|
|
Rank: AiutAmico
Iscritto dal : 9/1/2008
Posts: 502
|
Buongiorno a tutti, cause di forza maggiore mi hanno impedito di augurare un buon Natale a tutti voi amici del forum. Ora, nell'augurarvi un felice e prospero anno nuovo, colgo l'occasione per chiedervi lumi per quanto segue: per curiosità ho installato "chkrootkit e rkhunter" con il comando sudo apt-get install chkrootkit rkhunter . dopo avvio con: sudo chkrootkit e scansionato con: sudo rkhunter -c ho avuto una lista lunghissima con quasi tutto OK tranne che per: /usr/bin/perl [ Warning ] ... e: Checking application versions... Checking version of Exim MTA [ OK ] Checking version of GnuPG [ OK ] Checking version of OpenSSL [ OK ] System checks summary ===================== File properties checks... Files checked: 122 Suspect files: 0 Rootkit checks... Rootkits checked : 109 Possible rootkits: 0 Applications checks... Applications checked: 3 Suspect applications: 0 The system checks took: 1 minute and 15 seconds All results have been written to the logfile (/var/log/rkhunter.log) One or more warnings have been found while checking the system. Please check the log file (/var/log/rkhunter.log) adamerca@adamerca-desktop:~$ Ora, in /var/log/rkhunter.log ci sono ci sono due cartelle con questo nome con un punto rosso ed una X e se tento di aprirle per vedere il contenuto mi si avvisa che non ho permessi sufficienti per aprire il file. Qualche suggerimento sul da farsi ??? Grazie a tutti. 
|
|
|
|
|
|
Rank: AiutAmico
Iscritto dal : 8/30/2008
Posts: 166
|
adamerca ha scritto:Buongiorno a tutti, cause di forza maggiore mi hanno impedito di augurare un buon Natale a tutti voi amici del forum. Ora, nell'augurarvi un felice e prospero anno nuovo, colgo l'occasione per chiedervi lumi per quanto segue: per curiosità ho installato "chkrootkit e rkhunter" con il comando sudo apt-get install chkrootkit rkhunter . dopo avvio con: sudo chkrootkit e scansionato con: sudo rkhunter -c ho avuto una lista lunghissima con quasi tutto OK tranne che per: /usr/bin/perl [ Warning ] ... e: Checking application versions... Checking version of Exim MTA [ OK ] Checking version of GnuPG [ OK ] Checking version of OpenSSL [ OK ] System checks summary ===================== File properties checks... Files checked: 122 Suspect files: 0 Rootkit checks... Rootkits checked : 109 Possible rootkits: 0 Applications checks... Applications checked: 3 Suspect applications: 0 The system checks took: 1 minute and 15 seconds All results have been written to the logfile (/var/log/rkhunter.log) One or more warnings have been found while checking the system. Please check the log file (/var/log/rkhunter.log) adamerca@adamerca-desktop:~$ Ora, in /var/log/rkhunter.log ci sono ci sono due cartelle con questo nome con un punto rosso ed una X e se tento di aprirle per vedere il contenuto mi si avvisa che non ho permessi sufficienti per aprire il file. Qualche suggerimento sul da farsi ??? Grazie a tutti. devi acquisire i diritti di root per leggere quei file sudo cat /var/log/rkhunter.log
|
|
Rank: AiutAmico
Iscritto dal : 4/5/2005
Posts: 22,971
|
Comunque, mi par che NON ti sia stato rilevato nessun rootkit...
|
|
Rank: AiutAmico
Iscritto dal : 9/1/2008
Posts: 502
|
monsee-liv3llo0 grazie, tempestivi come sempre...le cartelle le ho aperte. Grazie !
Solo x ulteriore scrupolo allego (chiedo scusa se è lungo) il log ..se potete confermarmi
che è tutto OK..molto grato.
Grazie ancora e Buon Anno a tutti.
13:28:41] Checking for file '/usr/bin/lkillall' [ Not found ]
[13:28:41] Checking for file '/usr/bin/ldu' [ Not found ]
[13:28:41] Checking for file '/usr/bin/lnetstat' [ Not found ]
[13:28:41] Checking for file '/usr/bin/wp' [ Not found ]
[13:28:41] Checking for file '/usr/bin/shad' [ Not found ]
[13:28:41] Checking for file '/usr/bin/vadim' [ Not found ]
[13:28:41] Checking for file '/usr/bin/slice' [ Not found ]
[13:28:41] Checking for file '/usr/bin/cleaner' [ Not found ]
[13:28:41] Checking for file '/usr/include/rpcsvc/du' [ Not found ]
[13:28:41] RH-Sharpe's Rootkit [ Not found ]
[13:28:41]
[13:28:41] Checking for RSHA's Rootkit...
[13:28:41] Checking for file '/bin/kr4p' [ Not found ]
[13:28:41] Checking for file '/usr/bin/n3tstat' [ Not found ]
[13:28:42] Checking for file '/usr/bin/chsh2' [ Not found ]
[13:28:42] Checking for file '/usr/bin/slice2' [ Not found ]
[13:28:42] Checking for file '/usr/src/linux/arch/alpha/lib/.lib/.1proc' [ Not found ]
[13:28:42] Checking for file '/etc/rc.d/arch/alpha/lib/.lib/.1addr' [ Not found ]
[13:28:42] Checking for directory '/etc/rc.d/rsha' [ Not found ]
[13:28:42] Checking for directory '/etc/rc.d/arch/alpha/lib/.lib' [ Not found ]
[13:28:42] RSHA's Rootkit [ Not found ]
[13:28:42]
[13:28:42] Checking for Scalper Worm...
[13:28:42] Checking for file '/tmp/.a' [ Not found ]
[13:28:42] Checking for file '/tmp/.uua' [ Not found ]
[13:28:42] Scalper Worm [ Not found ]
[13:28:42]
[13:28:42] Checking for Sebek LKM...
[13:28:42] Checking for kernel symbol 'adore or sebek' [ Not found ]
[13:28:42] Sebek LKM [ Not found ]
[13:28:42]
[13:28:42] Checking for Shutdown Rootkit...
[13:28:42] Checking for file '/usr/man/man5/.. /.dir/scannah/asus' [ Not found ]
[13:28:42] Checking for file '/usr/man/man5/.. /.dir/see' [ Not found ]
[13:28:42] Checking for file '/usr/man/man5/.. /.dir/nscd' [ Not found ]
[13:28:42] Checking for file '/usr/man/man5/.. /.dir/alpd' [ Not found ]
[13:28:42] Checking for file '/etc/rc.d/rc.local ' [ Not found ]
[13:28:42] Checking for directory '/usr/man/man5/.. /.dir' [ Not found ]
[13:28:42] Checking for directory '/usr/man/man5/.. /.dir/scannah' [ Not found ]
[13:28:42] Checking for directory '/etc/rc.d/rc0.d/.. /.dir' [ Not found ]
[13:28:42] Shutdown Rootkit [ Not found ]
[13:28:42]
[13:28:42] Checking for SHV4 Rootkit...
[13:28:42] Checking for file '/etc/ld.so.hash' [ Not found ]
[13:28:43] Checking for file '/lib/libext-2.so.7' [ Not found ]
[13:28:43] Checking for file '/lib/lidps1.so' [ Not found ]
[13:28:43] Checking for file '/usr/sbin/xntps' [ Not found ]
[13:28:43] Checking for directory '/lib/security/.config' [ Not found ]
[13:28:43] Checking for directory '/lib/security/.config/ssh' [ Not found ]
[13:28:43] SHV4 Rootkit [ Not found ]
[13:28:43]
[13:28:43] Checking for SHV5 Rootkit...
[13:28:43] Checking for file '/etc/sh.conf' [ Not found ]
[13:28:43] Checking for file '/dev/srd0' [ Not found ]
[13:28:43] Checking for directory '/usr/lib/libsh' [ Not found ]
[13:28:43] SHV5 Rootkit [ Not found ]
[13:28:43]
[13:28:43] Checking for Sin Rootkit...
[13:28:43] Checking for file '/dev/.haos/haos1/.f/Denyed' [ Not found ]
[13:28:43] Checking for file '/dev/ttyoa' [ Not found ]
[13:28:43] Checking for file '/dev/ttyof' [ Not found ]
[13:28:43] Checking for file '/dev/ttyop' [ Not found ]
[13:28:43] Checking for file '/dev/ttyos' [ Not found ]
[13:28:43] Checking for file '/usr/lib/.lib' [ Not found ]
[13:28:43] Checking for file '/usr/lib/sn/.X' [ Not found ]
[13:28:43] Checking for file '/usr/lib/sn/.sys' [ Not found ]
[13:28:43] Checking for file '/usr/lib/ld/.X' [ Not found ]
[13:28:43] Checking for file '/usr/man/man1/...' [ Not found ]
[13:28:43] Checking for file '/usr/man/man1/.../.m' [ Not found ]
[13:28:43] Checking for file '/usr/man/man1/.../.w' [ Not found ]
[13:28:43] Checking for directory '/usr/lib/sn' [ Not found ]
[13:28:43] Checking for directory '/usr/lib/man1/...' [ Not found ]
[13:28:43] Checking for directory '/dev/.haos' [ Not found ]
[13:28:43] Sin Rootkit [ Not found ]
[13:28:43]
[13:28:43] Checking for Slapper Worm...
[13:28:43] Checking for file '/tmp/.bugtraq' [ Not found ]
[13:28:43] Checking for file '/tmp/.uubugtraq' [ Not found ]
[13:28:43] Checking for file '/tmp/.bugtraq.c' [ Not found ]
[13:28:43] Checking for file '/tmp/httpd' [ Not found ]
[13:28:43] Checking for file '/tmp/.unlock' [ Not found ]
[13:28:43] Checking for file '/tmp/update' [ Not found ]
[13:28:43] Checking for file '/tmp/.cinik' [ Not found ]
[13:28:43] Checking for file '/tmp/.b' [ Not found ]
[13:28:43] Slapper Worm [ Not found ]
[13:28:43]
[13:28:43] Checking for Sneakin Rootkit...
[13:28:43] Checking for directory '/tmp/.X11-unix/.../rk' [ Not found ]
[13:28:44] Sneakin Rootkit [ Not found ]
[13:28:44]
[13:28:44] Checking for Suckit Rootkit...
