chencho
20/06/2013, 13:41
Suspect files: 0
Possible rootkits: 0
Suspect applications: 1
Actualiza el ssh, por lo demas no le veo problema
Possible rootkits: 0
Suspect applications: 1
Actualiza el ssh, por lo demas no le veo problema
OX roockit
josele888
20/06/2013, 10:11
Aqui os pongo el resultado del OX Roockit. Espero me podais indicar por las advertencias que señala.
OS X Rootkit Hunter needs to be started with administrator privileges, please authenticate first.
[ Rootkit Hunter version 1.3.0 ]
Running Rootkit Hunter version 1.3.0 on
Checking system commands...
Performing 'strings' command checks
Checking 'strings' command [ OK ]
Performing 'shared libraries' checks
Checking for preloading variables [ None found ]
Checking for preload file [ Not found ]
Checking LD_LIBRARY_PATH variable [ Skipped ]
Performing file properties checks
Checking for prerequisites [ Warning ]
The (command properties test) is not completly supported in this version of OSX rootkit hunter
/bin/bash [ OK ]
/bin/cat [ OK ]
/bin/chmod [ OK ]
/bin/cp [ OK ]
/bin/csh [ OK ]
/bin/date [ OK ]
/bin/df [ OK ]
/bin/echo [ OK ]
/bin/ed [ OK ]
/bin/kill [ OK ]
/bin/ls [ OK ]
/bin/mv [ OK ]
/bin/ps [ OK ]
/bin/pwd [ OK ]
/bin/sh [ OK ]
/bin/test [ OK ]
/usr/bin/awk [ OK ]
/usr/bin/basename [ OK ]
/usr/bin/curl [ OK ]
/usr/bin/cut [ OK ]
/usr/bin/diff [ OK ]
/usr/bin/dirname [ OK ]
/usr/bin/du [ OK ]
/usr/bin/egrep [ OK ]
/usr/bin/env [ OK ]
/usr/bin/fgrep [ OK ]
/usr/bin/file [ OK ]
/usr/bin/find [ OK ]
/usr/bin/grep [ OK ]
/usr/bin/groups [ OK ]
/usr/bin/head [ OK ]
/usr/bin/id [ OK ]
/usr/bin/killall [ OK ]
/usr/bin/last [ OK ]
/usr/bin/less [ OK ]
/usr/bin/locate [ OK ]
/usr/bin/logger [ OK ]
/usr/bin/login [ OK ]
/usr/bin/mail [ OK ]
/usr/bin/mktemp [ OK ]
/usr/bin/more [ OK ]
/usr/bin/newgrp [ OK ]
/usr/bin/passwd [ OK ]
/usr/bin/perl [ OK ]
/usr/bin/readlink [ OK ]
/usr/bin/sed [ OK ]
/usr/bin/sort [ OK ]
/usr/bin/stat [ OK ]
/usr/bin/strings [ OK ]
/usr/bin/su [ OK ]
/usr/bin/sudo [ OK ]
/usr/bin/tail [ OK ]
/usr/bin/top [ OK ]
/usr/bin/touch [ OK ]
/usr/bin/tr [ OK ]
/usr/bin/uname [ OK ]
/usr/bin/uniq [ OK ]
/usr/bin/users [ OK ]
/usr/bin/w [ OK ]
/usr/bin/wc [ OK ]
/usr/bin/whatis [ OK ]
/usr/bin/whereis [ OK ]
/usr/bin/which [ OK ]
/usr/bin/who [ OK ]
/usr/bin/whoami [ OK ]
/sbin/dmesg [ OK ]
/sbin/ifconfig [ OK ]
/sbin/md5 [ OK ]
/sbin/mount [ OK ]
/sbin/nologin [ OK ]
/usr/sbin/chown [ OK ]
/usr/sbin/chroot [ OK ]
/usr/sbin/cron [ OK ]
/usr/sbin/lsof [ OK ]
/usr/sbin/netstat [ OK ]
/usr/sbin/newsyslog [ OK ]
/usr/sbin/sysctl [ OK ]
/usr/sbin/syslogd [ OK ]
/usr/sbin/vipw [ OK ]
/usr/libexec/tcpd [ OK ]
Checking for rootkits...
Performing check of known rootkit files and directories
55808 Trojan - Variant A [ Not found ]
ADM Worm [ Not found ]
AjaKit Rootkit [ Not found ]
aPa Kit [ Not found ]
Apache Worm [ Not found ]
Ambient (ark) Rootkit [ Not found ]
Balaur Rootkit [ Not found ]
BeastKit Rootkit [ Not found ]
beX2 Rootkit [ Not found ]
BOBKit Rootkit [ Not found ]
CiNIK Worm (Slapper.B variant) [ Not found ]
Danny-Boy's Abuse Kit [ Not found ]
Devil RootKit [ Not found ]
Dica-Kit Rootkit [ Not found ]
Dreams Rootkit [ Not found ]
Duarawkz Rootkit [ Not found ]
Enye LKM [ Not found ]
Flea Linux Rootkit [ Not found ]
FreeBSD Rootkit [ Not found ]
Fuck`it Rootkit [ Not found ]
GasKit Rootkit [ Not found ]
Heroin LKM [ Not found ]
HjC Kit [ Not found ]
ignoKit Rootkit [ Not found ]
ImperalsS-FBRK Rootkit [ Not found ]
Irix Rootkit [ Not found ]
Kitko Rootkit [ Not found ]
Knark Rootkit [ Not found ]
Li0n Worm [ Not found ]
Lockit / LJK2 Rootkit [ Not found ]
Mood-NT Rootkit [ Not found ]
MRK Rootkit [ Not found ]
Ni0 Rootkit [ Not found ]
Ohhara Rootkit [ Not found ]
Optic Kit (Tux) Worm [ Not found ]
Oz Rootkit [ Not found ]
Phalanx Rootkit [ Not found ]
Portacelo Rootkit [ Not found ]
R3dstorm Toolkit [ Not found ]
RH-Sharpe's Rootkit [ Not found ]
RSHA's Rootkit [ Not found ]
Scalper Worm [ Not found ]
Sebek LKM [ Not found ]
Shutdown Rootkit [ Not found ]
SHV4 Rootkit [ Not found ]
SHV5 Rootkit [ Not found ]
Sin Rootkit [ Not found ]
Slapper Worm [ Not found ]
Sneakin Rootkit [ Not found ]
Suckit Rootkit [ Not found ]
SunOS Rootkit [ Not found ]
SunOS / NSDAP Rootkit [ Not found ]
Superkit Rootkit [ Not found ]
TBD (Telnet BackDoor) [ Not found ]
TeLeKiT Rootkit [ Not found ]
T0rn Rootkit [ Not found ]
Trojanit Kit [ Not found ]
Tuxtendo Rootkit [ Not found ]
URK Rootkit [ Not found ]
VcKit Rootkit [ Not found ]
Volc Rootkit [ Not found ]
X-Org SunOS Rootkit [ Not found ]
zaRwT.KiT Rootkit [ Not found ]
Performing additional rootkit checks
Checking for possible rootkit files and directories [ None found ]
Performing malware checks
Checking running processes for suspicious files [ None found ]
Checking for hidden processes [ Skipped ]
Checking for login backdoors [ None found ]
Checking for suspicious directories [ None found ]
Checking for sniffer log files [ None found ]
Checking the network...
Performing check for backdoor ports
Checking for TCP port 1524 [ Not found ]
Checking for TCP port 1984 [ Not found ]
Checking for UDP port 2001 [ Not found ]
Checking for TCP port 2006 [ Not found ]
Checking for TCP port 2128 [ Not found ]
Checking for TCP port 6666 [ Not found ]
Checking for TCP port 6667 [ Not found ]
Checking for TCP port 6668 [ Not found ]
Checking for TCP port 6669 [ Not found ]
Checking for TCP port 7000 [ Not found ]
Checking for TCP port 13000 [ Not found ]
Checking for TCP port 14856 [ Not found ]
Checking for TCP port 25000 [ Not found ]
Checking for TCP port 29812 [ Not found ]
Checking for TCP port 31337 [ Not found ]
Checking for TCP port 32982 [ Not found ]
Checking for TCP port 33369 [ Not found ]
Checking for TCP port 47107 [ Not found ]
Checking for TCP port 47018 [ Not found ]
Checking for TCP port 60922 [ Not found ]
Checking for TCP port 62883 [ Not found ]
Checking for TCP port 65535 [ Not found ]
Now we run an additional connection check, to inform you about used and listen tcp-ports
and their appropriate process/commands. - This additional check was created by Christian Hornung
There is a LISTEN tcp Port localhost:12080 created by Process/Command: com.avast
There is a LISTEN tcp Port localhost:12110 created by Process/Command: com.avast
There is a LISTEN tcp Port localhost:12143 created by Process/Command: com.avast
There is a LISTEN tcp Port localhost:12993 created by Process/Command: com.avast
There is a LISTEN tcp Port localhost:12995 created by Process/Command: com.avast
There is a LISTEN tcp Port localhost:ipp created by Process/Command: launchd
FYI, named services are described in the file /etc/services
There is a CONNECTED tcp Port com.avast used by the Process/Command:
There is a CONNECTED tcp Port 12080 used by the Process/Command: Safari
There is a CONNECTED tcp Port 59590 used by the Process/Command: com.avast
There is a CONNECTED tcp Port http used by the Process/Command: com.avast
Performing checks on the network interfaces
Checking for promiscuous interfaces [ None found ]
Checking the local host...
Performing group and account checks
Checking for passwd file [ Found ]
Checking for root equivalent (UID 0) accounts [ None found ]
Checking for passwordless accounts [ None found ]
Checking for passwd file changes [ None found ]
Checking for group file changes [ None found ]
Checking root account shell history files [ None found ]
Performing system configuration file checks
Checking for SSH configuration file [ Found ]
Checking if SSH root access is allowed [ OK ]
Checking if SSH protocol v1 is allowed [ Not allowed ]
Checking for running syslog daemon [ Found ]
Checking for syslog configuration file [ Found ]
Checking if syslog remote logging is allowed [ Warning ]
Syslog configuration file allows remote logging: install.* @127.0.0.1:32376
Performing filesystem checks
Checking /dev for suspicious file types [ None found ]
Checking for hidden files and directories [ Warning ]
Hidden file found: /usr/share/man/man5/.rhosts.5.gz: gzip compressed data, from Unix
Checking application versions...
Checking version of Apache [ OK ]
Checking version of Bind DNS [ OK ]
Checking version of OpenSSL [ OK ]
Checking version of PHP [ OK ]
Checking version of Procmail MTA [ OK ]
Checking version of OpenSSH [ Warning ]
Application 'sshd', version '5.2p1', is out of date, and possibly a security risk.
System checks summary
=====================
File properties checks...
Required commands check failed
Files checked: 80
Suspect files: 0
Rootkit checks...
Rootkits checked : 77
Possible rootkits: 0
Applications checks...
Applications checked: 6
Suspect applications: 1
The system checks took: 30 seconds
All results have been written to the logfile (/tmp/rkhunter.log)
One or more warnings have been found while checking the system.
Please check the log file (/tmp/rkhunter.log)
Many thanks to the founder and developer of the original rootkit hunter:
Michael Boelen from www.rootkit.nl
To exit press ctrl+c and then ctrl+d
OS X Rootkit Hunter needs to be started with administrator privileges, please authenticate first.
[ Rootkit Hunter version 1.3.0 ]
Running Rootkit Hunter version 1.3.0 on
Checking system commands...
Performing 'strings' command checks
Checking 'strings' command [ OK ]
Performing 'shared libraries' checks
Checking for preloading variables [ None found ]
Checking for preload file [ Not found ]
Checking LD_LIBRARY_PATH variable [ Skipped ]
Performing file properties checks
Checking for prerequisites [ Warning ]
The (command properties test) is not completly supported in this version of OSX rootkit hunter
/bin/bash [ OK ]
/bin/cat [ OK ]
/bin/chmod [ OK ]
/bin/cp [ OK ]
/bin/csh [ OK ]
/bin/date [ OK ]
/bin/df [ OK ]
/bin/echo [ OK ]
/bin/ed [ OK ]
/bin/kill [ OK ]
/bin/ls [ OK ]
/bin/mv [ OK ]
/bin/ps [ OK ]
/bin/pwd [ OK ]
/bin/sh [ OK ]
/bin/test [ OK ]
/usr/bin/awk [ OK ]
/usr/bin/basename [ OK ]
/usr/bin/curl [ OK ]
/usr/bin/cut [ OK ]
/usr/bin/diff [ OK ]
/usr/bin/dirname [ OK ]
/usr/bin/du [ OK ]
/usr/bin/egrep [ OK ]
/usr/bin/env [ OK ]
/usr/bin/fgrep [ OK ]
/usr/bin/file [ OK ]
/usr/bin/find [ OK ]
/usr/bin/grep [ OK ]
/usr/bin/groups [ OK ]
/usr/bin/head [ OK ]
/usr/bin/id [ OK ]
/usr/bin/killall [ OK ]
/usr/bin/last [ OK ]
/usr/bin/less [ OK ]
/usr/bin/locate [ OK ]
/usr/bin/logger [ OK ]
/usr/bin/login [ OK ]
