On Thu, 04 Nov 2010 10:38:11 +0100 Al Varnell <alvarn...@mac.com> wrote: >Haven't noticed any Mac OS X testers report in, so I figured I'd better >spend the day getting you something. Much appreciated as we don't get that much feedback from Mac OS X users.
// I'm going to be terse as John's reply addressed most already >[18:12:01] Warning: Dica-Kit Rootkit [ Warning ] >[18:12:02] File '/etc/sshd_config' found Looking around it seems Mac OS X legitimately uses /etc/sshd_config instead of */etc/ssh/*sshd_config? >[18:22:47] Info: Starting test name 'running_procs' >[18:25:42] Checking running processes for suspicious files [ Warning ] >[18:25:43] Warning: The following processes are using suspicious files: >[18:25:44] Command: launchd >[18:25:45] UID: 0 PID: 1 >[18:25:46] Pathname: /private/etc/crontab >[18:25:47] Possible Rootkit: Unknown rootkit /private/etc/crontab(.local) seems to be the system-wide crontab (per-user ones being in /var/cron/tabs/) on Mac OS X and running_procs() trips over the "crontab:" entry in $SUSP_FILES_INFO: another white-listing target as John already said. >[19:03:56] Checking for hidden files and directories [ >Warning ] >[19:03:57] Warning: Hidden file found: /etc/.DS_Store: JVT NAL sequence While trusting searches on *file name only* are bad dot-file names do cause false positives often. This one by name seems to contain metadata information so if inspection confirms that it could be white-listed. >[18:26:02] Checking for enabled inetd services [ Skipped ] >[18:26:03] Info: Check skipped - file '/etc/inetd.conf' does not exist. > >[18:26:04] Checking for enabled xinetd services [ Skipped ] >[18:26:04] Info: Check skipped - file '/etc/xinetd.conf' does not exist. Since 10.4 Mac OS X apparently uses 'launchd' (xinetd equivalent) instead of launching 'sshd'. We probably need a check for 'launchd' too. >[19:03:29] Checking for hidden ports [ Skipped ] >[19:03:29] Info: Unable to find the 'unhide-tcp' command No version of 'unhide' is available for Motorola (yet). Best regards, unSpawn --- ------------------------------------------------------------------------------ The Next 800 Companies to Lead America's Growth: New Video Whitepaper David G. Thomson, author of the best-selling book "Blueprint to a Billion" shares his insights and actions to help propel your business during the next growth cycle. Listen Now! http://p.sf.net/sfu/SAP-dev2dev _______________________________________________ Rkhunter-users mailing list Rkhunter-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/rkhunter-users
