The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Cpanel has problems updating - unusal Chkrootkit log

Discussion in 'General Discussion' started by hbidad, Jun 15, 2005.

  1. hbidad

    hbidad Well-Known Member

    Joined:
    Apr 16, 2005
    Messages:
    74
    Likes Received:
    1
    Trophy Points:
    8
    Code:
    Server: Fedora Core 2 - i386 - Base
    Server: Fedora Core 2 - i386 - Released Updates
    retrygrab() failed for:
      [url]http://mirror.hiwaay.net/redhat/fedora/linux/core/updates/2/i386/headers/header.info[/url]
      Executing failover method
    failover: out of servers to try
    Error getting file [url]http://mirror.hiwaay.net/redhat/fedora/linux/core/updates/2/i386/headers/header.info[/url]
    [Errno 4] IOError: HTTP Error 404: Not Found
    retrygrab() failed for:
      [url]http://mirror.hiwaay.net/redhat/fedora/linux/core/updates/2/i386/headers/header.info[/url]
      Executing failover method
    failover: out of servers to try
    Error getting file [url]http://mirror.hiwaay.net/redhat/fedora/linux/core/updates/2/i386/headers/header.info[/url]
    [Errno 4] IOError: HTTP Error 404: Not Found
    Gathering header information file(s) from server(s)
    I started to get a long list of suspicious files reported from chkrootkit. I don't think it relevant, but it don't hurt to ask. here is my log ....(next thread)
     