/usr/bin/mail [ OK ]
/usr/bin/mktemp [ OK ]
/usr/bin/more [ OK ]
/usr/bin/newgrp [ OK ]
/usr/bin/passwd [ OK ]
/usr/bin/perl [ OK ]
/usr/bin/readlink [ OK ]
/usr/bin/sed [ OK ]
/usr/bin/sort [ OK ]
/usr/bin/stat [ OK ]
/usr/bin/strings [ OK ]
/usr/bin/su [ OK ]
/usr/bin/sudo [ OK ]
/usr/bin/tail [ OK ]
/usr/bin/top [ OK ]
/usr/bin/touch [ OK ]
/usr/bin/tr [ OK ]
/usr/bin/uname [ OK ]
/usr/bin/uniq [ OK ]
/usr/bin/users [ OK ]
/usr/bin/w [ OK ]
/usr/bin/wc [ OK ]
/usr/bin/whatis [ OK ]
/usr/bin/whereis [ OK ]
/usr/bin/which [ OK ]
/usr/bin/who [ OK ]
/usr/bin/whoami [ OK ]
/sbin/dmesg [ OK ]
/sbin/ifconfig [ OK ]
/sbin/md5 [ OK ]
/sbin/mount [ OK ]
/sbin/nologin [ OK ]
/usr/sbin/chown [ OK ]
/usr/sbin/chroot [ OK ]
/usr/sbin/cron [ OK ]
/usr/sbin/lsof [ OK ]
/usr/sbin/netstat [ OK ]
/usr/sbin/newsyslog [ OK ]
/usr/sbin/sysctl [ OK ]
/usr/sbin/syslogd [ OK ]
/usr/sbin/vipw [ OK ]
/usr/libexec/tcpd [ OK ]
Checking for rootkits...
Performing check of known rootkit files and directories
55808 Trojan - Variant A [ Not found ]
ADM Worm [ Not found ]
AjaKit Rootkit [ Not found ]
aPa Kit [ Not found ]
Apache Worm [ Not found ]
Ambient (ark) Rootkit [ Not found ]
Balaur Rootkit [ Not found ]
BeastKit Rootkit [ Not found ]
beX2 Rootkit [ Not found ]
BOBKit Rootkit [ Not found ]
CiNIK Worm (Slapper.B variant) [ Not found ]
Danny-Boy's Abuse Kit [ Not found ]
Devil RootKit [ Not found ]
Dica-Kit Rootkit [ Not found ]
Dreams Rootkit [ Not found ]
Duarawkz Rootkit [ Not found ]
Enye LKM [ Not found ]
Flea Linux Rootkit [ Not found ]
FreeBSD Rootkit [ Not found ]
Fuck`it Rootkit [ Not found ]
GasKit Rootkit [ Not found ]
Heroin LKM [ Not found ]
HjC Kit [ Not found ]
ignoKit Rootkit [ Not found ]
ImperalsS-FBRK Rootkit [ Not found ]
Irix Rootkit [ Not found ]
Kitko Rootkit [ Not found ]
Knark Rootkit [ Not found ]
Li0n Worm [ Not found ]
Lockit / LJK2 Rootkit [ Not found ]
Mood-NT Rootkit [ Not found ]
MRK Rootkit [ Not found ]
Ni0 Rootkit [ Not found ]
Ohhara Rootkit [ Not found ]
Optic Kit (Tux) Worm [ Not found ]
Oz Rootkit [ Not found ]
Phalanx Rootkit [ Not found ]
Portacelo Rootkit [ Not found ]
R3dstorm Toolkit [ Not found ]
RH-Sharpe's Rootkit [ Not found ]
RSHA's Rootkit [ Not found ]
Scalper Worm [ Not found ]
Sebek LKM [ Not found ]
Shutdown Rootkit [ Not found ]
SHV4 Rootkit [ Not found ]
SHV5 Rootkit [ Not found ]
Sin Rootkit [ Not found ]
Slapper Worm [ Not found ]
Sneakin Rootkit [ Not found ]
Suckit Rootkit [ Not found ]
SunOS Rootkit [ Not found ]
SunOS / NSDAP Rootkit [ Not found ]
Superkit Rootkit [ Not found ]
TBD (Telnet BackDoor) [ Not found ]
TeLeKiT Rootkit [ Not found ]
T0rn Rootkit [ Not found ]
Trojanit Kit [ Not found ]
Tuxtendo Rootkit [ Not found ]
URK Rootkit [ Not found ]
VcKit Rootkit [ Not found ]
Volc Rootkit [ Not found ]
X-Org SunOS Rootkit [ Not found ]
zaRwT.KiT Rootkit [ Not found ]
Performing additional rootkit checks
Checking for possible rootkit files and directories [ None found ]
Performing malware checks
Checking running processes for suspicious files [ None found ]
Checking for hidden processes [ Skipped ]
Checking for login backdoors [ None found ]
Checking for suspicious directories [ None found ]
Checking for sniffer log files [ None found ]
Checking the network...
Performing check for backdoor ports
Checking for TCP port 1524 [ Not found ]
Checking for TCP port 1984 [ Not found ]
Checking for UDP port 2001 [ Not found ]
Checking for TCP port 2006 [ Not found ]
Checking for TCP port 2128 [ Not found ]
Checking for TCP port 6666 [ Not found ]
Checking for TCP port 6667 [ Not found ]
Checking for TCP port 6668 [ Not found ]
Checking for TCP port 6669 [ Not found ]
Checking for TCP port 7000 [ Not found ]
Checking for TCP port 13000 [ Not found ]
Checking for TCP port 14856 [ Not found ]
Checking for TCP port 25000 [ Not found ]
Checking for TCP port 29812 [ Not found ]
Checking for TCP port 31337 [ Not found ]
Checking for TCP port 32982 [ Not found ]
Checking for TCP port 33369 [ Not found ]
Checking for TCP port 47107 [ Not found ]
Checking for TCP port 47018 [ Not found ]
Checking for TCP port 60922 [ Not found ]
Checking for TCP port 62883 [ Not found ]
Checking for TCP port 65535 [ Not found ]
Now we run an additional connection check, to inform you about used and listen tcp-ports
and their appropriate process/commands. - This additional check was created by Christian Hornung
There is a LISTEN tcp Port localhost:12080 created by Process/Command: com.avast
There is a LISTEN tcp Port localhost:12110 created by Process/Command: com.avast
There is a LISTEN tcp Port localhost:12143 created by Process/Command: com.avast
There is a LISTEN tcp Port localhost:12993 created by Process/Command: com.avast
There is a LISTEN tcp Port localhost:12995 created by Process/Command: com.avast
There is a LISTEN tcp Port localhost:ipp created by Process/Command: launchd
FYI, named services are described in the file /etc/services
There is a CONNECTED tcp Port com.avast used by the Process/Command:
There is a CONNECTED tcp Port 12080 used by the Process/Command: Safari
There is a CONNECTED tcp Port 59590 used by the Process/Command: com.avast
There is a CONNECTED tcp Port http used by the Process/Command: com.avast
Performing checks on the network interfaces
Checking for promiscuous interfaces [ None found ]
Checking the local host...
Performing group and account checks
Checking for passwd file [ Found ]
Checking for root equivalent (UID 0) accounts [ None found ]
Checking for passwordless accounts [ None found ]
Checking for passwd file changes [ None found ]
Checking for group file changes [ None found ]
Checking root account shell history files [ None found ]
Performing system configuration file checks
Checking for SSH configuration file [ Found ]
Checking if SSH root access is allowed [ OK ]
Checking if SSH protocol v1 is allowed [ Not allowed ]
Checking for running syslog daemon [ Found ]
Checking for syslog configuration file [ Found ]
Checking if syslog remote logging is allowed [ Warning ]
Syslog configuration file allows remote logging: install.* @127.0.0.1:32376
Performing filesystem checks
Checking /dev for suspicious file types [ None found ]
Checking for hidden files and directories [ Warning ]
Hidden file found: /usr/share/man/man5/.rhosts.5.gz: gzip compressed data, from Unix
Checking application versions...
Checking version of Apache [ OK ]
Checking version of Bind DNS [ OK ]
Checking version of OpenSSL [ OK ]
Checking version of PHP [ OK ]
Checking version of Procmail MTA [ OK ]
Checking version of OpenSSH [ Warning ]
Application 'sshd', version '5.2p1', is out of date, and possibly a security risk.
System checks summary
=====================
File properties checks...
Required commands check failed
Files checked: 80
Suspect files: 0
Rootkit checks...
Rootkits checked : 77
Possible rootkits: 0
Applications checks...
Applications checked: 6
Suspect applications: 1
The system checks took: 30 seconds
All results have been written to the logfile (/tmp/rkhunter.log)
One or more warnings have been found while checking the system.
Please check the log file (/tmp/rkhunter.log)
Many thanks to the founder and developer of the original rootkit hunter:
Michael Boelen from www.rootkit.nl
To exit press ctrl+c and then ctrl+d