The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Chkrootkit

Discussion in 'General Discussion' started by netlook, May 25, 2004.

  1. netlook

    netlook Well-Known Member
    PartnerNOC

    Joined:
    Mar 25, 2004
    Messages:
    335
    Likes Received:
    0
    Trophy Points:
    16
    Hello,

    I've check my system with chkrootkit and got:

    Checking 'bindshell' ... warning, got bogus unix line (INFECTED PORTS 465)

    Have I to worry?
     
  2. SarcNBit

    SarcNBit Well-Known Member

    Joined:
    Oct 14, 2003
    Messages:
    1,010
    Likes Received:
    3
    Trophy Points:
    38
    From the CHKROOTKIT website :

    Item 7 on the FAQ (which is displayed on the homepage BTW): I'm running PortSentry/klaxon. What's wrong with the bindshell test?

    If you're running PortSentry/klaxon or another program that binds itself to unused ports probably chkrootkit will give you a false positive on the bindshell test (ports 114/tcp, 465/tcp, 511/tcp, 1008/tcp, 1524/tcp, 1999/tcp, 3879/tcp, 4369/tcp, 5665/tcp, 10008/tcp, 12321/tcp, 23132/tcp, 27374/tcp, 29364/tcp, 31336/tcp, 31337/tcp, 45454/tcp, 47017/tcp, 47889/tcp, 60001/tcp).

    I do not know your configuration so I cannot answer your question. I can tell you that this warning is common (one that a search on chkrootkit would have answered <cough> <cough>) on cPanel servers.
     
  3. netlook

    netlook Well-Known Member
    PartnerNOC

    Joined:
    Mar 25, 2004
    Messages:
    335
    Likes Received:
    0
    Trophy Points:
    16
    Ok, thanks.
     

Share This Page