GoldZone Web Hosting

Rédigé par Gaëtan Trellu (goldyfruit)

Outils pour utilisateurs

Outils du site


resultat_d_un_check_avec_rkhunter

Il y a des couleurs normalement. ^_^

16:07 root@serveur ~# rkhunter -c


Rootkit Hunter 1.2.9 is running

Determining OS... Ready


Checking binaries
* Selftests
     Strings (command)                                        [ OK ]


* System tools
  Performing 'known bad' check...
   /bin/cat                                                   [ OK ]
   /bin/chmod                                                 [ OK ]
   /bin/chown                                                 [ OK ]
   /bin/date                                                  [ OK ]
   /bin/df                                                    [ OK ]
   /bin/dmesg                                                 [ OK ]
   /bin/echo                                                  [ OK ]
   /bin/ed                                                    [ OK ]
   /bin/egrep                                                 [ OK ]
   /bin/fgrep                                                 [ OK ]
   /bin/grep                                                  [ OK ]
   /bin/kill                                                  [ OK ]
   /bin/login                                                 [ OK ]
   /bin/ls                                                    [ OK ]
   /bin/more                                                  [ OK ]
   /bin/mount                                                 [ OK ]
   /bin/netstat                                               [ OK ]
   /bin/ps                                                    [ OK ]
   /bin/sh                                                    [ OK ]
   /bin/su                                                    [ OK ]
   /sbin/depmod                                               [ OK ]
   /sbin/ifconfig                                             [ OK ]
   /sbin/ifdown                                               [ OK ]
   /sbin/ifup                                                 [ OK ]
   /sbin/init                                                 [ OK ]
   /sbin/insmod                                               [ OK ]
   /sbin/ksyms                                                [ OK ]
   /sbin/lsmod                                                [ OK ]
   /sbin/modinfo                                              [ OK ]
   /sbin/modprobe                                             [ OK ]
   /sbin/rmmod                                                [ OK ]
   /sbin/runlevel                                             [ OK ]
   /sbin/sulogin                                              [ OK ]
   /sbin/sysctl                                               [ OK ]
   /sbin/syslogd                                              [ OK ]
   /usr/bin/basename                                          [ OK ]
   /usr/bin/chattr                                            [ OK ]
   /usr/bin/du                                                [ OK ]
   /usr/bin/file                                              [ OK ]
   /usr/bin/find                                              [ OK ]
   /usr/bin/groups                                            [ OK ]
   /usr/bin/head                                              [ OK ]
   /usr/bin/killall                                           [ OK ]
   /usr/bin/last                                              [ OK ]
   /usr/bin/lastlog                                           [ OK ]
   /usr/bin/less                                              [ OK ]
   /usr/bin/locate                                            [ OK ]
   /usr/bin/logger                                            [ OK ]
   /usr/bin/lsattr                                            [ OK ]
   /usr/bin/md5sum                                            [ OK ]
   /usr/bin/passwd                                            [ OK ]
   /usr/bin/pstree                                            [ OK ]
   /usr/bin/sha1sum                                           [ OK ]
   /usr/bin/size                                              [ OK ]
   /usr/bin/sort                                              [ OK ]
   /usr/bin/stat                                              [ OK ]
   /usr/bin/strace                                            [ OK ]
   /usr/bin/strings                                           [ OK ]
   /usr/bin/test                                              [ OK ]
   /usr/bin/top                                               [ OK ]
   /usr/bin/touch                                             [ OK ]
   /usr/bin/users                                             [ OK ]
   /usr/bin/vmstat                                            [ OK ]
   /usr/bin/w                                                 [ OK ]
   /usr/bin/watch                                             [ OK ]
   /usr/bin/wc                                                [ OK ]
   /usr/bin/wget                                              [ OK ]
   /usr/bin/whatis                                            [ OK ]
   /usr/bin/whereis                                           [ OK ]
   /usr/bin/which                                             [ OK ]
   /usr/bin/who                                               [ OK ]
   /usr/bin/whoami                                            [ OK ]
   /usr/sbin/adduser                                          [ OK ]
   /usr/sbin/chroot                                           [ OK ]
   /usr/sbin/cron                                             [ OK ]
   /usr/sbin/inetd                                            [ OK ]
   /usr/sbin/tcpd                                             [ OK ]
   /usr/sbin/useradd                                          [ OK ]
   /usr/sbin/usermod                                          [ OK ]
   /usr/sbin/vipw                                             [ OK ]
  Performing 'known good' check...
Info: Check skipped - no hashes available

[Press <ENTER> to continue]



