OVH Community, your new community space.

scna ralizado y posibles fallos


ddanime
05/01/2009, 00:47
hoal e echo un scan a mi servidor dado que alñ parecer por la ignoracia de uno de los que estaban en mi servidor pues ubo algun que otro problemilla y ahroa estoy cekeando por todos lados y me tiro eesto el watcdog aver si alguien medice que es lo qeu esta mal o que sioluciones ahi y si en verdad ahi algo mal.

saludos espero puedan ayudarme gracias de antemano.

Código HTML:
Running updater...

Mirrorfile /usr/local/psa/var/modules/watchdog/lib/rkhunter/db/mirrors.dat rotated
Using mirror http://rkhunter.sourceforge.net
[DB] Mirror file                      : Up to date
[DB] MD5 hashes system binaries       : Up to date
[DB] Operating System information     : Up to date
[DB] MD5 blacklisted tools/binaries   : Up to date
[DB] Known good program versions      : Up to date
[DB] Known bad program versions       : Up to date




Ready.


Rootkit Hunter 1.2.8 is running

Determining OS... Ready


Checking binaries
* Selftests
     Strings (command)   /usr/bin/whoami  [ OK ]


* System tools
Info: prelinked files found
  Performing 'known good' check...
   /bin/cat  [ OK ]
   /bin/chmod  [ OK ]
   /bin/chown  [ OK ]
   /bin/date  [ OK ]
   /bin/dmesg  [ OK ]
   /bin/env  [ OK ]
   /bin/grep  [ OK ]
   /bin/kill  [ OK ]
   /bin/login  [ OK ]
   /bin/ls  [ OK ]
   /bin/more  [ OK ]
   /bin/mount  [ OK ]
   /bin/netstat  [ OK ]
   /bin/ps  [ OK ]
   /bin/su  [ OK ]
   /sbin/chkconfig  [ OK ]
   /sbin/depmod  [ OK ]
   /sbin/ifconfig  [ OK ]
   /sbin/init  [ OK ]
   /sbin/insmod  [ OK ]
   /sbin/ip  [ OK ]
   /sbin/lsmod  [ OK ]
   /sbin/modinfo  [ OK ]
   /sbin/modprobe  [ OK ]
   /sbin/rmmod  [ OK ]
   /sbin/runlevel  [ OK ]
   /sbin/sulogin  [ OK ]
   /sbin/sysctl  [ OK ]
   /sbin/syslogd  [ OK ]
   /usr/bin/chattr  [ OK ]
   /usr/bin/du  [ OK ]
   /usr/bin/file  [ OK ]
   /usr/bin/find  [ OK ]
   /usr/bin/head  [ OK ]
   /usr/bin/killall  [ OK ]
   /usr/bin/lsattr  [ OK ]
   /usr/bin/md5sum  [ OK ]
   /usr/bin/passwd  [ OK ]
   /usr/bin/pstree  [ OK ]
   /usr/bin/sha1sum  [ OK ]
   /usr/bin/slocate  [ OK ]
   /usr/bin/stat  [ OK ]
   /usr/bin/strings  [ OK ]
   /usr/bin/top  [ OK ]
   /usr/bin/users  [ OK ]
   /usr/bin/vmstat  [ OK ]
   /usr/bin/w  [ OK ]
   /usr/bin/watch  [ OK ]
   /usr/bin/wc  [ OK ]
   /usr/bin/wget  [ OK ]
   /usr/bin/whereis  [ OK ]
   /usr/bin/who  [ OK ]
   /usr/bin/whoami  [ OK ]


Check rootkits
* Default files and directories
   Rootkit '55808 Trojan - Variant A'...   [ OK ]
   ADM Worm...   [ OK ]
   Rootkit 'AjaKit'...   [ OK ]
   Rootkit 'aPa Kit'...   [ OK ]
   Rootkit 'Apache Worm'...   [ OK ]
   Rootkit 'Ambient (ark) Rootkit'...   [ OK ]
   Rootkit 'Balaur Rootkit'...   [ OK ]
   Rootkit 'BeastKit'...   [ OK ]
   Rootkit 'beX2'...   [ OK ]
   Rootkit 'BOBKit'...   [ OK ]
   Rootkit 'CiNIK Worm (Slapper.B variant)'...   [ OK ]
   Rootkit 'Danny-Boy's Abuse Kit'...   [ OK ]
   Rootkit 'Devil RootKit'...   [ OK ]
   Rootkit 'Dica'...   [ OK ]
   Rootkit 'Dreams Rootkit'...   [ OK ]
   Rootkit 'Duarawkz'...   [ OK ]
   Rootkit 'Flea Linux Rootkit'...   [ OK ]
   Rootkit 'FreeBSD Rootkit'...   [ OK ]
   Rootkit 'Fuck`it Rootkit'...   [ OK ]
   Rootkit 'GasKit'...   [ OK ]
   Rootkit 'Heroin LKM'...   [ OK ]
   Rootkit 'HjC Kit'...   [ OK ]
   Rootkit 'ignoKit'...   [ OK ]
   Rootkit 'ImperalsS-FBRK'...   [ OK ]
   Rootkit 'Irix Rootkit'...   [ OK ]
   Rootkit 'Kitko'...   [ OK ]
   Rootkit 'Knark'...   [ OK ]
   Rootkit 'Li0n Worm'...   [ OK ]
   Rootkit 'Lockit / LJK2'...   [ OK ]
   Rootkit 'MRK'...   [ OK ]
   Rootkit 'Ni0 Rootkit'...   [ OK ]
   Rootkit 'RootKit for SunOS / NSDAP'...   [ OK ]
   Rootkit 'Optic Kit (Tux)'...   [ OK ]
   Rootkit 'Oz Rootkit'...   [ OK ]
   Rootkit 'Portacelo'...   [ OK ]
   Rootkit 'R3dstorm Toolkit'...   [ OK ]
   Rootkit 'RH-Sharpe's rootkit'...   [ OK ]
   Rootkit 'RSHA's rootkit'...   [ OK ]
   Sebek LKM  [ OK ]
   Rootkit 'Scalper Worm'...   [ OK ]
   Rootkit 'Shutdown'...   [ OK ]
   Rootkit 'SHV4'...   [ OK ]
   Rootkit 'SHV5'...   [ OK ]
   Rootkit 'Sin Rootkit'...   [ OK ]
   Rootkit 'Slapper'...   [ OK ]
   Rootkit 'Sneakin Rootkit'...   [ OK ]
   Rootkit 'Suckit Rootkit'...   [ OK ]
   Rootkit 'SunOS Rootkit'...   [ OK ]
   Rootkit 'Superkit'...   [ OK ]
   Rootkit 'TBD (Telnet BackDoor)'...   [ OK ]
   Rootkit 'TeLeKiT'...   [ OK ]
   Rootkit 'T0rn Rootkit'...   [ OK ]
   Rootkit 'Trojanit Kit'...   [ OK ]
   Rootkit 'Tuxtendo'...   [ OK ]
   Rootkit 'URK'...   [ OK ]
   Rootkit 'VcKit'...   [ OK ]
   Rootkit 'Volc Rootkit'...   [ OK ]
   Rootkit 'X-Org SunOS Rootkit'...   [ OK ]
   Rootkit 'zaRwT.KiT Rootkit'...   [ OK ]

* Suspicious files and malware
   Scanning for known rootkit strings  [ OK ]
   Scanning for known rootkit files  [ OK ]
   Testing running processes...   [ OK ]
   Miscellaneous Login backdoors  [ OK ]
   Miscellaneous directories  [ OK ]
   Software related files  [ OK ]
   Sniffer logs  [ OK ]

* Trojan specific characteristics
   shv4
     Checking /etc/rc.d/rc.sysinit
       Test 1  [ Clean ]
       Test 2  [ Clean ]
       Test 3  [ Clean ]
     Checking /etc/inetd.conf  [ Not found ]
     Checking /etc/xinetd.conf  [ Clean ]

