Get Gentoo!
gentoo.org sites
gentoo.org Wiki Bugs Forums Packages
Planet Archives Sources
Infra Status

Gentoo Archives: gentoo-security

From: Alex Efros <powerman@××××××××××××××××××.com>
To: gentoo-security@l.g.o
Subject: [gentoo-security] chkrootkit report
Date: Sat, 26 Aug 2006 16:20:42
Message-Id: 20060826161443.GA25361@home.power
1 Hi!
2
3 Below is example of report which I received from chkrootkit. What's the
4 goal of listing all these .keep and .packlist files? There a lot of them,
5 and this make report hard to read. I've checked some of these files -
6 .keep files has 0 bytes, .packlist files contains list of files in perl
7 modules, so they all ok. I think these files should be excluded from
8 chkrootkit report, or, if some rootkits use them, then these files should
9 be checked by chkrootkit and reported only if they have unusual content...
10 or I misunderstood something?
11
12 ----- Forwarded message from root@××××××××××××××××××.com -----
13
14 Date: 26 Aug 2006 13:42:26 +0300
15 From: root@××××××××××××××××××.com
16 To: root@××××××××××××××××××.com
17 Subject: cron: test -x /usr/sbin/run-crons && /usr/sbin/run-crons
18
19
20 /usr/lib/.keep /usr/lib/motif/.keep /usr/lib/perl5/5.8.6/i686-linux/auto/Test/Simple/.packlist /usr/lib/perl5/5.8.6/i686-linux/auto/Test/Tester/.packlist /usr/lib/perl5/5.8.6/i686-linux/auto/Time/HiRes/.packlist /usr/lib/perl5/5.8.6/i686-linux/auto/Digest/.packlist /usr/lib/perl5/5.8.6/i686-linux/auto/ExtUtils/ParseXS/.packlist /usr/lib/perl5/5.8.6/i686-linux/auto/ExtUtils/MakeMaker/.packlist /usr/lib/perl5/5.8.7/i686-linux/auto/CGI/.packlist /usr/lib/perl5/5.8.8/i686-linux/auto/Test/Simple/.packlist /usr/lib/perl5/5.8.8/i686-linux/.packlist /usr/lib/perl5/site_perl/5.8.6/CPANPLUS/inc/.inc /usr/lib/perl5/site_perl/5.8.6/CPANPLUS/inc/installers/.installers /usr/lib/perl5/site_perl/5.8.6/i686-linux/auto/DBD/Mock/.packlist /usr/lib/perl5/site_perl/5.8.6/i686-linux/auto/DBD/mysql/.packlist /usr/lib/perl5/site_perl/5.8.6/i686-linux/auto/DBI/.packlist /usr/lib/perl5/site_perl/5.8.6/i686-linux/auto/IPC/Cmd/.packlist /usr/lib/perl5/site_perl/5.8.6/i686-linux/auto/LWP/Parallel/.packl!
21 ist /usr/lib/perl5/site_perl/5.8.6/i686-linux/auto/PAR/Dist/.packlist /usr/lib/perl5/site_perl/5.8.6/i686-linux/auto/Log/Log4perl/.packlist /usr/lib/perl5/site_perl/5.8.6/i686-linux/auto/Pod/Simple/.packlist /usr/lib/perl5/site_perl/5.8.6/i686-linux/auto/Pod/Coverage/.packlist /usr/lib/perl5/site_perl/5.8.6/i686-linux/auto/Pod/Escapes/.packlist /usr/lib/perl5/site_perl/5.8.6/i686-linux/auto/URI/.packlist /usr/lib/perl5/site_perl/5.8.6/i686-linux/auto/Sub/Uplevel/.packlist /usr/lib/perl5/site_perl/5.8.6/i686-linux/auto/Sub/Scheduler/.packlist /usr/lib/perl5/site_perl/5.8.6/i686-linux/auto/WWW/Mechanize/.packlist /usr/lib/perl5/site_perl/5.8.6/i686-linux/auto/Apache/DBI/.packlist /usr/lib/perl5/site_perl/5.8.6/i686-linux/auto/Carp/Assert/More/.packlist /usr/lib/perl5/site_perl/5.8.6/i686-linux/auto/Carp/Assert/.packlist /usr/lib/perl5/site_perl/5.8.6/i686-linux/auto/Data/Alias/.packlist /usr/lib/perl5/site_perl/5.8.6/i686-linux/auto/HTML/Parser/.packlist /usr/lib/perl5/site_p!
