Chkrootkit

**netlook** · 05-25-2004, 07:24 AM

Hello,

I've check my system with chkrootkit and got:

Checking 'bindshell' ... warning, got bogus unix line (INFECTED PORTS 465)

Have I to worry?

**SarcNBit** · 05-25-2004, 08:53 AM

From the CHKROOTKIT website :

Item 7 on the FAQ (which is displayed on the homepage BTW): I'm running PortSentry/klaxon. What's wrong with the bindshell test?

If you're running PortSentry/klaxon or another program that binds itself to unused ports probably chkrootkit will give you a false positive on the bindshell test (ports 114/tcp, 465/tcp, 511/tcp, 1008/tcp, 1524/tcp, 1999/tcp, 3879/tcp, 4369/tcp, 5665/tcp, 10008/tcp, 12321/tcp, 23132/tcp, 27374/tcp, 29364/tcp, 31336/tcp, 31337/tcp, 45454/tcp, 47017/tcp, 47889/tcp, 60001/tcp).

I do not know your configuration so I cannot answer your question. I can tell you that this warning is common (one that a search on chkrootkit would have answered <cough> <cough>) on cPanel servers.

**netlook** · 05-25-2004, 09:34 AM

Ok, thanks.

Forums

Thread: Chkrootkit

LinkBack

Thread Tools

Chkrootkit

Similar Threads

/bin/sh: /root/chkrootkit-0.46a/chkrootkit: Permission denied

rkhunter - chkrootkit

chkrootkit

chkrootkit output

cPanel & WHM

Enkompass

Help

Community

Company

Connect with Us