* Suspicious file properties
   chmod properties
     Checking /bin/ps  [ Clean ]
     Checking /bin/ls  [ Clean ]
     Checking /usr/bin/w  [ Clean ]
     Checking /usr/bin/who  [ Clean ]
     Checking /bin/netstat  [ Clean ]
     Checking /bin/login  [ Clean ]
   Script replacements
     Checking /bin/ps  [ Clean ]
     Checking /bin/ls  [ Clean ]
     Checking /usr/bin/w  [ Clean ]
     Checking /usr/bin/who  [ Clean ]
     Checking /bin/netstat  [ Clean ]
     Checking /bin/login  [ Clean ]

* OS dependant tests

   Linux
     Checking loaded kernel modules... Skipped!
     Checking files attributes  [ OK ]
     Checking LKM module path  [ Skipped! ]


Networking
* Check: frequently used backdoors
Not tested

* Interfaces
     Scanning for promiscuous interfaces  [ OK ]


System checks
* Allround tests
   Checking hostname... Found. Hostname is ns352237.ovh.net
   Checking for passwordless user accounts... OK
   Checking for differences in user accounts... OK. No changes.
   Checking for differences in user groups... OK. No changes.
   Checking boot.local/rc.local file... 
     - /etc/rc.local  [ OK ]
     - /etc/rc.d/rc.local  [ OK ]
     - /usr/local/etc/rc.local  [ Not found ]
     - /usr/local/etc/rc.d/rc.local  [ Not found ]
     - /etc/conf.d/local.start  [ Not found ]
     - /etc/init.d/boot.local  [ Not found ]
   Checking rc.d files... 
     Processing........................................
               ........................................
               ........................................
               ........................................
               ........................................
               ........................................
               ........................................
               ........................................
               ........................................
               ........................................
               ........................................
               ........................................
               ...........................
   Result rc.d files check  [ OK ]
   Checking history files
     Bourne Shell  [ OK ]

* Filesystem checks
   Checking /dev for suspicious files...   [ OK ]
   Scanning for hidden files...  [ OK ]


Application advisories
* Application scan
   Checking Apache2 modules ...      [ Not found ]
   Checking Apache configuration ...      [ OK ]

* Application version scan
   - GnuPG 1.4.5   [ OK ]
   - Apache 2.0.54   [ OK ]
   - Bind DNS 9.3.1   [ OK ]
   - OpenSSL 0.9.7f   [ Old or patched version ]
   - PHP 5.0.4   [ OK ]
   - Procmail MTA 3.22   [ OK ]
   - ProFTPd 1.3.1   [ Unknown ]
   - OpenSSH 4.2p1   [ OK ]

Your system contains some unknown version numbers. Please run Rootkit Hunter
with the --update parameter or fill in the contact form (www.rootkit.nl).


Security advisories
* Check: Groups and Accounts
   Searching for /etc/passwd...   [ Found ]
   Checking users with UID '0' (root)...   [ OK ]

* Check: SSH
   Searching for sshd_config... 
   Found /etc/ssh/sshd_config
   Checking for allowed root login...  Watch out.  Root login possible. Possible risk!
     info: 
     Hint: See logfile for more information about this issue
    Checking for allowed protocols...   [  OK ( Only SSH2 allowed) ]

*  Check: Events and Logging
    Search for syslog configuration...   [  OK ]
    Checking for running syslog slave...   [  OK ]
    Checking for logging to remote system...   [  OK ( no remote logging) ]


----------------------------  Scan results ----------------------------

MD5
 MD5 compared: 53
 Incorrect MD5 checksums: 0

 File scan
 Scanned files: 342
 Possible infected files: 0

 Application scan
 Vulnerable applications: 1

 Scanning took 45 seconds
 Scan results written to logfile (/var/log/rkhunter.log)

-----------------------------------------------------------------------

 Do you have some problems, undetected rootkits, false positives, ideas
or suggestions?
Please e-mail me by filling in the contact form (@http://www.rootkit.nl)

-----------------------------------------------------------------------