22 erl/5.8.6/i686-linux/auto/HTML/Tagset/.packlist /usr/lib/perl5/site_pe
23 rl/5.8.6/i686-linux/auto/HTTP/Server/Simple/.packlist /usr/lib/perl5/site_perl/5.8.6/i686-linux/auto/File/Find/Rule/.packlist /usr/lib/perl5/site_perl/5.8.6/i686-linux/auto/File/Slurp/.packlist /usr/lib/perl5/site_perl/5.8.6/i686-linux/auto/List/MoreUtils/.packlist /usr/lib/perl5/site_perl/5.8.6/i686-linux/auto/Math/Pari/.packlist /usr/lib/perl5/site_perl/5.8.6/i686-linux/auto/Term/ReadKey/.packlist /usr/lib/perl5/site_perl/5.8.6/i686-linux/auto/Term/ReadLine/Gnu/.packlist /usr/lib/perl5/site_perl/5.8.6/i686-linux/auto/Test/Pod/Coverage/.packlist /usr/lib/perl5/site_perl/5.8.6/i686-linux/auto/Test/Pod/.packlist /usr/lib/perl5/site_perl/5.8.6/i686-linux/auto/Test/WWW/Mechanize/.packlist /usr/lib/perl5/site_perl/5.8.6/i686-linux/auto/Test/Warn/.packlist /usr/lib/perl5/site_perl/5.8.6/i686-linux/auto/Test/Memory/Cycle/.packlist /usr/lib/perl5/site_perl/5.8.6/i686-linux/auto/Test/Output/.packlist /usr/lib/perl5/site_perl/5.8.6/i686-linux/auto/Test/Distribution/.packlist /usr/lib!
24 /perl5/site_perl/5.8.6/i686-linux/auto/Test/LongString/.packlist /usr/lib/perl5/site_perl/5.8.6/i686-linux/auto/Test/MockModule/.packlist /usr/lib/perl5/site_perl/5.8.6/i686-linux/auto/Test/Differences/.packlist /usr/lib/perl5/site_perl/5.8.6/i686-linux/auto/Test/MockObject/.packlist /usr/lib/perl5/site_perl/5.8.6/i686-linux/auto/Test/Exception/.packlist /usr/lib/perl5/site_perl/5.8.6/i686-linux/auto/Text/Diff/.packlist /usr/lib/perl5/site_perl/5.8.6/i686-linux/auto/Text/Glob/.packlist /usr/lib/perl5/site_perl/5.8.6/i686-linux/auto/Time/HR/.packlist /usr/lib/perl5/site_perl/5.8.6/i686-linux/auto/Tree/DAG_Node/.packlist /usr/lib/perl5/site_perl/5.8.6/i686-linux/auto/YAML/.packlist /usr/lib/perl5/site_perl/5.8.6/i686-linux/auto/CPANPLUS/Dist/Build/.packlist /usr/lib/perl5/site_perl/5.8.6/i686-linux/auto/CPANPLUS/.packlist /usr/lib/perl5/site_perl/5.8.6/i686-linux/auto/Algorithm/Diff/.packlist /usr/lib/perl5/site_perl/5.8.6/i686-linux/auto/Config/Std/.packlist /usr/lib/perl5/s!