  2. hbidad

    hbidad Well-Known Member

    Joined:
    Apr 16, 2005
    Messages:
    74
    Likes Received:
    1
    Trophy Points:
    8
    Code:
    Searching for suspicious files and dirs, it may take a while... 
    /usr/lib/php/.registry /usr/lib/php/.lock /usr/lib/php/.filemap /usr/lib/perl5/site_perl/5.8.6/i686-linux/auto/SOAP/Lite/.packlist /usr/lib/perl5/site_perl/5.8.6/i686-linux/auto/Tie/ShadowHash/.packlist /usr/lib/perl5/site_perl/5.8.6/i686-linux/auto/Tie/Watch/.packlist /usr/lib/perl5/site_perl/5.8.6/i686-linux/auto/Tie/IxHash/.packlist /usr/lib/perl5/site_perl/5.8.6/i686-linux/auto/Devel/Symdump/.packlist /usr/lib/perl5/site_perl/5.8.6/i686-linux/auto/Net/DNS/.packlist /usr/lib/perl5/site_perl/5.8.6/i686-linux/auto/Net/SSLeay/.packlist /usr/lib/perl5/site_perl/5.8.6/i686-linux/auto/Net/AIM/.packlist /usr/lib/perl5/site_perl/5.8.6/i686-linux/auto/Net/IP/.packlist /usr/lib/perl5/site_perl/5.8.6/i686-linux/auto/Net/LDAP/.packlist /usr/lib/perl5/site_perl/5.8.6/i686-linux/auto/Net/Daemon/.packlist /usr/lib/perl5/site_perl/5.8.6/i686-linux/auto/Net/Telnet/.packlist /usr/lib/perl5/site_perl/5.8.6/i686-linux/auto/Tree/MultiNode/.packlist /usr/lib/perl5/site_perl/5.8.6/i686-linux/auto/Data/ShowTable/.packlist /usr/lib/perl5/site_perl/5.8.6/i686-linux/auto/XML-DOM/.packlist /usr/lib/perl5/site_perl/5.8.6/i686-linux/auto/libxml-perl/.packlist /usr/lib/perl5/site_perl/5.8.6/i686-linux/auto/Convert/ASN1/.packlist /usr/lib/perl5/site_perl/5.8.6/i686-linux/auto/Convert/BER/.packlist /usr/lib/perl5/site_perl/5.8.6/i686-linux/auto/URI/.packlist /usr/lib/perl5/site_perl/5.8.6/i686-linux/auto/Safe/Hole/.packlist /usr/lib/perl5/site_perl/5.8.6/i686-linux/auto/MD5/.packlist /usr/lib/perl5/site_perl/5.8.6/i686-linux/auto/libwww-perl/.packlist /usr/lib/perl5/site_perl/5.8.6/i686-linux/auto/IO/Stty/.packlist /usr/lib/perl5/site_perl/5.8.6/i686-linux/auto/IO/String/.packlist /usr/lib/perl5/site_perl/5.8.6/i686-linux/auto/IO/Tty/.packlist /usr/lib/perl5/site_perl/5.8.6/i686-linux/auto/IO/Stringy/.packlist /usr/lib/perl5/site_perl/5.8.6/i686-linux/auto/IO/Tee/.packlist /usr/lib/perl5/site_perl/5.8.6/i686-linux/auto/IO/Zlib/.packlist /usr/lib/perl5/site_perl/5.8.6/i686-linux/auto/Crypt/Blowfish_PP/.packlist /usr/lib/perl5/site_perl/5.8.6/i686-linux/auto/Crypt/CBC/.packlist /usr/lib/perl5/site_perl/5.8.6/i686-linux/auto/Crypt/SSLeay/.packlist /usr/lib/perl5/site_perl/5.8.6/i686-linux/auto/Crypt/DES/.packlist /usr/lib/perl5/site_perl/5.8.6/i686-linux/auto/Crypt/Blowfish/.packlist /usr/lib/perl5/site_perl/5.8.6/i686-linux/auto/OLE/Storage_Lite/.packlist /usr/lib/perl5/site_perl/5.8.6/i686-linux/auto/XML/RegExp/.packlist /usr/lib/perl5/site_perl/5.8.6/i686-linux/auto/XML/Parser/.packlist /usr/lib/perl5/site_perl/5.8.6/i686-linux/auto/XML/XSLT/.packlist /usr/lib/perl5/site_perl/5.8.6/i686-linux/auto/Geo/IPfree/.packlist /usr/lib/perl5/site_perl/5.8.6/i686-linux/auto/Spreadsheet/ParseExcel/.packlist /usr/lib/perl5/site_perl/5.8.6/i686-linux/auto/Spreadsheet/WriteExcel/.packlist /usr/lib/perl5/site_perl/5.8.6/i686-linux/auto/Business/UPS/.packlist /usr/lib/perl5/site_perl/5.8.6/i686-linux/auto/Business/OnlinePayment/.packlist /usr/lib/perl5/site_perl/5.8.6/i686-linux/auto/Business/OnlinePayment/AuthorizeNet/.packlist /usr/lib/perl5/site_perl/5.8.6/i686-linux/auto/Term/ReadKey/.packlist /usr/lib/perl5/site_perl/5.8.6/i686-linux/auto/Term/ReadLine/.packlist /usr/lib/perl5/site_perl/5.8.6/i686-linux/auto/Text/CSV_XS/.packlist /usr/lib/perl5/site_perl/5.8.6/i686-linux/auto/Text/Reform/.packlist /usr/lib/perl5/site_perl/5.8.6/i686-linux/auto/Text/Query/.packlist /usr/lib/perl5/site_perl/5.8.6/i686-linux/auto/Parse/RecDescent/.packlist /usr/lib/perl5/site_perl/5.8.6/i686-linux/auto/File/Scan/ClamAV/.packlist /usr/lib/perl5/site_perl/5.8.6/i686-linux/auto/Sys/Hostname/Long/.packlist /usr/lib/perl5/site_perl/5.8.6/i686-linux/auto/Archive/Tar/.packlist /usr/lib/perl5/site_perl/5.8.6/i686-linux/auto/Archive/Zip/.packlist /usr/lib/perl5/site_perl/5.8.6/i686-linux/auto/Image/Magick/.packlist /usr/lib/perl5/site_perl/5.8.6/i686-linux/auto/Image/Size/.packlist /usr/lib/perl5/site_perl/5.8.6/i686-linux/auto/MLDBM/.packlist /usr/lib/perl5/site_perl/5.8.6/i686-linux/auto/MLDBM/Sync/.packlist /usr/lib/perl5/site_perl/5.8.6/i686-linux/auto/SQL/Statement/.packlist /usr/lib/perl5/site_perl/5.8.6/i686-linux/auto/DBI/.packlist /usr/lib/perl5/site_perl/5.8.6/i686-linux/auto/DBI/Shell/.packlist /usr/lib/perl5/site_perl/5.8.6/i686-linux/auto/Persistent/MySQL/.packlist /usr/lib/perl5/site_perl/5.8.6/i686-linux/auto/Persistent/DBI/.packlist /usr/lib/perl5/site_perl/5.8.6/i686-linux/auto/Persistent/Base/.packlist /usr/lib/perl5/site_perl/5.8.6/i686-linux/auto/GD/.packlist /usr/lib/perl5/site_perl/5.8.6/i686-linux/auto/GD/Graph3d/.packlist /usr/lib/perl5/site_perl/5.8.6/i686-linux/auto/GD/Graph/.packlist /usr/lib/perl5/site_perl/5.8.6/i686-linux/auto/GD/Text/.packlist /usr/lib/perl5/site_perl/5.8.6/i686-linux/auto/RPC/PlServer/.packlist /usr/lib/perl5/site_perl/5.8.6/i686-linux/auto/Expect/.packlist /usr/lib/perl5/site_perl/5.8.6/i686-linux/auto/Digest/SHA1/.packlist /usr/lib/perl5/site_perl/5.8.6/i686-linux/auto/Digest/HMAC/.packlist /usr/lib/perl5/site_perl/5.8.6/i686-linux/auto/DBD/mysql/.packlist /usr/lib/perl5/site_perl/5.8.6/i686-linux/auto/DBD/Multiplex/.packlist /usr/lib/perl5/site_perl/5.8.6/i686-linux/auto/MIME-tools/.packlist /usr/lib/perl5/site_perl/5.8.6/i686-linux/auto/Mail/SpamAssassin/.packlist /usr/lib/perl5/site_perl/5.8.6/i686-linux/auto/Mail/.packlist /usr/lib/perl5/site_perl/5.8.6/i686-linux/auto/HTML/FillInForm/.packlist /usr/lib/perl5/site_perl/5.8.6/i686-linux/auto/HTML/SimpleParse/.packlist /usr/lib/perl5/site_perl/5.8.6/i686-linux/auto/HTML/Clean/.packlist /usr/lib/perl5/site_perl/5.8.6/i686-linux/auto/HTML/Tagset/.packlist /usr/lib/perl5/site_perl/5.8.6/i686-linux/auto/HTML/Parser/.packlist /usr/lib/perl5/site_perl/5.8.6/i686-linux/auto/Compress/Zlib/.packlist /usr/lib/perl5/site_perl/5.8.6/i686-linux/auto/Curses/.packlist /usr/lib/perl5/5.8.6/i686-linux/.packlist /usr/lib/perl5/5.8.6/i686-linux/auto/CGI/.packlist /usr/lib/perl5/5.8.6/i686-linux/auto/Time/HiRes/.packlist /usr/lib/perl5/5.8.6/i686-linux/auto/Storable/.packlist /usr/lib/perl5/5.8.6/i686-linux/auto/Cwd/.packlist /usr/lib/perl5/5.8.6/i686-linux/auto/Digest/MD5/.packlist /usr/lib/perl5/5.8.3/i386-linux-thread-multi/.packlist /lib/modules/2.6.10-1.771_FC2/build/.config /lib/modules/2.6.10-1.771_FC2/build/scripts/kconfig/.mconf.o.cmd /lib/modules/2.6.10-1.771_FC2/build/scripts/kconfig/.conf.o.cmd /lib/modules/2.6.10-1.771_FC2/build/scripts/kconfig/.zconf.tab.o.cmd /lib/modules/2.6.10-1.771_FC2/build/scripts/kconfig/.conf.cmd /lib/modules/2.6.10-1.771_FC2/build/scripts/.conmakehash.cmd /lib/modules/2.6.10-1.771_FC2/build/scripts/mod/.mk_elfconfig.cmd /lib/modules/2.6.10-1.771_FC2/build/scripts/mod/.modpost.o.cmd /lib/modules/2.6.10-1.771_FC2/build/scripts/mod/.modpost.cmd /lib/modules/2.6.10-1.771_FC2/build/scripts/mod/.empty.o.cmd /lib/modules/2.6.10-1.771_FC2/build/scripts/mod/.elfconfig.h.cmd /lib/modules/2.6.10-1.771_FC2/build/scripts/mod/.sumversion.o.cmd /lib/modules/2.6.10-1.771_FC2/build/scripts/mod/.file2alias.o.cmd /lib/modules/2.6.10-1.771_FC2/build/scripts/genksyms/.parse.o.cmd /lib/modules/2.6.10-1.771_FC2/build/scripts/genksyms/.genksyms.o.cmd /lib/modules/2.6.10-1.771_FC2/build/scripts/genksyms/.lex.o.cmd /lib/modules/2.6.10-1.771_FC2/build/scripts/genksyms/.genksyms.cmd 
    
