I just set up a new box and it has CLAMAV, KISS, Modevassive and modsecurity installed on Red Hat Fedora Core 5.
I have ran the chkrootkit and rkhunter. I don't understand the following output is it a false positive or is the box been hacked already?
Chkrootkit shows everything clean or ok except this.........
Checking `chkutmp'... The tty of the following user process(es) were not
found
in /var/run/utmp !
! RUID PID TTY CMD
! root 2179 tty1 /sbin/mingetty tty1
! root 2183 tty2 /sbin/mingetty tty2
! root 2186 tty3 /sbin/mingetty tty3
! root 2189 tty4 /sbin/mingetty tty4
! root 2192 tty5 /sbin/mingetty tty5
! root 12781 tty7 /usr/bin/Xorg :0 -audit 0 -auth
/var/gdm/:0.Xauth -nolisten tcp vt7
chkutmp: nothing deleted
Do these need to be removed?
And rkhunter shows all files clean with the following.............
Scanning for hidden files... [ Warning! ]
---------------
/dev/.udev /usr/share/man/man1/..1.gz /etc/.pwd.lock
---------------
Please inspect: /dev/.udev (directory) /usr/share/man/man1/..1.gz (gzip
compressed data, from Unix, max compression)
---------------------------- Scan results ----------------------------
MD5
MD5 compared: 0
Incorrect MD5 checksums: 0
File scan
Scanned files: 342
Possible infected files: 0
Application scan
Scanning took 306 seconds
I would welcome some clarification on what needs to happen now. Thank you
I have ran the chkrootkit and rkhunter. I don't understand the following output is it a false positive or is the box been hacked already?
Chkrootkit shows everything clean or ok except this.........
Checking `chkutmp'... The tty of the following user process(es) were not
found
in /var/run/utmp !
! RUID PID TTY CMD
! root 2179 tty1 /sbin/mingetty tty1
! root 2183 tty2 /sbin/mingetty tty2
! root 2186 tty3 /sbin/mingetty tty3
! root 2189 tty4 /sbin/mingetty tty4
! root 2192 tty5 /sbin/mingetty tty5
! root 12781 tty7 /usr/bin/Xorg :0 -audit 0 -auth
/var/gdm/:0.Xauth -nolisten tcp vt7
chkutmp: nothing deleted
Do these need to be removed?
And rkhunter shows all files clean with the following.............
Scanning for hidden files... [ Warning! ]
---------------
/dev/.udev /usr/share/man/man1/..1.gz /etc/.pwd.lock
---------------
Please inspect: /dev/.udev (directory) /usr/share/man/man1/..1.gz (gzip
compressed data, from Unix, max compression)
---------------------------- Scan results ----------------------------
MD5
MD5 compared: 0
Incorrect MD5 checksums: 0
File scan
Scanned files: 342
Possible infected files: 0
Application scan
Scanning took 306 seconds
I would welcome some clarification on what needs to happen now. Thank you
