I ran chrootkit today, and it spit this out [in the middle
of a bunch of "nothing found" reports]
Searching for suspicious files and dirs, it may take a while...
/usr/lib/qt-3.3/etc/settings/.qt_plugins_3.3rc.lock
/usr/lib/qt-3.3/etc/settings/.qtrc.lock
/usr/lib/perl5/vendor_perl/5.8.3/i386-linux-thread-multi/auto/Gaim/.packlist
/usr/lib/perl5/5.8.3/i386-linux-thread-multi/.packlist
/lib/modules/2.6.10-1.771_FC2/build/.config
/lib/modules/2.6.10-1.771_FC2/build/scripts/.pnmtologo.cmd
/lib/modules/2.6.10-1.771_FC2/build/scripts/genksyms/.genksyms.cmd
/lib/modules/2.6.10-1.771_FC2/build/scripts/genksyms/.parse.o.cmd
/lib/modules/2.6.10-1.771_FC2/build/scripts/genksyms/.lex.o.cmd
[etc]
Total of 200 files it didn't like. I don't see anything there that
looks particularly suspicios. What's going on? Anyone know?
It also found this...
Checking `chkutmp'... The tty of the following user process(es) were
not found
in /var/run/utmp !
! RUID PID TTY CMD
! root 3928 tty1 /sbin/mingetty tty1
! root 3939 tty2 /sbin/mingetty tty2
! root 3945 tty3 /sbin/mingetty tty3
! root 3951 tty4 /sbin/mingetty tty4
! root 3957 tty5 /sbin/mingetty tty5
! root 4082 tty6 /sbin/mingetty tty6
chkutmp: nothing deleted
Why can it not find the tty?
Mike
--
p="p=%c%s%c;main(){printf(p,34,p,34);}";main(){printf(p,34,p,34);}
This message made from 100% recycled bits.
You have found the bank of Larn.
I can explain it for you, but I can't understand it for you.
I speak only for myself, and I am unanimous in that!
