Cpanel has problems updating - unusal Chkrootkit log

hbidad · Jun 15, 2005

Code:

Server: Fedora Core 2 - i386 - Base
Server: Fedora Core 2 - i386 - Released Updates
retrygrab() failed for:
  [url]http://mirror.hiwaay.net/redhat/fedora/linux/core/updates/2/i386/headers/header.info[/url]
  Executing failover method
failover: out of servers to try
Error getting file [url]http://mirror.hiwaay.net/redhat/fedora/linux/core/updates/2/i386/headers/header.info[/url]
[Errno 4] IOError: HTTP Error 404: Not Found
retrygrab() failed for:
  [url]http://mirror.hiwaay.net/redhat/fedora/linux/core/updates/2/i386/headers/header.info[/url]
  Executing failover method
failover: out of servers to try
Error getting file [url]http://mirror.hiwaay.net/redhat/fedora/linux/core/updates/2/i386/headers/header.info[/url]
[Errno 4] IOError: HTTP Error 404: Not Found
Gathering header information file(s) from server(s)

I started to get a long list of suspicious files reported from chkrootkit. I don't think it relevant, but it don't hurt to ask. here is my log ....(next thread)

hbidad · Jun 15, 2005

Code:

Searching for suspicious files and dirs, it may take a while... 
/usr/lib/php/.registry /usr/lib/php/.lock /usr/lib/php/.filemap /usr/lib/perl5/site_perl/5.8.6/i686-linux/auto/SOAP/Lite/.packlist /usr/lib/perl5/site_perl/5.8.6/i686-linux/auto/Tie/ShadowHash/.packlist /usr/lib/perl5/site_perl/5.8.6/i686-linux/auto/Tie/Watch/.packlist /usr/lib/perl5/site_perl/5.8.6/i686-linux/auto/Tie/IxHash/.packlist /usr/lib/perl5/site_perl/5.8.6/i686-linux/auto/Devel/Symdump/.packlist /usr/lib/perl5/site_perl/5.8.6/i686-linux/auto/Net/DNS/.packlist /usr/lib/perl5/site_perl/5.8.6/i686-linux/auto/Net/SSLeay/.packlist /usr/lib/perl5/site_perl/5.8.6/i686-linux/auto/Net/AIM/.packlist /usr/lib/perl5/site_perl/5.8.6/i686-linux/auto/Net/IP/.packlist /usr/lib/perl5/site_perl/5.8.6/i686-linux/auto/Net/LDAP/.packlist /usr/lib/perl5/site_perl/5.8.6/i686-linux/auto/Net/Daemon/.packlist /usr/lib/perl5/site_perl/5.8.6/i686-linux/auto/Net/Telnet/.packlist /usr/lib/perl5/site_perl/5.8.6/i686-linux/auto/Tree/MultiNode/.packlist /usr/lib/perl5/site_perl/5.8.6/i686-linux/auto/Data/ShowTable/.packlist /usr/lib/perl5/site_perl/5.8.6/i686-linux/auto/XML-DOM/.packlist /usr/lib/perl5/site_perl/5.8.6/i686-linux/auto/libxml-perl/.packlist /usr/lib/perl5/site_perl/5.8.6/i686-linux/auto/Convert/ASN1/.packlist /usr/lib/perl5/site_perl/5.8.6/i686-linux/auto/Convert/BER/.packlist /usr/lib/perl5/site_perl/5.8.6/i686-linux/auto/URI/.packlist /usr/lib/perl5/site_perl/5.8.6/i686-linux/auto/Safe/Hole/.packlist /usr/lib/perl5/site_perl/5.8.6/i686-linux/auto/MD5/.packlist /usr/lib/perl5/site_perl/5.8.6/i686-linux/auto/libwww-perl/.packlist /usr/lib/perl5/site_perl/5.8.6/i686-linux/auto/IO/Stty/.packlist /usr/lib/perl5/site_perl/5.8.6/i686-linux/auto/IO/String/.packlist /usr/lib/perl5/site_perl/5.8.6/i686-linux/auto/IO/Tty/.packlist /usr/lib/perl5/site_perl/5.8.6/i686-linux/auto/IO/Stringy/.packlist /usr/lib/perl5/site_perl/5.8.6/i686-linux/auto/IO/Tee/.packlist /usr/lib/perl5/site_perl/5.8.6/i686-linux/auto/IO/Zlib/.packlist /usr/lib/perl5/site_perl/5.8.6/i686-linux/auto/Crypt/Blowfish_PP/.packlist /usr/lib/perl5/site_perl/5.8.6/i686-linux/auto/Crypt/CBC/.packlist /usr/lib/perl5/site_perl/5.8.6/i686-linux/auto/Crypt/SSLeay/.packlist /usr/lib/perl5/site_perl/5.8.6/i686-linux/auto/Crypt/DES/.packlist /usr/lib/perl5/site_perl/5.8.6/i686-linux/auto/Crypt/Blowfish/.packlist /usr/lib/perl5/site_perl/5.8.6/i686-linux/auto/OLE/Storage_Lite/.packlist /usr/lib/perl5/site_perl/5.8.6/i686-linux/auto/XML/RegExp/.packlist /usr/lib/perl5/site_perl/5.8.6/i686-linux/auto/XML/Parser/.packlist /usr/lib/perl5/site_perl/5.8.6/i686-linux/auto/XML/XSLT/.packlist /usr/lib/perl5/site_perl/5.8.6/i686-linux/auto/Geo/IPfree/.packlist /usr/lib/perl5/site_perl/5.8.6/i686-linux/auto/Spreadsheet/ParseExcel/.packlist /usr/lib/perl5/site_perl/5.8.6/i686-linux/auto/Spreadsheet/WriteExcel/.packlist /usr/lib/perl5/site_perl/5.8.6/i686-linux/auto/Business/UPS/.packlist /usr/lib/perl5/site_perl/5.8.6/i686-linux/auto/Business/OnlinePayment/.packlist /usr/lib/perl5/site_perl/5.8.6/i686-linux/auto/Business/OnlinePayment/AuthorizeNet/.packlist /usr/lib/perl5/site_perl/5.8.6/i686-linux/auto/Term/ReadKey/.packlist /usr/lib/perl5/site_perl/5.8.6/i686-linux/auto/Term/ReadLine/.packlist /usr/lib/perl5/site_perl/5.8.6/i686-linux/auto/Text/CSV_XS/.packlist /usr/lib/perl5/site_perl/5.8.6/i686-linux/auto/Text/Reform/.packlist /usr/lib/perl5/site_perl/5.8.6/i686-linux/auto/Text/Query/.packlist /usr/lib/perl5/site_perl/5.8.6/i686-linux/auto/Parse/RecDescent/.packlist /usr/lib/perl5/site_perl/5.8.6/i686-linux/auto/File/Scan/ClamAV/.packlist /usr/lib/perl5/site_perl/5.8.6/i686-linux/auto/Sys/Hostname/Long/.packlist /usr/lib/perl5/site_perl/5.8.6/i686-linux/auto/Archive/Tar/.packlist /usr/lib/perl5/site_perl/5.8.6/i686-linux/auto/Archive/Zip/.packlist /usr/lib/perl5/site_perl/5.8.6/i686-linux/auto/Image/Magick/.packlist /usr/lib/perl5/site_perl/5.8.6/i686-linux/auto/Image/Size/.packlist /usr/lib/perl5/site_perl/5.8.6/i686-linux/auto/MLDBM/.packlist /usr/lib/perl5/site_perl/5.8.6/i686-linux/auto/MLDBM/Sync/.packlist /usr/lib/perl5/site_perl/5.8.6/i686-linux/auto/SQL/Statement/.packlist /usr/lib/perl5/site_perl/5.8.6/i686-linux/auto/DBI/.packlist /usr/lib/perl5/site_perl/5.8.6/i686-linux/auto/DBI/Shell/.packlist /usr/lib/perl5/site_perl/5.8.6/i686-linux/auto/Persistent/MySQL/.packlist /usr/lib/perl5/site_perl/5.8.6/i686-linux/auto/Persistent/DBI/.packlist /usr/lib/perl5/site_perl/5.8.6/i686-linux/auto/Persistent/Base/.packlist /usr/lib/perl5/site_perl/5.8.6/i686-linux/auto/GD/.packlist /usr/lib/perl5/site_perl/5.8.6/i686-linux/auto/GD/Graph3d/.packlist /usr/lib/perl5/site_perl/5.8.6/i686-linux/auto/GD/Graph/.packlist /usr/lib/perl5/site_perl/5.8.6/i686-linux/auto/GD/Text/.packlist /usr/lib/perl5/site_perl/5.8.6/i686-linux/auto/RPC/PlServer/.packlist /usr/lib/perl5/site_perl/5.8.6/i686-linux/auto/Expect/.packlist /usr/lib/perl5/site_perl/5.8.6/i686-linux/auto/Digest/SHA1/.packlist /usr/lib/perl5/site_perl/5.8.6/i686-linux/auto/Digest/HMAC/.packlist /usr/lib/perl5/site_perl/5.8.6/i686-linux/auto/DBD/mysql/.packlist /usr/lib/perl5/site_perl/5.8.6/i686-linux/auto/DBD/Multiplex/.packlist /usr/lib/perl5/site_perl/5.8.6/i686-linux/auto/MIME-tools/.packlist /usr/lib/perl5/site_perl/5.8.6/i686-linux/auto/Mail/SpamAssassin/.packlist /usr/lib/perl5/site_perl/5.8.6/i686-linux/auto/Mail/.packlist /usr/lib/perl5/site_perl/5.8.6/i686-linux/auto/HTML/FillInForm/.packlist /usr/lib/perl5/site_perl/5.8.6/i686-linux/auto/HTML/SimpleParse/.packlist /usr/lib/perl5/site_perl/5.8.6/i686-linux/auto/HTML/Clean/.packlist /usr/lib/perl5/site_perl/5.8.6/i686-linux/auto/HTML/Tagset/.packlist /usr/lib/perl5/site_perl/5.8.6/i686-linux/auto/HTML/Parser/.packlist /usr/lib/perl5/site_perl/5.8.6/i686-linux/auto/Compress/Zlib/.packlist /usr/lib/perl5/site_perl/5.8.6/i686-linux/auto/Curses/.packlist /usr/lib/perl5/5.8.6/i686-linux/.packlist /usr/lib/perl5/5.8.6/i686-linux/auto/CGI/.packlist /usr/lib/perl5/5.8.6/i686-linux/auto/Time/HiRes/.packlist /usr/lib/perl5/5.8.6/i686-linux/auto/Storable/.packlist /usr/lib/perl5/5.8.6/i686-linux/auto/Cwd/.packlist /usr/lib/perl5/5.8.6/i686-linux/auto/Digest/MD5/.packlist /usr/lib/perl5/5.8.3/i386-linux-thread-multi/.packlist /lib/modules/2.6.10-1.771_FC2/build/.config /lib/modules/2.6.10-1.771_FC2/build/scripts/kconfig/.mconf.o.cmd /lib/modules/2.6.10-1.771_FC2/build/scripts/kconfig/.conf.o.cmd /lib/modules/2.6.10-1.771_FC2/build/scripts/kconfig/.zconf.tab.o.cmd /lib/modules/2.6.10-1.771_FC2/build/scripts/kconfig/.conf.cmd /lib/modules/2.6.10-1.771_FC2/build/scripts/.conmakehash.cmd /lib/modules/2.6.10-1.771_FC2/build/scripts/mod/.mk_elfconfig.cmd /lib/modules/2.6.10-1.771_FC2/build/scripts/mod/.modpost.o.cmd /lib/modules/2.6.10-1.771_FC2/build/scripts/mod/.modpost.cmd /lib/modules/2.6.10-1.771_FC2/build/scripts/mod/.empty.o.cmd /lib/modules/2.6.10-1.771_FC2/build/scripts/mod/.elfconfig.h.cmd /lib/modules/2.6.10-1.771_FC2/build/scripts/mod/.sumversion.o.cmd /lib/modules/2.6.10-1.771_FC2/build/scripts/mod/.file2alias.o.cmd /lib/modules/2.6.10-1.771_FC2/build/scripts/genksyms/.parse.o.cmd /lib/modules/2.6.10-1.771_FC2/build/scripts/genksyms/.genksyms.o.cmd /lib/modules/2.6.10-1.771_FC2/build/scripts/genksyms/.lex.o.cmd /lib/modules/2.6.10-1.771_FC2/build/scripts/genksyms/.genksyms.cmd

