Dear Rekans, beberapa hari yang lalu server ditempat kami habis corrupt partisinya, dan setelah bisa direpair akhirnya bisa menyala kembali, cuma ketika iseng-iseng menggunakan chkrootkit ada hal yang menurut saya aneh, tidak seperti yang dulu-dulu...berikut cuplikan hasil chkrootkit:
... ... ... Checking `asp'... not infected Checking `bindshell'... not infected Checking `lkm'... find: /proc/9014: No such file or directory find: /proc/9018: No such file or directory find: /proc/9030: No such file or directory You have 2 process hidden for readdir command You have 2 process hidden for ps command chkproc: Warning: Possible LKM Trojan installed chkdirs: nothing detected Checking `rexedcs'... not found Checking `sniffer'... eth0: not promisc and no PF_PACKET sockets eth0: not promisc and no PF_PACKET sockets eth2: PF_PACKET(/usr/sbin/pppd) dsl0: not promisc and no PF_PACKET sockets Checking `w55808'... not infected Checking `wted'... chkwtmp: nothing deleted Checking `scalper'... not infected Checking `slapper'... not infected Checking `z2'... user NANIS deleted or never logged from lastlog! user dhaniel deleted or never logged from lastlog! user sumadi deleted or never logged from lastlog! user YOPITA deleted or never logged from lastlog! user harjana deleted or never logged from lastlog! user bdc$ deleted or never logged from lastlog! user pdc$ deleted or never logged from lastlog! user laptop2 deleted or never logged from lastlog! user putra deleted or never logged from lastlog! user hernawan deleted or never logged from lastlog! user uccie deleted or never logged from lastlog! user anang deleted or never logged from lastlog! user user deleted or never logged from lastlog! Checking `chkutmp'... The tty of the following user process(es) were not found in /var/run/utmp ! ! RUID PID TTY CMD ! root 9527 tty7 /usr/X11R6/bin/X :0 -audit 0 -br -auth /var/lib/gdm/:0.Xauth -nolisten tcp vt7 ! root 9661 tty4 /sbin/mingetty tty4 ! root 9664 tty5 /sbin/mingetty tty5 ! root 9680 tty6 /sbin/mingetty tty6 ! root 16826 tty2 /sbin/mingetty tty2 chkutmp: nothing deleted Checking `OSX_RSPLUG'... not infected server:/opt/chkrootkit-0.49 # pertanyaan:apa yang terjadi pada server kami?kok ada tertulis trojan pada saat chkrootkit?bagaimana mengatasinya? ketika saya ketik perintah top, ada muncul terlihat 1 zombie: server:/opt/chkrootkit-0.49 # top top - 08:08:45 up 1 day, 19:45, 9 users, load average: 0.55, 0.41, 0.31 Tasks: 124 total, 1 running, 121 sleeping, 1 stopped, 1 zombie Cpu(s): 0.2%us, 0.7%sy, 0.0%ni, 96.3%id, 1.7%wa, 0.2%hi, 1.0%si, 0.0%st Mem: 1034776k total, 1012920k used, 21856k free, 218528k buffers Swap: 1052248k total, 112k used, 1052136k free, 579148k cached Mohon pencerahan,thanks. -- ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Supriyadi SOLO TECHNOPARK Where Competence, Innovation, Technology and Business Grow Jl. Ki Hajar Dewantara, Jebres, Surakarta 57126 Tlp. : +62271666628, +62271668556 Fax. : +62271668848 http://www.solotechnopark.com ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -- FAQ milis di http://wiki.linux.or.id/FAQ_milis_tanya-jawab Unsubscribe: kirim email ke [email protected] Arsip dan info milis selengkapnya di http://linux.or.id/milis
