Question about chkrootkit entry

T

tym busku

Registered
Jul 2, 2018
1
0
1
kunmana
cPanel Access Level
Reseller Owner
Hello,

I installed chkrootkit on my server and it gave this result:
Checking `bindshell'... INFECTED (PORTS: 465)
After this I ran the following commands:
[email protected] [~/chkrootkit-0.43]# fuser 465/tcp
465/tcp: 32735

[email protected] [~/chkrootkit-0.43]# ps -ef | grep -i 32735
mailnull 32735 1 0 May13 ? 00:00:00 /usr/sbin/exim -tls-on-connect -bd -oX 465
root 25309 24033 0 09:52 pts/2 00:00:00 grep -i 32735
Is this root user ok? Or is this a security bug?
 
SS-Maddy

SS-Maddy

Well-Known Member
Mar 28, 2009
130
18
68
cPanel Access Level
Root Administrator
Hello @tym busku

This is not a security issue. It is exim running over SSL/TLS chkrootkit. No worries there and is safe. It's a negative.

chkrootkit scanned for 465 port and found that something is running on the port. Since the bindshell (as per its database), runs on port 465, it said the bindshell infected.

No worries and that is is running as mailnull and not as root (root is the user who ran the grep command)
 
You must log in or register to reply here.
Thread starter Similar threads Forum Replies Date
V Question about UDP Block of port 67 Security 5
E Question about email "A malware has been detected - Action Required" Security 36
P 2FA questions Security 1
V Question about Permissions Security 1
J WHM & SSL Question Security 5
Similar threads
Question about UDP Block of port 67
Question about email "A malware has been detected - Action Required"
2FA questions
Question about Permissions
WHM & SSL Question
Top Bottom