everything else is "not inffected" except bindshell port 465, which all the documentation I have been reading leads me to beleive this is a false report.

hbidad · Jun 15, 2005

Code:

/lib/modules/2.6.10-1.771_FC2/build/scripts/.pnmtologo.cmd /lib/modules/2.6.10-1.771_FC2/build/scripts/basic/.docproc.cmd /lib/modules/2.6.10-1.771_FC2/build/scripts/basic/.fixdep.cmd /lib/modules/2.6.10-1.771_FC2/build/scripts/basic/.split-include.cmd /lib/modules/2.6.10-1.771_FC2/build/scripts/.kallsyms.cmd /lib/modules/2.6.10-1.771_FC2smp/build/.config /lib/modules/2.6.10-1.771_FC2smp/build/scripts/kconfig/.mconf.o.cmd /lib/modules/2.6.10-1.771_FC2smp/build/scripts/kconfig/.conf.o.cmd /lib/modules/2.6.10-1.771_FC2smp/build/scripts/kconfig/.zconf.tab.o.cmd /lib/modules/2.6.10-1.771_FC2smp/build/scripts/kconfig/.conf.cmd /lib/modules/2.6.10-1.771_FC2smp/build/scripts/.conmakehash.cmd /lib/modules/2.6.10-1.771_FC2smp/build/scripts/mod/.mk_elfconfig.cmd /lib/modules/2.6.10-1.771_FC2smp/build/scripts/mod/.modpost.o.cmd /lib/modules/2.6.10-1.771_FC2smp/build/scripts/mod/.modpost.cmd /lib/modules/2.6.10-1.771_FC2smp/build/scripts/mod/.

MMarko · Jun 15, 2005

hbidad said:
everything else is "not inffected" except bindshell port 465, which all the documentation I have been reading leads me to beleive this is a false report.

This is true.

Have you checked suspicious files manually?

chirpy · Jun 15, 2005

Port 465 is a false-positive, it's ssmtp.

The others (dot files) are probably all false-positives.

As for the error in your first post, that would suggest that your Fedora Core mirror that you are using in /etc/yum.conf is broken. Try a different one from the mirror list on the Fedora site.

MMarko · Jun 15, 2005

chirpy said:
As for the error in your first post, that would suggest that your Fedora Core mirror that you are using in /etc/yum.conf is broken. Try a different one from the mirror list on the Fedora site.

Talking about updates... can kernel be updated to newer version say from 2.4 to 2.6 with yum?

chirpy · Jun 15, 2005

Not if your OS vendor doesn't provide it. You'd either need to borrow one from another distribution or release, or grab it from kernel.org.

MMarko · Jun 15, 2005

chirpy said:
Not if your OS vendor doesn't provide it. You'd either need to borrow one from another distribution or release, or grab it from kernel.org.

I think CentOS provide such kernel updates. And I've try yum -kernel, but it seems that yum won't update kernel to 2.6, only get latest updates for 2.4.

chirpy · Jun 15, 2005

AFAIK, CentOS doesn't. It simply provides the RHE kernels which for v3 is the 2.4 kernel tree. v4 uses the 2.6 kernel tree.

MMarko · Jun 15, 2005

chirpy said:
AFAIK, CentOS doesn't. It simply provides the RHE kernels which for v3 is the 2.4 kernel tree. v4 uses the 2.6 kernel tree.

Ah, I see.

Thread starter	Similar threads	Forum	Replies	Date
D	Server Intrusion: The login shell has changed from '/usr/local/cpanel/bin/jailshell' to '/bin/bash'	Security	13	Mar 9, 2021
O	But my server has been set in the cpanel console to prohibit ROOT SSH login, now my authorization has expired, I want to follow the new authorization,	Security	1	Jul 12, 2020
J	SOLVED Cryptic cpanel error message has_cpuser_file failed	Security	3	Dec 17, 2019
C	Cannot access cPanel as SSL has expired	Security	12	Jan 17, 2018
A	56 update failed - cpanel-clamav different from expected hash	Security	16	May 5, 2016

Search

Search

Cpanel has problems updating - unusal Chkrootkit log

hbidad

Well-Known Member

hbidad

Well-Known Member

hbidad

Well-Known Member

MMarko

Well-Known Member

chirpy

Well-Known Member

MMarko

Well-Known Member

chirpy

Well-Known Member

MMarko

Well-Known Member

chirpy

Well-Known Member

MMarko

Well-Known Member