Package: rkhunter Version: 1.3.6-4 Severity: important
Processes that match any of the checked strings (noted after the colon after "...were found") trigger rkhunter alerts. For instance "/usr/bin/dbus-daemon --system" appears to trigger an alert. Warning: Checking running processes for suspicious files [ Warning ] Warning: One or more of these files were found: backdoor, adore.o, mod_rootme.so, phide_mod.o, lbk.ko, vlogger.o, cleaner.o, cleaner, ava, tzava, mod_klgr.o, hydra, hydra.restore, ras2xm, vobiscum, sshd3, system, t0rnsb, t0rns, t0rnp, rx4u, rx2me, crontab, sshdu, glotzer, holber, xhide, xh, emech, psybnc, mech, httpd.bin, mh, xl, write, Phantasmagoria.o, lkt.o, nlkt.o Check the output of the lsof command 'lsof -F n -w -n' One or more warnings have been found while checking the system. Please check the log file (/var/log/rkhunter.log) -- System Information: Debian Release: 6.0.2 APT prefers stable-updates APT policy: (500, 'stable-updates'), (500, 'stable') Architecture: amd64 (x86_64) Kernel: Linux 2.6.32-5-xen-amd64 (SMP w/1 CPU core) Locale: LANG=en_GB.UTF-8, LC_CTYPE=en_GB.UTF-8 (charmap=UTF-8) (ignored: LC_ALL set to en_GB.UTF-8) Shell: /bin/sh linked to /bin/dash Versions of packages rkhunter depends on: ii binutils 2.20.1-16 The GNU assembler, linker and bina ii debconf [debconf-2.0] 1.5.36.1 Debian configuration management sy ii exim4 4.72-6+squeeze2 metapackage to ease Exim MTA (v4) ii exim4-daemon-light [ma 4.72-6+squeeze2 lightweight Exim MTA (v4) daemon ii file 5.04-5 Determines file type using "magic" ii net-tools 1.60-23 The NET-3 networking toolkit ii perl 5.10.1-17squeeze2 Larry Wall's Practical Extraction Versions of packages rkhunter recommends: ii iproute 20100519-3 networking and traffic control too ii lsof 4.81.dfsg.1-1 List open files ii perl [libdigest-sha-pe 5.10.1-17squeeze2 Larry Wall's Practical Extraction ii unhide 20100201-1 Forensic tool to find hidden proce ii wget 1.12-2.1 retrieves files from the web Versions of packages rkhunter suggests: ii bsd-mailx 8.1.2-0.20100314cvs-1 simple mail user agent pn tripwire <none> (no description available) -- Configuration Files: /etc/default/rkhunter changed [not included] /etc/rkhunter.conf changed [not included] -- debconf information: rkhunter/apt_autogen: false rkhunter/cron_daily_run: rkhunter/cron_db_update: _______________________________________________ forensics-devel mailing list forensics-devel@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/forensics-devel