Painkiller
22.07.05, 17:43
Hallo...
Ich hab eben mal rkhunter geupdated und durchlaufen lassen. Das ergebniss sieht so aus:
Filesystem checks
Checking /dev for suspicious files... [ OK ]
Scanning for hidden files... [ Warning! ]
---------------
/dev/.udevdb /usr/share/man/man1/..1.gz /etc/.java /etc/.pwd.lock
---------------
Please inspect: /dev/.udevdb (directory) /etc/.java (directory)
in /dev/.udevdb sind ein haufen dateien:
[root@localhost .udevdb]# ls
block@fd0 class@tty@tty18 class@tty@ttyS28
block@hda class@tty@tty19 class@tty@ttyS29
block@hda@hda1 class@tty@tty2 class@tty@ttyS3
block@hda@hda2 class@tty@tty20 class@tty@ttyS30
block@hda@hda3 class@tty@tty21 class@tty@ttyS31
block@hdb class@tty@tty22 class@tty@ttyS32
block@hdb@hdb1 class@tty@tty23 class@tty@ttyS33
block@hdb@hdb2 class@tty@tty24 class@tty@ttyS34
block@hdb@hdb5 class@tty@tty25 class@tty@ttyS35
block@hdb@hdb6 class@tty@tty26 class@tty@ttyS36
block@hdc class@tty@tty27 class@tty@ttyS37
block@md0 class@tty@tty28 class@tty@ttyS38
block@ram0 class@tty@tty29 class@tty@ttyS39
block@ram1 class@tty@tty3 class@tty@ttyS4
block@ram10 class@tty@tty30 class@tty@ttyS40
block@ram11 class@tty@tty31 class@tty@ttyS41
block@ram12 class@tty@tty32 class@tty@ttyS42
block@ram13 class@tty@tty33 class@tty@ttyS43
block@ram14 class@tty@tty34 class@tty@ttyS44
block@ram15 class@tty@tty35 class@tty@ttyS45
block@ram2 class@tty@tty36 class@tty@ttyS46
block@ram3 class@tty@tty37 class@tty@ttyS47
block@ram4 class@tty@tty38 class@tty@ttyS48
block@ram5 class@tty@tty39 class@tty@ttyS49
block@ram6 class@tty@tty4 class@tty@ttyS5
block@ram7 class@tty@tty40 class@tty@ttyS50
block@ram8 class@tty@tty41 class@tty@ttyS51
block@ram9 class@tty@tty42 class@tty@ttyS52
class@input@event0 class@tty@tty43 class@tty@ttyS53
class@input@event1 class@tty@tty44 class@tty@ttyS54
class@input@mice class@tty@tty45 class@tty@ttyS55
class@input@mouse0 class@tty@tty46 class@tty@ttyS56
class@mem@full class@tty@tty47 class@tty@ttyS57
class@mem@kmsg class@tty@tty48 class@tty@ttyS58
class@mem@mem class@tty@tty49 class@tty@ttyS59
class@mem@null class@tty@tty5 class@tty@ttyS6
class@mem@port class@tty@tty50 class@tty@ttyS60
class@mem@random class@tty@tty51 class@tty@ttyS61
class@mem@urandom class@tty@tty52 class@tty@ttyS62
class@mem@zero class@tty@tty53 class@tty@ttyS63
class@misc@agpgart class@tty@tty54 class@tty@ttyS64
class@misc@device-mapper class@tty@tty55 class@tty@ttyS65
class@misc@hpet class@tty@tty56 class@tty@ttyS66
class@misc@rtc class@tty@tty57 class@tty@ttyS67
class@nvidia@nvidia0 class@tty@tty58 class@tty@ttyS68
class@nvidia@nvidiactl class@tty@tty59 class@tty@ttyS69
class@printer@lp0 class@tty@tty6 class@tty@ttyS7
class@sound@adsp class@tty@tty60 class@tty@ttyS70
class@sound@audio class@tty@tty61 class@tty@ttyS71
class@sound@controlC0 class@tty@tty62 class@tty@ttyS72
class@sound@dmmidi class@tty@tty63 class@tty@ttyS73
class@sound@dsp class@tty@tty7 class@tty@ttyS74
class@sound@midi class@tty@tty8 class@tty@ttyS75
class@sound@midiC0D0 class@tty@tty9 class@tty@ttyS8
class@sound@mixer class@tty@ttyS0 class@tty@ttyS9
class@sound@pcmC0D0c class@tty@ttyS1 class@vc@vcs
class@sound@pcmC0D0p class@tty@ttyS10 class@vc@vcs1
class@sound@pcmC0D1p class@tty@ttyS11 class@vc@vcs2
class@sound@seq class@tty@ttyS12 class@vc@vcs3
class@sound@sequencer class@tty@ttyS13 class@vc@vcs4
