Page 1 of 2 12 LastLast
Results 1 to 10 of 11

Thread: Worrying output from chkrootkit

  1. #1
    Join Date
    Aug 2013
    Beans
    27

    Worrying output from chkrootkit

    When searching for rootkits with chkrootkit, I get this output in one of the last lines:
    ! root 1313 tty7 /usr/bin/X :0 -auth /var/run/lightdm/root/:0 -nolisten tcp vt7 -novtswitch -background none

    What is this, and what should I do ?

  2. #2
    Join Date
    Mar 2007
    Beans
    790

    Re: Worrying output from chkrootkit

    Google.

    (Or just search the forums)
    http://ubuntuforums.org/showthread.php?t=1980749
    Registered Linux User: 450747 Registered Ubuntu User: 16269

  3. #3
    Join Date
    Feb 2008
    Location
    Mine goes to 11
    Beans
    3,675

    Re: Worrying output from chkrootkit

    Does Ubuntu maintain the version in their repos?
    The last apparent release-date is Thu Jul 30 2009.
    If not, I'd not use chkrootkit and go for rkhunter, personally.
    "The single biggest problem in communication is the illusion that it has taken place."

  4. #4
    Join Date
    Mar 2014
    Beans
    10
    Distro
    Ubuntu

    Re: Worrying output from chkrootkit

    This is the system graphics server.
    It converts the layout of desktop applications into low-level drawing operations on your graphics card.
    Last edited by james114; March 26th, 2014 at 11:31 AM.
    OS: Ubuntu 12.04 / Specification: Xeon 3210 with 8 GB DDR333
    My Bible Project (PHP)

  5. #5
    Join Date
    Aug 2009
    Beans
    Hidden!

    Re: Worrying output from chkrootkit

    Quote Originally Posted by james114 View Post
    This is the system graphics server.
    It converts the layout of desktop applications into low-level drawing operations on your graphics card.
    No, that's completely besides the point. This is about a known issue in 'chkutmp': a process being attached to a tty but not having any audit record yet (process waiting for a user login to occur).

  6. #6
    Join Date
    Oct 2005
    Location
    Al Ain
    Beans
    8,690

    Re: Worrying output from chkrootkit

    Howdy,

    Chkrootkit and others are mostly useless. I haven't seen a rootkit on a machine in more than 20 years.

  7. #7
    Join Date
    Mar 2007
    Beans
    790

    Re: Worrying output from chkrootkit

    ^^ I agree
    Registered Linux User: 450747 Registered Ubuntu User: 16269

  8. #8
    Join Date
    Aug 2009
    Beans
    Hidden!

    Re: Worrying output from chkrootkit

    Quote Originally Posted by HermanAB View Post
    I haven't seen a rootkit on a machine in more than 20 years.
    With all due respect this isn't (or shouldn't be) about you or what you perceive but what others should generally speaking do, like adhere to best practices and such.

  9. #9
    Join Date
    Mar 2007
    Beans
    790

    Re: Worrying output from chkrootkit

    Whether or not running chkrootkit would be a 'best practice' would be a matter of opinion.
    Last edited by ant2ne; March 26th, 2014 at 02:23 PM.
    Registered Linux User: 450747 Registered Ubuntu User: 16269

  10. #10
    Join Date
    Aug 2013
    Beans
    27

    Re: Worrying output from chkrootkit

    Quote Originally Posted by unspawn View Post
    No, that's completely besides the point. This is about a known issue in 'chkutmp': a process being attached to a tty but not having any audit record yet (process waiting for a user login to occur).
    That sounds like a threat to me ?
    I found another forum thread that suggests it could be my datacenter running a "stealth login" on tty7 so that if I put in a ticket they do not have to ask you for your password. This can be done with the openvt command (http://www.webhostingtalk.com/showthread.php?t=566816)

    I tried to kill the process, but it immediately popped up again with a new PID.
    Is there any other ways I can get rid of this ?

Page 1 of 2 12 LastLast

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •