|
|
Rank: AiutAmico
Iscritto dal : 2/17/2008
Posts: 887
|
Ciao a tutti, ho un problema non riesco a visualizzare il log rilasciato da un programma, mi viene detto sempre permesso negato! da terminale non bisogna digitare sudo su per avere privilegi da root? o sbaglio?
Buona serata!
|
|
|
|
|
|
Rank: Member
Iscritto dal : 10/2/2006
Posts: 1,368
|
Se fai solo sudo?
|
|
Rank: AiutAmico
Iscritto dal : 2/17/2008
Posts: 887
|
Ciao Azzurra....niente da fare devo vedere il log di una scansione in questo percorso /var/log/rkhunter.log e non c'è verso di leggerlo! sia da terminale che andando cercando il percorso mi dice sempre permesso negato....ho seguito questa procedura http://wiki.ubuntu-it.org/Sicurezza/RootkitHunter hai qualche consiglio? c'erano file sospetti da controllare...ma non riesco ad accedere!
|
|
Rank: Member
Iscritto dal : 10/2/2006
Posts: 1,368
|
Se devi per forza accedere come utente root, devi seguire questa procedura (presa dal sito ufficiale di Ubuntu): " Abilitare l'accesso come utente rootIn Ubuntu, in modo predefinito, l'accesso come utente root è disabilitato, impedendo così l'utilizzo di su, ma permettendo comunque l'utilizzo di sudo. Questa scelta è dovuta a motivi di sicurezza. Se strettamente necessario, è possibile abilitare l'accesso come utente root assegnandogli una password con il seguente comando: sudo passwd rootLa prima password richiesta è quella per sudo, successivamente verrà richiesta la password per l'utente root e la successiva conferma. Per disabilitare l'accesso come amministratore si può usare il seguente comando: sudo passwd -l rootIn questo modo l'accesso come utente root risulterà nuovamente bloccato." Spero di averti postato la cosa giusta ...
|
|
Rank: AiutAmico
Iscritto dal : 2/17/2008
Posts: 887
|
Ciao Azzurra grazie per l'info...ancora una domanda ma la password sudo è diversa da quella root? o è sempre quella che digito quando accedo a ubuntu? perdona la domanda un pò stupida...:-))))
|
|
Rank: AiutAmico
Iscritto dal : 2/17/2008
Posts: 887
|
suppongo di doverla creare quella di root....ma sinceramente ho paura di combinare un gran pasticcio! nella breve sintesi che ho potuto vedere dopo la scansione sul terminale c'erano dei "warning" file...magari niente di che...mah!
|
|
Rank: Member
Iscritto dal : 10/2/2006
Posts: 1,368
|
suarez73 ha scritto:...ancora una domanda ma la password sudo è diversa da quella root? o è sempre quella che digito quando accedo a ubuntu? Scusa il ritardo nella risposta ... La password deve essere diversa dalla solita. Quando a suo tempo ho applicato la procedura, per non rischiare di dimenticare la nuova password, ho usato la solita con l'aggiunta di un numero (ad es.: password solita sole, nuova password sole1). Non aver paura di fare la procedura, basta che, una volta che hai ispezionato quello che ti serve, blocchi come indicato sopra l'accesso come utente root.
|
|
Rank: AiutAmico
Iscritto dal : 2/17/2008
Posts: 887
|
Figurati! sei stata gentilissima! ora provo poi ti faccio sapere!
ho creato la nuova password ora per leggere sto malefico log devo scrivere root prima del percorso?? sudo?? che confusione....
|
|
Rank: AiutAmico
Iscritto dal : 2/17/2008
Posts: 887
|
Ciao Azzurra visto che non riesco ad entrare a leggere il log...ho rifatto la scansione e mi sono scritta i percorsi dei warning....
1)/usr/sbin/unhide "warning"
2)/usr/sbin/unhide -linux26 "warning"
PERFORMING FILESYSTEM CHECKS
1)checking/dev for suspicius file types
sono percorsi pericolosi secondo te?
Grazie infinite per la tua pazienza!
|
|
Rank: Member
Iscritto dal : 10/2/2006
Posts: 1,368
|
Se hai un comando per aprirlo, penso che devi inserire nel terminale solo il comando... ora hai dei poteri asssssoluti :-) sei una root :-)
Io andrei per prove ed errori/orrori :-)
|
|
Rank: AiutAmico
Iscritto dal : 2/17/2008
Posts: 887
|
azzurra_g ha scritto:Se hai un comando per aprirlo, penso che devi inserire nel terminale solo il comando... ora hai dei poteri asssssoluti :-) sei una root :-)
Io andrei per prove ed errori/orrori :-) il terminale oramai chiede solo più  a furia di comandi un pò bash, not found, permesso negato etc...   ho fatto impazzire il pinguino 
|
|
Rank: Member
Iscritto dal : 10/2/2006
Posts: 1,368
|
Mi devo affidare alle parole altrui, perché per me è arabo :-) Leggi qui: http://www.nabble.com/Help-rootkit-td17583501.htmlE anche qui: http://forum.debianizzati.org/sicurezza/rkhunter-e-unhide-boooo-t33834.0.htmlHo letto cose simili anche altrove, e le risposte sono simili.
