On Monday 27 February 2006 07:19, Dotan Cohen wrote: > On 2/23/06, Mike McCarty <mike.mccarty@xxxxxxxxxxxxx> wrote: > > I ran chrootkit today, and it spit this out [in the middle > > of a bunch of "nothing found" reports] > > > > Searching for suspicious files and dirs, it may take a while... > > /usr/lib/qt-3.3/etc/settings/.qt_plugins_3.3rc.lock > > /usr/lib/qt-3.3/etc/settings/.qtrc.lock > > /usr/lib/perl5/vendor_perl/5.8.3/i386-linux-thread-multi/auto/Gaim/.packl > >ist /usr/lib/perl5/5.8.3/i386-linux-thread-multi/.packlist > > /lib/modules/2.6.10-1.771_FC2/build/.config > > /lib/modules/2.6.10-1.771_FC2/build/scripts/.pnmtologo.cmd > > /lib/modules/2.6.10-1.771_FC2/build/scripts/genksyms/.genksyms.cmd > > /lib/modules/2.6.10-1.771_FC2/build/scripts/genksyms/.parse.o.cmd > > /lib/modules/2.6.10-1.771_FC2/build/scripts/genksyms/.lex.o.cmd > > [etc] > > > > Total of 200 files it didn't like. I don't see anything there that > > looks particularly suspicios. What's going on? Anyone know? > > > > It also found this... > > > > Checking `chkutmp'... The tty of the following user process(es) were > > not found > > in /var/run/utmp ! > > ! RUID PID TTY CMD > > ! root 3928 tty1 /sbin/mingetty tty1 > > ! root 3939 tty2 /sbin/mingetty tty2 > > ! root 3945 tty3 /sbin/mingetty tty3 > > ! root 3951 tty4 /sbin/mingetty tty4 > > ! root 3957 tty5 /sbin/mingetty tty5 > > ! root 4082 tty6 /sbin/mingetty tty6 > > chkutmp: nothing deleted > > > > Why can it not find the tty? > > > > Mike > > Did you ever figure out what caused chkrootkit to freak? I was hoping > someone would help you (as I too need to learn), but I did not see any > public replies to the thread. > > Dotan Cohen > http://song-lirics.com I haven't run FC2 in a while but suspect that these are scripts that are changing ownership or group to wheel or root. -- Some people have convictions. Some people have opinions I think I'll have a cheeseburger!
