Re: package chkrootkit

To: debuser <debian-user@lists.debian.org>
Subject: Re: package chkrootkit
From: Gayle Lee Fairless <fairless@HiWAAY.net>
Date: Sat, 26 Aug 2006 11:34:28 -0500
Message-id: <[🔎] 44F07814.4010805@HiWAAY.net>
Reply-to: fairless@ieee.org
In-reply-to: <[🔎] 44EFC746.9030604@HiWAAY.net>
References: <[🔎] 44EFC746.9030604@HiWAAY.net>



Gayle Lee Fairless wrote:

I got the following message from the chkrootkit package. I'm quitenew at this and don't know what to do.
/etc/cron.daily/chkrootkit:
/usr/bin/strings: Warning: '/' is not an ordinary file
INFECTED (PORTS:  600)

Now that I've had more time to use Google (Dear Googlemaster, I'm usingGoogle to search, not google!),

I found a number of suggestive articles at

http://bluequartz.org/ml/archive/coba-e/3600/3689.html
http://bluequartz.org/ml/archive/coba-e/3600/3688.html
http://bluequartz.org/ml/archive/coba-e/3600/3687.html
http://bluequartz.org/ml/archive/coba-e/3600/3686.html

This will tell you if the cupsd has been modified or not from the rpm install.
check the man page for rpm for all the details.

Also, unless you are printing from your web server (which I think
would be quite odd), you could un-install cups all together.

Same goes fro the rpc.statd.  Unless you are running nfs, you can
disable and un-install this program as well.


This is some information about my system:

Gcomm:/home/gayle/docs/wrk/wonk# lsof -i:600
Gcomm:/home/gayle/docs/wrk/wonk# netstat -naptu | grep :6
tcp 0 0 0.0.0.0:631 0.0.0.0:*LISTEN 7568/cupsdudp 0 0 0.0.0.0:6310.0.0.0:* 7568/cupsd
Gcomm:/home/gayle/docs/wrk/wonk# exit
gayle@Gcomm:~/docs/wrk/wonk$ dpkg -l | grep cups
ii cupsomatic-ppd 20050430-1 linuxprinting.org printer support -transiti
ii  cupsys         1.1.23-10sarge Common UNIX Printing System(tm) - server
ii cupsys-bsd 1.1.23-10sarge Common UNIX Printing System(tm) -BSD commanii cupsys-client 1.1.23-10sarge Common UNIX Printing System(tm) -client pro
ii  cupsys-driver- 4.2.7-10       Gimp-Print printer drivers for CUPS
ii  cupsys-driver- 4.2.7-10       Gimp-Print printer drivers for CUPS
rc  kdelibs3-cups  2.2.2-13.woody KDE print system (CUPS support)
ii libcupsimage2 1.1.23-10sarge Common UNIX Printing System(tm) -image libsii libcupsys2 1.1.23-10sarge Common UNIX Printing System(tm) -dummy libsii libcupsys2-dev 1.1.23-10sarge Common UNIX Printing System(tm) -developmen
ii  libcupsys2-gnu 1.1.23-10sarge Common UNIX Printing System(tm) - libs
ii  libgnomecups1. 0.1.14-1       GNOME library for CUPS interaction
ii  libqtcups2     2.0-4          Qt interface library for CUPS
ii  qtcups         2.0-4          Qt front-end for CUPS.

The article mentions rpm, but we Debian people use packages. Iguess I need to test the integrity of some packages or just disablestuff. However, I hate to do that unless I know I won't crash my system.


   Hints and tips are appreciated!

   Btw, this is a sarge system running kernel 2.6.12 with ide=nodma.


--
(Mr.) Gayle Lee Fairless, http://counter.li.org/, No. 365760.
Linux Gcomm 2.6.12-1-686 #1 Fri Jun 24 12:17:14 CEST 2005 i686 GNU/Linux

Reply to:

References:
- package chkrootkit
  - From: Gayle Lee Fairless <fairless@HiWAAY.net>

Prev by Date: Re: Debain as gigabit router?
Next by Date: Re: Problem with Raid Array persistence across reboots.
Previous by thread: Re: package chkrootkit
Next by thread: Current Mozilla (stable) is broken!
Index(es):
- Date
- Thread