|
|
Rank: AiutAmico
Iscritto dal : 2/17/2008
Posts: 887
|
 grazie mille azzurra!
|
|
Rank: Member
Iscritto dal : 10/2/2006
Posts: 1,368
|
Se non l'hai già fatto, rimetti la tua vecchia password :-) Ciao 
|
|
Rank: AiutAmico
Iscritto dal : 2/17/2008
Posts: 887
|
si ho fatto la procedura che c'era sotto al comando per diventare root...però non mi ha chiesto di digitare nuovamente la password mi ha semplicemente informata di password cambiata! speriamo bene :-))))
Buona notte!!!
|
|
Rank: AiutAmico
Iscritto dal : 9/20/2004
Posts: 1,595
|
lascia perdere l'utente root. il sudo serve appunto per fare quello che fa root senza "scomodarlo" direttamente. Per visualizzare il file ti dovrebbe bastare aprire gedit come root (sudo gedit da console) e poi con il gedit aprire il flie incriminato. Se non si aprisse, con nautilus (visualizzazione dettagli) guarda per il suddetto file le proprietà "proprietario" e "gruppo" e postale qui.
 Sono cosi avanti che quando guardo indietro vedo il futuro.
|
|
Rank: Member
Iscritto dal : 10/2/2006
Posts: 1,368
|
Quindi, per aprire il file sopracitato, basterebbe fare così?
sudo gedit/var/log/rkhunter.log.
|
|
Rank: AiutAmico
Iscritto dal : 9/1/2008
Posts: 502
|
Avevo anch'io lo stesso problema..risolto con sudo cat /var/log/rkhunter.log ciaooo 
|
|
Rank: AiutAmico
Iscritto dal : 2/17/2008
Posts: 887
|
evviva urrà! lo aperto!! con gedit nulla da fare con cat...si, meno male! ora vi posto il log avete voglia di dare un occhiata se sono pericolosi i warning? Code::09:05] Checking for R3dstorm Toolkit...
[23:09:05] Checking for file '/var/log/tk02/see_all' [ Not found ]
[23:09:05] Checking for file '/bin/.../sshd/sbin/sshd1' [ Not found ]
[23:09:05] Checking for file '/bin/.../hate/sk' [ Not found ]
[23:09:05] Checking for file '/bin/.../see_all' [ Not found ]
[23:09:05] Checking for directory '/var/log/tk02' [ Not found ]
[23:09:05] Checking for directory '/var/log/tk02/old' [ Not found ]
[23:09:05] Checking for directory '/bin/...' [ Not found ]
[23:09:05] R3dstorm Toolkit [ Not found ]
[23:09:05]
[23:09:05] Checking for RH-Sharpe's Rootkit...
[23:09:05] Checking for file '/bin/lps' [ Not found ]
[23:09:05] Checking for file '/usr/bin/lpstree' [ Not found ]
[23:09:05] Checking for file '/usr/bin/ltop' [ Not found ]
[23:09:05] Checking for file '/usr/bin/lkillall' [ Not found ]
[23:09:05] Checking for file '/usr/bin/ldu' [ Not found ]
[23:09:05] Checking for file '/usr/bin/lnetstat' [ Not found ]
[23:09:05] Checking for file '/usr/bin/wp' [ Not found ]
[23:09:05] Checking for file '/usr/bin/shad' [ Not found ]
[23:09:05] Checking for file '/usr/bin/vadim' [ Not found ]
[23:09:05] Checking for file '/usr/bin/slice' [ Not found ]
[23:09:05] Checking for file '/usr/bin/cleaner' [ Not found ]
[23:09:05] Checking for file '/usr/include/rpcsvc/du' [ Not found ]
[23:09:05] RH-Sharpe's Rootkit [ Not found ]
[23:09:06]
[23:09:06] Checking for RSHA's Rootkit...
[23:09:06] Checking for file '/bin/kr4p' [ Not found ]
[23:09:06] Checking for file '/usr/bin/n3tstat' [ Not found ]
[23:09:06] Checking for file '/usr/bin/chsh2' [ Not found ]
[23:09:06] Checking for file '/usr/bin/slice2' [ Not found ]
[23:09:06] Checking for file '/usr/src/linux/arch/alpha/lib/.lib/.1proc' [ Not found ]
[23:09:06] Checking for file '/etc/rc.d/arch/alpha/lib/.lib/.1addr' [ Not found ]
[23:09:06] Checking for directory '/etc/rc.d/rsha' [ Not found ]
[23:09:06] Checking for directory '/etc/rc.d/arch/alpha/lib/.lib' [ Not found ]
[23:09:06] RSHA's Rootkit [ Not found ]
[23:09:06]
[23:09:06] Checking for Scalper Worm...
[23:09:06] Checking for file '/tmp/.a' [ Not found ]
[23:09:06] Checking for file '/tmp/.uua' [ Not found ]
[23:09:06] Scalper Worm [ Not found ]
[23:09:06]
[23:09:06] Checking for Sebek LKM...
[23:09:07] Checking for kernel symbol 'adore or sebek' [ Not found ]
[23:09:07] Sebek LKM [ Not found ]
[23:09:07]
[23:09:07] Checking for Shutdown Rootkit...
[23:09:07] Checking for file '/usr/man/man5/.. /.dir/scannah/asus' [ Not found ]
[23:09:07] Checking for file '/usr/man/man5/.. /.dir/see' [ Not found ]
[23:09:07] Checking for file '/usr/man/man5/.. /.dir/nscd' [ Not found ]
[23:09:07] Checking for file '/usr/man/man5/.. /.dir/alpd' [ Not found ]
[23:09:07] Checking for file '/etc/rc.d/rc.local ' [ Not found ]
[23:09:07] Checking for directory '/usr/man/man5/.. /.dir' [ Not found ]
[23:09:07] Checking for directory '/usr/man/man5/.. /.dir/scannah' [ Not found ]
[23:09:07] Checking for directory '/etc/rc.d/rc0.d/.. /.dir' [ Not found ]
[23:09:07] Shutdown Rootkit [ Not found ]
[23:09:07]
[23:09:07] Checking for SHV4 Rootkit...
[23:09:07] Checking for file '/etc/ld.so.hash' [ Not found ]
[23:09:07] Checking for file '/lib/libext-2.so.7' [ Not found ]
[23:09:07] Checking for file '/lib/lidps1.so' [ Not found ]
[23:09:07] Checking for file '/usr/sbin/xntps' [ Not found ]
[23:09:07] Checking for directory '/lib/security/.config' [ Not found ]
[23:09:07] Checking for directory '/lib/security/.config/ssh' [ Not found ]
[23:09:07] SHV4 Rootkit [ Not found ]
[23:09:07]
[23:09:07] Checking for SHV5 Rootkit...
[23:09:07] Checking for file '/etc/sh.conf' [ Not found ]
[23:09:07] Checking for file '/dev/srd0' [ Not found ]
[23:09:07] Checking for directory '/usr/lib/libsh' [ Not found ]
[23:09:07] SHV5 Rootkit [ Not found ]
[23:09:08]
[23:09:08] Checking for Sin Rootkit...
[23:09:08] Checking for file '/dev/.haos/haos1/.f/Denyed' [ Not found ]
[23:09:08] Checking for file '/dev/ttyoa' [ Not found ]
[23:09:08] Checking for file '/dev/ttyof' [ Not found ]
[23:09:08] Checking for file '/dev/ttyop' [ Not found ]
[23:09:08] Checking for file '/dev/ttyos' [ Not found ]
[23:09:08] Checking for file '/usr/lib/.lib' [ Not found ]
[23:09:08] Checking for file '/usr/lib/sn/.X' [ Not found ]
[23:09:08] Checking for file '/usr/lib/sn/.sys' [ Not found ]
[23:09:08] Checking for file '/usr/lib/ld/.X' [ Not found ]
[23:09:08] Checking for file '/usr/man/man1/...' [ Not found ]
[23:09:08] Checking for file '/usr/man/man1/.../.m' [ Not found ]
[23:09:08] Checking for file '/usr/man/man1/.../.w' [ Not found ]
[23:09:08] Checking for directory '/usr/lib/sn' [ Not found ]
[23:09:08] Checking for directory '/usr/lib/man1/...' [ Not found ]
[23:09:08] Checking for directory '/dev/.haos' [ Not found ]
[23:09:08] Sin Rootkit [ Not found ]
[23:09:08]
[23:09:08] Checking for Slapper Worm...
[23:09:08] Checking for file '/tmp/.bugtraq' [ Not found ]
[23:09:08] Checking for file '/tmp/.uubugtraq' [ Not found ]
[23:09:08] Checking for file '/tmp/.bugtraq.c' [ Not found ]
[23:09:08] Checking for file '/tmp/httpd' [ Not found ]
[23:09:08] Checking for file '/tmp/.unlock' [ Not found ]
[23:09:08] Checking for file '/tmp/update' [ Not found ]
[23:09:08] Checking for file '/tmp/.cinik' [ Not found ]
[23:09:08] Checking for file '/tmp/.b' [ Not found ]
[23:09:08] Slapper Worm [ Not found ]
[23:09:09]
[23:09:09] Checking for Sneakin Rootkit...
[23:09:09] Checking for directory '/tmp/.X11-unix/.../rk' [ Not found ]
[23:09:09] Sneakin Rootkit [ Not found ]
[23:09:09]
[23:09:09] Checking for Suckit Rootkit...
[23:09:09] Checking for file '/sbin/initsk12' [ Not found ]
[23:09:09] Checking for file '/sbin/initxrk' [ Not found ]
[23:09:09] Checking for file '/usr/bin/null' [ Not found ]
[23:09:09] Checking for file '/usr/share/locale/sk/.sk12/sk' [ Not found ]
[23:09:09] Checking for file '/etc/rc.d/rc0.d/S23kmdac' [ Not found ]
[23:09:09] Checking for file '/etc/rc.d/rc1.d/S23kmdac' [ Not found ]
[23:09:09] Checking for file '/etc/rc.d/rc2.d/S23kmdac' [ Not found ]
[23:09:09] Checking for file '/etc/rc.d/rc3.d/S23kmdac' [ Not found ]
[23:09:09] Checking for file '/etc/rc.d/rc4.d/S23kmdac' [ Not found ]
[23:09:09] Checking for file '/etc/rc.d/rc5.d/S23kmdac' [ Not found ]
[23:09:09] Checking for file '/etc/rc.d/rc6.d/S23kmdac' [ Not found ]
[23:09:09] Checking for directory '/dev/sdhu0/tehdrakg' [ Not found ]
[23:09:09] Checking for directory '/etc/.MG' [ Not found ]
[23:09:09] Checking for directory '/usr/share/locale/sk/.sk12' [ Not found ]
[23:09:09] Checking for directory '/usr/lib/perl5/site_perl/i386-linux/auto/TimeDate/.packlist' [ Not found ]
[23:09:09] Suckit Rootkit [ Not found ]
[23:09:09]
[23:09:09] Checking for SunOS Rootkit...
