Scheduled Maintenance: We are aware of an issue with Google, AOL, and Yahoo services as email providers which are blocking new registrations. We are trying to fix the issue and we have several internal and external support tickets in process to resolve the issue. Please see: viewtopic.php?t=158230
Strange chkrootkit (rootkit scanner) log entry on Stretch
Strange chkrootkit (rootkit scanner) log entry on Stretch
#
Last edited by H_duncan on 2018-06-06 13:26, edited 1 time in total.
-
- Posts: 1939
- Joined: 2006-04-21 11:19
- Location: Sol Sector
- Has thanked: 1 time
- Been thanked: 2 times
Re: Strange chkrootkit (rootkit scanner) log entry on Stretc
Which version, and where did you get it?H_duncan wrote: Among several things I did when managing the system was installing and running an updated version of chkrootkit.
Freespoke is a new search engine that respects user privacy and does not engage in censorship.
Re: Strange chkrootkit (rootkit scanner) log entry on Stretc
#
Last edited by H_duncan on 2018-06-06 13:27, edited 1 time in total.
-
- Posts: 1939
- Joined: 2006-04-21 11:19
- Location: Sol Sector
- Has thanked: 1 time
- Been thanked: 2 times
Re: Strange chkrootkit (rootkit scanner) log entry on Stretc
I don't know the answer to your question, but I just installed chkrootkit on Stretch and then scanned the system. This part is from the bottom of the log file:
Code: Select all
Checking `z2'... user [me] deleted or never logged from lastlog!
Checking `chkutmp'... The tty of the following user process(es) were not found
in /var/run/utmp !
! RUID PID TTY CMD
! 53;2,17,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553;3,16,3553;3,17,3553;4,0,3553;4,1,3553;4,2,3553;4,3,3553;4,4,3553;4,5,3553;4,6,3553;4,7,3553;4,8,3553;4,9,3553;4,10,3553;4,11,3553 5 ;2,12,3553;2,13,3553;2,14,3553;2,153;2,17,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553;3,16,3553;3,17,3553;4,0,3553;4,1,3553;4,2,3553;4,3,3553;4,4,3553;4,5,3553;4,6,3553;4,7,3553;4,8,3553;4,9,3553;4,10,3553;4,11,3553 ,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553;3,16,3553;3,17,3553;4,0,3553;4,1,3553;4,2,3553;4,3,3553;4,4,3553;4,5,3553;4,6,3553;4,7,3553;4,8,3553;4,9,3553;4,10,3553;4,11,3553
! [me] 5099 pts/0 bash
! [me] 5106 pts/0 su
! root 5108 pts/0 bash
! root 6126 pts/0 /bin/sh /usr/sbin/chkrootkit
! root 6792 pts/0 ./chkutmp
! root 6794 pts/0 ps axk tty,ruser,args -o tty,pid,ruser,args
! root 6793 pts/0 sh -c ps axk "tty,ruser,args" -o "tty,pid,ruser,args"
chkutmp: nothing deleted
Checking `OSX_RSPLUG'... not infected
Freespoke is a new search engine that respects user privacy and does not engage in censorship.