Package: rkhunter Version: 1.3.6-4 Severity: normal #File /var/log/rkhunter.log [13:46:28] Checking for string 'hdparm' [ Warning ] [13:46:28] Checking for string '/lib/ldd.so/tkps' [ Not found ] [13:46:28] Checking for string 't0rnkit' [ Not found ] [13:46:28] Checking for string '/dev/proc/fuckit' [ Not found ] [13:46:28] Checking for string 'libproc.so.2.0.7' [ Not found ] [13:46:29] Checking for string 'libproc.so.2.0.7' [ Not found ] [13:46:29] Checking for string 'libproc.so.2.0.7' [ Not found ] [13:46:29] Checking for string '/usr/lib/ldlibct.so' [ Not found ] [13:46:29] Checking for string '/usr/lib/ldlibdu.so' [ Not found ] [13:46:29] Checking for string '/dev/ptyxx/.file' [ Not found ] [13:46:29] Checking for string 'libproc.so.2.0.7' [ Not found ] [13:46:29] Checking for string '/dev/ida/.inet' [ Not found ] [13:46:29] Warning: Checking for possible rootkit strings [ Warning ] [13:46:29] Found string 'hdparm' in file '/etc/init.d/hdparm'. Possible rootkit: Xzibit Rootkit [13:46:29] Found string 'hdparm' in file '/etc/init.d/.depend.boot'. Possible rootkit: Xzibit Rootkit
mama@zeuza:~$ whereis hdparm hdparm: /sbin/hdparm /etc/hdparm.conf /usr/share/man/man8/hdparm.8.gz mama@zeuza:~$ md5sum /sbin/hdparm 5f74fb3bd3a1b50e803d139a7aa10695 /sbin/hdparm mama@zeuza:~$ sha1sum /sbin/hdparm 50e94ee5f91c5bae7a626c7deaf6dccb96fd8d81 /sbin/hdparm mama@zeuza:~$ sha256sum /sbin/hdparm 73f7525ae08a8d9faa9c91a0c96c7b54cfbb21ed91baa398ddcfb5ee33b1a3f5 /sbin/hdparm mama@zeuza:~$ -- http://packages.debian.org/squeeze/i386/hdparm/download MD5 checksum 2c05b8d28cd08a31e93409491b71423b SHA1 checksum 101e7372cc2de13866a8d423c020857def65c48e SHA256 checksum 5ec7ca9fd92f33148d9c5a0b0929955fccd0ab7e480512b8b93f4811d0d2a35c -- System Information: Debian Release: 6.0.4 APT prefers stable-updates APT policy: (500, 'stable-updates'), (500, 'stable') Architecture: i386 (i686) Kernel: Linux 2.6.32-5-686 (SMP w/2 CPU cores) Locale: LANG=es_AR.UTF-8, LC_CTYPE=es_AR.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Versions of packages rkhunter depends on: ii binutils 2.20.1-16 The GNU assembler, linker and bina ii debconf [debconf-2.0] 1.5.36.1 Debian configuration management sy ii file 5.04-5 Determines file type using "magic" ii net-tools 1.60-23 The NET-3 networking toolkit ii perl 5.10.1-17squeeze3 Larry Wall's Practical Extraction ii sendmail 8.14.3-9.4 powerful, efficient, and scalable ii sendmail-bin [mail-tra 8.14.3-9.4 powerful, efficient, and scalable Versions of packages rkhunter recommends: ii iproute 20100519-3 networking and traffic control too ii lsof 4.81.dfsg.1-1 List open files ii perl [libdigest-sha-pe 5.10.1-17squeeze3 Larry Wall's Practical Extraction ii unhide 20100201-1 Forensic tool to find hidden proce ii wget 1.12-2.1 retrieves files from the web Versions of packages rkhunter suggests: ii bsd-mailx 8.1.2-0.20100314cvs-1 simple mail user agent pn tripwire <none> (no description available) -- debconf information: rkhunter/apt_autogen: false rkhunter/cron_daily_run: rkhunter/cron_db_update: _______________________________________________ forensics-devel mailing list forensics-devel@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/forensics-devel