[23:09:09] Checking for file '/etc/ld.so.hash' [ Not found ]
[23:09:09] Checking for file '/lib/libext-2.so.7' [ Not found ]
[23:09:09] Checking for file '/usr/bin/ssh2d' [ Not found ]
[23:09:09] Checking for file '/bin/xlogin' [ Not found ]
[23:09:09] Checking for file '/usr/lib/crth.o' [ Not found ]
[23:09:09] Checking for file '/usr/lib/crtz.o' [ Not found ]
[23:09:10] Checking for file '/sbin/login' [ Not found ]
[23:09:10] Checking for file '/lib/security/.config/sn' [ Not found ]
[23:09:10] Checking for file '/lib/security/.config/lpsched' [ Not found ]
[23:09:10] Checking for file '/dev/kmod' [ Not found ]
[23:09:10] Checking for file '/dev/dos' [ Not found ]
[23:09:10] SunOS Rootkit [ Not found ]
[23:09:10]
[23:09:10] Checking for SunOS / NSDAP Rootkit...
[23:09:10] Checking for file '/usr/lib/vold/nsdap/.kit' [ Not found ]
[23:09:10] Checking for file '/usr/lib/vold/nsdap/defines' [ Not found ]
[23:09:10] Checking for file '/usr/lib/vold/nsdap/patcher' [ Not found ]
[23:09:10] Checking for file '/usr/lib/vold/nsdap/pg' [ Not found ]
[23:09:10] Checking for file '/usr/lib/vold/nsdap/cleaner' [ Not found ]
[23:09:10] Checking for file '/usr/lib/vold/nsdap/utime' [ Not found ]
[23:09:10] Checking for file '/usr/lib/vold/nsdap/crypt' [ Not found ]
[23:09:10] Checking for file '/usr/lib/vold/nsdap/findkit' [ Not found ]
[23:09:10] Checking for file '/usr/lib/vold/nsdap/sn2' [ Not found ]
[23:09:10] Checking for file '/usr/lib/vold/nsdap/sniffload' [ Not found ]
[23:09:10] Checking for file '/usr/lib/vold/nsdap/runsniff' [ Not found ]
[23:09:10] Checking for file '/usr/lib/lpset' [ Not found ]
[23:09:10] Checking for directory '/usr/lib/vold/nsdap' [ Not found ]
[23:09:10] SunOS / NSDAP Rootkit [ Not found ]
[23:09:10]
[23:09:10] Checking for Superkit Rootkit...
[23:09:10] Checking for file '/usr/man/.sman/sk' [ Not found ]
[23:09:10] Superkit Rootkit [ Not found ]
[23:09:10]
[23:09:10] Checking for TBD (Telnet BackDoor)...
[23:09:10] Checking for file '/usr/lib/.tbd' [ Not found ]
[23:09:10] TBD (Telnet BackDoor) [ Not found ]
[23:09:11]
[23:09:11] Checking for TeLeKiT Rootkit...
[23:09:11] Checking for file '/usr/man/man3/.../TeLeKiT/bin/sniff' [ Not found ]
[23:09:11] Checking for file '/usr/man/man3/.../TeLeKiT/bin/telnetd' [ Not found ]
[23:09:11] Checking for file '/usr/man/man3/.../TeLeKiT/bin/teleulo' [ Not found ]
[23:09:11] Checking for file '/usr/man/man3/.../cl' [ Not found ]
[23:09:11] Checking for file '/dev/ptyr' [ Not found ]
[23:09:11] Checking for file '/dev/ptyp' [ Not found ]
[23:09:11] Checking for file '/dev/ptyq' [ Not found ]
[23:09:11] Checking for file '/dev/hda06' [ Not found ]
[23:09:11] Checking for file '/usr/info/libc1.so' [ Not found ]
[23:09:11] Checking for directory '/usr/man/man3/...' [ Not found ]
[23:09:11] Checking for directory '/usr/man/man3/.../lsniff' [ Not found ]
[23:09:11] Checking for directory '/usr/man/man3/.../TeLeKiT' [ Not found ]
[23:09:11] TeLeKiT Rootkit [ Not found ]
[23:09:11]
[23:09:11] Checking for T0rn Rootkit...
