Fedora Core 4 ¤Ç Rootkit Hunter ¤ò»î¤·¤Æ¤ß¤Þ¤·¤¿ †¤È¤Ë¤«¤¯¼Â¹Ô †¡¡°Ê²¼¡¢¼Â¹Ô·ë²Ì¤È¤½¤Î²òÀâ¤Ç¤¹¡£ Rootkit Hunter 1.2.7 is running Determining OS... Unknown Warning: This operating system is not fully supported! Warning: Cannot find md5_not_known All MD5 checks will be skipped! ¡¡OS ¤¬ Unknown ¤È½Ð¤Þ¤·¤¿¤¬¡¦¡¦¡¦¤Ê¤Î¤Ç MD5 ¤Ë´Ø¤¹¤ë¥Á¥§¥Ã¥¯¤Ï¹Ô¤¨¤Ê¤¤¤È¤Î¤³¤È¤Ç¤¹¡£Ê̤Υ·¥¹¥Æ¥à¤Ç»î¤·¤¿¤éÌäÂê¤Ê¤¤¤È¤¤¤¦·ë²Ì¤¬É½¼¨¤µ¤ì¤Þ¤·¤¿¡£ Determining OS... Ready ¡¡MD5 ¥Á¥§¥Ã¥¯¤ò¹Ô¤¨¤Ê¤¤¤Î¤Ç¡¢¥¹¥¥Ã¥×¤µ¤ì¤Æ¤·¤Þ¤¦¡£¡£¤¦¡¼¤à¡£ * System tools Skipped! ¡¡ËÜÅö¤Ï¤³¤³¤Ç /bin °Ê²¼¤Î¥Õ¥¡¥¤¥ë¤ÎÀ°¹çÀ¤ò¥Á¥§¥Ã¥¯¤·¤Æ¤¯¤ì¤Þ¤¹¡£²þã⤵¤ì¤¿¥·¥¹¥Æ¥à¤Î¥Õ¥¡¥¤¥ë¤ò¥¹¥¥ã¥ó¤¹¤ë¤È¡¢¡¢ * System tools Performing 'known good' check... /bin/cat [ BAD ] /bin/chmod [ BAD ] /bin/chown [ BAD ] /bin/dmesg [ OK ] /bin/egrep [ BAD ] ¡¡¤³¤ó¤Ê´¶¤¸¤Ç [ BAD ]¤È½Ð¤Æ¤¤Þ¤¹¡£¡£¡£ ¡¡¤¦¡¼¤ó¡¢MD5 ¥Á¥§¥Ã¥¯¤â¤µ¤»¤¿¤¤¡ª¤È¤¤¤¦¤³¤È¤Ç¼¡¤Î¥³¡¼¥Ê¡¼ Fedora Core 4 ¤ò MD5 ¤ËÂбþ¤µ¤»¤ë¡£ †¡¡Âбþ¤µ¤»¤ë¤Ë¤Ï¡¢°ìÉô¤Î¥Õ¥¡¥¤¥ë¤ò½ñ¤´¹¤¨¤ëɬÍפ¬¤¢¤ê¤Þ¤¹¡£¥¢¡¼¥«¥¤¥Ö¤òŸ³«¤·¤¿¥Ç¥£¥ì¥¯¥È¥ê¤Ë files ¤È¤¤¤¦¥Ç¥£¥ì¥¯¥È¥ê¤¬¤¢¤ê¡¢¤½¤ÎÃæ¤Ë os.dat ¤¬¤¢¤ê¤Þ¤¹¡£ rkhunter/files/os.dat ¡¡¤Ç¤¹¡£ ¡¡vi ¥¨¥Ç¥£¥¿¤Ê¤É¤Ç¥Õ¥¡¥¤¥ë¤ò³«¤¤¤¿¤é 97 ¹ÔÌܤ˼¡¤Î¹Ô¤òÆþ¤ì¤Þ¤¹¡£ 178:Fedora Core release 4 (Stentz) (i386):/usr/bin/md5sum:/bin: ¡¡¥Õ¥¡¥¤¥ë¤òÊݸ¤·¤¿¤é¡¢rkhunter ¥Ç¥£¥ì¥¯¥È¥ê¤ËÌá¤ê¡¢¤â¤¦°ìÅÙ¥¤¥ó¥¹¥È¡¼¥ë¤ò¹Ô¤¤¤Þ¤¹¡£ # cd .. # ./installer.sh ¡¡¤¢¤È¤Ï¡¢¤â¤¦°ìÅÙ Rookit Hunter ¤ò¼Â¹Ô¤¹¤ë¤È Fedora Core 4 ¤¬Ç§¼±¤µ¤ì¤Þ¤¹¡£ ¤â¤¦°ìÅټ¹Էë²Ì¤òÆɤó¤Ç¤ß¤ë †¡¡¼¡¤Î¥³¥Þ¥ó¥É¤ò¼Â¹Ô¤·¤Æ¡¢°ìµ¤¤Ë¥Á¥§¥Ã¥¯¤ò¤«¤±¤Þ¤¹¡£ # /usr/local/bin/rkhunter -c --skip-keypress Rootkit Hunter 1.2.7 is running Determining OS... Ready ¡¡º£ÅÙ¤ÏÀµ¤·¤¯ OS ¤¬Ç§¼±¤µ¤ì¤Þ¤·¤¿¡£ Checking binaries - ¥³¥Þ¥ó¥É·²¤Î³Îǧ †¡¡¥³¥Þ¥ó¥É¤Î md5sum Ãͤò¥Á¥§¥Ã¥¯¤·¤Æ²þã⤵¤ì¤Æ¤¤¤Ê¤¤¤«¤Î³Îǧ¤Ç¤¹¡£ÌäÂê¤Ê¤¤¤è¤¦¤Ç¤¹¡Ê¤È¤¤¤¦¤è¤ê¡¢¤³¤Î¥Þ¥·¥ó¤Ï¥í¡¼¥«¥ë¤Ç¥Æ¥¹¥È¤·¤Æ¤ë¤Î¤ÇÉÔÀµ¿¯Æþ¤¦¤±¤Æ¤¿¤é¥Þ¥º¥¤¤ó¤Ç¤¹¤¬¡Ä¡Ä¡Ë¡£ Checking binaries * Selftests Strings (command) [ OK ] * System tools Info: prelinked files found Performing 'known bad' check... /bin/cat [ OK ] /bin/chmod [ OK ] /bin/chown [ OK ] /bin/csh [ OK ] /bin/date [ OK ] /bin/df [ OK ] /bin/dmesg [ OK ] /bin/echo [ OK ] /bin/ed [ OK ] /bin/egrep [ OK ] /bin/env [ OK ] /bin/fgrep [ OK ] /bin/grep [ OK ] /bin/kill [ OK ] /bin/login [ OK ] /bin/ls [ OK ] /bin/more [ OK ] /bin/mount [ OK ] /bin/netstat [ OK ] /bin/ps [ OK ] /bin/sh [ OK ] /bin/sort [ OK ] /bin/su [ OK ] /sbin/chkconfig [ OK ] /sbin/depmod [ OK ] /sbin/ifconfig [ OK ] /sbin/ifdown [ OK ] /sbin/ifup [ OK ] /sbin/init [ OK ] /sbin/insmod [ OK ] /sbin/ip [ OK ] /sbin/lsmod [ OK ] /sbin/modinfo [ OK ] /sbin/modprobe [ OK ] /sbin/nologin [ OK ] /sbin/rmmod [ OK ] /sbin/runlevel [ OK ] /sbin/sulogin [ OK ] /sbin/sysctl [ OK ] /sbin/syslogd [ OK ] /usr/bin/chattr [ OK ] /usr/bin/du [ OK ] /usr/bin/file [ OK ] /usr/bin/find [ OK ] /usr/bin/groups [ OK ] /usr/bin/head [ OK ] /usr/bin/kill [ OK ] /usr/bin/killall [ OK ] /usr/bin/last [ OK ] /usr/bin/lastlog [ OK ] /usr/bin/less [ OK ] /usr/bin/locate [ OK ] /usr/bin/logger [ OK ] /usr/bin/lsattr [ OK ] /usr/bin/md5sum [ OK ] /usr/bin/passwd [ OK ] /usr/bin/pstree [ OK ] /usr/bin/sha1sum [ OK ] /usr/bin/size [ OK ] /usr/bin/slocate [ OK ] /usr/bin/stat [ OK ] /usr/bin/strace [ OK ] /usr/bin/strings [ OK ] /usr/bin/test [ OK ] /usr/bin/top [ OK ] /usr/bin/users [ OK ] /usr/bin/vmstat [ OK ] /usr/bin/w [ OK ] /usr/bin/watch [ OK ] /usr/bin/wc [ OK ] /usr/bin/wget [ OK ] /usr/bin/whatis [ OK ] /usr/bin/whereis [ OK ] /usr/bin/which [ OK ] /usr/bin/who [ OK ] /usr/bin/whoami [ OK ] /usr/sbin/adduser [ OK ] /usr/sbin/chroot [ OK ] /usr/sbin/kudzu [ OK ] /usr/sbin/tcpd [ OK ] /usr/sbin/useradd [ OK ] /usr/sbin/usermod [ OK ] /usr/sbin/vipw [ OK ] /usr/sbin/xinetd [ OK ] Performing 'known good' check... Check rootkits - ¥ë¡¼¥È¥¥Ã¥È¤Î³Îǧ †¡¡¼¡¤Ï²¿¤«¥·¥¹¥Æ¥à¤Ë¥ë¡¼¥È¥¥Ã¥È¤¬»ÅÁȤޤì¤Æ¤¤¤Ê¤¤¤«¤Î³Îǧ¤Ç¤¹¡£ ¡¡¤º¤é¤º¤é¤Èʤó¤Ç¤¤¤ë¤Î¤ÏÍ̾¤Ê¥ë¡¼¥È¥¥Ã¥È¤Ç¤¹¤Í¡£¡£ Check rootkits * Default files and directories Rootkit '55808 Trojan - Variant A'... [ OK ] ADM Worm... [ OK ] Rootkit 'AjaKit'... [ OK ] Rootkit 'aPa Kit'... [ OK ] Rootkit 'Apache Worm'... [ OK ] Rootkit 'Ambient (ark) Rootkit'... [ OK ] Rootkit 'Balaur Rootkit'... [ OK ] Rootkit 'BeastKit'... [ OK ] Rootkit 'beX2'... [ OK ] Rootkit 'BOBKit'... [ OK ] Rootkit 'CiNIK Worm (Slapper.B variant)'... [ OK ] Rootkit 'Danny-Boy's Abuse Kit'... [ OK ] Rootkit 'Devil RootKit'... [ OK ] Rootkit 'Dica'... [ OK ] Rootkit 'Dreams Rootkit'... [ OK ] Rootkit 'Duarawkz'... [ OK ] Rootkit 'Flea Linux Rootkit'... [ OK ] Rootkit 'FreeBSD Rootkit'... [ OK ] Rootkit 'Fuck`it Rootkit'... [ OK ] Rootkit 'GasKit'... [ OK ] Rootkit 'Heroin LKM'... [ OK ] Rootkit 'HjC Kit'... [ OK ] Rootkit 'ignoKit'... [ OK ] Rootkit 'ImperalsS-FBRK'... [ OK ] Rootkit 'Irix Rootkit'... [ OK ] Rootkit 'Kitko'... [ OK ] Rootkit 'Knark'... [ OK ] Rootkit 'Li0n Worm'... [ OK ] Rootkit 'Lockit / LJK2'... [ OK ] Rootkit 'MRK'... [ OK ] Rootkit 'Ni0 Rootkit'... [ OK ] Rootkit 'RootKit for SunOS / NSDAP'... [ OK ] Rootkit 'Optic Kit (Tux)'... [ OK ] Rootkit 'Oz Rootkit'... [ OK ] Rootkit 'Portacelo'... [ OK ] Rootkit 'R3dstorm Toolkit'... [ OK ] Rootkit 'RH-Sharpe's rootkit'... [ OK ] Rootkit 'RSHA's rootkit'... [ OK ] Sebek LKM [ OK ] Rootkit 'Scalper Worm'... [ OK ] Rootkit 'Shutdown'... [ OK ] Rootkit 'SHV4'... [ OK ] Rootkit 'SHV5'... [ OK ] Rootkit 'Sin Rootkit'... [ OK ] Rootkit 'Slapper'... [ OK ] Rootkit 'Sneakin Rootkit'... [ OK ] Rootkit 'Suckit Rootkit'... [ OK ] Rootkit 'SunOS Rootkit'... [ OK ] Rootkit 'Superkit'... [ OK ] Rootkit 'TBD (Telnet BackDoor)'... [ OK ] Rootkit 'TeLeKiT'... [ OK ] Rootkit 'T0rn Rootkit'... [ OK ] Rootkit 'Trojanit Kit'... [ OK ] Rootkit 'Tuxtendo'... [ OK ] Rootkit 'URK'... [ OK ] Rootkit 'VcKit'... [ OK ] Rootkit 'Volc Rootkit'... [ OK ] Rootkit 'X-Org SunOS Rootkit'... [ OK ] Rootkit 'zaRwT.KiT Rootkit'... [ OK ] * Suspicious files and malware Scanning for known rootkit strings [ OK ] Scanning for known rootkit files [ OK ] Testing running processes... [ OK ] Miscellaneous Login backdoors [ OK ] Miscellaneous directories [ OK ] Software related files [ OK ] Sniffer logs [ OK ] * Trojan specific characteristics shv4 Checking /etc/rc.d/rc.sysinit Test 1 [ Clean ] Test 2 [ Clean ] Test 3 [ Clean ] Checking /etc/inetd.conf [ Not found ] Checking /etc/xinetd.conf [ Clean ] * Suspicious file properties chmod properties Checking /bin/ps [ Clean ] Checking /bin/ls [ Clean ] Checking /usr/bin/w [ Clean ] Checking /usr/bin/who [ Clean ] Checking /bin/netstat [ Clean ] Checking /bin/login [ Clean ] Script replacements Checking /bin/ps [ Clean ] Checking /bin/ls [ Clean ] Checking /usr/bin/w [ Clean ] Checking /usr/bin/who [ Clean ] Checking /bin/netstat [ Clean ] Checking /bin/login [ Clean ] * OS dependant tests Linux Checking loaded kernel modules... [ OK ] Checking files attributes [ OK ] Checking LKM module path [ OK ] Networking - ¥Í¥Ã¥È¥ï¡¼¥¯¤Î³Îǧ †¡¡ÆÃÄê¤Î¥ë¡¼¥È¥¥Ã¥È¤ä¥Ð¥Ã¥¯¥É¥¢¤¬ÍѤ¤¤ë¥Ý¡¼¥È¤ò¥Á¥§¥Ã¥¯¤·¤Æ¤Þ¤¹¡£Âç¾æÉפ½¤¦¤Ç¤¹¡£ Networking * Check: frequently used backdoors Port 2001: Scalper Rootkit [ OK ] Port 2006: CB Rootkit [ OK ] Port 2128: MRK [ OK ] Port 14856: Optic Kit (Tux) [ OK ] Port 47107: T0rn Rootkit [ OK ] Port 60922: zaRwT.KiT [ OK ] * Interfaces Scanning for promiscuous interfaces [ OK ] System checks - ¥·¥¹¥Æ¥à¤Î³Îǧ †¡¡¥µ¡¼¥Ðµ¯Æ°»þ¤Î¥¹¥¯¥ê¥×¥È·²¤ËÉÔÀµ¤Ê¤â¤Î¤¬¤Ê¤¤¤«³Îǧ¤µ¤ì¤Þ¤¹¡£ System checks * Allround tests Checking hostname... Found. Hostname is sion Checking for passwordless user accounts... OK Checking for differences in user accounts... OK. No changes. Checking for differences in user groups... OK. No changes. Checking boot.local/rc.local file... - /etc/rc.local [ OK ] - /etc/rc.d/rc.local [ OK ] - /usr/local/etc/rc.local [ Not found ] - /usr/local/etc/rc.d/rc.local [ Not found ] - /etc/conf.d/local.start [ Not found ] - /etc/init.d/boot.local [ Not found ] Checking rc.d files... Processing........................................ ........................................ ........................................ ........................................ ........................................ ........................................ ........................................ ........................................ ........................................ ........................................ ........................................ ........................................ ........................................ ........................................ ........................................ ........ Result rc.d files check [ OK ] Checking history files Bourne Shell [ OK ] * Filesystem checks Checking /dev for suspicious files... [ OK ] Scanning for hidden files... [ Warning! ] --------------- /dev/.udevdb /etc/.pwd.lock --------------- Please inspect: /dev/.udevdb (directory) ¡¡¤ª¤Ã¤È¡¢¤³¤³¤Ç¤Ï±£¤·¥Õ¥¡¥¤¥ë¤È¤·¤Æ /dev/.udevdb ¤È /etc/.pwd.lock ¤¬¤Ò¤Ã¤«¤«¤ê Warning!(·Ù¹ð)¤¬½Ð¤Æ¤·¤Þ¤¤¤Þ¤·¤¿¡£
Application advisories - ¥¢¥×¥ê¥±¡¼¥·¥ç¥ó¤Ø¤Î¥¢¥É¥Ð¥¤¥¹ †¡¡¥Ð¡¼¥¸¥ç¥ó¤¬¸Å¤«¤Ã¤¿¤é·Ù¹ð¤¬½Ð¤Þ¤¹¡£°ìÉô¤Î¥Õ¥¡¥¤¥ë¤Ï¤¦¤Þ¤¯Ç§¼±¤·¤Æ¤¯¤ì¤Ê¤¤¤è¤¦¤Ç¤¹¡£ Application advisories * Application scan Checking Apache2 modules ... [ Not found ] Checking Apache configuration ... [ OK ] * Application version scan - GnuPG 1.4.1 [ OK ] - Apache 2.0.54 [ Unknown ] - Bind DNS 9.3.1 [ Unknown ] - OpenSSL 0.9.7f [ Unknown ] - PHP 5.0.4 [ Unknown ] - PHP 4.3.11 [ OK ] - Procmail MTA 3.22 [ OK ] - OpenSSH 4.0p1 [ OK ] Your system contains some unknown version numbers. Please run Rootkit Hunter with the --update parameter or fill in the contact form (www.rootkit.nl) ¡¡¤Á¤Ê¤ß¤Ë Fedora Core 4 ¤Ç¤Ï¤Ê¤¤Ë¿½ê¥·¥¹¥Æ¥à¤ò¥Á¥§¥Ã¥¯¤·¤¿¤È¤³¤í¡¢¸Å¤¤¡ª¡ª¤È»ØŦ¤µ¤ì¤Æ¤·¤Þ¤¤¤Þ¤·¤¿¡Ä¡Ä¡Ê´À¡¢ÁáµÞ¤ËÂкö¤ò¤·¤Þ¤¹¡£¡£¡£ - Bind DNS 8.3.3 [ Old or patched version ] - OpenSSL 0.9.5a [ Unknown ] - PHP 4.3.9 [ Old or patched version ] - Procmail MTA 3.14 [ Old or patched version ] - Procmail MTA 3.14 [ Old or patched version ] - ProFTPd 1.2.6 [ OK ] - OpenSSH t [ Unknown ] Security advisories - ¥»¥¥å¥ê¥Æ¥£¤Î¥¢¥É¥Ð¥¤¥¹ †¡¡¤³¤³¤Ç¤Ï root ¤Î¥í¥°¥¤¥óµö²Ä¤¬»ØŦ¤µ¤ì¤Æ¤·¤Þ¤¤¤Þ¤·¤¿¡£ Security advisories * Check: Groups and Accounts Searching for /etc/passwd... [ Found ] Checking users with UID '0' (root)... [ OK ] * Check: SSH Searching for sshd_config... Found /etc/ssh/sshd_config Checking for allowed root login... Watch out Root login possible. Possible risk! info: Hint: See logfile for more information about this issue Checking for allowed protocols... [ Warning (SSH v1 allowed) ] * Check: Events and Logging Search for syslog configuration... [ OK ] Checking for running syslog slave... [ OK ] Checking for logging to remote system... [ OK (no remote logging) ] ¡¡»ØŦ¤µ¤ì¤Æ¤¤¤ë¤Î¤Ï¡¢ Found /etc/ssh/sshd_config Checking for allowed root login... Watch out Root login possible. Possible risk! ¡¡¤³¤ÎÉôʬ¡£ ¡¡¥ê¥â¡¼¥È¤«¤éľÀÜ root ¤Ç¥í¥°¥¤¥ó¤¹¤ë¤³¤È¤Ï̵¤¤¤Î¤Ç¡¢/etc/ssh/sshd_config ¤ÎÀßÄê¤òÊѹ¹¤·¤Þ¤¹¡£ PermitRootLogin no ¤³¤Î¹Ô¤ò¥Õ¥¡¥¤¥ë¤ËÄɲä·¤Æ sshd ¤ÎºÆµ¯Æ°¤Ç¤¹¡£ # /etc/init.d/sshd restart sshd ¤òÄä»ßÃæ: [ OK ] sshd ¤òµ¯Æ°Ãæ: [ OK ] ¡¡½ñ¤´¹¤¨¸å¤ÏÌäÂê¤Ê¤¤¤È¤¤¤¦É½¼¨¤ËÊѤï¤ê¤Þ¤¹¡£ Found /etc/ssh/sshd_config Checking for allowed root login... [ OK (Remote root login disabled) ] Scan results - ¥¹¥¥ã¥ó·ë²Ì †¡¡ºÇ´ü¤Ë½Ð¤ë¤Î¤¬¥¹¥¥ã¥ó·ë²Ì¡£ MD5 MD5 compared: 0 Incorrect MD5 checksums: 0 File scan Scanned files: 342 Possible infected files: 0 Application scan Vulnerable applications: 0 Scanning took 69 seconds ¡¡¤É¤ì¤âÌäÂê¤Ê¤¤¤È¤¤¤¦¤³¤È¡¢¥¹¥¥ã¥ó¤Ë 69 É䫤«¤ê¤Þ¤·¤¿¤è¡¢¤È¤¤¤¦»ö¤¬É½¼¨¤µ¤ì¤Æ¤¤¤Þ¤¹¡£Rootkit ¤Ï¸¡½Ð¤µ¤ì¤Þ¤»¤ó¤Ç¤·¤¿¡£°ì°Â¿´¤Ç¤¹¡£ ¡¡¤Á¤Ê¤ß¤Ë¡¢¤â¤· Rootkit ¤¬¤¢¤Ã¤¿¤ê¥·¥¹¥Æ¥à²þãâ¤Î¶²¤ì¤¬¤¢¤ë¤È¡¢¤³¤Î¤è¤¦¤Êɽ¼¨¤Ë¤Ê¤ê¤Þ¤¹¡£¡£¡£ MD5 MD5 compared: 49 Incorrect MD5 checksums: 24 File scan Scanned files: 342 Possible infected files: 0 Application scan Vulnerable applications: 4 ¡¡¤³¤Î¤è¤¦¤Ê¾õÂ֤Ǥ¢¤ì¤Ð¡¢Â®¤ä¤«¤Ë¥Í¥Ã¥È¥ï¡¼¥¯¤«¤é¥Þ¥·¥ó¤òÀÚ¤êÎ¥¤·¡¢OS ¤ÎºÆ¥¤¥ó¥¹¥È¡¼¥ë¡Ê¥¯¥ê¡¼¥ó¥¤¥ó¥¹¥È¡¼¥ë¡Ë¤ò¤¹¤ë¤³¤È¤ò¤ª¾©¤á¤·¤Þ¤¹¡Ê¤µ¤é¤Ë¾¤Î¥Þ¥·¥ó¤ä¥Í¥Ã¥È¥ï¡¼¥¯¤ËÈï³²¤¬½Ð¤Ê¤¤¤è¤¦¤Ë¤¹¤ë¤¿¤á¤Ç¤¹¡Ë |