Question about chkrootkit entry

tym busku

Registered
Jul 2, 2018
1
0
1
kunmana
cPanel Access Level
Reseller Owner
Hello,

I installed chkrootkit on my server and it gave this result:
Checking `bindshell'... INFECTED (PORTS: 465)
After this I ran the following commands:
[email protected] [~/chkrootkit-0.43]# fuser 465/tcp
465/tcp: 32735

[email protected] [~/chkrootkit-0.43]# ps -ef | grep -i 32735
mailnull 32735 1 0 May13 ? 00:00:00 /usr/sbin/exim -tls-on-connect -bd -oX 465
root 25309 24033 0 09:52 pts/2 00:00:00 grep -i 32735
Is this root user ok? Or is this a security bug?
 

SS-Maddy

Well-Known Member
Mar 28, 2009
124
14
68
cPanel Access Level
Root Administrator
Hello @tym busku

This is not a security issue. It is exim running over SSL/TLS chkrootkit. No worries there and is safe. It's a negative.

chkrootkit scanned for 465 port and found that something is running on the port. Since the bindshell (as per its database), runs on port 465, it said the bindshell infected.

No worries and that is is running as mailnull and not as root (root is the user who ran the grep command)