[23:09:11] Checking for file '/dev/.lib/lib/lib/t0rns' [ Not found ]
[23:09:11] Checking for file '/dev/.lib/lib/lib/du' [ Not found ]
[23:09:11] Checking for file '/dev/.lib/lib/lib/ls' [ Not found ]
[23:09:11] Checking for file '/dev/.lib/lib/lib/t0rnsb' [ Not found ]
[23:09:11] Checking for file '/dev/.lib/lib/lib/ps' [ Not found ]
[23:09:11] Checking for file '/dev/.lib/lib/lib/t0rnp' [ Not found ]
[23:09:11] Checking for file '/dev/.lib/lib/lib/find' [ Not found ]
[23:09:11] Checking for file '/dev/.lib/lib/lib/ifconfig' [ Not found ]
[23:09:11] Checking for file '/dev/.lib/lib/lib/pg' [ Not found ]
[23:09:11] Checking for file '/dev/.lib/lib/lib/ssh.tgz' [ Not found ]
[23:09:11] Checking for file '/dev/.lib/lib/lib/top' [ Not found ]
[23:09:11] Checking for file '/dev/.lib/lib/lib/sz' [ Not found ]
[23:09:12] Checking for file '/dev/.lib/lib/lib/login' [ Not found ]
[23:09:12] Checking for file '/dev/.lib/lib/lib/in.fingerd' [ Not found ]
[23:09:12] Checking for file '/dev/.lib/lib/lib/1i0n.sh' [ Not found ]
[23:09:12] Checking for file '/dev/.lib/lib/lib/pstree' [ Not found ]
[23:09:12] Checking for file '/dev/.lib/lib/lib/in.telnetd' [ Not found ]
[23:09:12] Checking for file '/dev/.lib/lib/lib/mjy' [ Not found ]
[23:09:12] Checking for file '/dev/.lib/lib/lib/sush' [ Not found ]
[23:09:12] Checking for file '/dev/.lib/lib/lib/tfn' [ Not found ]
[23:09:12] Checking for file '/dev/.lib/lib/lib/name' [ Not found ]
[23:09:12] Checking for file '/dev/.lib/lib/lib/getip.sh' [ Not found ]
[23:09:12] Checking for file '/usr/info/.torn/sh*' [ Not found ]
[23:09:12] Checking for file '/usr/src/.puta/.1addr' [ Not found ]
[23:09:12] Checking for file '/usr/src/.puta/.1file' [ Not found ]
[23:09:12] Checking for file '/usr/src/.puta/.1proc' [ Not found ]
[23:09:12] Checking for file '/usr/src/.puta/.1logz' [ Not found ]
[23:09:12] Checking for file '/usr/info/.t0rn' [ Not found ]
[23:09:12] Checking for directory '/dev/.lib' [ Not found ]
[23:09:12] Checking for directory '/dev/.lib/lib' [ Not found ]
[23:09:12] Checking for directory '/dev/.lib/lib/lib' [ Not found ]
[23:09:12] Checking for directory '/dev/.lib/lib/lib/dev' [ Not found ]
[23:09:12] Checking for directory '/dev/.lib/lib/scan' [ Not found ]
[23:09:12] Checking for directory '/usr/src/.puta' [ Not found ]
[23:09:12] Checking for directory '/usr/man/man1/man1' [ Not found ]
[23:09:12] Checking for directory '/usr/man/man1/man1/lib' [ Not found ]
[23:09:12] Checking for directory '/usr/man/man1/man1/lib/.lib' [ Not found ]
[23:09:12] Checking for directory '/usr/man/man1/man1/lib/.lib/.backup' [ Not found ]
[23:09:12] T0rn Rootkit [ Not found ]
[23:09:13]
[23:09:13] Checking for Trojanit Kit...
[23:09:13] Checking for file '/bin/.ls' [ Not found ]
[23:09:13] Checking for file '/bin/.ps' [ Not found ]
[23:09:13] Checking for file '/bin/.netstat' [ Not found ]
[23:09:13] Checking for file '/usr/bin/.nop' [ Not found ]
[23:09:13] Checking for file '/usr/bin/.who' [ Not found ]
[23:09:13] Trojanit Kit [ Not found ]
[23:09:13]
[23:09:13] Checking for Tuxtendo Rootkit...
[23:09:13] Checking for file '/dev/tux/.addr' [ Not found ]
[23:09:13] Checking for file '/dev/tux/.cron' [ Not found ]
[23:09:13] Checking for file '/dev/tux/.file' [ Not found ]
[23:09:13] Checking for file '/dev/tux/.log' [ Not found ]
[23:09:13] Checking for file '/dev/tux/.proc' [ Not found ]
[23:09:13] Checking for file '/dev/tux/backup/crontab' [ Not found ]
[23:09:13] Checking for file '/dev/tux/backup/df' [ Not found ]
[23:09:13] Checking for file '/dev/tux/backup/dir' [ Not found ]
[23:09:13] Checking for file '/dev/tux/backup/find' [ Not found ]
[23:09:13] Checking for file '/dev/tux/backup/ifconfig' [ Not found ]
[23:09:13] Checking for file '/dev/tux/backup/locate' [ Not found ]
[23:09:13] Checking for file '/dev/tux/backup/netstat' [ Not found ]
[23:09:13] Checking for file '/dev/tux/backup/ps' [ Not found ]
[23:09:13] Checking for file '/dev/tux/backup/pstree' [ Not found ]
[23:09:13] Checking for file '/dev/tux/backup/syslogd' [ Not found ]
[23:09:13] Checking for file '/dev/tux/backup/tcpd' [ Not found ]
[23:09:13] Checking for file '/dev/tux/backup/top' [ Not found ]
[23:09:13] Checking for file '/dev/tux/backup/updatedb' [ Not found ]
[23:09:13] Checking for file '/dev/tux/backup/vdir' [ Not found ]
[23:09:14] Checking for directory '/dev/tux' [ Not found ]
[23:09:14] Checking for directory '/dev/tux/ssh2' [ Not found ]
[23:09:14] Checking for directory '/dev/tux/backup' [ Not found ]
[23:09:14] Tuxtendo Rootkit [ Not found ]
[23:09:14]
[23:09:14] Checking for URK Rootkit...
