Foros del Web » Administración de Sistemas » Cloud Computing »

Warning RKHUNTER

 Estas en el tema de Warning RKHUNTER en el foro de Cloud Computing en Foros del Web. Hola a todos, he realilzado un escaneo a mi servidor dedicado y me ha llegado un email que dice: rkhunter warnings xxxxx please inspect this ...
  #1 (permalink)  
Antiguo 29/06/2009, 07:35
 
Fecha de Ingreso: marzo-2009
Ubicación: España
Mensajes: 371
Antigüedad: 15 años, 1 mes
Puntos: 5
Warning RKHUNTER
Hola a todos, he realilzado un escaneo a mi servidor dedicado y me ha llegado un email que dice:

rkhunter warnings xxxxx please inspect this machine, because it a may be infected

Y el escaneo me dio los siguientes resultados:

Código: 
[ Rootkit Hunter version 1.3.4 ]

Checking rkhunter data files...
  Checking file mirrors.dat                                  [ No update ]
  Checking file programs_bad.dat                             [ No update ]
  Checking file backdoorports.dat                            [ No update ]
  Checking file suspscan.dat                                 [ No update ]
  Checking file i18n/cn                                      [ No update ]
  Checking file i18n/de                                      [ No update ]
  Checking file i18n/en                                      [ No update ]
  Checking file i18n/zh                                      [ No update ]
  Checking file i18n/zh.utf8                                 [ No update ]
[ Rootkit Hunter version 1.3.4 ]

Checking system commands...

  Performing 'strings' command checks
    Checking 'strings' command                               [ Skipped ]

  Performing 'shared libraries' checks
    Checking for preloading variables                        [ None found ]
    Checking for preload file                                [ Not found ]
    Checking LD_LIBRARY_PATH variable                        [ Not found ]

  Performing file properties checks
    Checking for prerequisites                               [ Warning ]
    /usr/bin/GET                                             [ Warning ]
     /usr/bin/ldd                                             [ Warning ]
      /sbin/ifdown                                             [ Warning ]
    /sbin/ifup                                               [ Warning ]
 
Checking for rootkits...

  Performing check of known rootkit files and directories
    55808 Trojan - Variant A                                 [ Not found ]
    ADM Worm                                                 [ Not found ]
    AjaKit Rootkit                                           [ Not found ]
    aPa Kit                                                  [ Not found ]
    Apache Worm                                              [ Not found ]
    Ambient (ark) Rootkit                                    [ Not found ]
    Balaur Rootkit                                           [ Not found ]
    BeastKit Rootkit                                         [ Not found ]
    beX2 Rootkit                                             [ Not found ]
    BOBKit Rootkit                                           [ Not found ]
    CiNIK Worm (Slapper.B variant)                           [ Not found ]
    Danny-Boy's Abuse Kit                                    [ Not found ]
    Devil RootKit                                            [ Not found ]
    Dica-Kit Rootkit                                         [ Not found ]
    Dreams Rootkit                                           [ Not found ]
    Duarawkz Rootkit                                         [ Not found ]
    Enye LKM                                                 [ Not found ]
    Flea Linux Rootkit                                       [ Not found ]
    FreeBSD Rootkit                                          [ Not found ]
    Fuck`it Rootkit                                          [ Not found ]
    GasKit Rootkit                                           [ Not found ]
    Heroin LKM                                               [ Not found ]
    HjC Kit                                                  [ Not found ]
    ignoKit Rootkit                                          [ Not found ]
    ImperalsS-FBRK Rootkit                                   [ Not found ]
    IntoXonia-NG Rootkit                                     [ Not found ]
    Irix Rootkit                                             [ Not found ]
    Kitko Rootkit                                            [ Not found ]
    Knark Rootkit                                            [ Not found ]
    Li0n Worm                                                [ Not found ]
    Lockit / LJK2 Rootkit                                    [ Not found ]
    Mood-NT Rootkit                                          [ Not found ]
    MRK Rootkit                                              [ Not found ]
    Ni0 Rootkit                                              [ Not found ]
    Ohhara Rootkit                                           [ Not found ]
    Optic Kit (Tux) Worm                                     [ Not found ]
    Oz Rootkit                                               [ Not found ]
    Phalanx Rootkit                                          [ Not found ]
    Phalanx Rootkit (strings)                                [ Not found ]
    Phalanx2 Rootkit                                         [ Not found ]
    Phalanx2 Rootkit (extended tests)                        [ Not found ]
    Portacelo Rootkit                                        [ Not found ]
    R3dstorm Toolkit                                         [ Not found ]
    RH-Sharpe's Rootkit                                      [ Not found ]
    RSHA's Rootkit                                           [ Not found ]
    Scalper Worm                                             [ Not found ]
    Sebek LKM                                                [ Not found ]
    Shutdown Rootkit                                         [ Not found ]
    SHV4 Rootkit                                             [ Not found ]
    SHV5 Rootkit                                             [ Not found ]
    Sin Rootkit                                              [ Not found ]
    Slapper Worm                                             [ Not found ]
    Sneakin Rootkit                                          [ Not found ]
    Suckit Rootkit                                           [ Not found ]
    SunOS Rootkit                                            [ Not found ]
    SunOS / NSDAP Rootkit                                    [ Not found ]
    Superkit Rootkit                                         [ Not found ]
    TBD (Telnet BackDoor)                                    [ Not found ]
    TeLeKiT Rootkit                                          [ Not found ]
    T0rn Rootkit                                             [ Not found ]
    Trojanit Kit                                             [ Not found ]
    Tuxtendo Rootkit                                         [ Not found ]
    URK Rootkit                                              [ Not found ]
    Vampire Rootkit                                          [ Not found ]
    VcKit Rootkit                                            [ Not found ]
    Volc Rootkit                                             [ Not found ]
    X-Org SunOS Rootkit                                      [ Not found ]
    zaRwT.KiT Rootkit                                        [ Not found ]

