Cpanel has problems updating - unusal Chkrootkit log

**hbidad** · 06-15-2005 07:09 AM

Code:

Server: Fedora Core 2 - i386 - Base
Server: Fedora Core 2 - i386 - Released Updates
retrygrab() failed for:
  http://mirror.hiwaay.net/redhat/fedo...rs/header.info
  Executing failover method
failover: out of servers to try
Error getting file http://mirror.hiwaay.net/redhat/fedo...rs/header.info
[Errno 4] IOError: HTTP Error 404: Not Found
retrygrab() failed for:
  http://mirror.hiwaay.net/redhat/fedo...rs/header.info
  Executing failover method
failover: out of servers to try
Error getting file http://mirror.hiwaay.net/redhat/fedo...rs/header.info
[Errno 4] IOError: HTTP Error 404: Not Found
Gathering header information file(s) from server(s)

I started to get a long list of suspicious files reported from chkrootkit. I don't think it relevant, but it don't hurt to ask. here is my log ....(next thread)

**hbidad** · 06-15-2005 07:11 AM

Code:

Searching for suspicious files and dirs, it may take a while... 
/usr/lib/php/.registry /usr/lib/php/.lock /usr/lib/php/.filemap /usr/lib/perl5/site_perl/5.8.6/i686-linux/auto/SOAP/Lite/.packlist /usr/lib/perl5/site_perl/5.8.6/i686-linux/auto/Tie/ShadowHash/.packlist /usr/lib/perl5/site_perl/5.8.6/i686-linux/auto/Tie/Watch/.packlist /usr/lib/perl5/site_perl/5.8.6/i686-linux/auto/Tie/IxHash/.packlist /usr/lib/perl5/site_perl/5.8.6/i686-linux/auto/Devel/Symdump/.packlist /usr/lib/perl5/site_perl/5.8.6/i686-linux/auto/Net/DNS/.packlist /usr/lib/perl5/site_perl/5.8.6/i686-linux/auto/Net/SSLeay/.packlist /usr/lib/perl5/site_perl/5.8.6/i686-linux/auto/Net/AIM/.packlist /usr/lib/perl5/site_perl/5.8.6/i686-linux/auto/Net/IP/.packlist /usr/lib/perl5/site_perl/5.8.6/i686-linux/auto/Net/LDAP/.packlist /usr/lib/perl5/site_perl/5.8.6/i686-linux/auto/Net/Daemon/.packlist /usr/lib/perl5/site_perl/5.8.6/i686-linux/auto/Net/Telnet/.packlist /usr/lib/perl5/site_perl/5.8.6/i686-linux/auto/Tree/MultiNode/.packlist /usr/lib/perl5/site_perl/5.8.6/i686-linux/auto/Data/ShowTable/.packlist /usr/lib/perl5/site_perl/5.8.6/i686-linux/auto/XML-DOM/.packlist /usr/lib/perl5/site_perl/5.8.6/i686-linux/auto/libxml-perl/.packlist /usr/lib/perl5/site_perl/5.8.6/i686-linux/auto/Convert/ASN1/.packlist /usr/lib/perl5/site_perl/5.8.6/i686-linux/auto/Convert/BER/.packlist /usr/lib/perl5/site_perl/5.8.6/i686-linux/auto/URI/.packlist /usr/lib/perl5/site_perl/5.8.6/i686-linux/auto/Safe/Hole/.packlist /usr/lib/perl5/site_perl/5.8.6/i686-linux/auto/MD5/.packlist /usr/lib/perl5/site_perl/5.8.6/i686-linux/auto/libwww-perl/.packlist /usr/lib/perl5/site_perl/5.8.6/i686-linux/auto/IO/Stty/.packlist /usr/lib/perl5/site_perl/5.8.6/i686-linux/auto/IO/String/.packlist /usr/lib/perl5/site_perl/5.8.6/i686-linux/auto/IO/Tty/.packlist /usr/lib/perl5/site_perl/5.8.6/i686-linux/auto/IO/Stringy/.packlist /usr/lib/perl5/site_perl/5.8.6/i686-linux/auto/IO/Tee/.packlist /usr/lib/perl5/site_perl/5.8.6/i686-linux/auto/IO/Zlib/.packlist /usr/lib/perl5/site_perl/5.8.6/i686-linux/auto/Crypt/Blowfish_PP/.packlist /usr/lib/perl5/site_perl/5.8.6/i686-linux/auto/Crypt/CBC/.packlist /usr/lib/perl5/site_perl/5.8.6/i686-linux/auto/Crypt/SSLeay/.packlist /usr/lib/perl5/site_perl/5.8.6/i686-linux/auto/Crypt/DES/.packlist /usr/lib/perl5/site_perl/5.8.6/i686-linux/auto/Crypt/Blowfish/.packlist /usr/lib/perl5/site_perl/5.8.6/i686-linux/auto/OLE/Storage_Lite/.packlist /usr/lib/perl5/site_perl/5.8.6/i686-linux/auto/XML/RegExp/.packlist /usr/lib/perl5/site_perl/5.8.6/i686-linux/auto/XML/Parser/.packlist /usr/lib/perl5/site_perl/5.8.6/i686-linux/auto/XML/XSLT/.packlist /usr/lib/perl5/site_perl/5.8.6/i686-linux/auto/Geo/IPfree/.packlist /usr/lib/perl5/site_perl/5.8.6/i686-linux/auto/Spreadsheet/ParseExcel/.packlist /usr/lib/perl5/site_perl/5.8.6/i686-linux/auto/Spreadsheet/WriteExcel/.packlist /usr/lib/perl5/site_perl/5.8.6/i686-linux/auto/Business/UPS/.packlist /usr/lib/perl5/site_perl/5.8.6/i686-linux/auto/Business/OnlinePayment/.packlist /usr/lib/perl5/site_perl/5.8.6/i686-linux/auto/Business/OnlinePayment/AuthorizeNet/.packlist /usr/lib/perl5/site_perl/5.8.6/i686-linux/auto/Term/ReadKey/.packlist /usr/lib/perl5/site_perl/5.8.6/i686-linux/auto/Term/ReadLine/.packlist /usr/lib/perl5/site_perl/5.8.6/i686-linux/auto/Text/CSV_XS/.packlist /usr/lib/perl5/site_perl/5.8.6/i686-linux/auto/Text/Reform/.packlist /usr/lib/perl5/site_perl/5.8.6/i686-linux/auto/Text/Query/.packlist /usr/lib/perl5/site_perl/5.8.6/i686-linux/auto/Parse/RecDescent/.packlist /usr/lib/perl5/site_perl/5.8.6/i686-linux/auto/File/Scan/ClamAV/.packlist /usr/lib/perl5/site_perl/5.8.6/i686-linux/auto/Sys/Hostname/Long/.packlist /usr/lib/perl5/site_perl/5.8.6/i686-linux/auto/Archive/Tar/.packlist /usr/lib/perl5/site_perl/5.8.6/i686-linux/auto/Archive/Zip/.packlist /usr/lib/perl5/site_perl/5.8.6/i686-linux/auto/Image/Magick/.packlist /usr/lib/perl5/site_perl/5.8.6/i686-linux/auto/Image/Size/.packlist /usr/lib/perl5/site_perl/5.8.6/i686-linux/auto/MLDBM/.packlist /usr/lib/perl5/site_perl/5.8.6/i686-linux/auto/MLDBM/Sync/.packlist /usr/lib/perl5/site_perl/5.8.6/i686-linux/auto/SQL/Statement/.packlist /usr/lib/perl5/site_perl/5.8.6/i686-linux/auto/DBI/.packlist /usr/lib/perl5/site_perl/5.8.6/i686-linux/auto/DBI/Shell/.packlist /usr/lib/perl5/site_perl/5.8.6/i686-linux/auto/Persistent/MySQL/.packlist /usr/lib/perl5/site_perl/5.8.6/i686-linux/auto/Persistent/DBI/.packlist /usr/lib/perl5/site_perl/5.8.6/i686-linux/auto/Persistent/Base/.packlist /usr/lib/perl5/site_perl/5.8.6/i686-linux/auto/GD/.packlist /usr/lib/perl5/site_perl/5.8.6/i686-linux/auto/GD/Graph3d/.packlist /usr/lib/perl5/site_perl/5.8.6/i686-linux/auto/GD/Graph/.packlist /usr/lib/perl5/site_perl/5.8.6/i686-linux/auto/GD/Text/.packlist /usr/lib/perl5/site_perl/5.8.6/i686-linux/auto/RPC/PlServer/.packlist /usr/lib/perl5/site_perl/5.8.6/i686-linux/auto/Expect/.packlist /usr/lib/perl5/site_perl/5.8.6/i686-linux/auto/Digest/SHA1/.packlist /usr/lib/perl5/site_perl/5.8.6/i686-linux/auto/Digest/HMAC/.packlist /usr/lib/perl5/site_perl/5.8.6/i686-linux/auto/DBD/mysql/.packlist /usr/lib/perl5/site_perl/5.8.6/i686-linux/auto/DBD/Multiplex/.packlist /usr/lib/perl5/site_perl/5.8.6/i686-linux/auto/MIME-tools/.packlist /usr/lib/perl5/site_perl/5.8.6/i686-linux/auto/Mail/SpamAssassin/.packlist /usr/lib/perl5/site_perl/5.8.6/i686-linux/auto/Mail/.packlist /usr/lib/perl5/site_perl/5.8.6/i686-linux/auto/HTML/FillInForm/.packlist /usr/lib/perl5/site_perl/5.8.6/i686-linux/auto/HTML/SimpleParse/.packlist /usr/lib/perl5/site_perl/5.8.6/i686-linux/auto/HTML/Clean/.packlist /usr/lib/perl5/site_perl/5.8.6/i686-linux/auto/HTML/Tagset/.packlist /usr/lib/perl5/site_perl/5.8.6/i686-linux/auto/HTML/Parser/.packlist /usr/lib/perl5/site_perl/5.8.6/i686-linux/auto/Compress/Zlib/.packlist /usr/lib/perl5/site_perl/5.8.6/i686-linux/auto/Curses/.packlist /usr/lib/perl5/5.8.6/i686-linux/.packlist /usr/lib/perl5/5.8.6/i686-linux/auto/CGI/.packlist /usr/lib/perl5/5.8.6/i686-linux/auto/Time/HiRes/.packlist /usr/lib/perl5/5.8.6/i686-linux/auto/Storable/.packlist /usr/lib/perl5/5.8.6/i686-linux/auto/Cwd/.packlist /usr/lib/perl5/5.8.6/i686-linux/auto/Digest/MD5/.packlist /usr/lib/perl5/5.8.3/i386-linux-thread-multi/.packlist /lib/modules/2.6.10-1.771_FC2/build/.config /lib/modules/2.6.10-1.771_FC2/build/scripts/kconfig/.mconf.o.cmd /lib/modules/2.6.10-1.771_FC2/build/scripts/kconfig/.conf.o.cmd /lib/modules/2.6.10-1.771_FC2/build/scripts/kconfig/.zconf.tab.o.cmd /lib/modules/2.6.10-1.771_FC2/build/scripts/kconfig/.conf.cmd /lib/modules/2.6.10-1.771_FC2/build/scripts/.conmakehash.cmd /lib/modules/2.6.10-1.771_FC2/build/scripts/mod/.mk_elfconfig.cmd /lib/modules/2.6.10-1.771_FC2/build/scripts/mod/.modpost.o.cmd /lib/modules/2.6.10-1.771_FC2/build/scripts/mod/.modpost.cmd /lib/modules/2.6.10-1.771_FC2/build/scripts/mod/.empty.o.cmd /lib/modules/2.6.10-1.771_FC2/build/scripts/mod/.elfconfig.h.cmd /lib/modules/2.6.10-1.771_FC2/build/scripts/mod/.sumversion.o.cmd /lib/modules/2.6.10-1.771_FC2/build/scripts/mod/.file2alias.o.cmd /lib/modules/2.6.10-1.771_FC2/build/scripts/genksyms/.parse.o.cmd /lib/modules/2.6.10-1.771_FC2/build/scripts/genksyms/.genksyms.o.cmd /lib/modules/2.6.10-1.771_FC2/build/scripts/genksyms/.lex.o.cmd /lib/modules/2.6.10-1.771_FC2/build/scripts/genksyms/.genksyms.cmd

everything else is "not inffected" except bindshell port 465, which all the documentation I have been reading leads me to beleive this is a false report.

**hbidad** · 06-15-2005 07:11 AM

Code:

/lib/modules/2.6.10-1.771_FC2/build/scripts/.pnmtologo.cmd /lib/modules/2.6.10-1.771_FC2/build/scripts/basic/.docproc.cmd /lib/modules/2.6.10-1.771_FC2/build/scripts/basic/.fixdep.cmd /lib/modules/2.6.10-1.771_FC2/build/scripts/basic/.split-include.cmd /lib/modules/2.6.10-1.771_FC2/build/scripts/.kallsyms.cmd /lib/modules/2.6.10-1.771_FC2smp/build/.config /lib/modules/2.6.10-1.771_FC2smp/build/scripts/kconfig/.mconf.o.cmd /lib/modules/2.6.10-1.771_FC2smp/build/scripts/kconfig/.conf.o.cmd /lib/modules/2.6.10-1.771_FC2smp/build/scripts/kconfig/.zconf.tab.o.cmd /lib/modules/2.6.10-1.771_FC2smp/build/scripts/kconfig/.conf.cmd /lib/modules/2.6.10-1.771_FC2smp/build/scripts/.conmakehash.cmd /lib/modules/2.6.10-1.771_FC2smp/build/scripts/mod/.mk_elfconfig.cmd /lib/modules/2.6.10-1.771_FC2smp/build/scripts/mod/.modpost.o.cmd /lib/modules/2.6.10-1.771_FC2smp/build/scripts/mod/.modpost.cmd /lib/modules/2.6.10-1.771_FC2smp/build/scripts/mod/.

**MMarko** · 06-15-2005 11:00 AM

Originally Posted by hbidad

everything else is "not inffected" except bindshell port 465, which all the documentation I have been reading leads me to beleive this is a false report.

This is true.

Have you checked suspicious files manually?

**chirpy** · 06-15-2005 11:53 AM

Port 465 is a false-positive, it's ssmtp.

The others (dot files) are probably all false-positives.

As for the error in your first post, that would suggest that your Fedora Core mirror that you are using in /etc/yum.conf is broken. Try a different one from the mirror list on the Fedora site.

**MMarko** · 06-15-2005 12:14 PM

Originally Posted by chirpy

As for the error in your first post, that would suggest that your Fedora Core mirror that you are using in /etc/yum.conf is broken. Try a different one from the mirror list on the Fedora site.

Talking about updates... can kernel be updated to newer version say from 2.4 to 2.6 with yum?

**chirpy** · 06-15-2005 12:29 PM

Not if your OS vendor doesn't provide it. You'd either need to borrow one from another distribution or release, or grab it from kernel.org.

**MMarko** · 06-15-2005 12:31 PM

Originally Posted by chirpy

Not if your OS vendor doesn't provide it. You'd either need to borrow one from another distribution or release, or grab it from kernel.org.

I think CentOS provide such kernel updates. And I've try yum -kernel, but it seems that yum won't update kernel to 2.6, only get latest updates for 2.4.

**chirpy** · 06-15-2005 12:32 PM

AFAIK, CentOS doesn't. It simply provides the RHE kernels which for v3 is the 2.4 kernel tree. v4 uses the 2.6 kernel tree.

**MMarko** · 06-15-2005 12:33 PM

Originally Posted by chirpy

AFAIK, CentOS doesn't. It simply provides the RHE kernels which for v3 is the 2.4 kernel tree. v4 uses the 2.6 kernel tree.

Ah, I see.

LinkBack

Thread Tools

Cpanel has problems updating - unusal Chkrootkit log

cpanel log: [Cpanel::Mysql]: Not updating privileges for

Problems updating?

/bin/sh: /root/chkrootkit-0.46a/chkrootkit: Permission denied

chkrootkit log?

Log files are not updating