[23:09:14] Checking for file '/usr/man/man1/xxxxxxbin/find' [ Not found ]
[23:09:14] Checking for file '/usr/man/man1/xxxxxxbin/du' [ Not found ]
[23:09:14] Checking for file '/usr/man/man1/xxxxxxbin/ps' [ Not found ]
[23:09:14] Checking for file '/tmp/conf.inf' [ Not found ]
[23:09:14] Checking for directory '/usr/man/man1/xxxxxxbin' [ Not found ]
[23:09:14] URK Rootkit [ Not found ]
[23:09:14]
[23:09:14] Checking for VcKit Rootkit...
[23:09:14] Checking for directory '/usr/include/linux/modules/lib.so' [ Not found ]
[23:09:14] Checking for directory '/usr/include/linux/modules/lib.so/bin' [ Not found ]
[23:09:14] VcKit Rootkit [ Not found ]
[23:09:14]
[23:09:14] Checking for Volc Rootkit...
[23:09:14] Checking for directory '/var/spool/.recent' [ Not found ]
[23:09:14] Checking for directory '/var/spool/.recent/.files' [ Not found ]
[23:09:14] Checking for directory '/usr/lib/volc' [ Not found ]
[23:09:14] Checking for directory '/usr/lib/volc/backup' [ Not found ]
[23:09:14] Volc Rootkit [ Not found ]
[23:09:14]
[23:09:14] Checking for X-Org SunOS Rootkit...
[23:09:14] Checking for file '/usr/lib/libX.a/bin/tmpfl' [ Not found ]
[23:09:14] Checking for file '/usr/lib/libX.a/bin/rps' [ Not found ]
[23:09:14] Checking for file '/usr/bin/srload' [ Not found ]
[23:09:14] Checking for file '/usr/lib/libX.a/bin/sparcv7/rps' [ Not found ]
[23:09:14] Checking for file '/usr/sbin/modcheck' [ Not found ]
[23:09:15] Checking for directory '/usr/lib/libX.a' [ Not found ]
[23:09:15] Checking for directory '/usr/lib/libX.a/bin' [ Not found ]
[23:09:15] Checking for directory '/usr/lib/libX.a/bin/sparcv7' [ Not found ]
[23:09:15] Checking for directory '/usr/share/man...' [ Not found ]
[23:09:15] X-Org SunOS Rootkit [ Not found ]
[23:09:15]
[23:09:15] Checking for zaRwT.KiT Rootkit...
[23:09:15] Checking for file '/dev/rd/s/sendmeil' [ Not found ]
[23:09:15] Checking for file '/dev/ttyf' [ Not found ]
[23:09:15] Checking for file '/dev/ttyp' [ Not found ]
[23:09:15] Checking for file '/dev/ttyn' [ Not found ]
[23:09:15] Checking for file '/rk/tulz' [ Not found ]
[23:09:15] Checking for directory '/rk' [ Not found ]
[23:09:15] Checking for directory '/dev/rd/s' [ Not found ]
[23:09:15] zaRwT.KiT Rootkit [ Not found ]
[23:09:15]
[23:09:15] Performing additional rootkit checks
[23:09:15] Info: Starting test name 'additional_rkts'
[23:09:15]
[23:09:15] Performing Suckit Rookit additional checks
[23:09:15] Checking /sbin/init link count [ OK ]
[23:09:15] Checking for hidden file extensions [ None found ]
[23:09:15] Running skdet command [ Skipped ]
[23:09:15] Info: Unable to find the 'skdet' command
[23:09:15] Suckit Rookit additional checks [ OK ]
[23:09:15]
[23:09:15] Performing check of possible rootkit files and directories
[23:09:15] Info: Starting test name 'possible_rkt_files'
[23:09:15] Checking for file '/dev/sdr0' [ Not found ]
[23:09:15] Checking for file '/tmp/.syshackfile' [ Not found ]
[23:09:16] Checking for file '/tmp/.bash_history' [ Not found ]
[23:09:16] Checking for file '/usr/info/.clib' [ Not found ]
[23:09:16] Checking for file '/usr/sbin/tcp.log' [ Not found ]
[23:09:16] Checking for file '/usr/bin/take/pid' [ Not found ]
[23:09:16] Checking for file '/sbin/create' [ Not found ]
[23:09:16] Checking for file '/dev/ttypz' [ Not found ]
[23:09:16] Checking for directory '/usr/bin/take' [ Not found ]
[23:09:16] Checking for directory '/usr/src/.lib' [ Not found ]
[23:09:16] Checking for directory '/usr/share/man/man1/.1c' [ Not found ]
[23:09:16] Checking for directory '/lib/lblip.tk' [ Not found ]
[23:09:16] Checking for directory '/usr/sbin/...' [ Not found ]
[23:09:16] Checking for directory '/usr/share/.gun' [ Not found ]
[23:09:16] Checking for possible rootkit files and directories [ None found ]
[23:09:16]
