Please whitelist cPanel in your adblocker so that you’re able to see our version release promotions, thanks!

The Community Forums

Interact with an entire community of cPanel & WHM users!

Cpanel has problems updating - unusal Chkrootkit log

Discussion in 'General Discussion' started by hbidad, Jun 15, 2005.

  1. hbidad

    hbidad Well-Known Member

    Joined:
    Apr 16, 2005
    Messages:
    74
    Likes Received:
    1
    Trophy Points:
    158
    Code:
    Server: Fedora Core 2 - i386 - Base
    Server: Fedora Core 2 - i386 - Released Updates
    retrygrab() failed for:
      [url]http://mirror.hiwaay.net/redhat/fedora/linux/core/updates/2/i386/headers/header.info[/url]
      Executing failover method
    failover: out of servers to try
    Error getting file [url]http://mirror.hiwaay.net/redhat/fedora/linux/core/updates/2/i386/headers/header.info[/url]
    [Errno 4] IOError: HTTP Error 404: Not Found
    retrygrab() failed for:
      [url]http://mirror.hiwaay.net/redhat/fedora/linux/core/updates/2/i386/headers/header.info[/url]
      Executing failover method
    failover: out of servers to try
    Error getting file [url]http://mirror.hiwaay.net/redhat/fedora/linux/core/updates/2/i386/headers/header.info[/url]
    [Errno 4] IOError: HTTP Error 404: Not Found
    Gathering header information file(s) from server(s)
    I started to get a long list of suspicious files reported from chkrootkit. I don't think it relevant, but it don't hurt to ask. here is my log ....(next thread)
     