[13:28:44] Checking for file '/sbin/initsk12' [ Not found ]
[13:28:44] Checking for file '/sbin/initxrk' [ Not found ]
[13:28:44] Checking for file '/usr/bin/null' [ Not found ]
[13:28:44] Checking for file '/usr/share/locale/sk/.sk12/sk' [ Not found ]
[13:28:44] Checking for file '/etc/rc.d/rc0.d/S23kmdac' [ Not found ]
[13:28:44] Checking for file '/etc/rc.d/rc1.d/S23kmdac' [ Not found ]
[13:28:44] Checking for file '/etc/rc.d/rc2.d/S23kmdac' [ Not found ]
[13:28:44] Checking for file '/etc/rc.d/rc3.d/S23kmdac' [ Not found ]
[13:28:44] Checking for file '/etc/rc.d/rc4.d/S23kmdac' [ Not found ]
[13:28:44] Checking for file '/etc/rc.d/rc5.d/S23kmdac' [ Not found ]
[13:28:44] Checking for file '/etc/rc.d/rc6.d/S23kmdac' [ Not found ]
[13:28:44] Checking for directory '/dev/sdhu0/tehdrakg' [ Not found ]
[13:28:44] Checking for directory '/etc/.MG' [ Not found ]
[13:28:44] Checking for directory '/usr/share/locale/sk/.sk12' [ Not found ]
[13:28:44] Checking for directory '/usr/lib/perl5/site_perl/i386-linux/auto/TimeDate/.packlist' [ Not found ]
[13:28:44] Suckit Rootkit [ Not found ]
[13:28:44]
[13:28:44] Checking for SunOS Rootkit...
[13:28:44] Checking for file '/etc/ld.so.hash' [ Not found ]
[13:28:44] Checking for file '/lib/libext-2.so.7' [ Not found ]
[13:28:44] Checking for file '/usr/bin/ssh2d' [ Not found ]
[13:28:44] Checking for file '/bin/xlogin' [ Not found ]
[13:28:44] Checking for file '/usr/lib/crth.o' [ Not found ]
[13:28:44] Checking for file '/usr/lib/crtz.o' [ Not found ]
[13:28:44] Checking for file '/sbin/login' [ Not found ]
[13:28:44] Checking for file '/lib/security/.config/sn' [ Not found ]
[13:28:44] Checking for file '/lib/security/.config/lpsched' [ Not found ]
[13:28:44] Checking for file '/dev/kmod' [ Not found ]
[13:28:44] Checking for file '/dev/dos' [ Not found ]
[13:28:44] SunOS Rootkit [ Not found ]
[13:28:44]
[13:28:44] Checking for SunOS / NSDAP Rootkit...
[13:28:44] Checking for file '/usr/lib/vold/nsdap/.kit' [ Not found ]
[13:28:44] Checking for file '/usr/lib/vold/nsdap/defines' [ Not found ]
[13:28:44] Checking for file '/usr/lib/vold/nsdap/patcher' [ Not found ]
[13:28:44] Checking for file '/usr/lib/vold/nsdap/pg' [ Not found ]
[13:28:44] Checking for file '/usr/lib/vold/nsdap/cleaner' [ Not found ]
[13:28:44] Checking for file '/usr/lib/vold/nsdap/utime' [ Not found ]
[13:28:44] Checking for file '/usr/lib/vold/nsdap/crypt' [ Not found ]
[13:28:44] Checking for file '/usr/lib/vold/nsdap/findkit' [ Not found ]
[13:28:44] Checking for file '/usr/lib/vold/nsdap/sn2' [ Not found ]
[13:28:45] Checking for file '/usr/lib/vold/nsdap/sniffload' [ Not found ]
[13:28:45] Checking for file '/usr/lib/vold/nsdap/runsniff' [ Not found ]
[13:28:45] Checking for file '/usr/lib/lpset' [ Not found ]
[13:28:45] Checking for directory '/usr/lib/vold/nsdap' [ Not found ]
[13:28:45] SunOS / NSDAP Rootkit [ Not found ]
[13:28:45]
[13:28:45] Checking for Superkit Rootkit...
[13:28:45] Checking for file '/usr/man/.sman/sk' [ Not found ]
[13:28:45] Superkit Rootkit [ Not found ]
[13:28:45]
[13:28:45] Checking for TBD (Telnet BackDoor)...
[13:28:45] Checking for file '/usr/lib/.tbd' [ Not found ]
[13:28:45] TBD (Telnet BackDoor) [ Not found ]
[13:28:45]
[13:28:45] Checking for TeLeKiT Rootkit...