Check rootkits
* Default files and directories
   Rootkit '55808 Trojan - Variant A'...                      [ OK ]
   ADM Worm...                                                [ OK ]
   Rootkit 'AjaKit'...                                        [ OK ]
   Rootkit 'aPa Kit'...                                       [ OK ]
   Rootkit 'Apache Worm'...                                   [ OK ]
   Rootkit 'Ambient (ark) Rootkit'...                         [ OK ]
   Rootkit 'Balaur Rootkit'...                                [ OK ]
   Rootkit 'BeastKit'...                                      [ OK ]
   Rootkit 'beX2'...                                          [ OK ]
   Rootkit 'BOBKit'...                                        [ OK ]
   Rootkit 'CiNIK Worm (Slapper.B variant)'...                [ OK ]
   Rootkit 'Danny-Boy's Abuse Kit'...                         [ OK ]
   Rootkit 'Devil RootKit'...                                 [ OK ]
   Rootkit 'Dica'...                                          [ OK ]
   Rootkit 'Dreams Rootkit'...                                [ OK ]
   Rootkit 'Duarawkz'...                                      [ OK ]
   Rootkit 'Flea Linux Rootkit'...                            [ OK ]
   Rootkit 'FreeBSD Rootkit'...                               [ OK ]
   Rootkit 'Fuck`it Rootkit'...                               [ OK ]
   Rootkit 'GasKit'...                                        [ OK ]
   Rootkit 'Heroin LKM'...                                    [ OK ]
   Rootkit 'HjC Kit'...                                       [ OK ]
   Rootkit 'ignoKit'...                                       [ OK ]
   Rootkit 'ImperalsS-FBRK'...                                [ OK ]
   Rootkit 'Irix Rootkit'...                                  [ OK ]
   Rootkit 'Kitko'...                                         [ OK ]
   Rootkit 'Knark'...                                         [ OK ]
   Rootkit 'Li0n Worm'...                                     [ OK ]
   Rootkit 'Lockit / LJK2'...                                 [ OK ]
   Rootkit 'MRK'...                                           [ OK ]
   Rootkit 'Ni0 Rootkit'...                                   [ OK ]
   Rootkit 'RootKit for SunOS / NSDAP'...                     [ OK ]
   Rootkit 'Optic Kit (Tux)'...                               [ OK ]
   Rootkit 'Oz Rootkit'...                                    [ OK ]
   Rootkit 'Portacelo'...                                     [ OK ]
   Rootkit 'R3dstorm Toolkit'...                              [ OK ]
   Rootkit 'RH-Sharpe's rootkit'...                           [ OK ]
   Rootkit 'RSHA's rootkit'...                                [ OK ]
   Sebek LKM...                                               [ OK ]
   Rootkit 'Scalper Worm'...                                  [ OK ]
   Rootkit 'Shutdown'...                                      [ OK ]
   Rootkit 'SHV4'...                                          [ OK ]
   Rootkit 'SHV5'...                                          [ OK ]
   Rootkit 'Sin Rootkit'...                                   [ OK ]
   Rootkit 'Slapper'...                                       [ OK ]
   Rootkit 'Sneakin Rootkit'...                               [ OK ]
   Rootkit 'Suckit Rootkit'...                                [ OK ]
   Rootkit 'SunOS Rootkit'...                                 [ OK ]
   Rootkit 'Superkit'...                                      [ OK ]
   Rootkit 'TBD (Telnet BackDoor)'...                         [ OK ]
   Rootkit 'TeLeKiT'...                                       [ OK ]
   Rootkit 'T0rn Rootkit'...                                  [ OK ]
   Rootkit 'Trojanit Kit'...                                  [ OK ]
   Rootkit 'Tuxtendo'...                                      [ OK ]
   Rootkit 'URK'...                                           [ OK ]
   Rootkit 'VcKit'...                                         [ OK ]
   Rootkit 'Volc Rootkit'...                                  [ OK ]
   Rootkit 'X-Org SunOS Rootkit'...                           [ OK ]
   Rootkit 'zaRwT.KiT Rootkit'...                             [ OK ]

* Suspicious files and malware
   Scanning for known rootkit strings                         [ OK ]
   Scanning for known rootkit files                           [ OK ]
   Testing running processes...                               [ OK ]
   Miscellaneous Login backdoors                              [ OK ]
   Miscellaneous directories                                  [ OK ]
   Software related files                                     [ OK ]
   Sniffer logs                                               [ OK ]

[Press <ENTER> to continue]


* Trojan specific characteristics
   shv4
     Checking /etc/rc.d/rc.sysinit                            [ Not found ]
     Checking /etc/inetd.conf                                 [ Clean ]
     Checking /etc/xinetd.conf                                [ Skipped ]

* Suspicious file properties
   chmod properties
     Checking /bin/ps                                         [ Clean ]
     Checking /bin/ls                                         [ Clean ]
     Checking /usr/bin/w                                      [ Clean ]
     Checking /usr/bin/who                                    [ Clean ]
     Checking /bin/netstat                                    [ Clean ]
     Checking /bin/login                                      [ Clean ]
   Script replacements
     Checking /bin/ps                                         [ Clean ]
     Checking /bin/ls                                         [ Clean ]
     Checking /usr/bin/w                                      [ Clean ]
     Checking /usr/bin/who                                    [ Clean ]
     Checking /bin/netstat                                    [ Clean ]
     Checking /bin/login                                      [ Clean ]

