Koozali.org: home of the SME Server
  1. Koozali.org: home of the SME Server
  2. Obsolete Releases
  3. SME Server 7.x
  4. Topic: new install i585 sme 7.13 update install chkrootkit-0.47
« previous next »
Pages: [1]   Go Down

new install i585 sme 7.13 update install chkrootkit-0.47

  • 1 Replies
  • 952 Views

Offline mgb

  • *****
  • 558
  • +0/-0
new install i585 sme 7.13 update install chkrootkit-0.47
« on: June 24, 2007, 08:29:29 AM »
install from  http://www.chkrootkit.org,
ver chkrootkit-0.47

./chkrootkit
bindshell'... INFECTED (PORTS: 465)

is infected = ??
Logged
Thanks all for helping
Skype yosii2009

Offline mmccarn

  • *
  • 2,656
  • +10/-0
new install i585 sme 7.13 update install chkrootkit-0.47
« Reply #1 on: June 24, 2007, 05:47:58 PM »
Quote from: "[url=http://www.chkrootkit.org/faq/#7
chkrootkit.org FAQ item number 7[/url]"]7.  I'm running PortSentry/klaxon. What's wrong with the bindshell test?

If you're running PortSentry/klaxon or another program that binds itself to unused ports probably chkrootkit will give you a false positive on the bindshell test (ports 114/tcp, 465/tcp, 511/tcp, 1008/tcp, 1524/tcp, 1999/tcp, 3879/tcp, 4369/tcp, 5665/tcp, 10008/tcp, 12321/tcp, 23132/tcp, 27374/tcp, 29364/tcp, 31336/tcp, 31337/tcp, 45454/tcp, 47017/tcp, 47889/tcp, 60001/tcp).
(note or another program)

A search of the chkrootkit-users mailing list archive at http://marc.info/?l=chkrootkit-users&r=1&w=2 for "465" produces several comments that chkrootkit will report a false positive if you have any kind of ssmtp server running -- which SME does.

SME comes with rkhunter pre-installed; do you have a reason to prefer 'chkrootkit'?
Logged
Pages: [1]   Go Up
« previous next »
  1. Koozali.org: home of the SME Server
  2. Obsolete Releases
  3. SME Server 7.x
  4. Topic: new install i585 sme 7.13 update install chkrootkit-0.47