chkrootkit

After last update I have the following problem on my server. WHM 11.98.0.11 Checking `passwd'... INFECTED Today after yesterday update from 11.98.0.10 to 11.98.0.11 Checking `netstat'... not infected Checking `named'... not infected Checking `passwd'... INFECTED Checking `pidof'... not...

Hi, chkrootkit-0.52 Completed update 11.76.0.17 -> 11.76.0.18 OS CloudLinux 7.6 (Vladimir Lyakhov) How can I confirm if this is false positive? I know it is already explained here Passwd Infected Chkrootkit but what URL do I need to use to download the jail_safe_passwd.bz2 file from cPanel...

When you go to: ftp://ftp.pangeia.com.br/pub/seg/pac/ or Software de seguridad adicional you find script updated in 2007 now is 2011 ! Definitively this is the best script to Security anti-trojans ? OR some URL to download some more recient version ?

Hi, I used wget and put rkhunter and chkrootkit in /root directory. When rkhunter unpacked and installed it listed the files here: /root/rkhunter-1.3.4/files/ and put rkhunter file in /usr/local/bin directory. I have this in the crontab to update only: 25 5 * * *...

Hi, Old server: CentOS 3.9 chkrootkit 0.47 New server: CentOS 5 chkrootkit 0.48 I've just moved to a new server and one difference I've noticed is that on my new server, chkrootkit is getting a much longer list of .. can't exec ./strings-static...

I am getting the following message on this cron job step grep: write error: Broken pipe /root/chkrootkit.sh | grep -v .packlist any idea why this is broken?

Ever since I upgraded Perl to 5.8.8 I have had this output in the daily chkrootkit cron emails on just one server. Anyone any ideas as to whether this is anything to worry about or how to correct it. WHM 11.1.0 cPanel 11.2.19-C12737 REDHAT Enterprise 4 Cheers, James

I recently bought a VPS (virtuozzo & cpanel whm)but left it enabled with no firewall etc for a few days, (very newbie) while I figured out and researched the basics. I'm now trying to secure it. I've just installed CHKROOTKIT (chkrootkit.org) and I'm getting a lot of entries which cause me...

Today with my daily scan report in a server.. i got "Checking `ifconfig'... INFECTED", I am using jail binaries to make the check like this: "./chkrootkit -p ../binaries" , and in binaries I have of course the binaries chkrootkit uses for the scan. I'm using RHES 4 on this server. Well...

ok, i don't know if this the right place where to post this message, but here it goes: Checking `bindshell'... INFECTED (PORTS: 465) Checking `lkm'... You have 14 process hidden for ps command chkproc: Warning: Possible LKM Trojan installed Checking `rexedcs'... not found Checking...

Need help with rkhunter output My server is: WHM 10.8.0 cPanel 10.8.1-R21 CentOS 3.1 i686 - WHM X v3.1.0 I ran rkhunter and got the following output. fter checking the forum I am pretty sure that I don't have to worry about this, but of course if someone sees something suspicious...

Hi, I check my server with chkrootkit every few weeks. Today I got the following doubtful results:- Checking `bindshell'... warning, got bogus unix line. INFECTED (PORTS: 465) Checking `lkm'... You have 2 process hidden for readdir command You have 2 process hidden for ps...

Server: Fedora Core 2 - i386 - Base Server: Fedora Core 2 - i386 - Released Updates retrygrab() failed for: http://mirror.hiwaay.net/redhat/fedora/linux/core/updates/2/i386/headers/header.info Executing failover method failover: out of servers to try Error getting file...

Help plz: [email protected] [/etc/cron.daily]# ./chkrootkit.sh /proc/10485/fd: No such file or directory

Hi there Wich one of those should we trust more? We have one server with a issue in cron mails sent fron rkhunter jobs: * MD5 scan MD5 compared : 0 Incorrect MD5 checksums : 0 but no problem runnig it from prmpt. chkrootkit say it found about 40 hidden processes from...

Hi We have several servers there chkrootkit says Checking `lkm'... You have 26 process hidden for ps command Warning: Possible LKM Trojan installed rkhunter is going without warnings chkrootkit -x lkm ROOTDIR is `/' ### ### Output of: ./chkproc -v -v -p 1 ### PID 2611...

Checking `bindshell'... INFECTED (PORTS: 465) Im running fedora core 2 (upgraded from core 1 with instructions from another thread) Or is this a false positive?

Searching for suspicious files and dirs, it may take a while... /usr/lib/perl5/5.8.0/i386-linux-thread-multi/.packlist /usr/lib/perl5/site_perl/5.8.1/i686-linux/auto/Compress/Zlib/.packlist /usr/lib/perl5/site_perl/5.8.1/i686-linux/auto/Net/Telnet/.packlist...

Installing CHKROOTKIT (Version 0.42b Sep 20 2003) SSH as admin to your server. DO NOT use telnet #Change to root su - #Type the following wget ftp://ftp.pangeia.com.br/pub/seg/pac/chkrootkit.tar.gz #Unpack the tarball using the command tar xvzf chkrootkit.tar.gz #Change to...

This is showing up in a daily chkrootkit report from one of our machines:: Checking `lkm'... You have 1 process hidden for readdir command You have 1 process hidden for ps command Warning: Possible LKM Trojan installed When you run chkrootkit manually with -x it shows this...