[13:28:45] Checking for file '/usr/man/man3/.../TeLeKiT/bin/sniff' [ Not found ]
[13:28:45] Checking for file '/usr/man/man3/.../TeLeKiT/bin/telnetd' [ Not found ]
[13:28:45] Checking for file '/usr/man/man3/.../TeLeKiT/bin/teleulo' [ Not found ]
[13:28:45] Checking for file '/usr/man/man3/.../cl' [ Not found ]
[13:28:45] Checking for file '/dev/ptyr' [ Not found ]
[13:28:45] Checking for file '/dev/ptyp' [ Not found ]
[13:28:45] Checking for file '/dev/ptyq' [ Not found ]
[13:28:45] Checking for file '/dev/hda06' [ Not found ]
[13:28:45] Checking for file '/usr/info/libc1.so' [ Not found ]
[13:28:45] Checking for directory '/usr/man/man3/...' [ Not found ]
[13:28:45] Checking for directory '/usr/man/man3/.../lsniff' [ Not found ]
[13:28:45] Checking for directory '/usr/man/man3/.../TeLeKiT' [ Not found ]
[13:28:45] TeLeKiT Rootkit [ Not found ]
[13:28:45]
[13:28:45] Checking for T0rn Rootkit...
[13:28:45] Checking for file '/dev/.lib/lib/lib/t0rns' [ Not found ]
[13:28:45] Checking for file '/dev/.lib/lib/lib/du' [ Not found ]
[13:28:45] Checking for file '/dev/.lib/lib/lib/ls' [ Not found ]
[13:28:45] Checking for file '/dev/.lib/lib/lib/t0rnsb' [ Not found ]
[13:28:45] Checking for file '/dev/.lib/lib/lib/ps' [ Not found ]
[13:28:45] Checking for file '/dev/.lib/lib/lib/t0rnp' [ Not found ]
[13:28:45] Checking for file '/dev/.lib/lib/lib/find' [ Not found ]
[13:28:45] Checking for file '/dev/.lib/lib/lib/ifconfig' [ Not found ]
[13:28:45] Checking for file '/dev/.lib/lib/lib/pg' [ Not found ]
[13:28:45] Checking for file '/dev/.lib/lib/lib/ssh.tgz' [ Not found ]
[13:28:45] Checking for file '/dev/.lib/lib/lib/top' [ Not found ]
[13:28:45] Checking for file '/dev/.lib/lib/lib/sz' [ Not found ]
[13:28:45] Checking for file '/dev/.lib/lib/lib/login' [ Not found ]
[13:28:45] Checking for file '/dev/.lib/lib/lib/in.fingerd' [ Not found ]
[13:28:46] Checking for file '/dev/.lib/lib/lib/1i0n.sh' [ Not found ]
[13:28:46] Checking for file '/dev/.lib/lib/lib/pstree' [ Not found ]
[13:28:46] Checking for file '/dev/.lib/lib/lib/in.telnetd' [ Not found ]
[13:28:46] Checking for file '/dev/.lib/lib/lib/mjy' [ Not found ]
[13:28:46] Checking for file '/dev/.lib/lib/lib/sush' [ Not found ]
[13:28:46] Checking for file '/dev/.lib/lib/lib/tfn' [ Not found ]
[13:28:46] Checking for file '/dev/.lib/lib/lib/name' [ Not found ]
[13:28:46] Checking for file '/dev/.lib/lib/lib/getip.sh' [ Not found ]
[13:28:46] Checking for file '/usr/info/.torn/sh*' [ Not found ]
[13:28:46] Checking for file '/usr/src/.puta/.1addr' [ Not found ]
[13:28:46] Checking for file '/usr/src/.puta/.1file' [ Not found ]
[13:28:46] Checking for file '/usr/src/.puta/.1proc' [ Not found ]
[13:28:46] Checking for file '/usr/src/.puta/.1logz' [ Not found ]
[13:28:46] Checking for file '/usr/info/.t0rn' [ Not found ]
[13:28:46] Checking for directory '/dev/.lib' [ Not found ]
[13:28:46] Checking for directory '/dev/.lib/lib' [ Not found ]
[13:28:46] Checking for directory '/dev/.lib/lib/lib' [ Not found ]
[13:28:46] Checking for directory '/dev/.lib/lib/lib/dev' [ Not found ]
[13:28:46] Checking for directory '/dev/.lib/lib/scan' [ Not found ]
[13:28:46] Checking for directory '/usr/src/.puta' [ Not found ]
[13:28:46] Checking for directory '/usr/man/man1/man1' [ Not found ]
[13:28:46] Checking for directory '/usr/man/man1/man1/lib' [ Not found ]
[13:28:46] Checking for directory '/usr/man/man1/man1/lib/.lib' [ Not found ]
[13:28:46] Checking for directory '/usr/man/man1/man1/lib/.lib/.backup' [ Not found ]
[13:28:46] T0rn Rootkit [ Not found ]
[13:28:46]
[13:28:46] Checking for Trojanit Kit...
[13:28:46] Checking for file '/bin/.ls' [ Not found ]
[13:28:46] Checking for file '/bin/.ps' [ Not found ]
[13:28:46] Checking for file '/bin/.netstat' [ Not found ]
[13:28:46] Checking for file '/usr/bin/.nop' [ Not found ]
[13:28:46] Checking for file '/usr/bin/.who' [ Not found ]
[13:28:46] Trojanit Kit [ Not found ]
[13:28:46]
[13:28:46] Checking for Tuxtendo Rootkit...
