[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Houston, do I have a problem?


  Hello all, been a satisfied debian convert for almost two years now
and am now starting to find some unexpected output when I run certain
utilities and programs.  I suspect there is nothing to worry about,
but I thought I'd toss this out to the group to look over for a second
opinion.  I've searched the debian user archives, HOW-TO's and have yet
to find an answer.

  I first started noticing this about a couple of weeks ago, I have an
alias that clears the screen, reports some machine stats for me to
review.  I broke it down and ran each individual command and found the
'/usr/bin/w -> /etc/alternatives/w' was giving the following output:

  rseielstad@roadJockey:~$ w

  Unknown HZ value! (10) Assume 100.
  03:26:03 up 138 days, 15:42, 4 users, load average: 4.11, 4.11, 4.06
  USER TTY FROM LOGIN@ IDLE JCPU PCPU WHAT
  rseielst tty5 - 30May04 138days 136days 136days ./mprime -d
  rseielst tty6 - 30May04 132days 392days 130days ./dnetc -numcpu
  rseielst :0 - Fri05 ?xdm? 0.00s ? -
  rseielst pts/1 :0.0 Fri05 0.00s 10:35 0.01s w

  rseielstad@roadJockey:~$

  My concern was the error message "Unknown HZ value", since I
first noticed the message the value in parentheses has incremented
from 4 to 10.

  I have since also found that running /usr/sbin/chkrootkit and the
Linux Counter perl script machine-update also has the same error
output showing up.

  I'm not sure whether the individual utilities tested in chkrootkit
are the ones generating the error message I'm seeing (output included
below).

  So the big question is do I need to worry about this?  Have I found
a legitimate bug that needs to be reported?  Or should I just keep on
sailing along, watching this and not worrying about it?

                 Ramsay


########################################################################
rseielstad@roadJockey:~$ su - root -c '/usr/sbin/chkrootkit 2>&1 | mail -s "ChkRootKit Output" rseielstad@localhost' 
Password:

ROOTDIR is `/'
Checking `amd'... not found
Checking `basename'... not infected
Checking `biff'... not infected
Checking `chfn'... not infected
Checking `chsh'... not infected
Checking `cron'... not infected
Checking `date'... not infected
Checking `du'... not infected
Checking `dirname'... not infected
Checking `echo'... not infected
Checking `egrep'... not infected
Checking `env'... not infected
Checking `find'... not infected
Checking `fingerd'... not found
Checking `gpm'... not found
Checking `grep'... not infected
Checking `hdparm'... not found
Checking `su'... not infected
Checking `ifconfig'... not infected
Checking `inetd'... Unknown HZ value! (10) Assume 100.
not infected
Checking `inetdconf'... not infected
Checking `identd'... not found
Checking `killall'... not infected
Checking `ldsopreload'... not infected
Checking `login'... not infected
Checking `ls'... not infected
Checking `lsof'... not infected
Checking `mail'... not infected
Checking `mingetty'... not found
Checking `netstat'... not infected
Checking `named'... not found
Checking `passwd'... not infected
Checking `pidof'... not infected
Checking `pop2'... not found
Checking `pop3'... not found
Checking `ps'... not infected
Checking `pstree'... not infected
Checking `rpcinfo'... not infected
Checking `rlogind'... not found
Checking `rshd'... not found
Checking `slogin'... not infected
Checking `sendmail'... not infected
Checking `sshd'... Unknown HZ value! (10) Assume 100.
not infected
Checking `syslogd'... not infected
Checking `tar'... not infected
Checking `tcpd'... Unknown HZ value! (10) Assume 100.
not infected
Checking `top'... not infected
Checking `telnetd'... not found
Checking `timed'... not found
Checking `traceroute'... not found
Checking `write'... not infected
Checking `aliens'... no suspect files
Searching for sniffer's logs, it may take a while... nothing found
Searching for HiDrootkit's default dir... nothing found
Searching for t0rn's default files and dirs... nothing found
Searching for t0rn's v8 defaults... nothing found
Searching for Lion Worm default files and dirs... nothing found
Searching for RSHA's default files and dir... nothing found
Searching for RH-Sharpe's default files... nothing found
Searching for Ambient's rootkit (ark) default files and dirs... nothing found Searching for suspicious files and dirs, it may take a while... nothing found 
Searching for LPD Worm files and dirs... nothing found
Searching for Ramen Worm files and dirs... nothing found
Searching for Maniac files and dirs... nothing found
Searching for RK17 files and dirs... nothing found
Searching for Ducoci rootkit... nothing found
Searching for Adore Worm... nothing found
Searching for ShitC Worm... nothing found
Searching for Omega Worm... nothing found
Searching for Sadmind/IIS Worm... nothing found
Searching for MonKit... nothing found
Searching for anomalies in shell history files... nothing found
Checking `asp'... not infected
Checking `bindshell'... not infected
Checking `lkm'... Unknown HZ value! (10) Assume 100.
nothing detected
Checking `rexedcs'... not found
Checking `sniffer'...   eth0 is not promisc
Checking `wted'... nothing deleted
Checking `z2'...
nothing deleted

rseielstad@roadJockey:~$
Reply to: