d-snake
23.02.09, 09:14
Hallo Forum,
ich habe am Wochenende einen Bericht über Rootkits unter Unix Systemen gelesen. Daraufhin habe ich einen Check auf meinem System gemacht. chkrootkit meldet mir
Checking `bindshell'... INFECTED (PORTS: 5190)
Ich habe darauf hin einen Gegencheck mit netstat gemacht
netstat -an|grep 5190
Jedoch ohne Ergebnis, er hat nichts gefunden. Kann es etwas damit zu tun haben, dass ich VMWare Workstation installiert habe?
Ein gegencheck mit rkhunter brachte folgendes Ergebnis:
System checks summary
=====================
File properties checks...
Required commands check failed
Files checked: 138
Suspect files: 3
Rootkit checks...
Rootkits checked : 116
Possible rootkits: 0
Applications checks...
Applications checked: 5
Suspect applications: 0
The system checks took: 1 minute and 38 seconds
All results have been written to the logfile (/var/log/rkhunter.log)
One or more warnings have been found while checking the system.
Please check the log file (/var/log/rkhunter.log)
Die Warnings aus dem Logfile:
[08:42:00] Warning: Checking for prerequisites [ Warning ]
[08:42:00] Warning: WARNING! It is the users responsibility to ensure that when the '--propupd' option
[08:42:08] /usr/bin/ldd [ Warning ]
[08:42:08] Warning: The command '/usr/bin/ldd' has been replaced by a script: /usr/bin/ldd: Bourne-Again shell script text
[08:42:13] /sbin/chkconfig [ Warning ]
[08:42:13] Warning: The command '/sbin/chkconfig' has been replaced by a script: /sbin/chkconfig: a /usr/bin/perl script text
[08:42:14] /sbin/ifup [ Warning ]
[08:42:14] Warning: The command '/sbin/ifup' has been replaced by a script: /sbin/ifup: Bourne-Again shell script text
[08:43:26] Checking if SSH root access is allowed [ Warning ]
[08:43:26] Warning: The SSH configuration option 'PermitRootLogin' has not been set.
[08:43:27] Checking /dev for suspicious file types [ Warning ]
[08:43:27] Warning: Suspicious file types found in /dev:
[08:43:28] Checking for hidden files and directories [ Warning ]
[08:43:28] Warning: Hidden directory found: /dev/.udev
Muss ich mir sorgen machen?
ich habe am Wochenende einen Bericht über Rootkits unter Unix Systemen gelesen. Daraufhin habe ich einen Check auf meinem System gemacht. chkrootkit meldet mir
Checking `bindshell'... INFECTED (PORTS: 5190)
Ich habe darauf hin einen Gegencheck mit netstat gemacht
netstat -an|grep 5190
Jedoch ohne Ergebnis, er hat nichts gefunden. Kann es etwas damit zu tun haben, dass ich VMWare Workstation installiert habe?
Ein gegencheck mit rkhunter brachte folgendes Ergebnis:
System checks summary
=====================
File properties checks...
Required commands check failed
Files checked: 138
Suspect files: 3
Rootkit checks...
Rootkits checked : 116
Possible rootkits: 0
Applications checks...
Applications checked: 5
Suspect applications: 0
The system checks took: 1 minute and 38 seconds
All results have been written to the logfile (/var/log/rkhunter.log)
One or more warnings have been found while checking the system.
Please check the log file (/var/log/rkhunter.log)
Die Warnings aus dem Logfile:
[08:42:00] Warning: Checking for prerequisites [ Warning ]
[08:42:00] Warning: WARNING! It is the users responsibility to ensure that when the '--propupd' option
[08:42:08] /usr/bin/ldd [ Warning ]
[08:42:08] Warning: The command '/usr/bin/ldd' has been replaced by a script: /usr/bin/ldd: Bourne-Again shell script text
[08:42:13] /sbin/chkconfig [ Warning ]
[08:42:13] Warning: The command '/sbin/chkconfig' has been replaced by a script: /sbin/chkconfig: a /usr/bin/perl script text
[08:42:14] /sbin/ifup [ Warning ]
[08:42:14] Warning: The command '/sbin/ifup' has been replaced by a script: /sbin/ifup: Bourne-Again shell script text
[08:43:26] Checking if SSH root access is allowed [ Warning ]
[08:43:26] Warning: The SSH configuration option 'PermitRootLogin' has not been set.
[08:43:27] Checking /dev for suspicious file types [ Warning ]
[08:43:27] Warning: Suspicious file types found in /dev:
[08:43:28] Checking for hidden files and directories [ Warning ]
[08:43:28] Warning: Hidden directory found: /dev/.udev
Muss ich mir sorgen machen?