Package: bitlbee
Version: 1.0-1
Severity: normal
Chkrootkit snippet:
if ${egrep} "^kork" ${ROOTDIR}etc/passwd > /dev/null 2>&1 || \
${egrep} "^666" ${ROOTDIR}etc/inetd.conf > /dev/null 2>&1 ;
then
echo "Possible LPD worm installed"
It checks if any service on port 666* is running from inetd. When bitlbee is
running from inetd, the Debian package puts 6667 ... as service port.
Granted, chkrootkit isn't being very smart, but to solve it via the bitlbee
package would simply involve changing 6667 to "ircd". Ofcourse, when the
port is set to something else (6668, etc) this wouldn't help... But seeing
as the package defaults to 6667, putting the relevant entry from
/etc/services there would not be a bad idea, as when you run chkrootkit
daily, like I do, it raises a warning flag after you install bitlbee, which
of course isn't a rootkit :)
-- System Information:
Debian Release: 3.1
Architecture: i386 (i686)
Kernel: Linux 2.6.14.3-vs2.0.1
Locale: LANG=C, LC_CTYPE=C (charmap=ANSI_X3.4-1968)
Versions of packages bitlbee depends on:
ii adduser 3.63 Add and remove users and groups
ii debconf [debconf-2.0] 1.4.30.13 Debian configuration management sy
ii debianutils 2.8.4 Miscellaneous utilities specific t
ii libc6 2.3.2.ds1-22 GNU C Library: Shared libraries an
ii libglib2.0-0 2.6.4-1 The GLib library of C routines
ii libgnutls11 1.0.16-13.1 GNU TLS library - runtime library
ii net-tools 1.60-10 The NET-3 networking toolkit
ii netbase 4.21 Basic TCP/IP networking system
ii netkit-inetd 0.10-10 The Internet Superserver
ii tcpd 7.6.dbs-8 Wietse Venema's TCP wrapper utilit
-- debconf information:
* bitlbee/serveport: 6667
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
