esim. päätteessä komentaen
cat /var/log/rkhunter.log
Tuossa tuo sisältö siitä lähtien, kun ensimmäinen found esiintyi:
Performing system boot checks
[11:17:10] Info: Starting test name 'startup_files'
[11:17:10] Checking for local host name [ Found ]
[11:17:10] Info: Starting test name 'startup_malware'
[11:17:10] Info: Found local startup file: /etc/rc.local
[11:17:11] Info: Found local startup file: /etc/inittab
[11:17:11] Checking for local startup files [ Found ]
[11:17:11] Checking local startup files for malware [ None found ]
[11:17:11] Info: Found system startup directory: /etc/init.d
[11:17:13] Checking system startup files for malware [ None found ]
[11:17:13]
[11:17:13] Performing group and account checks
[11:17:13] Info: Starting test name 'group_accounts'
[11:17:13] Checking for passwd file [ Found ]
[11:17:13] Info: Found password file: /etc/passwd
[11:17:13] Checking for root equivalent (UID 0) accounts [ None found ]
[11:17:13] Info: Found shadow file: /etc/shadow
[11:17:13] Checking for passwordless accounts [ None found ]
[11:17:13] Info: Starting test name 'passwd_changes'
[11:17:13] Checking for passwd file changes [ None found ]
[11:17:13] Info: Starting test name 'group_changes'
[11:17:13] Checking for group file changes [ None found ]
[11:17:13] Checking root account shell history files [ None found ]
[11:17:13]
[11:17:13] Performing system configuration file checks
[11:17:13] Info: Starting test name 'system_configs'
[11:17:14] Checking for SSH configuration file [ Not found ]
[11:17:14] Checking for running syslog daemon [ Found ]
[11:17:14] Checking for syslog configuration file [ Found ]
[11:17:14] Info: Found syslog configuration file: /etc/syslog.conf
[11:17:14] Checking if syslog remote logging is allowed [ Not allowed ]
[11:17:14]
[11:17:14] Performing filesystem checks
[11:17:14] Info: Starting test name 'filesystem'
[11:17:14] Info: SCAN_MODE_DEV set to 'THOROUGH'
[11:17:29] Checking /dev for suspicious file types [ None found ]
[11:17:30] Checking for hidden files and directories [ Warning ]
[11:17:30] Warning: Hidden directory found: /etc/.java
[11:17:30] Warning: Hidden directory found: /dev/.static
[11:17:30] Warning: Hidden directory found: /dev/.udev
[11:17:30] Warning: Hidden directory found: /dev/.initramfs
[11:18:43]
[11:18:43] Checking application versions...
[11:18:44] Info: Starting test name 'apps'
[11:18:44] Checking version of Exim MTA [ OK ]
[11:18:44] Info: Application 'exim' version '4.67' found.
[11:18:45] Checking version of GnuPG [ OK ]
[11:18:45] Info: Application 'gpg' version '1.4.6' found.
[11:18:45] Info: Application 'httpd' not found.
[11:18:45] Info: Application 'named' not found.
[11:18:45] Checking version of OpenSSL [ OK ]
[11:18:45] Info: Application 'openssl' version '0.9.8e' found.
[11:18:45] Info: Application 'php' not found.
[11:18:45] Info: Application 'procmail' not found.
[11:18:45] Info: Application 'proftpd' not found.
[11:18:45] Info: Application 'sshd' not found.
[11:18:45] Info: Applications checked: 3 out of 9
[11:18:45]
[11:18:45] System checks summary
[11:18:45] =====================
[11:18:45]
[11:18:45] File properties checks...
[11:18:45] Files checked: 122
[11:18:45] Suspect files: 0
[11:18:45]
[11:18:45] Rootkit checks...
[11:18:45] Rootkits checked : 109
[11:18:45] Possible rootkits: 0
[11:18:45]
[11:18:45] Applications checks...
[11:18:45] Applications checked: 3
[11:18:45] Suspect applications: 0
[11:18:45]
[11:18:45] The system checks took: 2 minutes and 31 seconds
[11:18:45]
[11:18:45] Info: End date is ma 26.11.2007 11:18:45 +0200
Kaikki ilmeisesti kunnossa???
Kiitos vastauksista!
Aihe: Rootkittien metsästys [Ratkaistu] (Luettu 3975 kertaa)