  2. hbidad

    hbidad Well-Known Member

    Joined:
    Apr 16, 2005
    Messages:
    74
    Likes Received:
    1
    Trophy Points:
    158
    Code:
    Searching for suspicious files and dirs, it may take a while... 
    /usr/lib/php/.registry /usr/lib/php/.lock /usr/lib/php/.filemap /usr/lib/perl5/site_perl/5.8.6/i686-linux/auto/SOAP/Lite/.packlist /usr/lib/perl5/site_perl/5.8.6/i686-linux/auto/Tie/ShadowHash/.packlist /usr/lib/perl5/site_perl/5.8.6/i686-linux/auto/Tie/Watch/.packlist /usr/lib/perl5/site_perl/5.8.6/i686-linux/auto/Tie/IxHash/.packlist /usr/lib/perl5/site_perl/5.8.6/i686-linux/auto/Devel/Symdump/.packlist /usr/lib/perl5/site_perl/5.8.6/i686-linux/auto/Net/DNS/.packlist /usr/lib/perl5/site_perl/5.8.6/i686-linux/auto/Net/SSLeay/.packlist /usr/lib/perl5/site_perl/5.8.6/i686-linux/auto/Net/AIM/.packlist /usr/lib/perl5/site_perl/5.8.6/i686-linux/auto/Net/IP/.packlist /usr/lib/perl5/site_perl/5.8.6/i686-linux/auto/Net/LDAP/.packlist /usr/lib/perl5/site_perl/5.8.6/i686-linux/auto/Net/Daemon/.packlist /usr/lib/perl5/site_perl/5.8.6/i686-linux/auto/Net/Telnet/.packlist /usr/lib/perl5/site_perl/5.8.6/i686-linux/auto/Tree/MultiNode/.packlist /usr/lib/perl5/site_perl/5.8.6/i686-linux/auto/Data/ShowTable/.packlist /usr/lib/perl5/site_perl/5.8.6/i686-linux/auto/XML-DOM/.packlist /usr/lib/perl5/site_perl/5.8.6/i686-linux/auto/libxml-perl/.packlist /usr/lib/perl5/site_perl/5.8.6/i686-linux/auto/Convert/ASN1/.packlist /usr/lib/perl5/site_perl/5.8.6/i686-linux/auto/Convert/BER/.packlist /usr/lib/perl5/site_perl/5.8.6/i686-linux/auto/URI/.packlist /usr/lib/perl5/site_perl/5.8.6/i686-linux/auto/Safe/Hole/.packlist /usr/lib/perl5/site_perl/5.8.6/i686-linux/auto/MD5/.packlist /usr/lib/perl5/site_perl/5.8.6/i686-linux/auto/libwww-perl/.packlist /usr/lib/perl5/site_perl/5.8.6/i686-linux/auto/IO/Stty/.packlist /usr/lib/perl5/site_perl/5.8.6/i686-linux/auto/IO/String/.packlist /usr/lib/perl5/site_perl/5.8.6/i686-linux/auto/IO/Tty/.packlist /usr/lib/perl5/site_perl/5.8.6/i686-linux/auto/IO/Stringy/.packlist /usr/lib/perl5/site_perl/5.8.6/i686-linux/auto/IO/Tee/.packlist /usr/lib/perl5/site_perl/5.8.6/i686-linux/auto/IO/Zlib/.packlist /usr/lib/perl5/site_perl/5.8.6/i686-linux/auto/Crypt/Blowfish_PP/.packlist /usr/lib/perl5/site_perl/5.8.6/i686-linux/auto/Crypt/CBC/.packlist /usr/lib/perl5/site_perl/5.8.6/i686-linux/auto/Crypt/SSLeay/.packlist /usr/lib/perl5/site_perl/5.8.6/i686-linux/auto/Crypt/DES/.packlist /usr/lib/perl5/site_perl/5.8.6/i686-linux/auto/Crypt/Blowfish/.packlist /usr/lib/perl5/site_perl/5.8.6/i686-linux/auto/OLE/Storage_Lite/.packlist /usr/lib/perl5/site_perl/5.8.6/i686-linux/auto/XML/RegExp/.packlist /usr/lib/perl5/site_perl/5.8.6/i686-linux/auto/XML/Parser/.packlist /usr/lib/perl5/site_perl/5.8.6/i686-linux/auto/XML/XSLT/.packlist /usr/lib/perl5/site_perl/5.8.6/i686-linux/auto/Geo/IPfree/.packlist /usr/lib/perl5/site_perl/5.8.6/i686-linux/auto/Spreadsheet/ParseExcel/.packlist /usr/lib/perl5/site_perl/5.8.6/i686-linux/auto/Spreadsheet/WriteExcel/.packlist /usr/lib/perl5/site_perl/5.8.6/i686-linux/auto/Business/UPS/.packlist /usr/lib/perl5/site_perl/5.8.6/i686-linux/auto/Business/OnlinePayment/.packlist /usr/lib/perl5/site_perl/5.8.6/i686-linux/auto/Business/OnlinePayment/AuthorizeNet/.packlist /usr/lib/perl5/site_perl/5.8.6/i686-linux/auto/Term/ReadKey/.packlist /usr/lib/perl5/site_perl/5.8.6/i686-linux/auto/Term/ReadLine/.packlist /usr/lib/perl5/site_perl/5.8.6/i686-linux/auto/Text/CSV_XS/.packlist /usr/lib/perl5/site_perl/5.8.6/i686-linux/auto/Text/Reform/.packlist /usr/lib/perl5/site_perl/5.8.6/i686-linux/auto/Text/Query/.packlist /usr/lib/perl5/site_perl/5.8.6/i686-linux/auto/Parse/RecDescent/.packlist /usr/lib/perl5/site_perl/5.8.6/i686-linux/auto/File/Scan/ClamAV/.packlist /usr/lib/perl5/site_perl/5.8.6/i686-linux/auto/Sys/Hostname/Long/.packlist /usr/lib/perl5/site_perl/5.8.6/i686-linux/auto/Archive/Tar/.packlist /usr/lib/perl5/site_perl/5.8.6/i686-linux/auto/Archive/Zip/.packlist /usr/lib/perl5/site_perl/5.8.6/i686-linux/auto/Image/Magick/.packlist /usr/lib/perl5/site_perl/5.8.6/i686-linux/auto/Image/Size/.packlist /usr/lib/perl5/site_perl/5.8.6/i686-linux/auto/MLDBM/.packlist /usr/lib/perl5/site_perl/5.8.6/i686-linux/auto/MLDBM/Sync/.packlist /usr/lib/perl5/site_perl/5.8.6/i686-linux/auto/SQL/Statement/.packlist /usr/lib/perl5/site_perl/5.8.6/i686-linux/auto/DBI/.packlist /usr/lib/perl5/site_perl/5.8.6/i686-linux/auto/DBI/Shell/.packlist /usr/lib/perl5/site_perl/5.8.6/i686-linux/auto/Persistent/MySQL/.packlist /usr/lib/perl5/site_perl/5.8.6/i686-linux/auto/Persistent/DBI/.packlist /usr/lib/perl5/site_perl/5.8.6/i686-linux/auto/Persistent/Base/.packlist /usr/lib/perl5/site_perl/5.8.6/i686-linux/auto/GD/.packlist /usr/lib/perl5/site_perl/5.8.6/i686-linux/auto/GD/Graph3d/.packlist /usr/lib/perl5/site_perl/5.8.6/i686-linux/auto/GD/Graph/.packlist /usr/lib/perl5/site_perl/5.8.6/i686-linux/auto/GD/Text/.packlist /usr/lib/perl5/site_perl/5.8.6/i686-linux/auto/RPC/PlServer/.packlist /usr/lib/perl5/site_perl/5.8.6/i686-linux/auto/Expect/.packlist /usr/lib/perl5/site_perl/5.8.6/i686-linux/auto/Digest/SHA1/.packlist /usr/lib/perl5/site_perl/5.8.6/i686-linux/auto/Digest/HMAC/.packlist /usr/lib/perl5/site_perl/5.8.6/i686-linux/auto/DBD/mysql/.packlist /usr/lib/perl5/site_perl/5.8.6/i686-linux/auto/DBD/Multiplex/.packlist /usr/lib/perl5/site_perl/5.8.6/i686-linux/auto/MIME-tools/.packlist /usr/lib/perl5/site_perl/5.8.6/i686-linux/auto/Mail/SpamAssassin/.packlist /usr/lib/perl5/site_perl/5.8.6/i686-linux/auto/Mail/.packlist /usr/lib/perl5/site_perl/5.8.6/i686-linux/auto/HTML/FillInForm/.packlist /usr/lib/perl5/site_perl/5.8.6/i686-linux/auto/HTML/SimpleParse/.packlist /usr/lib/perl5/site_perl/5.8.6/i686-linux/auto/HTML/Clean/.packlist /usr/lib/perl5/site_perl/5.8.6/i686-linux/auto/HTML/Tagset/.packlist /usr/lib/perl5/site_perl/5.8.6/i686-linux/auto/HTML/Parser/.packlist /usr/lib/perl5/site_perl/5.8.6/i686-linux/auto/Compress/Zlib/.packlist /usr/lib/perl5/site_perl/5.8.6/i686-linux/auto/Curses/.packlist /usr/lib/perl5/5.8.6/i686-linux/.packlist /usr/lib/perl5/5.8.6/i686-linux/auto/CGI/.packlist /usr/lib/perl5/5.8.6/i686-linux/auto/Time/HiRes/.packlist /usr/lib/perl5/5.8.6/i686-linux/auto/Storable/.packlist /usr/lib/perl5/5.8.6/i686-linux/auto/Cwd/.packlist /usr/lib/perl5/5.8.6/i686-linux/auto/Digest/MD5/.packlist /usr/lib/perl5/5.8.3/i386-linux-thread-multi/.packlist /lib/modules/2.6.10-1.771_FC2/build/.config /lib/modules/2.6.10-1.771_FC2/build/scripts/kconfig/.mconf.o.cmd /lib/modules/2.6.10-1.771_FC2/build/scripts/kconfig/.conf.o.cmd /lib/modules/2.6.10-1.771_FC2/build/scripts/kconfig/.zconf.tab.o.cmd /lib/modules/2.6.10-1.771_FC2/build/scripts/kconfig/.conf.cmd /lib/modules/2.6.10-1.771_FC2/build/scripts/.conmakehash.cmd /lib/modules/2.6.10-1.771_FC2/build/scripts/mod/.mk_elfconfig.cmd /lib/modules/2.6.10-1.771_FC2/build/scripts/mod/.modpost.o.cmd /lib/modules/2.6.10-1.771_FC2/build/scripts/mod/.modpost.cmd /lib/modules/2.6.10-1.771_FC2/build/scripts/mod/.empty.o.cmd /lib/modules/2.6.10-1.771_FC2/build/scripts/mod/.elfconfig.h.cmd /lib/modules/2.6.10-1.771_FC2/build/scripts/mod/.sumversion.o.cmd /lib/modules/2.6.10-1.771_FC2/build/scripts/mod/.file2alias.o.cmd /lib/modules/2.6.10-1.771_FC2/build/scripts/genksyms/.parse.o.cmd /lib/modules/2.6.10-1.771_FC2/build/scripts/genksyms/.genksyms.o.cmd /lib/modules/2.6.10-1.771_FC2/build/scripts/genksyms/.lex.o.cmd /lib/modules/2.6.10-1.771_FC2/build/scripts/genksyms/.genksyms.cmd 
    
    everything else is "not inffected" except bindshell port 465, which all the documentation I have been reading leads me to beleive this is a false report.
     
  3. hbidad

    hbidad Well-Known Member

    Joined:
    Apr 16, 2005
    Messages:
    74
    Likes Received:
    1
    Trophy Points:
    158
    Code:
    /lib/modules/2.6.10-1.771_FC2/build/scripts/.pnmtologo.cmd /lib/modules/2.6.10-1.771_FC2/build/scripts/basic/.docproc.cmd /lib/modules/2.6.10-1.771_FC2/build/scripts/basic/.fixdep.cmd /lib/modules/2.6.10-1.771_FC2/build/scripts/basic/.split-include.cmd /lib/modules/2.6.10-1.771_FC2/build/scripts/.kallsyms.cmd /lib/modules/2.6.10-1.771_FC2smp/build/.config /lib/modules/2.6.10-1.771_FC2smp/build/scripts/kconfig/.mconf.o.cmd /lib/modules/2.6.10-1.771_FC2smp/build/scripts/kconfig/.conf.o.cmd /lib/modules/2.6.10-1.771_FC2smp/build/scripts/kconfig/.zconf.tab.o.cmd /lib/modules/2.6.10-1.771_FC2smp/build/scripts/kconfig/.conf.cmd /lib/modules/2.6.10-1.771_FC2smp/build/scripts/.conmakehash.cmd /lib/modules/2.6.10-1.771_FC2smp/build/scripts/mod/.mk_elfconfig.cmd /lib/modules/2.6.10-1.771_FC2smp/build/scripts/mod/.modpost.o.cmd /lib/modules/2.6.10-1.771_FC2smp/build/scripts/mod/.modpost.cmd /lib/modules/2.6.10-1.771_FC2smp/build/scripts/mod/.
     
  4. MMarko

    MMarko Well-Known Member

    Joined:
    Apr 18, 2005
    Messages:
    316
    Likes Received:
    0
    Trophy Points:
    166
    This is true.

    Have you checked suspicious files manually?
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  5. chirpy

    chirpy Well-Known Member

    Joined:
    Jun 15, 2002
    Messages:
    13,460
    Likes Received:
    21
    Trophy Points:
    463
    Location:
    Go on, have a guess
    Port 465 is a false-positive, it's ssmtp.

    The others (dot files) are probably all false-positives.

    As for the error in your first post, that would suggest that your Fedora Core mirror that you are using in /etc/yum.conf is broken. Try a different one from the mirror list on the Fedora site.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  6. MMarko

    MMarko Well-Known Member

    Joined:
    Apr 18, 2005
    Messages:
    316
    Likes Received:
    0
    Trophy Points:
    166
    Talking about updates... can kernel be updated to newer version say from 2.4 to 2.6 with yum?
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  7. chirpy

    chirpy Well-Known Member

    Joined:
    Jun 15, 2002
    Messages:
    13,460
    Likes Received:
    21
    Trophy Points:
    463
    Location:
    Go on, have a guess
    Not if your OS vendor doesn't provide it. You'd either need to borrow one from another distribution or release, or grab it from kernel.org.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  8. MMarko

    MMarko Well-Known Member

    Joined:
    Apr 18, 2005
    Messages:
    316
    Likes Received:
    0
    Trophy Points:
    166
    I think CentOS provide such kernel updates. And I've try yum -kernel, but it seems that yum won't update kernel to 2.6, only get latest updates for 2.4.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  9. chirpy

    chirpy Well-Known Member

    Joined:
    Jun 15, 2002
    Messages:
    13,460
    Likes Received:
    21
    Trophy Points:
    463
    Location:
    Go on, have a guess
    AFAIK, CentOS doesn't. It simply provides the RHE kernels which for v3 is the 2.4 kernel tree. v4 uses the 2.6 kernel tree.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  10. MMarko

    MMarko Well-Known Member

    Joined:
    Apr 18, 2005
    Messages:
    316
    Likes Received:
    0
    Trophy Points:
    166
    Ah, I see.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
Loading...

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice