chkrootkit indicates infection
Josh Coffman
josh_coffman at yahoo.com
Mon Oct 24 10:28:43 MST 2005
--- Josh Coffman <josh_coffman at yahoo.com> wrote:
> I just installed rkhunter and chkrootkit and ran
> them.
> chkrootkit gave me one infected message:
>
> Checking `bindshell'... INFECTED (PORTS: 4000)
>
> What can I do to find out more? I'm not sure if this
> message really means I have a problem or just
> something I need to investigate.
>
> btw, rkhunter seemed to say everything checks out.
> Just a couple things were in yellow text which I
> can't
> read against the white console background.
>
> -j
>
changed the console colors and tried rkhunter again..
rkhunter did give me this:
* Filesystem checks
Checking /dev for suspicious files...
[ OK ]
Scanning for hidden files...
[ Warning! ]
---------------
/dev/.udevdb /usr/share/man/man1/..1.gz /etc/.java
/etc/.pwd.lock
---------------
Please inspect: /dev/.udevdb (directory) /etc/.java
(directory)
__________________________________
Yahoo! Mail - PC Magazine Editors' Choice 2005
http://mail.yahoo.com
More information about the PLUG-discuss
mailing list