Feeds:
Posts
Comments

Archive for February 5th, 2008

What is chkrootkit?

It’s a program to check your system for signs of a rootkit. And what is rootkit?

Rootkit is a program or combination of programs which is used for someone to create a back-door into your system and act as a root privileges.

There are 5 output messages for chkrootkit.

  • INFECTED

  • not infected

  • not tested

  • not found

  • Vulnerable but disabled.

Installation

taufanlubis@toshiba:~$ sudo apt-get install chkrootkit

Reading package lists… Done

Building dependency tree

Reading state information… Done

The following NEW packages will be installed:

chkrootkit

0 upgraded, 1 newly installed, 0 to remove and 0 not upgraded.

Need to get 271kB of archives.

After unpacking 758kB of additional disk space will be used.

Get:1 http://archive.ubuntu.com gutsy/main chkrootkit 0.47-1.1 [271kB]

Fetched 271kB in 25s (10.5kB/s)

Preconfiguring packages …

Selecting previously deselected package chkrootkit.

(Reading database … 125405 files and directories currently installed.)

Unpacking chkrootkit (from …/chkrootkit_0.47-1.1_i386.deb) …

Setting up chkrootkit (0.47-1.1) …

taufanlubis@toshiba:~$


Run the program

taufanlubis@toshiba:~$ sudo chkrootkit

ROOTDIR is `/’

Checking `amd’… not found

Checking `basename’… not infected

Checking `biff’… not found

Checking `chfn’… not infected

Checking `chsh’… not infected

Checking `cron’… not infected

Checking `crontab’… not infected

Checking `date’… not infected

Checking `du’… not infected

Checking `dirname’… not infected

Checking `echo’… not infected

Checking `egrep’… not infected

Checking `env’… not infected

Checking `find’… not infected

Checking `fingerd’… not found

Checking `gpm’… not found

Checking `grep’… not infected

Checking `hdparm’… not infected

Checking `su’… not infected

Checking `ifconfig’… not infected

Checking `inetd’… not infected

Checking `inetdconf’… not infected

Checking `identd’… not found

Checking `init’… not infected

Checking `killall’… not infected

Checking `ldsopreload’… not infected

Checking `login’… not infected

Checking `ls’… not infected

Checking `lsof’… not infected

Checking `mail’… not found

Checking `mingetty’… not found

Checking `netstat’… not infected

Checking `named’… not found

Checking `passwd’… not infected

Checking `pidof’… not infected

Checking `pop2’… not found

Checking `pop3’… not found

Checking `ps’… not infected

Checking `pstree’… not infected

Checking `rpcinfo’… not infected

Checking `rlogind’… not found

Checking `rshd’… not found

Checking `slogin’… not infected

Checking `sendmail’… not found

Checking `sshd’… not found

Checking `syslogd’… not infected

Checking `tar’… not infected

Checking `tcpd’… not infected

Checking `tcpdump’… not infected

Checking `top’… not infected

Checking `telnetd’… not found

Checking `timed’… not found

Checking `traceroute’… not infected

Checking `vdir’… not infected

Checking `w’… not infected

Checking `write’… not infected

Checking `aliens’… no suspect files

Searching for sniffer’s logs, it may take a while… nothing found

Searching for HiDrootkit’s default dir… nothing found

Searching for t0rn’s default files and dirs… nothing found

Searching for t0rn’s v8 defaults… nothing found

Searching for Lion Worm default files and dirs… nothing found

Searching for RSHA’s default files and dir… nothing found

Searching for RH-Sharpe’s default files… nothing found

Searching for Ambient’s rootkit (ark) default files and dirs… nothing found

Searching for suspicious files and dirs, it may take a while…

/usr/lib/firefox/.autoreg

/usr/lib/jvm/.java-7-icedtea.jinfo

/usr/lib/blender/.Blanguages

/usr/lib/blender/.bfont.ttf

/lib/modules/2.6.22-14-generic/volatile/.mounted

 

Searching for LPD Worm files and dirs… nothing found

Searching for Ramen Worm files and dirs… nothing found

Searching for Maniac files and dirs… nothing found

Searching for RK17 files and dirs… nothing found

Searching for Ducoci rootkit… nothing found

Searching for Adore Worm… nothing found

Searching for ShitC Worm… nothing found

Searching for Omega Worm… nothing found

Searching for Sadmind/IIS Worm… nothing found

Searching for MonKit… nothing found

Searching for Showtee… nothing found

Searching for OpticKit… nothing found

Searching for T.R.K… nothing found

Searching for Mithra… nothing found

Searching for OBSD rk v1… /usr/lib/security

/usr/lib/security/classpath.security

Searching for LOC rootkit… nothing found

Searching for Romanian rootkit… nothing found

Searching for Suckit rootkit… nothing found

Searching for Volc rootkit… nothing found

Searching for Gold2 rootkit… nothing found

Searching for TC2 Worm default files and dirs… nothing found

Searching for Anonoying rootkit default files and dirs… nothing found

Searching for ZK rootkit default files and dirs… nothing found

Searching for ShKit rootkit default files and dirs… nothing found

Searching for AjaKit rootkit default files and dirs… nothing found

Searching for zaRwT rootkit default files and dirs… nothing found

Searching for Madalin rootkit default files… nothing found

Searching for Fu rootkit default files… nothing found

Searching for ESRK rootkit default files… nothing found

Searching for rootedoor… nothing found

Searching for ENYELKM rootkit default files… nothing found

Searching for anomalies in shell history files… nothing found

Checking `asp’… not infected

Checking `bindshell’… not infected

Checking `lkm’… chkproc: nothing detected

Checking `rexedcs’… not found

Checking `sniffer’… lo: not promisc and no packet sniffer sockets

eth0: PACKET SNIFFER(/sbin/dhclient3[6036], /usr/sbin/avahi-autoipd[5879])

Checking `w55808’… not infected

Checking `wted’… chkwtmp: nothing deleted

Checking `scalper’… not infected

Checking `slapper’… not infected

Checking `z2’… user taufanlubis deleted or never logged from lastlog!

taufanlubis@toshiba:~$

Read Full Post »

Follow

Get every new post delivered to your Inbox.

Join 72 other followers