25 ite_perl/5.8.6/i686-linux/auto/Digest/SHA/.packlist /usr/lib/perl5/sit
26 e_perl/5.8.6/i686-linux/auto/Digest/SHA1/.packlist /usr/lib/perl5/site_perl/5.8.6/i686-linux/auto/Array/Compare/.packlist /usr/lib/perl5/site_perl/5.8.6/i686-linux/auto/Class/Std/Utils/.packlist /usr/lib/perl5/site_perl/5.8.6/i686-linux/auto/Class/Std/.packlist /usr/lib/perl5/site_perl/5.8.6/i686-linux/auto/Class/Data/Inheritable/.packlist /usr/lib/perl5/site_perl/5.8.6/i686-linux/auto/Class/Singleton/.packlist /usr/lib/perl5/site_perl/5.8.6/i686-linux/auto/Devel/Cover/.packlist /usr/lib/perl5/site_perl/5.8.6/i686-linux/auto/Devel/Cycle/.packlist /usr/lib/perl5/site_perl/5.8.6/i686-linux/auto/Devel/StackTrace/.packlist /usr/lib/perl5/site_perl/5.8.6/i686-linux/auto/Devel/Symdump/.packlist /usr/lib/perl5/site_perl/5.8.6/i686-linux/auto/Crypt/RC4/.packlist /usr/lib/perl5/site_perl/5.8.6/i686-linux/auto/Error/.packlist /usr/lib/perl5/site_perl/5.8.6/i686-linux/auto/Event/.packlist /usr/lib/perl5/site_perl/5.8.6/i686-linux/auto/POWER/NB/IO/.packlist /usr/lib/perl5/site_perl/5.8.!
27 6/i686-linux/auto/POWER/NB/Resolver/.packlist /usr/lib/perl5/site_perl/5.8.6/i686-linux/auto/POWER/LOG/.packlist /usr/lib/perl5/site_perl/5.8.6/i686-linux/auto/POWER/SQL/.packlist /usr/lib/perl5/site_perl/5.8.6/i686-linux/auto/POWER/SSL/.packlist /usr/lib/perl5/site_perl/5.8.6/i686-linux/auto/POWER/Feed/.packlist /usr/lib/perl5/site_perl/5.8.6/i686-linux/auto/POWER/Tree/.packlist /usr/lib/perl5/site_perl/5.8.6/i686-linux/auto/POWER/iCGI/.packlist /usr/lib/perl5/site_perl/5.8.6/i686-linux/auto/POWER/Email/.packlist /usr/lib/perl5/site_perl/5.8.6/i686-linux/auto/POWER/Epoll/.packlist /usr/lib/perl5/site_perl/5.8.6/i686-linux/auto/POWER/Event/Epoll/.packlist /usr/lib/perl5/site_perl/5.8.6/i686-linux/auto/POWER/Event/Timer/.packlist /usr/lib/perl5/site_perl/5.8.6/i686-linux/auto/POWER/Event/.packlist /usr/lib/perl5/site_perl/5.8.6/i686-linux/auto/POWER/Multi/GET/.packlist /usr/lib/perl5/site_perl/5.8.6/i686-linux/auto/POWER/Utils/IO/.packlist /usr/lib/perl5/site_perl/5.8.6/i686!
28 -linux/auto/POWER/Utils/.packlist /usr/lib/perl5/site_perl/5.8.6/i686-
29 linux/auto/POWER/Utils/Resource/.packlist /usr/lib/perl5/site_perl/5.8.6/i686-linux/auto/POWER/Utils/HexDump/.packlist /usr/lib/perl5/site_perl/5.8.6/i686-linux/auto/POWER/MetaSearch/.packlist /usr/lib/perl5/site_perl/5.8.6/i686-linux/auto/Parse/RecDescent/.packlist /usr/lib/perl5/site_perl/5.8.6/i686-linux/auto/Perl6/Export/Attrs/.packlist /usr/lib/perl5/site_perl/5.8.6/i686-linux/auto/Perl6/Export/.packlist /usr/lib/perl5/site_perl/5.8.6/i686-linux/auto/Perl6/Slurp/.packlist /usr/lib/perl5/site_perl/5.8.6/i686-linux/auto/Inline/CPP/.packlist /usr/lib/perl5/site_perl/5.8.6/i686-linux/auto/Inline/.packlist /usr/lib/perl5/site_perl/5.8.6/i686-linux/auto/Smart/Comments/.packlist /usr/lib/perl5/site_perl/5.8.6/i686-linux/auto/Locale/Maketext/Simple/.packlist /usr/lib/perl5/site_perl/5.8.6/i686-linux/auto/Module/Load/Conditional/.packlist /usr/lib/perl5/site_perl/5.8.6/i686-linux/auto/Module/Load/.packlist /usr/lib/perl5/site_perl/5.8.6/i686-linux/auto/Module/Build/.packlist /us!
