1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285 | ussop@Roronoa-Zoro:~$ sudo apt install -y chkrootkit rkhunter && sudo chkrootkit && sudo rkhunter --update && sudo rkhunter --checkall -sk
[sudo] password for ussop:
Reading package lists... Done
Building dependency tree
Reading state information... Done
The following packages were automatically installed and are no longer required:
linux-headers-4.8.0-36 linux-headers-4.8.0-36-generic linux-headers-4.8.0-58
linux-headers-4.8.0-58-generic linux-image-4.8.0-36-generic
linux-image-4.8.0-58-generic linux-image-extra-4.8.0-36-generic
linux-image-extra-4.8.0-58-generic snap-confine
Use 'sudo apt autoremove' to remove them.
The following additional packages will be installed:
bsd-mailx fonts-lato javascript-common libjs-jquery liblockfile-bin
liblockfile1 libruby2.3 rake ruby ruby-did-you-mean ruby-minitest
ruby-net-telnet ruby-power-assert ruby-test-unit ruby2.3
rubygems-integration unhide unhide.rb
Suggested packages:
apache2 | lighttpd | httpd ri ruby-dev bundler
The following NEW packages will be installed:
bsd-mailx chkrootkit fonts-lato javascript-common libjs-jquery
liblockfile-bin liblockfile1 libruby2.3 rake rkhunter ruby ruby-did-you-mean
ruby-minitest ruby-net-telnet ruby-power-assert ruby-test-unit ruby2.3
rubygems-integration unhide unhide.rb
0 upgraded, 20 newly installed, 0 to remove and 70 not upgraded.
Need to get 6.705 kB of archives.
After this operation, 30,0 MB of additional disk space will be used.
Get:1 http://be.archive.ubuntu.com/ubuntu xenial/main amd64 fonts-lato all 2.0-1 [2.693 kB]
Get:2 http://be.archive.ubuntu.com/ubuntu xenial/main amd64 liblockfile-bin amd64 1.09-6ubuntu1 [10,8 kB]
Get:3 http://be.archive.ubuntu.com/ubuntu xenial/main amd64 liblockfile1 amd64 1.09-6ubuntu1 [8.056 B]
Get:4 http://be.archive.ubuntu.com/ubuntu xenial/universe amd64 rkhunter all 1.4.2-5 [198 kB]
Get:5 http://be.archive.ubuntu.com/ubuntu xenial/main amd64 bsd-mailx amd64 8.1.2-0.20160123cvs-2 [63,7 kB]
Get:6 http://be.archive.ubuntu.com/ubuntu xenial/universe amd64 chkrootkit amd64 0.50-3.2 [326 kB]
Get:7 http://be.archive.ubuntu.com/ubuntu xenial/main amd64 javascript-common all 11 [6.066 B]
Get:8 http://be.archive.ubuntu.com/ubuntu xenial/main amd64 libjs-jquery all 1.11.3+dfsg-4 [161 kB]
Get:9 http://be.archive.ubuntu.com/ubuntu xenial/main amd64 rubygems-integration all 1.10 [4.966 B]
Get:10 http://be.archive.ubuntu.com/ubuntu xenial/main amd64 ruby-did-you-mean all 1.0.0-2 [8.390 B]
Get:11 http://be.archive.ubuntu.com/ubuntu xenial/main amd64 ruby-minitest all 5.8.4-2 [36,6 kB]
Get:12 http://be.archive.ubuntu.com/ubuntu xenial/main amd64 ruby-net-telnet all 0.1.1-2 [12,6 kB]
Get:13 http://be.archive.ubuntu.com/ubuntu xenial/main amd64 ruby-power-assert all 0.2.7-1 [7.668 B]
Get:14 http://be.archive.ubuntu.com/ubuntu xenial/main amd64 ruby-test-unit all 3.1.7-2 [60,3 kB]
Get:15 http://be.archive.ubuntu.com/ubuntu xenial-updates/main amd64 libruby2.3 amd64 2.3.1-2~16.04.2 [2.958 kB]
Get:16 http://be.archive.ubuntu.com/ubuntu xenial-updates/main amd64 ruby2.3 amd64 2.3.1-2~16.04.2 [41,0 kB]
Get:17 http://be.archive.ubuntu.com/ubuntu xenial/main amd64 ruby all 1:2.3.0+1 [5.530 B]
Get:18 http://be.archive.ubuntu.com/ubuntu xenial/main amd64 rake all 10.5.0-2 [48,2 kB]
Get:19 http://be.archive.ubuntu.com/ubuntu xenial/universe amd64 unhide amd64 20130526-1 [46,6 kB]
Get:20 http://be.archive.ubuntu.com/ubuntu xenial/universe amd64 unhide.rb all 22-2 [7.826 B]
Fetched 6.705 kB in 6s (1.017 kB/s)
Preconfiguring packages ...
