I installed rkhunter and i got some result that i wanted to verify. During the test, i saw this:
[01:41:49] [01:41:49] Checking for Sneakin Rootkit... [01:41:49] Checking for directory '/tmp/.X11-unix/.../rk' [ Not found ] [01:41:49] Sneakin Rootkit [ Not found ] then i went to the directory itself and found this: r...@shiggler-laptop:/tmp# ls -la total 51 drwxrwxrwt 9 root root 28672 2009-01-04 11:32 . drwxr-xr-x 21 root root 1024 2008-05-15 22:07 .. drwx------ 3 shiggler shiggler 1024 2009-01-04 11:12 gconfd-shiggler drwxrwxrwt 2 root root 1024 2009-01-04 11:12 .ICE-unix drwx------ 2 shiggler shiggler 1024 2009-01-04 11:12 keyring-BslWN5 drwx------ 2 root root 12288 2008-05-15 19:31 lost+found srwxr-xr-x 1 shiggler shiggler 0 2009-01-04 11:12 mapping-shiggler drwx------ 2 shiggler shiggler 1024 2009-01-04 11:32 orbit-shiggler drwx------ 2 shiggler shiggler 1024 2009-01-04 11:12 virtual-shiggler.WqneVt -r--r--r-- 1 root root 11 2009-01-04 11:12 .X0-lock drwxrwxrwt 2 root root 1024 2009-01-04 11:12 .X11-unix -rw------- 1 shiggler shiggler 1802 2009-01-04 11:28 xses-shiggler.40qIZn The .X11-unix directory is there. Is this the Sneakin' Rootkit and how do i verify that? Some other strange things have been occurring on my system and rkhunter pointed out that i had some strange symbolic links in the /etc/alternatives directory (and a couple elsewhere) of things i didn't create. Also, there is a program on my system called orbd that is making wierd connections on my system aswell. i'm not sure if you have that on your computer but we'll get to that after. in the meantime i need your expertise. i'm using ubuntu 7.10. ________________________________________________ Get your own "800" number Voicemail, fax, email, and a lot more http://www.ureach.com/reg/tag ------------------------------------------------------------------------------ _______________________________________________ Rkhunter-users mailing list Rkhunter-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/rkhunter-users
