刚刚在最近安装的 14.04 lubuntu 上运行 chkrootkit,它想出了:
Searching for suspicious files and dirs, it may take a while... The following suspicious files and directories were found:
/lib/modules/3.16.0-30-generic/vdso/.build-id /lib/modules/3.16.0-31-generic/vdso/.build-id
/lib/modules/3.16.0-30-generic/vdso/.build-id /lib/modules/3.16.0-31-generic/vdso/.build-id
Searching for Romanian rootkit... nothing found
Searching for Suckit rootkit... Warning: /sbin/init INFECTED
Checking `chkutmp'... The tty of the following user process(es) were not found
in /var/run/utmp !
! RUID PID TTY CMD
! root 1204 tty7 /usr/bin/X -core :0 -seat seat0 -auth /var/run/lightdm/root/:0 -nolisten tcp vt7 -novtswitch
chkutmp: nothing deleted
Checking `OSX_RSPLUG'... not infected
如您所见,存在一些异常情况;那些可疑文件和目录是什么?在 /sbin/init? chkutmp?我在我的另一台机器上没有得到任何类似的结果......所以我也尝试了 rkhunter,我会发布整个日志文件,但它的字符太多,并且帖子限制为 30000
[12:14:00] /usr/bin/unhide.rb [ Warning ]
[12:14:00] Warning: The command '/usr/bin/unhide.rb' has been replaced by a script: /usr/bin/unhide.rb: Ruby script, ASCII text
[12:15:19] System checks summary
[12:15:19] =====================
[12:15:19]
[12:15:19] File properties checks...
[12:15:19] Files checked: 134
[12:15:19] Suspect files: 1
[12:15:19]
[12:15:19] Rootkit checks...
[12:15:19] Rootkits checked : 291
[12:15:19] Possible rootkits: 0
[12:15:19]
[12:15:19] Applications checks...
[12:15:19] All checks skipped
[12:15:19]
[12:15:19] The system checks took: 1 minute and 38 seconds
[12:15:19]
[12:15:19] Info: End date is Mon Mar 16 12:15:19 GMT 2015
rkhunter 似乎并不表示suckit,那么这是来自chkrootkit 的误报吗?还是rkhunter的假阴性?那些其他警告怎么样,谁能给我任何关于它们的含义的见解?我在谷歌上搜索了一些异常结果,但找不到任何东西......这通常是一个坏兆头。
那么,我是否有 Rootkit,如果有,我该如何移除它并修复造成的任何损坏?
| 归档时间: |
|
| 查看次数: |
12786 次 |
| 最近记录: |