  Performing additional rootkit checks
    Checking for possible rootkit files and directories      [ None found ]
    Checking for possible rootkit strings                    [ Skipped ]

  Performing malware checks
    Checking running processes for suspicious files          [ Skipped ]
    Checking for login backdoors                             [ None found ]
    Checking for suspicious directories                      [ None found ]
    Checking for sniffer log files                           [ None found ]

  Performing trojan specific checks
    Checking for enabled xinetd services                     [ Warning ]
    Checking for Apache backdoor                             [ Not found ]

  Performing Linux specific checks
    Checking loaded kernel modules                           [ Warning ]

Checking the network...

  Performing check for backdoor ports
    Checking for UDP port 2001                               [ Not found ]
    Checking for TCP port 2006                               [ Not found ]
    Checking for TCP port 2128                               [ Not found ]
    Checking for TCP port 14856                              [ Not found ]
    Checking for TCP port 47107                              [ Not found ]
    Checking for TCP port 60922                              [ Not found ]

  Performing checks on the network interfaces
    Checking for promiscuous interfaces                      [ None found ]

Checking the local host...

  Performing system boot checks
    Checking system startup files for malware                [ None found ]

  Performing group and account checks
    Checking for root equivalent (UID 0) accounts            [ None found ]
    Checking for passwordless accounts                       [ None found ]
    Checking for passwd file changes                         [ None found ]
    Checking for group file changes                          [ None found ]
  Performing system configuration file checks
    Checking if SSH root access is allowed                   [ Not set ]
    Checking if SSH protocol v1 is allowed                   [ Not allowed ]
    Checking if syslog remote logging is allowed             [ Not allowed ]

  Performing filesystem checks
    Checking /dev for suspicious file types                  [ None found ]
    Checking for hidden files and directories                [ Warning ]

System checks summary
=====================

File properties checks...
    Required commands check failed
    Files checked: 118
    Suspect files: 5

Rootkit checks...
    Rootkits checked : 83
    Possible rootkits: 0

Applications checks...
    Applications checked: 9
    Suspect applications: 0

The system checks took: 49 seconds
Sigo en otro...
  #2 (permalink)  
Antiguo 29/06/2009, 07:37
 
Fecha de Ingreso: marzo-2009
Ubicación: España
Mensajes: 371
Antigüedad: 15 años, 1 mes
Puntos: 5
Respuesta: Warning RKHUNTER
Abro el log y me da estos resultados:

Código: 
[15:08:22] Info: X will be automatically detected
[15:08:22] Info: Found the 'diff' command: /usr/bin/diff
[15:08:22] Info: Found the 'file' command: /usr/bin/file
[15:08:22] Info: Found the 'find' command: /usr/bin/find
[15:08:22] Info: Found the 'ifconfig' command: /sbin/ifconfig
[15:08:22] Info: Found the 'ip' command: /sbin/ip
[15:08:22] Info: Found the 'ldd' command: /usr/bin/ldd
[15:08:22] Info: Found the 'lsattr' command: /usr/bin/lsattr
[15:08:22] Info: Found the 'lsmod' command: /sbin/lsmod
[15:08:22] Info: Unable to find the 'lsof' command
[15:08:22] Info: Found the 'mktemp' command: /bin/mktemp
[15:08:22] Info: Found the 'netstat' command: /bin/netstat
[15:08:22] Info: Found the 'perl' command: /usr/bin/perl
[15:08:22] Info: Found the 'ps' command: /bin/ps
[15:08:22] Info: Found the 'pwd' command: /bin/pwd
[15:08:22] Info: Found the 'readlink' command: /usr/bin/readlink
[15:08:22] Info: Found the 'sort' command: /bin/sort
[15:08:23] Info: Found the 'stat' command: /usr/bin/stat
[15:08:23] Info: Unable to find the 'strings' command
[15:08:23] Info: Found the 'uniq' command: /usr/bin/uniq
[15:08:23] Info: System is not using prelinking
[15:08:23] Info: Using the '/usr/bin/sha1sum' command for the file hash checks
[15:08:23] Info: The hash function field index is set to 1
[15:08:23] Info: No package manager specified: using hash function '/usr/bin/sha1sum'
[15:08:23] Info: Previous file attributes were stored
[15:08:23] Info: Enabled tests are: all
[15:08:23] Info: Disabled tests are: suspscan hidden_procs deleted_files packet_cap_apps
[15:08:23] Info: Found ksym file '/proc/kallsyms'
[15:08:23]
[15:08:23] Starting system checks...
[15:08:23]
[15:08:23] Checking system commands...
[15:08:23] Info: Starting test name 'system_commands'
Puede ser un virus o que puede ser, es peliroso? que debo hacer.

Gracias a todos un saludo.
  #3 (permalink)  
Antiguo 29/06/2009, 08:07
 
Fecha de Ingreso: marzo-2009
Ubicación: España
Mensajes: 371
Antigüedad: 15 años, 1 mes
Puntos: 5
Respuesta: Warning RKHUNTER
Aquí os dejo los warning por si es de ayuda:

Warning: The command '/usr/bin/GET' has been replaced by a script: /usr/bin/GET: perl script text executable

Warning: The command '/usr/bin/groups' has been replaced by a script: /usr/bin/groups: Bourne shell script text executable

Warning: The command '/usr/bin/ldd' has been replaced by a script: /usr/bin/ldd: Bourne shell script text executable

Info: Found file '/usr/bin/passwd': it is whitelisted for the 'file immutable-bit' check.

Info: Found file '/usr/bin/whatis': it is whitelisted for the 'script replacement' check

Warning: The command '/sbin/ifdown' has been replaced by a script: /sbin/ifdown: Bourne-Again shell script text executable

Warning: The command '/sbin/ifup' has been replaced by a script: /sbin/ifup: Bourne-Again shell script text executable

Info: Found file '/sbin/init': it is whitelisted for the 'file immutable-bit' check.

Info: Found file '/usr/sbin/adduser': it is whitelisted for the 'script replacement' check.

[15:08:32] Checking for rootkits...
[15:08:32] Info: Starting test name 'rootkits'
[15:08:32]
[15:08:32] Performing check of known rootkit files and directories
[15:08:32] Info: Starting test name 'known_rkts'
[15:08:32]
[15:08:32] Checking for 55808 Trojan - Variant A...
[15:08:32] Checking for file '/tmp/.../r' [ Not found ]
[15:08:32] Checking for file '/tmp/.../a' [ Not found ]
[15:08:32] 55808 Trojan - Variant A [ Not found ]

Saludos
Atención: Estás leyendo un tema que no tiene actividad desde hace más de 6 MESES, te recomendamos abrir un Nuevo tema en lugar de responder al actual.
Respuesta


« Tema Anterior | Próximo Tema »


La zona horaria es GMT -6. Ahora son las 19:45.