[13:28:46] Checking for file '/dev/tux/.addr' [ Not found ]
[13:28:46] Checking for file '/dev/tux/.cron' [ Not found ]
[13:28:46] Checking for file '/dev/tux/.file' [ Not found ]
[13:28:46] Checking for file '/dev/tux/.log' [ Not found ]
[13:28:46] Checking for file '/dev/tux/.proc' [ Not found ]
[13:28:46] Checking for file '/dev/tux/backup/crontab' [ Not found ]
[13:28:46] Checking for file '/dev/tux/backup/df' [ Not found ]
[13:28:47] Checking for file '/dev/tux/backup/dir' [ Not found ]
[13:28:47] Checking for file '/dev/tux/backup/find' [ Not found ]
[13:28:47] Checking for file '/dev/tux/backup/ifconfig' [ Not found ]
[13:28:47] Checking for file '/dev/tux/backup/locate' [ Not found ]
[13:28:47] Checking for file '/dev/tux/backup/netstat' [ Not found ]
[13:28:47] Checking for file '/dev/tux/backup/ps' [ Not found ]
[13:28:47] Checking for file '/dev/tux/backup/pstree' [ Not found ]
[13:28:47] Checking for file '/dev/tux/backup/syslogd' [ Not found ]
[13:28:47] Checking for file '/dev/tux/backup/tcpd' [ Not found ]
[13:28:47] Checking for file '/dev/tux/backup/top' [ Not found ]
[13:28:47] Checking for file '/dev/tux/backup/updatedb' [ Not found ]
[13:28:47] Checking for file '/dev/tux/backup/vdir' [ Not found ]
[13:28:47] Checking for directory '/dev/tux' [ Not found ]
[13:28:47] Checking for directory '/dev/tux/ssh2' [ Not found ]
[13:28:47] Checking for directory '/dev/tux/backup' [ Not found ]
[13:28:47] Tuxtendo Rootkit [ Not found ]
[13:28:47]
[13:28:47] Checking for URK Rootkit...
[13:28:47] Checking for file '/usr/man/man1/xxxxxxbin/find' [ Not found ]
[13:28:47] Checking for file '/usr/man/man1/xxxxxxbin/du' [ Not found ]
[13:28:47] Checking for file '/usr/man/man1/xxxxxxbin/ps' [ Not found ]
[13:28:47] Checking for file '/tmp/conf.inf' [ Not found ]
[13:28:47] Checking for directory '/usr/man/man1/xxxxxxbin' [ Not found ]
[13:28:47] URK Rootkit [ Not found ]
[13:28:47]
[13:28:47] Checking for VcKit Rootkit...
[13:28:47] Checking for directory '/usr/include/linux/modules/lib.so' [ Not found ]
[13:28:47] Checking for directory '/usr/include/linux/modules/lib.so/bin' [ Not found ]
[13:28:47] VcKit Rootkit [ Not found ]
[13:28:47]
[13:28:47] Checking for Volc Rootkit...
[13:28:47] Checking for directory '/var/spool/.recent' [ Not found ]
[13:28:47] Checking for directory '/var/spool/.recent/.files' [ Not found ]
[13:28:47] Checking for directory '/usr/lib/volc' [ Not found ]
[13:28:47] Checking for directory '/usr/lib/volc/backup' [ Not found ]
[13:28:47] Volc Rootkit [ Not found ]
[13:28:47]
[13:28:47] Checking for X-Org SunOS Rootkit...
[13:28:47] Checking for file '/usr/lib/libX.a/bin/tmpfl' [ Not found ]
[13:28:47] Checking for file '/usr/lib/libX.a/bin/rps' [ Not found ]
[13:28:47] Checking for file '/usr/bin/srload' [ Not found ]
[13:28:47] Checking for file '/usr/lib/libX.a/bin/sparcv7/rps' [ Not found ]
[13:28:47] Checking for file '/usr/sbin/modcheck' [ Not found ]
[13:28:47] Checking for directory '/usr/lib/libX.a' [ Not found ]
[13:28:48] Checking for directory '/usr/lib/libX.a/bin' [ Not found ]
[13:28:48] Checking for directory '/usr/lib/libX.a/bin/sparcv7' [ Not found ]
[13:28:48] Checking for directory '/usr/share/man...' [ Not found ]
[13:28:48] X-Org SunOS Rootkit [ Not found ]
[13:28:48]
[13:28:48] Checking for zaRwT.KiT Rootkit...