30 r/lib/perl5/site_perl/5.8.6/i686-linux/auto/Module/CoreList/.packlist /usr/lib/perl5/site_perl/5.8.6/i686-linux/auto/Module/Signature/.packlist /usr/lib/perl5/site_perl/5.8.6/i686-linux/auto/Module/Pluggable/.packlist /usr/lib/perl5/site_perl/5.8.6/i686-linux/auto/Module/Starter/PBP/.packlist /usr/lib/perl5/site_perl/5.8.6/i686-linux/auto/Module/Starter/.packlist /usr/lib/perl5/site_perl/5.8.6/i686-linux/auto/Compress/Zlib/.packlist /usr/lib/perl5/site_perl/5.8.6/i686-linux/auto/Number/Compare/.packlist /usr/lib/perl5/site_perl/5.8.6/i686-linux/auto/Params/Check/.packlist /usr/lib/perl5/site_perl/5.8.6/i686-linux/auto/Params/Validate/.packlist /usr/lib/perl5/site_perl/5.8.6/i686-linux/auto/Regexp/Common/Fast/.packlist /usr/lib/perl5/site_perl/5.8.6/i686-linux/auto/Regexp/Common/.packlist /usr/lib/perl5/site_perl/5.8.6/i686-linux/auto/Regexp/Common/RealHTML/.packlist /usr/lib/perl5/site_perl/5.8.6/i686-linux/auto/AppConfig/.packlist /usr/lib/perl5/site_perl/5.8.6/i686-linux/!
31 auto/libwww-perl/.packlist /usr/lib/perl5/site_perl/5.8.6/i686-linux/a
32 uto/Business/CreditCard/.packlist /usr/lib/perl5/site_perl/5.8.6/i686-linux/auto/Readonly/XS/.packlist /usr/lib/perl5/site_perl/5.8.6/i686-linux/auto/Readonly/.packlist /usr/lib/perl5/site_perl/5.8.6/i686-linux/auto/UNIVERSAL/can/.packlist /usr/lib/perl5/site_perl/5.8.6/i686-linux/auto/UNIVERSAL/isa/.packlist /usr/lib/perl5/site_perl/5.8.6/i686-linux/auto/version/vxs/.packlist /usr/lib/perl5/site_perl/5.8.6/i686-linux/auto/ExtUtils/CBuilder/.packlist /usr/lib/perl5/site_perl/5.8.6/i686-linux/auto/DateTime/Locale/.packlist /usr/lib/perl5/site_perl/5.8.6/i686-linux/auto/DateTime/.packlist /usr/lib/perl5/site_perl/5.8.6/i686-linux/auto/DateTime/TimeZone/.packlist /usr/lib/perl5/site_perl/5.8.6/i686-linux/auto/Exception/Class/.packlist /usr/lib/perl5/site_perl/5.8.6/i686-linux/auto/JavaScript/SpiderMonkey/.packlist /usr/lib/perl5/site_perl/5.8.6/i686-linux/auto/Template/.packlist /usr/lib/perl5/site_perl/5.8.7/i686-linux/auto/GD/Text/.packlist /usr/lib/perl5/site_perl/5.8.7/i686!
33 -linux/auto/GD/Graph/.packlist /usr/lib/perl5/site_perl/5.8.7/i686-linux/auto/GD/.packlist /usr/lib/perl5/site_perl/5.8.7/i686-linux/auto/DBD/mysql/.packlist /usr/lib/perl5/site_perl/5.8.7/i686-linux/auto/DBI/.packlist /usr/lib/perl5/site_perl/5.8.7/i686-linux/auto/FCGI/ProcManager/.packlist /usr/lib/perl5/site_perl/5.8.7/i686-linux/auto/FCGI/.packlist /usr/lib/perl5/site_perl/5.8.7/i686-linux/auto/Data/Alias/.packlist /usr/lib/perl5/site_perl/5.8.7/i686-linux/auto/Devel/Cover/.packlist /usr/lib/perl5/site_perl/5.8.7/i686-linux/auto/Crypt/MatrixSSL/.packlist /usr/lib/perl5/site_perl/5.8.7/i686-linux/auto/POWER/Feed/.packlist /usr/lib/perl5/site_perl/5.8.7/i686-linux/auto/POWER/Event/IO/.packlist /usr/lib/perl5/site_perl/5.8.7/i686-linux/auto/POWER/Event/.packlist /usr/lib/perl5/site_perl/5.8.7/i686-linux/auto/POWER/Utils/IO/.packlist /usr/lib/perl5/site_perl/5.8.7/i686-linux/auto/fb_c_stuff/.packlist /usr/lib/perl5/site_perl/5.8.8/i686-linux/auto/GPG/.packlist /usr/lib/perl!
