chkrootkit

  1. A

    SOLVED Passwd Infected Chkrootkit

    Hi, chkrootkit-0.52 Completed update 11.76.0.17 -> 11.76.0.18 OS CloudLinux 7.6 (Vladimir Lyakhov) How can I confirm if this is false positive? I know it is already explained here Passwd Infected Chkrootkit but what URL do I need to use to download the jail_safe_passwd.bz2 file from cPanel...
  2. 000

    chkrootkit last version 2007 Ups...

    When you go to: ftp://ftp.pangeia.com.br/pub/seg/pac/ or Software de seguridad adicional you find script updated in 2007 now is 2011 ! Definitively this is the best script to Security anti-trojans ? OR some URL to download some more recient version ?
  3. M

    rkhunter and chkrootkit place

    Hi, I used wget and put rkhunter and chkrootkit in /root directory. When rkhunter unpacked and installed it listed the files here: /root/rkhunter-1.3.4/files/ and put rkhunter file in /usr/local/bin directory. I have this in the crontab to update only: 25 5 * * *...
  4. verdon

    Tweaking chkrootkit

    Hi, Old server: CentOS 3.9 chkrootkit 0.47 New server: CentOS 5 chkrootkit 0.48 I've just moved to a new server and one difference I've noticed is that on my new server, chkrootkit is getting a much longer list of .. can't exec ./strings-static...
  5. B

    Broken Pike on Chkrootkit cron

    I am getting the following message on this cron job step grep: write error: Broken pipe /root/chkrootkit.sh | grep -v .packlist any idea why this is broken?
  6. E

    Perl 5.8.8 & chkrootkit

    Ever since I upgraded Perl to 5.8.8 I have had this output in the daily chkrootkit cron emails on just one server. Anyone any ideas as to whether this is anything to worry about or how to correct it. WHM 11.1.0 cPanel 11.2.19-C12737 REDHAT Enterprise 4 Cheers, James
  7. L

    CHKROOTKIT suspicious files (newbie)

    I recently bought a VPS (virtuozzo & cpanel whm)but left it enabled with no firewall etc for a few days, (very newbie) while I figured out and researched the basics. I'm now trying to secure it. I've just installed CHKROOTKIT (chkrootkit.org) and I'm getting a lot of entries which cause me...
  8. sh4ka

    ifconfig INFECTED! chkrootkit report, help please

    Today with my daily scan report in a server.. i got "Checking `ifconfig'... INFECTED", I am using jail binaries to make the check like this: "./chkrootkit -p ../binaries" , and in binaries I have of course the binaries chkrootkit uses for the scan. I'm using RHES 4 on this server. Well...
  9. B

    chkrootkit message

    ok, i don't know if this the right place where to post this message, but here it goes: Checking `bindshell'... INFECTED (PORTS: 465) Checking `lkm'... You have 14 process hidden for ps command chkproc: Warning: Possible LKM Trojan installed Checking `rexedcs'... not found Checking...
  10. T

    Need help with chkrootkit output

    Need help with rkhunter output My server is: WHM 10.8.0 cPanel 10.8.1-R21 CentOS 3.1 i686 - WHM X v3.1.0 I ran rkhunter and got the following output. fter checking the forum I am pretty sure that I don't have to worry about this, but of course if someone sees something suspicious...
  11. U

    chkrootkit results?

    Hi, I check my server with chkrootkit every few weeks. Today I got the following doubtful results:- Checking `bindshell'... warning, got bogus unix line. INFECTED (PORTS: 465) Checking `lkm'... You have 2 process hidden for readdir command You have 2 process hidden for ps...
  12. H

    Cpanel has problems updating - unusal Chkrootkit log

    Server: Fedora Core 2 - i386 - Base Server: Fedora Core 2 - i386 - Released Updates retrygrab() failed for: http://mirror.hiwaay.net/redhat/fedora/linux/core/updates/2/i386/headers/header.info Executing failover method failover: out of servers to try Error getting file...
  13. N

    chkrootkit erro

    Help plz: [email protected] [/etc/cron.daily]# ./chkrootkit.sh /proc/10485/fd: No such file or directory
  14. O

    rkhunter - chkrootkit

    Hi there Wich one of those should we trust more? We have one server with a issue in cron mails sent fron rkhunter jobs: * MD5 scan MD5 compared : 0 Incorrect MD5 checksums : 0 but no problem runnig it from prmpt. chkrootkit say it found about 40 hidden processes from...
  15. O

    chkrootkit - lkm -mysql

    Hi We have several servers there chkrootkit says Checking `lkm'... You have 26 process hidden for ps command Warning: Possible LKM Trojan installed rkhunter is going without warnings chkrootkit -x lkm ROOTDIR is `/' ### ### Output of: ./chkproc -v -v -p 1 ### PID 2611...
  16. F

    What is this? (something found with chkrootkit)

    Checking `bindshell'... INFECTED (PORTS: 465) Im running fedora core 2 (upgraded from core 1 with instructions from another thread) Or is this a false positive?
  17. S

    chkrootkit log?

    Searching for suspicious files and dirs, it may take a while... /usr/lib/perl5/5.8.0/i386-linux-thread-multi/.packlist /usr/lib/perl5/site_perl/5.8.1/i686-linux/auto/Compress/Zlib/.packlist /usr/lib/perl5/site_perl/5.8.1/i686-linux/auto/Net/Telnet/.packlist...
  18. B

    Chkrootkit installation

    Installing CHKROOTKIT (Version 0.42b Sep 20 2003) SSH as admin to your server. DO NOT use telnet #Change to root su - #Type the following wget ftp://ftp.pangeia.com.br/pub/seg/pac/chkrootkit.tar.gz #Unpack the tarball using the command tar xvzf chkrootkit.tar.gz #Change to...
  19. V

    lkm trojan "hidden process": chkrootkit false alarm?

    This is showing up in a daily chkrootkit report from one of our machines:: Checking `lkm'... You have 1 process hidden for readdir command You have 1 process hidden for ps command Warning: Possible LKM Trojan installed When you run chkrootkit manually with -x it shows this...
  20. N

    Chkrootkit

    Hello, I've check my system with chkrootkit and got: Checking 'bindshell' ... warning, got bogus unix line (INFECTED PORTS 465) Have I to worry?