Scheduled Maintenance: We are aware of an issue with Google, AOL, and Yahoo services as email providers which are blocking new registrations. We are trying to fix the issue and we have several internal and external support tickets in process to resolve the issue. Please see: viewtopic.php?t=158230

 

 

 

Strange chkrootkit (rootkit scanner) log entry on Stretch

If none of the specific sub-forums seem right for your thread, ask here.
Post Reply
Message
Author
H_duncan
Posts: 3
Joined: 2018-01-18 20:01

Strange chkrootkit (rootkit scanner) log entry on Stretch

#1 Post by H_duncan »

#
Last edited by H_duncan on 2018-06-06 13:26, edited 1 time in total.
Top
pcalvert
Posts: 1939
Joined: 2006-04-21 11:19
Location: Sol Sector
Has thanked: 1 time
Been thanked: 2 times

Re: Strange chkrootkit (rootkit scanner) log entry on Stretc

#2 Post by pcalvert »

H_duncan wrote: Among several things I did when managing the system was installing and running an updated version of chkrootkit.
Which version, and where did you get it?
Freespoke is a new search engine that respects user privacy and does not engage in censorship.
Top
H_duncan
Posts: 3
Joined: 2018-01-18 20:01

Re: Strange chkrootkit (rootkit scanner) log entry on Stretc

#3 Post by H_duncan »

#
Last edited by H_duncan on 2018-06-06 13:27, edited 1 time in total.
Top
pcalvert
Posts: 1939
Joined: 2006-04-21 11:19
Location: Sol Sector
Has thanked: 1 time
Been thanked: 2 times

Re: Strange chkrootkit (rootkit scanner) log entry on Stretc

#4 Post by pcalvert »

I don't know the answer to your question, but I just installed chkrootkit on Stretch and then scanned the system. This part is from the bottom of the log file:

Code: Select all

Checking `z2'...                                            user [me] deleted or never logged from lastlog!
Checking `chkutmp'...                                        The tty of the following user process(es) were not found
 in /var/run/utmp !
! RUID          PID TTY    CMD
! 53;2,17,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553;3,16,3553;3,17,3553;4,0,3553;4,1,3553;4,2,3553;4,3,3553;4,4,3553;4,5,3553;4,6,3553;4,7,3553;4,8,3553;4,9,3553;4,10,3553;4,11,3553       5 ;2,12,3553;2,13,3553;2,14,3553;2,153;2,17,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553;3,16,3553;3,17,3553;4,0,3553;4,1,3553;4,2,3553;4,3,3553;4,4,3553;4,5,3553;4,6,3553;4,7,3553;4,8,3553;4,9,3553;4,10,3553;4,11,3553 ,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553;3,16,3553;3,17,3553;4,0,3553;4,1,3553;4,2,3553;4,3,3553;4,4,3553;4,5,3553;4,6,3553;4,7,3553;4,8,3553;4,9,3553;4,10,3553;4,11,3553
! [me]          5099 pts/0  bash
! [me]          5106 pts/0  su
! root         5108 pts/0  bash
! root         6126 pts/0  /bin/sh /usr/sbin/chkrootkit
! root         6792 pts/0  ./chkutmp
! root         6794 pts/0  ps axk tty,ruser,args -o tty,pid,ruser,args
! root         6793 pts/0  sh -c ps axk "tty,ruser,args" -o "tty,pid,ruser,args"
chkutmp: nothing deleted
Checking `OSX_RSPLUG'...                                    not infected
Freespoke is a new search engine that respects user privacy and does not engage in censorship.
Top
H_duncan
Posts: 3
Joined: 2018-01-18 20:01

Re: Strange chkrootkit (rootkit scanner) log entry on Stretc

#5 Post by H_duncan »

#
Top
Post Reply

Return to “General Questions”