Linux
Chkrootkit 發現很多可疑文件和目錄,並且 /sbin/init INFECTED
我只是
chkrootkit在我的 Fedora 20 x86_64 上執行。以下是一些可疑的結果。有誰知道這些是誤報嗎?我有一個受損的系統嗎?以下是可疑文件和目錄:
Searching for suspicious files and dirs, it may take a while... /usr/lib/.libgcrypt.so.11.hmac /usr/lib/python2.7/site-packages/martian /testswithbogusmodules/.bogussubpackage /usr/lib/python2.7/site-packages/fail2ban /tests/files/config/apache-auth/digest_time/.htaccess /usr/lib/python2.7/site- packages/fail2ban/tests/files/config/apache-auth/digest_time/.htpasswd /usr/lib /python2.7/site-packages/fail2ban/tests/files/config/apache-auth/noentry /.htaccess /usr/lib/python2.7/site-packages/fail2ban/tests/files/config/apache- auth/basic/file/.htaccess /usr/lib/python2.7/site-packages/fail2ban/tests/files /config/apache-auth/basic/file/.htpasswd /usr/lib/python2.7/site-packages/fail2ban /tests/files/config/apache-auth/basic/authz_owner/.htaccess /usr/lib/python2.7 /site-packages/fail2ban/tests/files/config/apache-auth/basic/authz_owner /.htpasswd /usr/lib/python2.7/site-packages/fail2ban/tests/files/config/apache- auth/digest_anon/.htaccess /usr/lib/python2.7/site-packages/fail2ban/tests/files /config/apache-auth/digest_anon/.htpasswd /usr/lib/python2.7/site-packages /fail2ban/tests/files/config/apache-auth/digest_wrongrelm/.htaccess /usr/lib /python2.7/site-packages/fail2ban/tests/files/config/apache-auth/digest_wrongrelm /.htpasswd /usr/lib/python2.7/site-packages/fail2ban/tests/files/config/apache- auth/digest/.htaccess /usr/lib/python2.7/site-packages/fail2ban/tests/files/config /apache-auth/digest/.htpasswd /usr/lib/python2.7/site-packages/pylons/docs/en /.gitignore /usr/lib/python2.7/site-packages/pylons/templates/default_project /+package+/templates/.distutils_placeholder /usr/lib/python2.7/site-packages /pylons/templates/minimal_project/+package+/templates/.distutils_placeholder /usr/lib/.libssl.so.1.0.1e.hmac /usr/lib/.libcrypto.so.1.0.1e.hmac /usr/lib /.libssl.so.10.hmac /usr/lib/debug/.build-id /usr/lib/debug/usr/.dwz /usr/lib /debug/.dwz /usr/lib/mono/xbuild-frameworks/.NETFramework /usr/lib /.libcrypto.so.10.hmac /usr/lib/python2.7/site-packages/martian/tests/withbogusmodules /.bogussubpackage /usr/lib/debug/.build-id /usr/lib/debug/.dwz /usr/lib /mono/xbuild-frameworks/.NETFramework然後是這樣的:
Searching for Suckit rootkit... Warning: /sbin/init INFECTED最後:
Checking `chkutmp'... The tty of the following user process(es) were not found in /var/run/utmp ! ! RUID PID TTY CMD ! root 1631 tty1 /usr/bin/X :0 vt1 -background none -nolisten tcp -seat seat0 -auth /var/run/kdm/A:0-EiPPra chkutmp: nothing deleted Checking `OSX_RSPLUG'... not infected
據報導,chkrootkit 認為它在乾淨的系統上發現了 Suckit 的誤報。Fedora 錯誤報告表明 chkrootkit 在 Fedora 20 中仍然被破壞。
如果沒有人登錄(如果它顯示 GUI 登錄提示),則 X 伺服器沒有 utmp 條目是正常的。
因此,這些結果並不表明您的系統已被感染。當然,這並不意味著您的系統是乾淨的:設計良好的 rootkit 從定義上講是無法檢測到的。