Hi, I'm sorry, that I'm writing in this topic, but I think my problem seems to be similar. Yesterday I launched chkrootkit to check some things. Everything seems to be fine, but I'm wonder on this:
Is it normal? There is so many informations about chkrootkit and e.g. chkutmp on the network and I'm so confused and amazed. Whether it is a record of what actions were taken by chkrootkit? (./chktump etc.) Or it is something else? In the utmp man page, we could read, that The utmp file allows one to discover information about who is currently using the system. etc. Okay. That's sounds nice. As we can see, in my case, there is only one (me; kleenex) and root users. Next entries like PID, CMD - for me - seems to be related with chkrootkit's Checking `chkutmp'... scan.
Checking `chkutmp'... The tty of the following user process(es) were not found in /var/run/utmp !
! RUID PID TTY CMD
! kleenex 3816 pts/0 bash
! kleenex 5146 pts/0 sudo chkrootkit
! root 5147 pts/0 /bin/sh /usr/sbin/chkrootkit
! root 5782 pts/0 ./chkutmp
! root 5784 pts/0 ps axk tty,ruser,args -o tty,pid,ruser,args
! root 5783 pts/0 sh -c ps axk "tty,ruser,args" -o "tty,pid,ruser,args"
Generally, Could anybody tell me what's going on?