Strange chkrootkit (rootkit scanner) log entry on Stretch

If none of the more specific forums is the right place to ask

Strange chkrootkit (rootkit scanner) log entry on Stretch

Postby H_duncan » 2018-01-18 20:10

#
Last edited by H_duncan on 2018-06-06 13:26, edited 1 time in total.
H_duncan
 
Posts: 3
Joined: 2018-01-18 20:01

Re: Strange chkrootkit (rootkit scanner) log entry on Stretc

Postby pcalvert » 2018-01-19 12:48

H_duncan wrote:Among several things I did when managing the system was installing and running an updated version of chkrootkit.

Which version, and where did you get it?
“Property is the fruit of labor; property is desirable; it is a positive good
in the world. That some should be rich shows that others may become
rich, and hence is just encouragement to industry and enterprise.”
— Abraham Lincoln
pcalvert
 
Posts: 1794
Joined: 2006-04-21 11:19
Location: Sol Sector

Re: Strange chkrootkit (rootkit scanner) log entry on Stretc

Postby H_duncan » 2018-01-20 00:47

#
Last edited by H_duncan on 2018-06-06 13:27, edited 1 time in total.
H_duncan
 
Posts: 3
Joined: 2018-01-18 20:01

Re: Strange chkrootkit (rootkit scanner) log entry on Stretc

Postby pcalvert » 2018-01-20 14:46

I don't know the answer to your question, but I just installed chkrootkit on Stretch and then scanned the system. This part is from the bottom of the log file:

Code: Select all
Checking `z2'...                                            user [me] deleted or never logged from lastlog!
Checking `chkutmp'...                                        The tty of the following user process(es) were not found
 in /var/run/utmp !
! RUID          PID TTY    CMD
! 53;2,17,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553;3,16,3553;3,17,3553;4,0,3553;4,1,3553;4,2,3553;4,3,3553;4,4,3553;4,5,3553;4,6,3553;4,7,3553;4,8,3553;4,9,3553;4,10,3553;4,11,3553       5 ;2,12,3553;2,13,3553;2,14,3553;2,153;2,17,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553;3,16,3553;3,17,3553;4,0,3553;4,1,3553;4,2,3553;4,3,3553;4,4,3553;4,5,3553;4,6,3553;4,7,3553;4,8,3553;4,9,3553;4,10,3553;4,11,3553 ,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553;3,16,3553;3,17,3553;4,0,3553;4,1,3553;4,2,3553;4,3,3553;4,4,3553;4,5,3553;4,6,3553;4,7,3553;4,8,3553;4,9,3553;4,10,3553;4,11,3553
! [me]          5099 pts/0  bash
! [me]          5106 pts/0  su
! root         5108 pts/0  bash
! root         6126 pts/0  /bin/sh /usr/sbin/chkrootkit
! root         6792 pts/0  ./chkutmp
! root         6794 pts/0  ps axk tty,ruser,args -o tty,pid,ruser,args
! root         6793 pts/0  sh -c ps axk "tty,ruser,args" -o "tty,pid,ruser,args"
chkutmp: nothing deleted
Checking `OSX_RSPLUG'...                                    not infected
“Property is the fruit of labor; property is desirable; it is a positive good
in the world. That some should be rich shows that others may become
rich, and hence is just encouragement to industry and enterprise.”
— Abraham Lincoln
pcalvert
 
Posts: 1794
Joined: 2006-04-21 11:19
Location: Sol Sector

Re: Strange chkrootkit (rootkit scanner) log entry on Stretc

Postby H_duncan » 2018-01-23 09:30

#
H_duncan
 
Posts: 3
Joined: 2018-01-18 20:01


Return to General Questions

Who is online

Users browsing this forum: No registered users and 5 guests

fashionable