Wierd email

npavlidis · **Joined:** Sun Jun 04, 2006 10:03 am **Posts:** 122

Merry xmas ppl

this is the email I get sometimes(not every day but sometimes)

Subj:Cron <root@www> run-parts /etc/cron.daily

/etc/cron.daily/chkrootkit:

/usr/bin/find: //var/named/run-root/proc/32308/task: No such file or directory

I got the same mail 3 days ago...

and since the begining chrootkit always said this:

Checking `sniffer'... not tested: can't exec ./ifpromisc
Checking `w55808'... not infected
Checking `wted'... not tested: can't exec ./chkwtmp
Checking `scalper'... not infected
Checking `slapper'... not infected
Checking `z2'... not tested: can't exec ./chklastlog
Checking `chkutmp'... not tested: can't exec ./chkutmp

Any ideas?

scott · **Posted:** Tue Dec 26, 2006 5:26 pm

Is that using my rpm? I'll be honest I havent stayed on top of chkrootkit like I have with rkhunter, but that output I believe is telling you that it cant find the chkrootkit utilities. I'd make sure that the directories it stores all its apps (rpm -ql chkrootkit) are still there and executible.

npavlidis · **Joined:** Sun Jun 04, 2006 10:03 am **Posts:** 122

ok i did not ave ur version on my bad! i did install it tough the only error i got is :
Checking `chkutmp'... not tested: can't exec ./chkutmp

the output you requested confirms that:
[root@www /]# rpm -ql chkrootkit
/etc/pam.d/chkrootkit
/etc/security/console.apps/chkrootkit
/usr/bin/chkrootkit
/usr/bin/chkrootkitX
/usr/bin/xchkrootkit
/usr/lib/chkrootkit-0.46a
/usr/lib/chkrootkit-0.46a/check_wtmpx
/usr/lib/chkrootkit-0.46a/chkdirs
/usr/lib/chkrootkit-0.46a/chklastlog
/usr/lib/chkrootkit-0.46a/chkproc
/usr/lib/chkrootkit-0.46a/chkrootkit
/usr/lib/chkrootkit-0.46a/chkrootkit.sh
/usr/lib/chkrootkit-0.46a/chkwtmp
/usr/lib/chkrootkit-0.46a/ifpromisc
/usr/lib/chkrootkit-0.46a/strings-static
/usr/share/applications/rpmforge-chkrootkit.desktop
/usr/share/doc/chkrootkit-0.46a
/usr/share/doc/chkrootkit-0.46a/ACKNOWLEDGMENTS
/usr/share/doc/chkrootkit-0.46a/COPYRIGHT
/usr/share/doc/chkrootkit-0.46a/README
/usr/share/doc/chkrootkit-0.46a/README.chklastlog
/usr/share/doc/chkrootkit-0.46a/README.chkwtmp
/usr/share/pixmaps/chkrootkit.png

thanks

scott · **Posted:** Wed Dec 27, 2006 3:42 pm

ah, did you have a src install mixed in there? That output definitely confirms that chkutmp doesnt exist in the rpm.

npavlidis · **Joined:** Sun Jun 04, 2006 10:03 am **Posts:** 122

no no i installed your version after removing the src i had its a big possiblitily its missing

Wierd email

Who is online