lsof sieht Dateien mit link count unter 1 (auch nach Reboot)
Hallo Liste
Wie muss ich untenstehenden Output intepretieren? Was sagt das genau
aus? Kann es sein, dass ein Black Hat Dateien versteckt? Dies ist mein
Desktop: Ubuntu 7.04
# lsof +L1
COMMAND PID USER FD TYPE DEVICE SIZE NLINK NODE NAME
init 1 root 0u CHR 5,1 0 2168 /dev/console (deleted)
init 1 root 1u CHR 5,1 0 2168 /dev/console (deleted)
init 1 root 2u CHR 5,1 0 2168 /dev/console (deleted)
deskbar-a 6456 sjolle 22r REG 8,1 20718 0 7094455
/home/sjolle/.mozilla/firefox/a50z1o5x.default/prefs.js
vmware-vm 28802 sjolle 48u REG 8,1 9842688 0 5439495
/tmp/vmware-sjolle/ram0 (deleted)
Hier noch Output von Rootkit Scannern:
# chkrootkit -q
The following suspicious files and directories were found:
/usr/lib/firefox/.autoreg
/usr/lib/xulrunner/.autoreg
/usr/lib/jvm/.java-6-sun.jinfo
/usr/lib/jvm/java-6-sun-1.6.0.00/.systemPrefs
/usr/lib/jvm/.java-gcj.jinfo
/lib/modules/2.6.20-16-generic/volatile/.mounted
/usr/lib/security
/usr/lib/security/classpath.security
eth0: PACKET SNIFFER(/sbin/dhclient3[5550])
# rkhunter -c --quiet
Scanning for hidden files... [ Warning! ]
Checking for allowed root login... Watch out Root login possible.
Possible risk!
Some errors has been found while checking. Please perform a manual check
on this machine (playstation)
beste Grüsse
Simon
Reply to: