RE: [cobalt-security] Cobalt Raq2 & Chkrootkit 0.37

["Gary M. Root" <groot@xxxxxxxxxxxxxxx>]

Title: Message

Yes, I get that output on a RaQ2, also. I ran an earlier version of chkrootkit on the same box after seeing it, and did not get the error. By itself, that doesn't mean much, but if others see the same error in 0.37, it feels like a RaQ2 anomaly.

 

-Gary

Greetings All,

 

Has anyone came across this starange behaviour of Chkrootkit 0.37 while running on Cobalt Raq2 (specifically Raq2). Following is the output I rcvd. on running the same :

............

Checking `mail'... not infected
Checking `mingetty'... not found
Checking `netstat'... not infected
Checking `named'... not infected
Checking `passwd'... INFECTED
Checking `pidof'... not infected
Checking `pop2'... not found
Checking `pop3'... not found
Checking `ps'... not infected
............

Checking `bindshell'... not infected
Checking `lkm'... ./chkrootkit: ./chkproc: cannot execute binary file
Warning: Possible LKM Trojan installed
Checking `rexedcs'... not found
Checking `sniffer'...
./chkrootkit: ./ifpromisc: cannot execute binary file
Checking `wted'... ./chkrootkit: ./chkwtmp: cannot execute binary file
Checking `scalper'... not infected
Checking `slapper'... not infected
Checking `z2'... ./chkrootkit: ./chklastlog: cannot execute binary file

Is there anyone that can explain this, will be highly admirable. The same isn't in case of Raq3 & Raq4, but only in Raq2s.

 

Cheers

Arminder Singh
Sr. Exec. System Administrator
-------------------------------------------------------
Pugmarks InterWeb Pvt. Ltd. INDIA Tel: (172) 622 753, 54, 55, Fax:91 (172)-645-906
Pugmarks Inc. Tel: (630) 571-0699, Fax: (630)-571-0642
http://www.pugmarks.net