Skip to main content

Thread: Trouble interpreting chkrootkit results

-

since i'm kind of paranoid, decided run chkrootkit today, , i'm having trouble interpreting results. pretty said not infected or not found, etc, except few results:
code:
checking `syslogd'... not tested
(any particular reason wasn't tested?)

next, got this:
searching suspicious files , dirs, may take while... following suspicious files , directories found:
/usr/lib/xulrunner-1.9.2.8/.autoreg /usr/lib/jvm/java-1.5.0-gcj-4.4/.java-gcj-4.4.jinfo /usr/lib/jvm/.java-6-sun.jinfo /usr/lib/jvm/.java-6-openjdk.jinfo /usr/lib/jvm/java-6-sun-1.6.0.16/.systemprefs /usr/lib/thunderbird-3.0.6/.autoreg /usr/lib/firefox-3.6.8/.autoreg /usr/lib/pymodules/python2.6/.path /usr/lib/pymodules/python2.6/pyqt4/uic/widget-plugins/.noinit

after bit of googling, sounds chkrootkit has against hidden files in root folders , incorrectly flags them dangerous. however, of forum threads saw had shorter lists of "suspicious files." i'm assuming these harmless anyway?

main part i'm confused about:
code:
checking `chkutmp'... tty of following user process(es) not found  in /var/run/utmp ! ! ruid          pid tty    cmd ! root          943 tty7   /usr/bin/x -nr -nolisten tcp :0 vt7 -auth /var/run/xauth/a:0-tkmipb ! (myusername)       3406 pts/1  /bin/bash ! root         3572 pts/1  /bin/sh /usr/sbin/chkrootkit ! root         6142 pts/1  ./chkutmp ! root         6144 pts/1  ps axk tty,ruser,args -o tty,pid,ruser,args ! root         6143 pts/1  sh -c ps axk "tty,ruser,args" -o "tty,pid,ruser,args"
i've been searching information this, haven't found conclusive. few forum threads listed similar that, 1 or 2 processes listed. have 6 listed there. seems kinda weird i'm seeing things "/bin/sh /usr/sbin/chkrootkit" , "./chkutmp" there. chkrootkit found out it's hiding own processes? of other processes complicated , didn't turn google results. should make of this?

random information: installed kubuntu 7.04, later did clean install (but kept /home partition intact) of kubuntu 8.10, , since then, i've upgraded every 6 months , using kubuntu 10.04. i've installed few .debs (eg., skype, google picasa, ...a few others can't recall @ moment), , compiled few programs, i'm sure haven't installed dangerous. i've tried use stuff repositories.

there applications scan entire computer, tell me i'm fine, , tell me stop worrying malware?

edit: kinda unrelated, i'll ask anyway in case knows. few weeks ago, our power went out few times. ever since then, computer displays "checking drives errors..." screen while booting up, 1 in every 10 boot-ups. screen takes minute, takes ~30 minutes. far, has once displayed "a problem has been found" message, , asked me press keyboard key fix it, , assume fixed it. there should this?

the first thing rid mind of misconception ubuntu windows. place malware can installed out root privileges home directory, normal user, don't have permissions change/install out side of home directory.

second thing install packages trusted sources, repositories/ppa's. install anywhere else suspect. 1 of our members downloaded .deb packaged theme gnome-look.org, fortunately suspected strange, , posted in forums before installing it.

third, don't run root time, can more damage system malware can.

fourth read security stickies @ top of page, can secure system.

don't need run utilities rkhunter , chkrootkit, unless suspect system doing shouldn't. files chkrootkit found normal parts of os. best thing peace of mind learn ubuntu know windows.

relax , have fun.

[b]edit:{/b} partition problem, boot live cd, , once @ desktop open terminal , type:

code:
fsck -y /dev/sdx
where x partition having problem with. above command check/repair file system.


Forum The Ubuntu Forum Community Ubuntu Specialised Support Security [kubuntu] Trouble interpreting chkrootkit results


Ubuntu

Comments

Post a Comment

Popular posts from this blog

CS5 Adobe Media Encoder: Encode failed because the source duration is nil.

-
i've been running production premium on new windows 7 64bit, 6gb i7 system several weeks , haven't had issues exporting media encoder.   i installed trial version of dreamweaver without of add-on's thought might mess licensed installation.   every attempt export -> media -> queue get's following error in ameencodingerrorlog.txt   - source file: c:\users\rob\appdata\local\temp\someproject.prproj - output file: c:\users\rob\videos\someproject.mov - preset used: custom - video: - audio: - bitrate: - encoding time: 00:00:00 7/8/2010 10:14:34 : encoding failed ------------------------------------------------- encode failed because source duration nil.   doing export directly pp works without error, don't want wait each export complete.   any ideas other reinstall pp?   tia i noticed range selector triangles right next each other.   changed source range: work area   not sure why default set 0 range. doesn't remember last setting when selected entire sequ
Read more

cf_sql_integer vs cf_sql_bigint vs cf_sql_int??

-
i have id (primary key) set bigint in sql server. have query following: where whateverid = <cfqueryparam cfsqltype="cf_sql_integer" value="#url.id#"> i got invalid data type it. tried: where whateverid = <cfqueryparam cfsqltype="cf_sql_bigint" value="#url.id#"> i still got invalid data type it. tried: where whateverid = <cfqueryparam cfsqltype="cf_sql_int" value="#url.id#"> and worked. the weird thing cf_sql_int not listed being accepted: http://www.adobe.com/livedocs/coldfusion/5.0/cfml_reference/tags79.htm can explain me. > whateverid = <cfqueryparam cfsqltype="cf_sql_bigint" value="#url.id#"> what value of #url.id#? had no problems either using cf8. > weird thing cf_sql_int not listed being accepted: iirc, when pass in invalid sql type cf uses default: cf_sql_char, accepts anything. ms sql implicit convert() right type , why works. More discussions in Data
Read more

localhost/joomla15/administrator doesnt work - Joomla! Forum - community, help and support

-
hi, i'm starting , address http://localhost/joomla15/administrator doesn't work (it stays blank, no error or anything). wonder if have change in address or somewhere else. joomla installed through web-host dreamhost.com , didn't have much. i appreciate help. silvia http://localhost tells browser not go out internet use localized web server installed on pc. lack of better description, localized web server doing coding , test site development on local pc using software turns pc "local" web server; hence, term - localhost. you mentioned dreamhost.com installing joomla. assume mean installed joomla on hosting account? so need access joomla installation by: http://www.yourdomain.com/joomla15/administrator Board index Joomla! Older Version Support Joomla! 1.5 Installation 1.5
Read more