class@sound@sequencer2 class@tty@ttyS14 class@vc@vcs5
class@sound@timer class@tty@ttyS15 class@vc@vcs6
class@tty@console class@tty@ttyS16 class@vc@vcs7
class@tty@ptmx class@tty@ttyS17 class@vc@vcs8
class@tty@tty class@tty@ttyS18 class@vc@vcsa
class@tty@tty0 class@tty@ttyS19 class@vc@vcsa1
class@tty@tty1 class@tty@ttyS2 class@vc@vcsa2
class@tty@tty10 class@tty@ttyS20 class@vc@vcsa3
class@tty@tty11 class@tty@ttyS21 class@vc@vcsa4
class@tty@tty12 class@tty@ttyS22 class@vc@vcsa5
class@tty@tty13 class@tty@ttyS23 class@vc@vcsa6
class@tty@tty14 class@tty@ttyS24 class@vc@vcsa7
class@tty@tty15 class@tty@ttyS25 class@vc@vcsa8
class@tty@tty16 class@tty@ttyS26 class@video4linux@vbi0
class@tty@tty17 class@tty@ttyS27 class@video4linux@video0
[root@localhost .udevdb]#
mit z.B. inhalt von "block@hdb@hdb2":
P:/block/hdb/hdb2
N:hdb2
M:3:66
A:0
R:0
Und in /etc/.java
ist ein verzeichniss namens .systemprefs in dem sich zwei leere Dateien befinden:
.system.lock
.system[schlangensymbol]ModFile
Also das mit .udevdb koennten doch auch nur meldungen von udev sein. Und Java schreibt was in die Dateien wenn ich Bei Java was global einstelle, sehe ich das Richtig?
und
* Check: SSH
Searching for sshd_config...
Found /etc/ssh/sshd_config
Checking for allowed root login... Watch out Root login possible. Possible risk!
Hint: see logfile for more information
info:
Hint: See logfile for more information about this issue
Checking for allowed protocols... [ OK (Only SSH2 allowed) ]
Und das ist doch auch "normal" oder wie sehe ich das?
Ich hab schon gegoogelt aber nicht wirklich was dazu gefunden.
chkrootkit spuckt garkeine Fehler aus.
*paranoiaschieb* :ugly:
Ich hab eben mal rkhunter geupdated und durchlaufen lassen. Das ergebniss sieht so aus:
Filesystem checks
Checking /dev for suspicious files... [ OK ]
Scanning for hidden files... [ Warning! ]
---------------
/dev/.udevdb /usr/share/man/man1/..1.gz /etc/.java /etc/.pwd.lock
---------------
Please inspect: /dev/.udevdb (directory) /etc/.java (directory)
in /dev/.udevdb sind ein haufen dateien:
[root@localhost .udevdb]# ls
block@fd0 class@tty@tty18 class@tty@ttyS28
block@hda class@tty@tty19 class@tty@ttyS29
block@hda@hda1 class@tty@tty2 class@tty@ttyS3
block@hda@hda2 class@tty@tty20 class@tty@ttyS30
block@hda@hda3 class@tty@tty21 class@tty@ttyS31
block@hdb class@tty@tty22 class@tty@ttyS32
block@hdb@hdb1 class@tty@tty23 class@tty@ttyS33
block@hdb@hdb2 class@tty@tty24 class@tty@ttyS34
block@hdb@hdb5 class@tty@tty25 class@tty@ttyS35
block@hdb@hdb6 class@tty@tty26 class@tty@ttyS36
block@hdc class@tty@tty27 class@tty@ttyS37
block@md0 class@tty@tty28 class@tty@ttyS38
block@ram0 class@tty@tty29 class@tty@ttyS39
block@ram1 class@tty@tty3 class@tty@ttyS4
block@ram10 class@tty@tty30 class@tty@ttyS40
block@ram11 class@tty@tty31 class@tty@ttyS41
block@ram12 class@tty@tty32 class@tty@ttyS42
block@ram13 class@tty@tty33 class@tty@ttyS43
block@ram14 class@tty@tty34 class@tty@ttyS44
block@ram15 class@tty@tty35 class@tty@ttyS45
block@ram2 class@tty@tty36 class@tty@ttyS46
block@ram3 class@tty@tty37 class@tty@ttyS47
block@ram4 class@tty@tty38 class@tty@ttyS48
block@ram5 class@tty@tty39 class@tty@ttyS49
block@ram6 class@tty@tty4 class@tty@ttyS5
block@ram7 class@tty@tty40 class@tty@ttyS50
block@ram8 class@tty@tty41 class@tty@ttyS51