Selecting previously unselected package fonts-lato.
(Reading database ... 285963 files and directories currently installed.)
Preparing to unpack .../fonts-lato_2.0-1_all.deb ...
Unpacking fonts-lato (2.0-1) ...
Selecting previously unselected package liblockfile-bin.
Preparing to unpack .../liblockfile-bin_1.09-6ubuntu1_amd64.deb ...
Unpacking liblockfile-bin (1.09-6ubuntu1) ...
Selecting previously unselected package liblockfile1:amd64.
Preparing to unpack .../liblockfile1_1.09-6ubuntu1_amd64.deb ...
Unpacking liblockfile1:amd64 (1.09-6ubuntu1) ...
Selecting previously unselected package rkhunter.
Preparing to unpack .../rkhunter_1.4.2-5_all.deb ...
Unpacking rkhunter (1.4.2-5) ...
Selecting previously unselected package bsd-mailx.
Preparing to unpack .../bsd-mailx_8.1.2-0.20160123cvs-2_amd64.deb ...
Unpacking bsd-mailx (8.1.2-0.20160123cvs-2) ...
Selecting previously unselected package chkrootkit.
Preparing to unpack .../chkrootkit_0.50-3.2_amd64.deb ...
Unpacking chkrootkit (0.50-3.2) ...
Selecting previously unselected package javascript-common.
Preparing to unpack .../javascript-common_11_all.deb ...
Unpacking javascript-common (11) ...
Selecting previously unselected package libjs-jquery.
Preparing to unpack .../libjs-jquery_1.11.3+dfsg-4_all.deb ...
Unpacking libjs-jquery (1.11.3+dfsg-4) ...
Selecting previously unselected package rubygems-integration.
Preparing to unpack .../rubygems-integration_1.10_all.deb ...
Unpacking rubygems-integration (1.10) ...
Selecting previously unselected package ruby-did-you-mean.
Preparing to unpack .../ruby-did-you-mean_1.0.0-2_all.deb ...
Unpacking ruby-did-you-mean (1.0.0-2) ...
Selecting previously unselected package ruby-minitest.
Preparing to unpack .../ruby-minitest_5.8.4-2_all.deb ...
Unpacking ruby-minitest (5.8.4-2) ...
Selecting previously unselected package ruby-net-telnet.
Preparing to unpack .../ruby-net-telnet_0.1.1-2_all.deb ...
Unpacking ruby-net-telnet (0.1.1-2) ...
Selecting previously unselected package ruby-power-assert.
Preparing to unpack .../ruby-power-assert_0.2.7-1_all.deb ...
Unpacking ruby-power-assert (0.2.7-1) ...
Selecting previously unselected package ruby-test-unit.
Preparing to unpack .../ruby-test-unit_3.1.7-2_all.deb ...
Unpacking ruby-test-unit (3.1.7-2) ...
Selecting previously unselected package libruby2.3:amd64.
Preparing to unpack .../libruby2.3_2.3.1-2~16.04.2_amd64.deb ...
Unpacking libruby2.3:amd64 (2.3.1-2~16.04.2) ...
Selecting previously unselected package ruby2.3.
Preparing to unpack .../ruby2.3_2.3.1-2~16.04.2_amd64.deb ...
Unpacking ruby2.3 (2.3.1-2~16.04.2) ...
Selecting previously unselected package ruby.
Preparing to unpack .../ruby_1%3a2.3.0+1_all.deb ...
Unpacking ruby (1:2.3.0+1) ...
Selecting previously unselected package rake.
Preparing to unpack .../archives/rake_10.5.0-2_all.deb ...
Unpacking rake (10.5.0-2) ...
Selecting previously unselected package unhide.
Preparing to unpack .../unhide_20130526-1_amd64.deb ...
Unpacking unhide (20130526-1) ...
Selecting previously unselected package unhide.rb.
Preparing to unpack .../unhide.rb_22-2_all.deb ...
Unpacking unhide.rb (22-2) ...
Processing triggers for fontconfig (2.11.94-0ubuntu1.1) ...
Processing triggers for man-db (2.7.5-1) ...
Processing triggers for libc-bin (2.23-0ubuntu9) ...
Setting up fonts-lato (2.0-1) ...
Setting up liblockfile-bin (1.09-6ubuntu1) ...
Setting up liblockfile1:amd64 (1.09-6ubuntu1) ...
Setting up rkhunter (1.4.2-5) ...
Creating config file /etc/default/rkhunter with new version
[ Rootkit Hunter version 1.4.2 ]
File created: searched for 177 files, found 146
Setting up bsd-mailx (8.1.2-0.20160123cvs-2) ...
update-alternatives: using /usr/bin/bsd-mailx to provide /usr/bin/mailx (mailx) in auto mode
Setting up chkrootkit (0.50-3.2) ...
Setting up javascript-common (11) ...
Setting up libjs-jquery (1.11.3+dfsg-4) ...
Setting up rubygems-integration (1.10) ...
Setting up ruby-did-you-mean (1.0.0-2) ...
Setting up ruby-minitest (5.8.4-2) ...
Setting up ruby-net-telnet (0.1.1-2) ...
Setting up ruby-power-assert (0.2.7-1) ...
Setting up ruby-test-unit (3.1.7-2) ...
Setting up unhide (20130526-1) ...
Setting up rake (10.5.0-2) ...
Setting up libruby2.3:amd64 (2.3.1-2~16.04.2) ...
Setting up ruby2.3 (2.3.1-2~16.04.2) ...
Setting up ruby (1:2.3.0+1) ...
Setting up unhide.rb (22-2) ...
Processing triggers for libc-bin (2.23-0ubuntu9) ...
Processing triggers for rkhunter (1.4.2-5) ...
[ Rootkit Hunter version 1.4.2 ]
File updated: searched for 178 files, found 148
ROOTDIR is `/'
Checking `amd'... not found
Checking `basename'... not infected
Checking `biff'... not found
Checking `chfn'... not infected
Checking `chsh'... not infected
Checking `cron'... not infected
Checking `crontab'... not infected
Checking `date'... not infected
Checking `du'... not infected
Checking `dirname'... not infected
Checking `echo'... not infected
Checking `egrep'... not infected
Checking `env'... not infected
Checking `find'... not infected
Checking `fingerd'... not found
Checking `gpm'... not found
Checking `grep'... not infected
Checking `hdparm'... not infected
Checking `su'... not infected
Checking `ifconfig'... not infected
Checking `inetd'... not infected
Checking `inetdconf'... not found
Checking `identd'... not found
Checking `init'... not infected
Checking `killall'... not infected
Checking `ldsopreload'... not infected
Checking `login'... not infected
Checking `ls'... not infected
Checking `lsof'... not infected
Checking `mail'... not infected
Checking `mingetty'... not found
Checking `netstat'... not infected
Checking `named'... not found
Checking `passwd'... not infected
Checking `pidof'... not infected
Checking `pop2'... not found
Checking `pop3'... not found
Checking `ps'... not infected
Checking `pstree'... not infected
Checking `rpcinfo'... not found
Checking `rlogind'... not found
Checking `rshd'... not found
Checking `slogin'... not infected
Checking `sendmail'... not infected
Checking `sshd'... not found
Checking `syslogd'... not tested
Checking `tar'... not infected
Checking `tcpd'... not infected
Checking `tcpdump'... not infected
Checking `top'... not infected
Checking `telnetd'... not found
Checking `timed'... not found
Checking `traceroute'... not found
Checking `vdir'... not infected
Checking `w'... not infected
Checking `write'... not infected
Checking `aliens'...
/dev/shm/pulse-shm-4174725263 /dev/shm/pulse-shm-1310447566 /dev/shm/pulse-shm-982715276
Searching for sniffer's logs, it may take a while... nothing found
Searching for rootkit HiDrootkit's default files... nothing found
Searching for rootkit t0rn's default files... nothing found
Searching for t0rn's v8 defaults... nothing found
Searching for rootkit Lion's default files... nothing found
Searching for rootkit RSHA's default files... nothing found
Searching for rootkit RH-Sharpe's default files... nothing found
Searching for Ambient's rootkit (ark) default files and dirs... nothing found
Searching for suspicious files and dirs, it may take a while... The following suspicious files and directories were found:
/usr/lib/debug/.build-id /lib/modules/4.8.0-36-generic/vdso/.build-id /lib/modules/4.10.0-27-generic/vdso/.build-id /lib/modules/4.10.0-28-generic/vdso/.build-id /lib/modules/4.8.0-58-generic/vdso/.build-id
/usr/lib/debug/.build-id /lib/modules/4.8.0-36-generic/vdso/.build-id /lib/modules/4.10.0-27-generic/vdso/.build-id /lib/modules/4.10.0-28-generic/vdso/.build-id /lib/modules/4.8.0-58-generic/vdso/.build-id
Searching for LPD Worm files and dirs... nothing found
Searching for Ramen Worm files and dirs... nothing found
Searching for Maniac files and dirs... nothing found
Searching for RK17 files and dirs... nothing found
Searching for Ducoci rootkit... nothing found
Searching for Adore Worm... nothing found
Searching for ShitC Worm... nothing found
Searching for Omega Worm... nothing found
Searching for Sadmind/IIS Worm... nothing found
Searching for MonKit... nothing found
Searching for Showtee... nothing found
Searching for OpticKit... nothing found
Searching for T.R.K... nothing found
Searching for Mithra... nothing found
Searching for LOC rootkit... nothing found
Searching for Romanian rootkit... nothing found
Searching for Suckit rootkit... nothing found
Searching for Volc rootkit... nothing found
Searching for Gold2 rootkit... nothing found
Searching for TC2 Worm default files and dirs... nothing found
Searching for Anonoying rootkit default files and dirs... nothing found
Searching for ZK rootkit default files and dirs... nothing found
Searching for ShKit rootkit default files and dirs... nothing found
Searching for AjaKit rootkit default files and dirs... nothing found
Searching for zaRwT rootkit default files and dirs... nothing found
Searching for Madalin rootkit default files... nothing found
Searching for Fu rootkit default files... nothing found
Searching for ESRK rootkit default files... nothing found
Searching for rootedoor... nothing found
Searching for ENYELKM rootkit default files... nothing found
Searching for common ssh-scanners default files... nothing found
Searching for Linux/Ebury - Operation Windigo ssh... Possible Linux/Ebury - Operation Windigo installetd
Searching for 64-bit Linux Rootkit ... nothing found
Searching for 64-bit Linux Rootkit modules... nothing found
Searching for suspect PHP files... nothing found
Searching for anomalies in shell history files... nothing found
Checking `asp'... not infected
Checking `bindshell'... not infected
Checking `lkm'... chkproc: nothing detected
chkdirs: nothing detected
Checking `rexedcs'... not found
Checking `sniffer'... lo: not promisc and no packet sniffer sockets
wlp4s0: PACKET SNIFFER(/sbin/wpa_supplicant[1155], /sbin/wpa_supplicant[1155], /sbin/dhclient[11358])
Checking `w55808'... not infected
Checking `wted'... chkwtmp: nothing deleted
Checking `scalper'... not infected
Checking `slapper'... not infected
Checking `z2'... user ussop deleted or never logged from lastlog!
Checking `chkutmp'... The tty of the following user process(es) were not found
in /var/run/utmp !
! RUID PID TTY CMD
! ent-id=5 0 DB62519661B --v8-natives-passed-by-fd --v8-snapshot-passed-by-fd
! root 353 pts/4 /bin/sh /usr/sbin/chkrootkit
! root 1061 pts/4 ./chkutmp
! root 1063 pts/4 ps axk tty,ruser,args -o tty,pid,ruser,args
! root 1062 pts/4 sh -c ps axk "tty,ruser,args" -o "tty,pid,ruser,args"
! root 352 pts/4 sudo chkrootkit
! ussop 12746 pts/4 bash
chkutmp: nothing deleted
Checking `OSX_RSPLUG'... not infected
[ Rootkit Hunter version 1.4.2 ]
Checking rkhunter data files...
Checking file mirrors.dat [ No update ]
Checking file programs_bad.dat [ Updated ]
Checking file backdoorports.dat [ No update ]
Checking file suspscan.dat [ No update ]
Checking file i18n/cn [ No update ]
Checking file i18n/de [ No update ]
Checking file i18n/en [ No update ]
Checking file i18n/tr [ No update ]
Checking file i18n/tr.utf8 [ No update ]
Checking file i18n/zh [ No update ]
Checking file i18n/zh.utf8 [ No update ]
|