34 5/site_perl/5.8.8/i686-linux/auto/IPC/Run/.packlist /usr/lib/perl5/sit
35 e_perl/5.8.8/i686-linux/auto/IPC/Run3/.packlist /usr/lib/perl5/site_perl/5.8.8/i686-linux/auto/X11/Protocol/.packlist /usr/lib/perl5/site_perl/5.8.8/i686-linux/auto/X11/Keyboard/.packlist /usr/lib/perl5/site_perl/5.8.8/i686-linux/auto/X11/SendEvent/.packlist /usr/lib/perl5/site_perl/5.8.8/i686-linux/auto/Data/Alias/.packlist /usr/lib/perl5/site_perl/5.8.8/i686-linux/auto/Class/MethodMaker/.packlist /usr/lib/perl5/site_perl/5.8.8/i686-linux/auto/Devel/Cover/.packlist /usr/lib/perl5/site_perl/5.8.8/i686-linux/auto/Crypt/GPG/.packlist /usr/lib/perl5/site_perl/5.8.8/i686-linux/auto/Crypt/MatrixSSL/.packlist /usr/lib/perl5/site_perl/5.8.8/i686-linux/auto/Email/Address/.packlist /usr/lib/perl5/site_perl/5.8.8/i686-linux/auto/GnuPG/.packlist /usr/lib/perl5/site_perl/5.8.8/i686-linux/auto/GnuPG/Interface/.packlist /usr/lib/perl5/site_perl/5.8.8/i686-linux/auto/POWER/GPG/.packlist /usr/lib/perl5/site_perl/5.8.8/i686-linux/auto/POWER/Event/IO/.packlist /usr/lib/perl5/site_perl/5.8.8/i!
36 686-linux/auto/POWER/Utils/IO/.packlist /usr/lib/perl5/site_perl/5.8.8/i686-linux/auto/POWER/Utils/.packlist /usr/lib/perl5/site_perl/5.8.8/i686-linux/auto/POWER/Utils/Resource/.packlist /usr/lib/perl5/site_perl/5.8.8/i686-linux/auto/TimeDate/.packlist /usr/lib/perl5/vendor_perl/5.8.7/i686-linux/auto/Tk/.packlist /usr/lib/perl5/vendor_perl/5.8.7/i686-linux/auto/DBD/mysql/.packlist /usr/lib/perl5/vendor_perl/5.8.7/i686-linux/auto/DBI/.packlist /usr/lib/perl5/vendor_perl/5.8.7/i686-linux/auto/Gtk/Gdk/Pixbuf/.packlist /usr/lib/perl5/vendor_perl/5.8.7/i686-linux/auto/Gtk/Gdk/ImlibImage/.packlist /usr/lib/perl5/vendor_perl/5.8.7/i686-linux/auto/Gtk/base/.packlist /usr/lib/perl5/vendor_perl/5.8.7/i686-linux/auto/Gtk/GLArea/.packlist /usr/lib/perl5/vendor_perl/5.8.7/i686-linux/auto/Gtk/XmHTML/.packlist /usr/lib/perl5/vendor_perl/5.8.7/i686-linux/auto/Gtk/GladeXML/.packlist /usr/lib/perl5/vendor_perl/5.8.7/i686-linux/auto/Net/Daemon/.packlist /usr/lib/perl5/vendor_perl/5.8.7/i686-l!
