Chkrootkit:Checking `chkutmp'... The tty of the following user process(es) were not

isputra

isputra

Well-Known Member
May 3, 2003
574
0
166
Mbelitar
Hi,

Today i notice that my chkrootkit test result give me strange message :

Checking `chkutmp'... The tty of the following user process(es) were not found
in /var/run/utmp !
! RUID PID TTY CMD
! root 29541 pts/0 /usr/bin/perl /scripts/realperlinstaller version Archive::Tar Archive::Zip BSD::Resource Bundle::DBD::mysql Bundle::Interchange Bundle::LWP Business::OnlinePayment::AuthorizeNet Business::UPS CGI Compress::Zlib Crypt::SSLeay DBI Date::Parse Digest::MD5 Digeschkutmp: nothing deleted

What happen with this ?
Is it my server hacked ?

Thanks
 
chirpy

chirpy

Well-Known Member
Verifed Vendor
Jun 15, 2002
13,437
33
473
Go on, have a guess
No, that's simply a terminal process running exactly what it shows. Probably a hung session that you terminated. If it's still there, kill of the owning PID, but be careful if it's simply a subprocess of a larger thread (i.e. do ps axf to find out more).
 
  • Like
Reactions: dragonsway and postcd
isputra

isputra

Well-Known Member
May 3, 2003
574
0
166
Mbelitar
thanks chirpy.

I use ps axf and no PID with 29541
 
You must log in or register to reply here.
Thread starter Similar threads Forum Replies Date
N Passwd Infected Chkrootkit Security 6
B chkrootkit email says Suspect directory dev/rd/cdb FOUND! Security 1
C cronjob path for lynis and chkrootkit Security 4
A SOLVED Passwd Infected Chkrootkit Security 9
T Question about chkrootkit entry Security 2
Similar threads
Passwd Infected Chkrootkit
chkrootkit email says Suspect directory dev/rd/cdb FOUND!
cronjob path for lynis and chkrootkit
SOLVED Passwd Infected Chkrootkit
Question about chkrootkit entry
Top Bottom