Old 27th May 2009, 20:26
trcinc1 trcinc1 is offline
HowtoForge Supporter
Join Date: Nov 2006
Location: New Mexico
Posts: 21
Thanks: 3
Thanked 2 Times in 2 Posts
Default Normal Chkrootkit output??

I just started noticing this output from chkrootkit.

Is this normal? The issue appears right after: 'Searching for suspect PHP files...' A few pages later it continues as normal.

Searching for ESRK rootkit default files... nothing found
Searching for rootedoor... nothing found
Searching for ENYELKM rootkit default files... nothing found
Searching for common ssh-scanners default files... nothing found
Searching for suspect PHP files...
PMA_token |s:32:"597feec2b25e984af078476a65626e4d";PMA_Confi g|O:10:"PMA_Config":10:{s:14:"default_source";s:30 :"./libraries/config.defaul
t.php";s:8:"settings";a:167:{s:14:"PmaAbsoluteUri" ;s:43:"https://www.mydomain.com:81/phpmyadmin/";s:28:"PmaNoRelation_DisableWarning";
b:0;s:21:"SuhosinDisableWarning";b:0;s:22:"AllowTh irdPartyFraming";b:0;s:15:"blowfish_secret";s:0:"" ;s:13:"ServerDefault";i:1;s:9:"MaxDbLi
st";i:100;s:12:"MaxTableList";i:2 (snip)

";i:15;s:4:"args";a:1:{i:0;s:68:"/home/admispconfig/ispconfig/web/phpmyadmin/libraries/common.inc.php";}s:8:"function";s:12:"require_once "
;}}s:8:"*_hash";s:32:"4e6c84a8dd131339f4d9998cef04 28e1";s:10:"*_number";i:2048;s:10:"*_string";s:0:" ";s:11:"*_message";s:469:"date_default
_timezone_get() [<a href='function.date-default-timezone-get'>function.date-default-timezone-get</a>]: It is not safe to rely on the syste
m's timezone settings. Please use the date.timezone setting, the TZ environment variable or the date_default_timezone_set() function. In c
ase you used any of those methods and you are still getting this warning, you most likely misspelled the timezone identifier. We selected
'America/Denver' for 'MDT/-6.0/DST' instead";s:16:"*_is_displayed";b:0;s:10:"*_params" ;a:0:{}s:18:"*_added_messages";a:0:{}}s:32:"a27802 b6
Searching for anomalies in shell history files... nothing found
Checking `asp'... not infected (snip)

I am using Debian Lenny - Chkrookit 0.48.

Any ideas??
Reply With Quote
Sponsored Links
Old 28th May 2009, 13:01
falko falko is offline
Super Moderator
Join Date: Apr 2005
Location: Lneburg, Germany
Posts: 41,701
Thanks: 1,900
Thanked 2,749 Times in 2,579 Posts

I wouldn't worry about this. It seems as if chkrootkit doesn't know how to handle the phpMyAdmin package.
Download the ISPConfig 3 Manual! | Check out the ISPConfig 3 Billing Module!

FB: http://www.facebook.com/howtoforge

nginx-Webhosting: Timme Hosting | Follow me on:
Reply With Quote
Old 28th May 2009, 17:18
trcinc1 trcinc1 is offline
HowtoForge Supporter
Join Date: Nov 2006
Location: New Mexico
Posts: 21
Thanks: 3
Thanked 2 Times in 2 Posts

Sounds great.

I just noticed the same output on a "Test Server" which was just built - So I was thinking it was something just throwing off chkrootkit.

Thanks again.

Reply With Quote


Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
Chkrootkit error in output bernholdt HOWTO-Related Questions 5 23rd January 2009 15:13
pop3 service alone is failed in "The Perfect Setup - Debian Sarge (3.1)" nandhu HOWTO-Related Questions 60 5th August 2008 16:15
add web site serr57 Installation/Configuration 18 13th April 2008 12:40
Firewall script ColdDoT Server Operation 1 9th May 2006 00:50
SuseFirewall expert pls help zacch Installation/Configuration 11 17th March 2006 05:24

All times are GMT +2. The time now is 05:21.

Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2014, vBulletin Solutions, Inc.