37 inux/auto/RPC/PlServer/.packlist /usr/lib/perl5/vendor_perl/5.8.7/i686
38 -linux/auto/URI/.packlist /usr/lib/perl5/vendor_perl/5.8.7/i686-linux/auto/XML/Parser/.packlist /usr/lib/perl5/vendor_perl/5.8.7/i686-linux/auto/XML/Writer/.packlist /usr/lib/perl5/vendor_perl/5.8.7/i686-linux/auto/Date/Manip/.packlist /usr/lib/perl5/vendor_perl/5.8.7/i686-linux/auto/HTML/Parser/.packlist /usr/lib/perl5/vendor_perl/5.8.7/i686-linux/auto/HTML/Tagset/.packlist /usr/lib/perl5/vendor_perl/5.8.7/i686-linux/auto/Gaim/.packlist /usr/lib/perl5/vendor_perl/5.8.7/i686-linux/auto/Gtk2/.packlist /usr/lib/perl5/vendor_perl/5.8.7/i686-linux/auto/RRDp/.packlist /usr/lib/perl5/vendor_perl/5.8.7/i686-linux/auto/RRDs/.packlist /usr/lib/perl5/vendor_perl/5.8.7/i686-linux/auto/Crypt/SSLeay/.packlist /usr/lib/perl5/vendor_perl/5.8.7/i686-linux/auto/SDL_perl/.packlist /usr/lib/perl5/vendor_perl/5.8.7/i686-linux/auto/Locale/gettext/.packlist /usr/lib/perl5/vendor_perl/5.8.7/i686-linux/auto/Compress/Zlib/.packlist /usr/lib/perl5/vendor_perl/5.8.7/i686-linux/auto/HTML-Tree/.packlist!
39 /usr/lib/perl5/vendor_perl/5.8.7/i686-linux/auto/libwww-perl/.packlist /usr/lib/perl5/vendor_perl/5.8.7/i686-linux/auto/ExtUtils/Depends/.packlist /usr/lib/perl5/vendor_perl/5.8.7/i686-linux/auto/ExtUtils/PkgConfig/.packlist /usr/lib/perl5/vendor_perl/5.8.8/i686-linux/auto/Pod/Parser/.packlist /usr/lib/perl5/vendor_perl/5.8.8/i686-linux/auto/XML/SAX/.packlist /usr/lib/perl5/vendor_perl/5.8.8/i686-linux/auto/XML/Simple/.packlist /usr/lib/perl5/vendor_perl/5.8.8/i686-linux/auto/XML/NamespaceSupport/.packlist /usr/lib/perl5/vendor_perl/5.8.8/i686-linux/auto/Glib/.packlist /usr/lib/perl5/vendor_perl/5.8.8/i686-linux/auto/Test/Harness/.packlist /usr/lib/perl5/vendor_perl/5.8.8/i686-linux/auto/Image/Magick/.packlist /usr/lib/samba/rpc/.keep /usr/lib/samba/auth/.keep /usr/lib/samba/idmap/.keep /usr/lib/dbus-1.0/services/.keep /usr/lib/locale/.keep /usr/lib/nessus/plugins/.desc /lib/.keep /lib/dev-state/.keep /lib/rcscripts/sh/.keep /lib/rcscripts/awk/.keep /lib/rcscripts/.keep /l!
40 ib/rcscripts/net.modules.d/.keep /lib/rcscripts/net.modules.d/helpers.
41 d/.keep /lib/udev-state/.keep
42 /usr/lib/nessus/plugins/.desc
43 eth0: PF_PACKET(/usr/sbin/pppoe, /usr/sbin/pppoe)
44 eth1: PF_PACKET(/usr/sbin/pppoe, /usr/sbin/pppoe, /usr/sbin/pppoe)
45 The tty of the following user process(es) were not found
46 in /var/run/utmp !
47 ! RUID PID TTY CMD
48 ! powerman 12107 tty7 X :0 -dpi 120 -nolisten tcp -br -auth /home/powerman/.serverauth.30366 -deferglyphs 16
49
50 ----- End forwarded message -----
51
52
53 --
54 WBR, Alex.
55
56 --
57 gentoo-security@g.o mailing list

Replies

Subject Author
Re: [gentoo-security] chkrootkit report Christian Spoo <mail@××××××××××××××.info>
Report Message
Find on MARC Find on Google Groups