* OS dependant tests

   Linux
     Checking loaded kernel modules...                        [ OK ]
     Checking file attributes                                 [ OK ]
     Checking LKM module path                                 [ OK ]


Networking
* Check: frequently used backdoors
  Port 2001: Scalper Rootkit                                  [ OK ]
  Port 2006: CB Rootkit                                       [ OK ]
  Port 2128: MRK                                              [ OK ]
  Port 14856: Optic Kit (Tux)                                 [ OK ]
  Port 47107: T0rn Rootkit                                    [ OK ]
  Port 60922: zaRwT.KiT                                       [ OK ]

* Interfaces
     Scanning for promiscuous interfaces...                   [ OK ]

[Press <ENTER> to continue]



System checks
* Allround tests
   Checking hostname... Found. Hostname is serveur
   Checking for passwordless user accounts... OK
   Checking for differences in user accounts... Found differences
   Info:
----------------------
> Debian-exim:x:102:102::/var/spool/exim4:/bin/false
< haldaemon:x:102:102:Hardware abstraction layer,,,:/home/haldaemon:/bin/false
> pdns:x:114:118:PowerDNS,,,:/var/spool/powerdns:/bin/false
> Debian-pxe:x:115:65534:Dummy user for Debian pxe package,,,:/home/Debian-pxe:/bin/false
> haldaemon:x:110:109:Hardware abstraction layer,,,:/home/haldaemon:/bin/false
----------------------
   Info: Some items have been added (items marked with '<')
   Info: Some items have been removed (items marked with '>')
   Checking for differences in user groups... Found differences
   Info:
----------------------
> Debian-exim:x:102:
< haldaemon:x:102:
> pdns:x:118:
> haldaemon:x:109:
----------------------
   Info: Some items have been added (items marked with '<')
   Info: Some items have been removed (items marked with '>')
   Checking boot.local/rc.local file...
     - /etc/rc.local                                          [ OK ]
     - /etc/rc.d/rc.local                                     [ Not found ]
     - /usr/local/etc/rc.local                                [ Not found ]
     - /usr/local/etc/rc.d/rc.local                           [ Not found ]
     - /etc/conf.d/local.start                                [ Not found ]
     - /etc/init.d/boot.local                                 [ Not found ]
   Checking rc.d files...                                     [ Not found ]
   Checking history files
     Bourne Shell                                             [ OK ]

* Filesystem checks
   Checking /dev for suspicious files...                      [ OK ]
   Scanning for hidden files...                               [ Warning! ]
---------------
/etc/.pwd.lock /dev/.udev
/dev/.static
---------------
Please inspect:  /dev/.udev (directory)  /dev/.static (directory)

[Press <ENTER> to continue]



Application advisories
* Application scan
   Checking Apache2 modules ...                               [ OK ]
   Checking Apache configuration ...                          [ OK ]

* Application version scan
   - GnuPG 1.4.5                                              [ Unknown ]
   - Bind DNS 9.3.2-P1                                        [ Unknown ]
   - OpenSSL 0.9.8c                                           [ Unknown ]
   - PHP 4.4.4                                                [ Unknown ]
   - Procmail MTA 3.22                                        [ OK ]
   - ProFTPd 1.3.0                                            [ Unknown ]
   - OpenSSH 4.3p2                                            [ Unknown ]

Your system contains some unknown version numbers. Please run Rootkit Hunter
with the --update parameter or contact us through the Rootkit Hunter mailinglist
at rkhunter-users@lists.sourceforge.net.


Security advisories
* Check: Groups and Accounts
   Searching for /etc/passwd...                               [ Found ]
   Checking users with UID '0' (root)...                      [ OK ]

* Check: SSH
   Searching for sshd_config...
   Found /etc/ssh/sshd_config
   Checking for allowed root login...                         [ OK (Remote root login disabled) ]
   Checking for allowed protocols...                          [ OK (Only SSH2 allowed) ]

* Check: Events and Logging
   Search for syslog configuration...                         [ OK ]
   Checking for running syslog slave...                       [ OK ]
   Checking for logging to remote system...                   [ OK (no remote logging) ]

[Press <ENTER> to continue]



---------------------------- Scan results ----------------------------

MD5 scan
Scanned files: 0
Incorrect MD5 checksums: 0

File scan
Scanned files: 342
Possible infected files: 0

Application scan
Vulnerable applications: 0

Scanning took 122 seconds

-----------------------------------------------------------------------

Do you have some problems, undetected rootkits, false positives, ideas
or suggestions? Please e-mail us through the Rootkit Hunter mailinglist
at rkhunter-users@lists.sourceforge.net.
resultat_d_un_check_avec_rkhunter.txt · Dernière modification: 2011/01/05 16:05 (modification externe)