rkhunter findet RH-Sharpe's Rootki Ubuntu 8.4

Post Reply
Message
Author
hansi
Posts: 14
Joined: 31. Jul 2005 15:19

rkhunter findet RH-Sharpe's Rootki Ubuntu 8.4

#1 Post by hansi »

Hallo
Was kann ich da machen ? Habe rkhunter laufen lassen und das Ergebnis erhalten.
Manchmal setzt sich der Firefox fest und das System geht fest. Auch dauert es oft eine Zeit bis er startet.
Wie kann ich das System reinigen.javascript:emoticon(':roll:')



rkhunter --check
[ Rootkit Hunter version 1.3.0 ]


RH-Sharpe's Rootkit [ Warning ]
Checking the local host...

Performing system boot checks
Checking for local host name [ Found ]
Checking for local startup files [ Found ]
Checking local startup files for malware [ None found ]
Checking system startup files for malware [ None found ]

Performing group and account checks
Checking for passwd file [ Found ]
Checking for root equivalent (UID 0) accounts [ None found ]
Checking for passwordless accounts [ None found ]
Checking for passwd file changes [ None found ]
Checking for group file changes [ None found ]
Checking root account shell history files [ OK ]

Performing system configuration file checks
Checking for SSH configuration file [ Not found ]
Checking for running syslog daemon [ Found ]
Checking for syslog configuration file [ Found ]
Checking if syslog remote logging is allowed [ Not allowed ]

Performing filesystem checks
Checking /dev for suspicious file types [ Warning ]
Checking for hidden files and directories [ Warning ]

System checks summary
=====================

File properties checks...
Files checked: 124
Suspect files: 0

Rootkit checks...
Rootkits checked : 109
Possible rootkits: 1
Rootkit names : RH-Sharpe's Rootkit

Applications checks...
Applications checked: 4
Suspect applications: 0

The system checks took: 3 minutes and 6 seconds

All results have been written to the logfile (/var/log/rkhunter.log)

One or more warnings have been found while checking the system.
Please check the log file (/var/log/rkhunter.log)

:roll: :roll: :roll:

User avatar
Janka
Posts: 3585
Joined: 11. Feb 2006 19:10

#2 Post by Janka »

Wenn du tatsächlich ein Rootkit drauf hast, *musst* du das System neu aufsetzen. Ein Rootkit bedeutet, dass jemand sich root-Zugang zu deinem System verschafft hat und dort
*irgendwelche* Änderungen von Hand vorgenommen hat. Die kann man logischerweise nicht automatisiert rückgängig machen.

Janka
Ich vertonne Spam immer in /dev/dsp statt /dev/null.
Ich mag die Schreie.

Post Reply