Re: package chkrootkit

Sat, 26 Aug 2006 09:52:53 -0700 


Gayle Lee Fairless wrote:


I got the following message from the chkrootkit package.  I'm quite 
new at this and don't know what to do.



/etc/cron.daily/chkrootkit:
/usr/bin/strings: Warning: '/' is not an ordinary file
INFECTED (PORTS:  600)


Now that I've had more time to use Google (Dear Googlemaster, I'm using 
Google to search, not google!),

I found a number of suggestive articles at

http://bluequartz.org/ml/archive/coba-e/3600/3689.html
http://bluequartz.org/ml/archive/coba-e/3600/3688.html
http://bluequartz.org/ml/archive/coba-e/3600/3687.html
http://bluequartz.org/ml/archive/coba-e/3600/3686.html


This will tell you if the cupsd has been modified or not from the rpm install.
check the man page for rpm for all the details.

Also, unless you are printing from your web server (which I think
would be quite odd), you could un-install cups all together.

Same goes fro the rpc.statd.  Unless you are running nfs, you can
disable and un-install this program as well.



This is some information about my system:


Gcomm:/home/gayle/docs/wrk/wonk# lsof -i:600
Gcomm:/home/gayle/docs/wrk/wonk# netstat -naptu | grep :6

tcp        0      0 0.0.0.0:631             0.0.0.0:*               
LISTEN     7568/cupsd
udp        0      0 0.0.0.0:631             
0.0.0.0:*                          7568/cupsd

Gcomm:/home/gayle/docs/wrk/wonk# exit
[EMAIL PROTECTED]:~/docs/wrk/wonk$ dpkg -l | grep cups

ii  cupsomatic-ppd 20050430-1     linuxprinting.org printer support - 
transiti

ii  cupsys         1.1.23-10sarge Common UNIX Printing System(tm) - server

ii  cupsys-bsd     1.1.23-10sarge Common UNIX Printing System(tm) - 
BSD comman
ii  cupsys-client  1.1.23-10sarge Common UNIX Printing System(tm) - 
client pro

ii  cupsys-driver- 4.2.7-10       Gimp-Print printer drivers for CUPS
ii  cupsys-driver- 4.2.7-10       Gimp-Print printer drivers for CUPS
rc  kdelibs3-cups  2.2.2-13.woody KDE print system (CUPS support)

ii  libcupsimage2  1.1.23-10sarge Common UNIX Printing System(tm) - 
image libs
ii  libcupsys2     1.1.23-10sarge Common UNIX Printing System(tm) - 
dummy libs
ii  libcupsys2-dev 1.1.23-10sarge Common UNIX Printing System(tm) - 
developmen

ii  libcupsys2-gnu 1.1.23-10sarge Common UNIX Printing System(tm) - libs
ii  libgnomecups1. 0.1.14-1       GNOME library for CUPS interaction
ii  libqtcups2     2.0-4          Qt interface library for CUPS
ii  qtcups         2.0-4          Qt front-end for CUPS.



   The article mentions rpm, but we Debian people use packages.  I 
guess I need to test the integrity of some packages or just disable 
stuff.  However, I hate to do that unless I know I won't crash my system.


   Hints and tips are appreciated!

   Btw, this is a sarge system running kernel 2.6.12 with ide=nodma.


--
(Mr.) Gayle Lee Fairless, http://counter.li.org/, No. 365760.
Linux Gcomm 2.6.12-1-686 #1 Fri Jun 24 12:17:14 CEST 2005 i686 GNU/Linux


--

To UNSUBSCRIBE, email to [EMAIL PROTECTED] 
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
















    











					Reply via email to