[23:09:16] Performing check for possible rootkit strings
[23:09:16] Info: Starting test name 'possible_rkt_strings'
[23:09:16] Info: Found local startup file: /etc/rc.local
[23:09:16] Checking for string '/dev/proc/fuckit' [ Not found ]
[23:09:16] Checking for string 'FUCK' [ Not found ]
[23:09:16] Checking for string 'backdoor' [ Not found ]
[23:09:16] Checking for string 'vt200' [ Not found ]
[23:09:16] Checking for string '/usr/bin/xstat' [ Not found ]
[23:09:16] Checking for string '/bin/envpc' [ Not found ]
[23:09:17] Checking for string 'L4m3r0x' [ Not found ]
[23:09:17] Checking for string '/usr/lib/.tbd' [ Not found ]
[23:09:17] Checking for string '/dev/ptyxx/.file' [ Not found ]
[23:09:17] Checking for string '/dev/sgk' [ Not found ]
[23:09:17] Checking for string '/var/lock/subsys/...datafile...' [ Not found ]
[23:09:17] Checking for string '/usr/lib/.tbd' [ Not found ]
[23:09:17] Checking for string '/dev/proc/fuckit' [ Not found ]
[23:09:17] Checking for string '/lib/.sso' [ Not found ]
[23:09:17] Checking for string '/var/lock/subsys/...datafile...' [ Not found ]
[23:09:17] Checking for string '/dev/caca' [ Not found ]
[23:09:17] Checking for string '/dev/ttyoa' [ Not found ]
[23:09:17] Checking for string 'syg' [ Not found ]
[23:09:17] Checking for string '/dev/pts/01' [ Not found ]
[23:09:17] Checking for string 'tw33dl3' [ Not found ]
[23:09:17] Checking for string 'psniff' [ Not found ]
[23:09:17] Checking for string '/var/lock/subsys/...datafile...' [ Not found ]
[23:09:18] Checking for string 'promiscuous' [ Not found ]
[23:09:18] Checking for string '/usr/lib/.tbd' [ Not found ]
[23:09:18] Checking for string '/dev/xdta' [ Not found ]
[23:09:18] Checking for string '/usr/lib/.tbd' [ Not found ]
[23:09:18] Checking for string 'in.inetd' [ Not found ]
[23:09:18] Checking for string '#<HIDE_.*>' [ Not found ]
[23:09:18] Checking for string 'bin/xchk' [ Not found ]
[23:09:18] Checking for string 'bin/xsf' [ Not found ]
[23:09:18] Checking for possible rootkit strings [ None found ]
[23:09:18]
[23:09:18] Performing malware checks
[23:09:18] Info: Starting test name 'malware'
[23:09:18]
[23:09:18] Info: Test 'deleted_files' disabled at users request.
[23:09:18] Info: Starting test name 'running_procs'
[23:09:18] Checking running processes for suspicious files [ None found ]
[23:09:19]
[23:09:19] Info: Test 'hidden_procs' disabled at users request.
[23:09:19]
[23:09:19] Info: Test 'suspscan' disabled at users request.
[23:09:19]
[23:09:19] Performing check for login backdoors
[23:09:19] Info: Starting test name 'other_malware'
[23:09:19] Checking for '/bin/.login' [ Not found ]
[23:09:19] Checking for '/sbin/.login' [ Not found ]
[23:09:19] Checking for login backdoors [ None found ]
[23:09:19]
[23:09:19] Performing check for suspicious directories
[23:09:19] Checking for directory '/usr/X11R6/bin/.,/copy' [ Not found ]
[23:09:19] Checking for directory '/dev/rd/cdb' [ Not found ]
[23:09:19] Checking for suspicious directories [ None found ]
[23:09:19]
[23:09:19] Checking for software intrusions [ Skipped ]
[23:09:19] Info: Check skipped - tripwire not installed
[23:09:19]
[23:09:19] Performing check for sniffer log files
[23:09:19] Checking for file '/usr/lib/libice.log' [ Not found ]
[23:09:19] Checking for sniffer log files [ None found ]
[23:09:19]
[23:09:19] Performing trojan specific checks
[23:09:19] Info: Starting test name 'trojans'
[23:09:19] Info: Using inetd configuration file '/etc/inetd.conf'
[23:09:19] Checking for enabled inetd services [ OK ]
[23:09:19]
[23:09:19] Performing check for enabled xinetd services
[23:09:19] Checking for enabled xinetd services [ Skipped ]
[23:09:19] Info: Check skipped - file '/etc/xinetd.conf' does not exist.
[23:09:19] Info: Apache backdoor check skipped: Apache modules and configuration directories not found.
[23:09:19]
[23:09:19] Performing Linux specific checks
[23:09:19] Info: Starting test name 'os_specific'
[23:09:19] Checking kernel module commands [ OK ]
[23:09:19] Info: Using modules pathname of '/lib/modules/2.6.27-12-generic'
[23:09:20] Checking kernel module names [ OK ]
[23:09:27]
[23:09:27] Checking the network...
[23:09:27] Info: Starting test name 'network'
[23:09:27] Info: Starting test name 'ports'
[23:09:27]
[23:09:27] Performing check for backdoor ports
[23:09:27] Checking for UDP port 2001 [ Not found ]
[23:09:27] Checking for TCP port 2006 [ Not found ]
[23:09:27] Checking for TCP port 2128 [ Not found ]
[23:09:28] Checking for TCP port 14856 [ Not found ]
[23:09:28] Checking for TCP port 47107 [ Not found ]
[23:09:28] Checking for TCP port 60922 [ Not found ]
[23:09:28]
[23:09:28] Performing checks on the network interfaces
[23:09:28] Info: Starting test name 'promisc'
[23:09:28] Checking for promiscuous interfaces [ None found ]
[23:09:28]
[23:09:28] Info: Test 'packet_cap_apps' disabled at users request.
[23:09:33]
[23:09:33] Checking the local host...
[23:09:33] Info: Starting test name 'local_host'
[23:09:33]
[23:09:33] Performing system boot checks
[23:09:33] Info: Starting test name 'startup_files'
[23:09:33] Checking for local host name [ Found ]
[23:09:33] Info: Starting test name 'startup_malware'
[23:09:33] Info: Found local startup file: /etc/rc.local
[23:09:34] Checking for local startup files [ Found ]
[23:09:34] Checking local startup files for malware [ None found ]
[23:09:34] Info: Found system startup directory: /etc/init.d
[23:09:35] Checking system startup files for malware [ None found ]
[23:09:35]
[23:09:35] Performing group and account checks
[23:09:35] Info: Starting test name 'group_accounts'
[23:09:35] Checking for passwd file [ Found ]
[23:09:35] Info: Found password file: /etc/passwd
[23:09:35] Checking for root equivalent (UID 0) accounts [ None found ]
[23:09:35] Info: Found shadow file: /etc/shadow
[23:09:35] Checking for passwordless accounts [ None found ]
[23:09:35] Info: Starting test name 'passwd_changes'
[23:09:35] Checking for passwd file changes [ None found ]
[23:09:36] Info: Starting test name 'group_changes'
[23:09:36] Checking for group file changes [ None found ]
[23:09:36] Checking root account shell history files [ OK ]
[23:09:36]
[23:09:36] Performing system configuration file checks
[23:09:36] Info: Starting test name 'system_configs'
[23:09:36] Checking for SSH configuration file [ Not found ]
[23:09:36] Checking for running syslog daemon [ Found ]
[23:09:36] Checking for syslog configuration file [ Found ]
[23:09:36] Info: Found syslog configuration file: /etc/syslog.conf
[23:09:36] Checking if syslog remote logging is allowed [ Not allowed ]
[23:09:36]
[23:09:36] Performing filesystem checks
[23:09:36] Info: Starting test name 'filesystem'
[23:09:36] Info: SCAN_MODE_DEV set to 'THOROUGH'
[23:09:38] Checking /dev for suspicious file types [ Warning ]
[23:09:38] Warning: Suspicious file types found in /dev:
[23:09:38] /dev/shm/pulse-shm-2663537694: data
[23:09:38] /dev/shm/pulse-shm-540734770: data
[23:09:39] Checking for hidden files and directories [ None found ]
[23:10:32]
[23:10:32] Checking application versions...
[23:10:32] Info: Starting test name 'apps'
[23:10:32] Checking version of Exim MTA [ OK ]
[23:10:32] Info: Application 'exim' version '4.69' found.
[23:10:32] Checking version of GnuPG [ OK ]
[23:10:33] Info: Application 'gpg' version '1.4.9' found.
[23:10:33] Info: Application 'httpd' not found.
[23:10:33] Info: Application 'named' not found.
[23:10:33] Checking version of OpenSSL [ OK ]
[23:10:33] Info: Application 'openssl' version '0.9.8g' found.
[23:10:33] Info: Application 'php' not found.
[23:10:33] Info: Application 'procmail' not found.
[23:10:33] Info: Application 'proftpd' not found.
[23:10:33] Info: Application 'sshd' not found.
[23:10:33] Info: Applications checked: 3 out of 9
[23:10:33]
[23:10:33] System checks summary
[23:10:33] =====================
[23:10:33]
[23:10:33] File properties checks...
[23:10:33] Files checked: 127
[23:10:33] Suspect files: 2
[23:10:33]
[23:10:33] Rootkit checks...
[23:10:33] Rootkits checked : 109
[23:10:33] Possible rootkits: 0
[23:10:33]
[23:10:33] Applications checks...
[23:10:33] Applications checked: 3
[23:10:33] Suspect applications: 0
[23:10:33]
[23:10:33] The system checks took: 2 minutes and 42 seconds
[23:10:33]
[23:10:33] Info: End date is sab feb 28 23:10:33 CET 2009
samanta@samanta-desktop:~$
|
|
|
Guest |