    everything else is "not inffected" except bindshell port 465, which all the documentation I have been reading leads me to beleive this is a false report.
     
  3. hbidad

    hbidad Well-Known Member

    Joined:
    Apr 16, 2005
    Messages:
    74
    Likes Received:
    1
    Trophy Points:
    8
    Code:
    /lib/modules/2.6.10-1.771_FC2/build/scripts/.pnmtologo.cmd /lib/modules/2.6.10-1.771_FC2/build/scripts/basic/.docproc.cmd /lib/modules/2.6.10-1.771_FC2/build/scripts/basic/.fixdep.cmd /lib/modules/2.6.10-1.771_FC2/build/scripts/basic/.split-include.cmd /lib/modules/2.6.10-1.771_FC2/build/scripts/.kallsyms.cmd /lib/modules/2.6.10-1.771_FC2smp/build/.config /lib/modules/2.6.10-1.771_FC2smp/build/scripts/kconfig/.mconf.o.cmd /lib/modules/2.6.10-1.771_FC2smp/build/scripts/kconfig/.conf.o.cmd /lib/modules/2.6.10-1.771_FC2smp/build/scripts/kconfig/.zconf.tab.o.cmd /lib/modules/2.6.10-1.771_FC2smp/build/scripts/kconfig/.conf.cmd /lib/modules/2.6.10-1.771_FC2smp/build/scripts/.conmakehash.cmd /lib/modules/2.6.10-1.771_FC2smp/build/scripts/mod/.mk_elfconfig.cmd /lib/modules/2.6.10-1.771_FC2smp/build/scripts/mod/.modpost.o.cmd /lib/modules/2.6.10-1.771_FC2smp/build/scripts/mod/.modpost.cmd /lib/modules/2.6.10-1.771_FC2smp/build/scripts/mod/.
     
  4. MMarko

    MMarko Well-Known Member

    Joined:
    Apr 18, 2005
    Messages:
    316
    Likes Received:
    0
    Trophy Points:
    16
    This is true.

    Have you checked suspicious files manually?
     
  5. chirpy

    chirpy Well-Known Member

    Joined:
    Jun 15, 2002
    Messages:
    13,475
    Likes Received:
    20
    Trophy Points:
    38
    Location:
    Go on, have a guess
    Port 465 is a false-positive, it's ssmtp.

    The others (dot files) are probably all false-positives.

    As for the error in your first post, that would suggest that your Fedora Core mirror that you are using in /etc/yum.conf is broken. Try a different one from the mirror list on the Fedora site.
     
  6. MMarko

    MMarko Well-Known Member

    Joined:
    Apr 18, 2005
    Messages:
    316
    Likes Received:
    0
    Trophy Points:
    16
    Talking about updates... can kernel be updated to newer version say from 2.4 to 2.6 with yum?
     
  7. chirpy

    chirpy Well-Known Member

    Joined:
    Jun 15, 2002
    Messages:
    13,475
    Likes Received:
    20
    Trophy Points:
    38
    Location:
    Go on, have a guess
    Not if your OS vendor doesn't provide it. You'd either need to borrow one from another distribution or release, or grab it from kernel.org.
     
  8. MMarko

    MMarko Well-Known Member

    Joined:
    Apr 18, 2005
    Messages:
    316
    Likes Received:
    0
    Trophy Points:
    16
    I think CentOS provide such kernel updates. And I've try yum -kernel, but it seems that yum won't update kernel to 2.6, only get latest updates for 2.4.
     
  9. chirpy

    chirpy Well-Known Member

    Joined:
    Jun 15, 2002
    Messages:
    13,475
    Likes Received:
    20
    Trophy Points:
    38
    Location:
    Go on, have a guess
    AFAIK, CentOS doesn't. It simply provides the RHE kernels which for v3 is the 2.4 kernel tree. v4 uses the 2.6 kernel tree.
     
  10. MMarko

    MMarko Well-Known Member

    Joined:
    Apr 18, 2005
    Messages:
    316
    Likes Received:
    0
    Trophy Points:
    16
    Ah, I see.
     
Loading...

Share This Page