[13:28:48] Checking for file '/dev/rd/s/sendmeil' [ Not found ]
[13:28:48] Checking for file '/dev/ttyf' [ Not found ]
[13:28:48] Checking for file '/dev/ttyp' [ Not found ]
[13:28:48] Checking for file '/dev/ttyn' [ Not found ]
[13:28:48] Checking for file '/rk/tulz' [ Not found ]
[13:28:48] Checking for directory '/rk' [ Not found ]
[13:28:48] Checking for directory '/dev/rd/s' [ Not found ]
[13:28:48] zaRwT.KiT Rootkit [ Not found ]
[13:28:48]
[13:28:48] Performing additional rootkit checks
[13:28:48] Info: Starting test name 'additional_rkts'
[13:28:48]
[13:28:48] Performing Suckit Rookit additional checks
[13:28:48] Checking /sbin/init link count [ OK ]
[13:28:48] Checking for hidden file extensions [ None found ]
[13:28:48] Running skdet command [ Skipped ]
[13:28:48] Info: Unable to find the 'skdet' command
[13:28:48] Suckit Rookit additional checks [ OK ]
[13:28:48]
[13:28:48] Performing check of possible rootkit files and directories
[13:28:48] Info: Starting test name 'possible_rkt_files'
[13:28:48] Checking for file '/dev/sdr0' [ Not found ]
[13:28:48] Checking for file '/tmp/.syshackfile' [ Not found ]
[13:28:48] Checking for file '/tmp/.bash_history' [ Not found ]
[13:28:48] Checking for file '/usr/info/.clib' [ Not found ]
[13:28:48] Checking for file '/usr/sbin/tcp.log' [ Not found ]
[13:28:48] Checking for file '/usr/bin/take/pid' [ Not found ]
[13:28:48] Checking for file '/sbin/create' [ Not found ]
[13:28:48] Checking for file '/dev/ttypz' [ Not found ]
[13:28:48] Checking for directory '/usr/bin/take' [ Not found ]
[13:28:48] Checking for directory '/usr/src/.lib' [ Not found ]
[13:28:48] Checking for directory '/usr/share/man/man1/.1c' [ Not found ]
[13:28:48] Checking for directory '/lib/lblip.tk' [ Not found ]
[13:28:49] Checking for directory '/usr/sbin/...' [ Not found ]
[13:28:49] Checking for directory '/usr/share/.gun' [ Not found ]
[13:28:49] Checking for possible rootkit files and directories [ None found ]
[13:28:49]
[13:28:49] Performing check for possible rootkit strings
[13:28:49] Info: Starting test name 'possible_rkt_strings'
[13:28:49] Info: Found local startup file: /etc/rc.local
[13:28:49] Checking for string '/dev/proc/fuckit' [ Not found ]
[13:28:49] Checking for string 'FUCK' [ Not found ]
[13:28:49] Checking for string 'backdoor' [ Not found ]
[13:28:49] Checking for string 'vt200' [ Not found ]
[13:28:49] Checking for string '/usr/bin/xstat' [ Not found ]
[13:28:49] Checking for string '/bin/envpc' [ Not found ]
[13:28:49] Checking for string 'L4m3r0x' [ Not found ]
[13:28:49] Checking for string '/usr/lib/.tbd' [ Not found ]
[13:28:49] Checking for string '/dev/ptyxx/.file' [ Not found ]
[13:28:49] Checking for string '/dev/sgk' [ Not found ]
[13:28:49] Checking for string '/var/lock/subsys/...datafile...' [ Not found ]
[13:28:49] Checking for string '/usr/lib/.tbd' [ Not found ]
[13:28:49] Checking for string '/dev/proc/fuckit' [ Not found ]
[13:28:49] Checking for string '/lib/.sso' [ Not found ]
[13:28:49] Checking for string '/var/lock/subsys/...datafile...' [ Not found ]
[13:28:49] Checking for string '/dev/caca' [ Not found ]
[13:28:49] Checking for string '/dev/ttyoa' [ Not found ]
[13:28:49] Checking for string 'syg' [ Not found ]
[13:28:49] Checking for string '/dev/pts/01' [ Not found ]
[13:28:49] Checking for string 'tw33dl3' [ Not found ]
[13:28:49] Checking for string 'psniff' [ Not found ]
[13:28:49] Checking for string '/var/lock/subsys/...datafile...' [ Not found ]
[13:28:50] Checking for string 'promiscuous' [ Not found ]
[13:28:50] Checking for string '/usr/lib/.tbd' [ Not found ]
[13:28:50] Checking for string '/dev/xdta' [ Not found ]
[13:28:50] Checking for string '/usr/lib/.tbd' [ Not found ]
[13:28:50] Checking for string 'in.inetd' [ Not found ]
[13:28:50] Checking for string '#<HIDE_.*>' [ Not found ]
[13:28:50] Checking for string 'bin/xchk' [ Not found ]
[13:28:50] Checking for string 'bin/xsf' [ Not found ]
[13:28:50] Checking for possible rootkit strings [ None found ]
[13:28:50]
[13:28:50] Performing malware checks
[13:28:50] Info: Starting test name 'malware'
[13:28:50]
[13:28:50] Info: Test 'deleted_files' disabled at users request.
[13:28:50] Info: Starting test name 'running_procs'
[13:28:50] Checking running processes for suspicious files [ None found ]
[13:28:50]
[13:28:50] Info: Test 'hidden_procs' disabled at users request.
[13:28:50]
[13:28:50] Info: Test 'suspscan' disabled at users request.
[13:28:50]
[13:28:50] Performing check for login backdoors
[13:28:50] Info: Starting test name 'other_malware'
[13:28:50] Checking for '/bin/.login' [ Not found ]
[13:28:50] Checking for '/sbin/.login' [ Not found ]
[13:28:50] Checking for login backdoors [ None found ]
[13:28:50]
[13:28:50] Performing check for suspicious directories
[13:28:50] Checking for directory '/usr/X11R6/bin/.,/copy' [ Not found ]
[13:28:50] Checking for directory '/dev/rd/cdb' [ Not found ]
[13:28:50] Checking for suspicious directories [ None found ]
[13:28:50]
[13:28:50] Checking for software intrusions [ Skipped ]
[13:28:51] Info: Check skipped - tripwire not installed
[13:28:51]
[13:28:51] Performing check for sniffer log files
[13:28:51] Checking for file '/usr/lib/libice.log' [ Not found ]
[13:28:51] Checking for sniffer log files [ None found ]
[13:28:51]
[13:28:51] Performing trojan specific checks
[13:28:51] Info: Starting test name 'trojans'
[13:28:51] Info: Using inetd configuration file '/etc/inetd.conf'
[13:28:51] Checking for enabled inetd services [ OK ]
[13:28:51]
[13:28:51] Performing check for enabled xinetd services
[13:28:51] Checking for enabled xinetd services [ Skipped ]
[13:28:51] Info: Check skipped - file '/etc/xinetd.conf' does not exist.
[13:28:51] Info: Apache backdoor check skipped: Apache modules and configuration directories not found.
[13:28:51]
[13:28:51] Performing Linux specific checks
[13:28:51] Info: Starting test name 'os_specific'
[13:28:51] Checking kernel module commands [ OK ]
[13:28:51] Info: Using modules pathname of '/lib/modules/2.6.24-23-generic'
[13:28:51] Checking kernel module names [ OK ]
[13:29:01]
[13:29:01] Checking the network...
[13:29:01] Info: Starting test name 'network'
[13:29:01] Info: Starting test name 'ports'
[13:29:01]
[13:29:01] Performing check for backdoor ports
[13:29:02] Checking for UDP port 2001 [ Not found ]
[13:29:02] Checking for TCP port 2006 [ Not found ]
[13:29:02] Checking for TCP port 2128 [ Not found ]
[13:29:02] Checking for TCP port 14856 [ Not found ]
[13:29:02] Checking for TCP port 47107 [ Not found ]
[13:29:02] Checking for TCP port 60922 [ Not found ]
[13:29:02]
[13:29:02] Performing checks on the network interfaces
[13:29:02] Info: Starting test name 'promisc'
[13:29:02] Checking for promiscuous interfaces [ None found ]
[13:29:02]
[13:29:02] Info: Test 'packet_cap_apps' disabled at users request.
[13:29:04]
[13:29:04] Checking the local host...
[13:29:04] Info: Starting test name 'local_host'
[13:29:05]
[13:29:05] Performing system boot checks
[13:29:05] Info: Starting test name 'startup_files'
[13:29:05] Checking for local host name [ Found ]
[13:29:05] Info: Starting test name 'startup_malware'
[13:29:05] Info: Found local startup file: /etc/rc.local
[13:29:05] Checking for local startup files [ Found ]
[13:29:05] Checking local startup files for malware [ None found ]
[13:29:05] Info: Found system startup directory: /etc/init.d
[13:29:06] Checking system startup files for malware [ None found ]
[13:29:06]
[13:29:06] Performing group and account checks
[13:29:06] Info: Starting test name 'group_accounts'
[13:29:06] Checking for passwd file [ Found ]
[13:29:06] Info: Found password file: /etc/passwd
[13:29:06] Checking for root equivalent (UID 0) accounts [ None found ]
[13:29:06] Info: Found shadow file: /etc/shadow
[13:29:06] Checking for passwordless accounts [ None found ]
[13:29:06] Info: Starting test name 'passwd_changes'
[13:29:06] Checking for passwd file changes [ None found ]
[13:29:06] Info: Starting test name 'group_changes'
[13:29:06] Checking for group file changes [ None found ]
[13:29:06] Checking root account shell history files [ None found ]
[13:29:06]
[13:29:06] Performing system configuration file checks
[13:29:06] Info: Starting test name 'system_configs'
[13:29:06] Checking for SSH configuration file [ Not found ]
[13:29:06] Checking for running syslog daemon [ Found ]
[13:29:07] Checking for syslog configuration file [ Found ]
[13:29:07] Info: Found syslog configuration file: /etc/syslog.conf
[13:29:07] Checking if syslog remote logging is allowed [ Not allowed ]
[13:29:07]
[13:29:07] Performing filesystem checks
[13:29:07] Info: Starting test name 'filesystem'
[13:29:07] Info: SCAN_MODE_DEV set to 'THOROUGH'
[13:29:17] Checking /dev for suspicious file types [ Warning ]
[13:29:17] Warning: Suspicious file types found in /dev:
[13:29:17] /dev/shm/pulse-shm-4177227637: data
[13:29:17] Checking for hidden files and directories [ Warning ]
[13:29:17] Warning: Hidden directory found: /etc/.java
[13:29:17] Warning: Hidden directory found: /dev/.static
[13:29:17] Warning: Hidden directory found: /dev/.udev
[13:29:17] Warning: Hidden directory found: /dev/.initramfs
[13:29:22]
[13:29:22] Checking application versions...
[13:29:23] Info: Starting test name 'apps'
[13:29:23] Checking version of Exim MTA [ OK ]
[13:29:23] Info: Application 'exim' version '4.69' found.
[13:29:23] Checking version of GnuPG [ OK ]
[13:29:23] Info: Application 'gpg' version '1.4.6' found.
[13:29:23] Info: Application 'httpd' not found.
[13:29:23] Info: Application 'named' not found.
[13:29:23] Checking version of OpenSSL [ OK ]
[13:29:23] Info: Application 'openssl' version '0.9.8g' found.
[13:29:23] Info: Application 'php' not found.
[13:29:23] Info: Application 'procmail' not found.
[13:29:23] Info: Application 'proftpd' not found.
[13:29:23] Info: Application 'sshd' not found.
[13:29:23] Info: Applications checked: 3 out of 9
[13:29:24]
[13:29:24] System checks summary
[13:29:24] =====================
[13:29:24]
[13:29:24] File properties checks...
[13:29:24] Files checked: 122
[13:29:24] Suspect files: 1
[13:29:24]
[13:29:24] Rootkit checks...
[13:29:24] Rootkits checked : 109
[13:29:24] Possible rootkits: 0
[13:29:24]
[13:29:24] Applications checks...
[13:29:24] Applications checked: 3
[13:29:24] Suspect applications: 0
[13:29:24]
[13:29:24] The system checks took: 1 minute and 11 seconds
[13:29:24]
[13:29:24] Info: End date is sab dic 27 13:29:24 CET 2008
adamerca@adamerca-desktop:~$
|
|
Rank: AiutAmico
Iscritto dal : 8/30/2008
Posts: 166
|
i .log è utile andare a vederli quando viene segnalato un problema, nel tuo caso, nella schermata iniziale ti viene detto che non è stato trovato alcun problema, infatti i .log non riportano errori o altro.
|
|
Rank: AiutAmico
Iscritto dal : 9/1/2008
Posts: 502
|
liv3llo0, grazie, ora ho capito e sono tranquillo. Buona Domenica
|
|
Rank: AiutAmico
Iscritto dal : 4/5/2005
Posts: 22,971
|
"Not found" significa semplicemente: "Corbezzoli, non l'ho scovato!"... Per cui, puoi anche dormir sonni tranquilli.
|
|
Rank: AiutAmico
Iscritto dal : 9/1/2008
Posts: 502
|
monsee, grazie, sono questi "warning" che mi preoccupano un po': [13:29:17] Checking /dev for suspicious file types [ Warning ] [13:29:17] Warning: Suspicious file types found in /dev: [13:29:17] /dev/shm/pulse-shm-4177227637: data [13:29:17] Checking for hidden files and directories [ Warning ] [13:29:17] Warning: Hidden directory found: /etc/.java [13:29:17] Warning: Hidden directory found: /dev/.static [13:29:17] Warning: Hidden directory found: /dev/.udev [13:29:17] Warning: Hidden directory found: /dev/.initramfs tu che ne pensi ??
|
|
Rank: AiutAmico
Iscritto dal : 4/5/2005
Posts: 22,971
|
Sono "avvisi": ha rilevato dei files "sospetti" (ma che NON gli risultan quali rootkit). Questo, in base alla ricerca euristica, presumo. Per quello che concerne le "directories" si tratta quasi certamente di falsi-positivi (accade, talora, che java venga infettato, naturalmente, ma... la possibilità (benché innegabile) NON costituisce di per sé infezione. Sul file pulse-shm-4177227637: data eccoti una letturina lodevole quanto interessante (anglofona, ovviamente): http://ubuntuforums.org/showthread.php?p=4908163Viene spiegato esattamente in che consiste questa voce (che NON dovrebbe essere cosa di cui preoccuparsi) e come fare sì che non si ripresenti.
|
|
Rank: AiutAmico
Iscritto dal : 9/1/2008
Posts: 502
|
monsee, sei proprio un mostro di bravura !! Interessante il link che mi hai dato e ho
capito che /dev/shm/pulse-shm non è pericoloso per il sistema e che si installa di
default con Ubuntu (hardy).
Grazie ancora..
|
|
Rank: AiutAmico
Iscritto dal : 4/5/2005
Posts: 22,971
|
|
|
Rank: AiutAmico
Iscritto dal : 9/1/2008
Posts: 502
|
Anche a te monsee e a tutti gli amici del forum. Buon 2009 !! (p.s. poi mi dici come si fa ad aggiungere le emoticons come le tue)..ciao 
|
|
Rank: AiutAmico
Iscritto dal : 4/5/2005
Posts: 22,971
|
Per le emoticons, uso un'estensione di Firefox  che si chiama Smiley Xtra  (questa estensione lavora identicamente sia in Windows che in qualsivoglia SO Linux)... Inoltre, su Aiutamici, è disponibile (e liberamente scaricabile) un programmino [solo per Windows] che serve per l'appunto a mettere le emoticons e che si chiama EmoPicker. http://software.aiutamici.com/software?ID=80259
|
|
Rank: AiutAmico
Iscritto dal : 9/1/2008
Posts: 502
|
 monsee, ho smiley extra su firefox..ora devo capire come si aggiungono le emoticons
|
|
Rank: AiutAmico
Iscritto dal : 9/1/2008
Posts: 502
|
monsee, forse ce l'ho fatta !! 
|
|
Rank: AiutAmico
Iscritto dal : 9/1/2008
Posts: 502
|
monsee, si, ce l'ho proprio fatta...grazie 
|
|
Rank: AiutAmico
Iscritto dal : 4/5/2005
Posts: 22,971
|
Bravo! Complimenti!
|
|
|
Guest |