On 2/23/06, Mike McCarty <mike.mccarty@xxxxxxxxxxxxx> wrote: > I ran chrootkit today, and it spit this out [in the middle > of a bunch of "nothing found" reports] > > Searching for suspicious files and dirs, it may take a while... > /usr/lib/qt-3.3/etc/settings/.qt_plugins_3.3rc.lock > /usr/lib/qt-3.3/etc/settings/.qtrc.lock > /usr/lib/perl5/vendor_perl/5.8.3/i386-linux-thread-multi/auto/Gaim/.packlist > /usr/lib/perl5/5.8.3/i386-linux-thread-multi/.packlist > /lib/modules/2.6.10-1.771_FC2/build/.config > /lib/modules/2.6.10-1.771_FC2/build/scripts/.pnmtologo.cmd > /lib/modules/2.6.10-1.771_FC2/build/scripts/genksyms/.genksyms.cmd > /lib/modules/2.6.10-1.771_FC2/build/scripts/genksyms/.parse.o.cmd > /lib/modules/2.6.10-1.771_FC2/build/scripts/genksyms/.lex.o.cmd > [etc] > > Total of 200 files it didn't like. I don't see anything there that > looks particularly suspicios. What's going on? Anyone know? > > It also found this... > > Checking `chkutmp'... The tty of the following user process(es) were > not found > in /var/run/utmp ! > ! RUID PID TTY CMD > ! root 3928 tty1 /sbin/mingetty tty1 > ! root 3939 tty2 /sbin/mingetty tty2 > ! root 3945 tty3 /sbin/mingetty tty3 > ! root 3951 tty4 /sbin/mingetty tty4 > ! root 3957 tty5 /sbin/mingetty tty5 > ! root 4082 tty6 /sbin/mingetty tty6 > chkutmp: nothing deleted > > Why can it not find the tty? > > Mike Did you ever figure out what caused chkrootkit to freak? I was hoping someone would help you (as I too need to learn), but I did not see any public replies to the thread. Dotan Cohen http://song-lirics.com
