distribution is a debian etch in a container of openvz (with proxmox). Can are this a issue?
PD: the distribution of the fisical server with proxmox is a debian lenny.

Last edited by esezako; 5th April 2010 at 10:15.
Reply With Quote
  #6  
Old 6th April 2010, 14:04
esezako esezako is offline
Senior Member
 
Join Date: Dec 2008
Posts: 176
Thanks: 16
Thanked 4 Times in 3 Posts
Default

some idea to solve the problem?
I experimenting mailing problems
Reply With Quote
  #7  
Old 6th April 2010, 15:12
falko falko is offline
Super Moderator
 
Join Date: Apr 2005
Location: Lüneburg, Germany
Posts: 41,701
Thanks: 1,900
Thanked 2,741 Times in 2,575 Posts
Default

Quote:
Originally Posted by esezako View Post
My distribution is a debian etch in a container of openvz (with proxmox).
This could be the reason, but I'm not sure...
__________________
Falko
--
Download the ISPConfig 3 Manual! | Check out the ISPConfig 3 Billing Module!

FB: http://www.facebook.com/howtoforge

nginx-Webhosting: Timme Hosting | Follow me on:
Reply With Quote
  #8  
Old 27th September 2011, 07:28
SamTzu SamTzu is offline
HowtoForge Supporter
 
Join Date: Apr 2007
Location: Helsinki
Posts: 426
Thanks: 33
Thanked 55 Times in 38 Posts
Send a message via Skype™ to SamTzu
 
Default

Looks normal.

You have run the original rkhunter check on a different host then migrated the virtual machine then ran the check on the new system again... and this is the result. Different hardware, different inodes.

It's a good policy to do 'rkhunter --propupd' before and after the migration.
__________________

Sami Mattila
Internet-Content

Telephone:
00358942833310
Email: firstname.lastname@internet-content.org
Shop: http://shop.internet-content.net
Site: http://www.internet-content.net
Blog: http://www.internet-content.net/en/blog
FB: https://www.facebook.com/internetcontent

Reply With Quote
The Following User Says Thank You to SamTzu For This Useful Post:
falko (28th September 2011)
Reply

Bookmarks

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
rkhunter Tripple Installation/Configuration 22 13th May 2014 23:03
RKHunter Warnings sheshes Server Operation 7 18th March 2010 19:34
rkhunter Messages atjensen11 Installation/Configuration 0 16th September 2009 17:59
rkhunter on centos revisited Doug G Installation/Configuration 2 16th August 2009 19:43
rkhunter upgrade? KenMasters Installation/Configuration 1 10th June 2009 08:39


All times are GMT +2. The time now is 12:36.


Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2014, vBulletin Solutions, Inc.