Chrootkit found "suspicious" file
Mike McCarty
mike.mccarty at sbcglobal.net
Mon Feb 27 20:06:15 UTC 2006
Dotan Cohen wrote:
> On 2/23/06, Mike McCarty <mike.mccarty at sbcglobal.net> wrote:
>
>>I ran chrootkit today, and it spit this out [in the middle
>>of a bunch of "nothing found" reports]
[snip]
>>Total of 200 files it didn't like. I don't see anything there that
>>looks particularly suspicios. What's going on? Anyone know?
>>
>>It also found this...
>>
>>Checking `chkutmp'... The tty of the following user process(es) were
>>not found
>> in /var/run/utmp !
>>! RUID PID TTY CMD
>>! root 3928 tty1 /sbin/mingetty tty1
>>! root 3939 tty2 /sbin/mingetty tty2
>>! root 3945 tty3 /sbin/mingetty tty3
>>! root 3951 tty4 /sbin/mingetty tty4
>>! root 3957 tty5 /sbin/mingetty tty5
>>! root 4082 tty6 /sbin/mingetty tty6
>>chkutmp: nothing deleted
>>
>>Why can it not find the tty?
>>
>>Mike
>
>
> Did you ever figure out what caused chkrootkit to freak? I was hoping
> someone would help you (as I too need to learn), but I did not see any
> public replies to the thread.
Never did.
Mike
--
p="p=%c%s%c;main(){printf(p,34,p,34);}";main(){printf(p,34,p,34);}
This message made from 100% recycled bits.
You have found the bank of Larn.
I can explain it for you, but I can't understand it for you.
I speak only for myself, and I am unanimous in that!
More information about the users
mailing list