block@ram9 class@tty@tty42 class@tty@ttyS52
class@input@event0 class@tty@tty43 class@tty@ttyS53
class@input@event1 class@tty@tty44 class@tty@ttyS54
class@input@mice class@tty@tty45 class@tty@ttyS55
class@input@mouse0 class@tty@tty46 class@tty@ttyS56
class@mem@full class@tty@tty47 class@tty@ttyS57
class@mem@kmsg class@tty@tty48 class@tty@ttyS58
class@mem@mem class@tty@tty49 class@tty@ttyS59
class@mem@null class@tty@tty5 class@tty@ttyS6
class@mem@port class@tty@tty50 class@tty@ttyS60
class@mem@random class@tty@tty51 class@tty@ttyS61
class@mem@urandom class@tty@tty52 class@tty@ttyS62
class@mem@zero class@tty@tty53 class@tty@ttyS63
class@misc@agpgart class@tty@tty54 class@tty@ttyS64
class@misc@device-mapper class@tty@tty55 class@tty@ttyS65
class@misc@hpet class@tty@tty56 class@tty@ttyS66
class@misc@rtc class@tty@tty57 class@tty@ttyS67
class@nvidia@nvidia0 class@tty@tty58 class@tty@ttyS68
class@nvidia@nvidiactl class@tty@tty59 class@tty@ttyS69
class@printer@lp0 class@tty@tty6 class@tty@ttyS7
class@sound@adsp class@tty@tty60 class@tty@ttyS70
class@sound@audio class@tty@tty61 class@tty@ttyS71
class@sound@controlC0 class@tty@tty62 class@tty@ttyS72
class@sound@dmmidi class@tty@tty63 class@tty@ttyS73
class@sound@dsp class@tty@tty7 class@tty@ttyS74
class@sound@midi class@tty@tty8 class@tty@ttyS75
class@sound@midiC0D0 class@tty@tty9 class@tty@ttyS8
class@sound@mixer class@tty@ttyS0 class@tty@ttyS9
class@sound@pcmC0D0c class@tty@ttyS1 class@vc@vcs
class@sound@pcmC0D0p class@tty@ttyS10 class@vc@vcs1
class@sound@pcmC0D1p class@tty@ttyS11 class@vc@vcs2
class@sound@seq class@tty@ttyS12 class@vc@vcs3
class@sound@sequencer class@tty@ttyS13 class@vc@vcs4
class@sound@sequencer2 class@tty@ttyS14 class@vc@vcs5
class@sound@timer class@tty@ttyS15 class@vc@vcs6
class@tty@console class@tty@ttyS16 class@vc@vcs7
class@tty@ptmx class@tty@ttyS17 class@vc@vcs8
class@tty@tty class@tty@ttyS18 class@vc@vcsa
class@tty@tty0 class@tty@ttyS19 class@vc@vcsa1
class@tty@tty1 class@tty@ttyS2 class@vc@vcsa2
class@tty@tty10 class@tty@ttyS20 class@vc@vcsa3
class@tty@tty11 class@tty@ttyS21 class@vc@vcsa4
class@tty@tty12 class@tty@ttyS22 class@vc@vcsa5
class@tty@tty13 class@tty@ttyS23 class@vc@vcsa6
class@tty@tty14 class@tty@ttyS24 class@vc@vcsa7
class@tty@tty15 class@tty@ttyS25 class@vc@vcsa8
class@tty@tty16 class@tty@ttyS26 class@video4linux@vbi0
class@tty@tty17 class@tty@ttyS27 class@video4linux@video0
[root@localhost .udevdb]#
mit z.B. inhalt von "block@hdb@hdb2":
P:/block/hdb/hdb2
N:hdb2
M:3:66
A:0
R:0
Und in /etc/.java
ist ein verzeichniss namens .systemprefs in dem sich zwei leere Dateien befinden:
.system.lock
.system[schlangensymbol]ModFile
Also das mit .udevdb koennten doch auch nur meldungen von udev sein. Und Java schreibt was in die Dateien wenn ich Bei Java was global einstelle, sehe ich das Richtig?
und
* Check: SSH
Searching for sshd_config...
Found /etc/ssh/sshd_config
Checking for allowed root login... Watch out Root login possible. Possible risk!
Hint: see logfile for more information
info:
Hint: See logfile for more information about this issue
Checking for allowed protocols... [ OK (Only SSH2 allowed) ]
Und das ist doch auch "normal" oder wie sehe ich das?
Ich hab schon gegoogelt aber nicht wirklich was dazu gefunden.
chkrootkit spuckt garkeine Fehler aus.
*paranoiaschieb* :ugly: