elhacker.net cabecera Bienvenido(a), Visitante. Por favor Ingresar o Registrarse
¿Perdiste tu email de activación?.

 

 


Tema destacado: Recuerda que debes registrarte en el foro para poder participar (preguntar y responder)


+  Foro de elhacker.net
|-+  Seguridad Informática
| |-+  Seguridad (Moderador: r32)
| | |-+  Discos duros cifrados protegidos contra escritura, al conectarlos a la placa base reescriben la bios,rootkit fijo.
0 Usuarios y 1 Visitante están viendo este tema.
Páginas: 1 [2] 3 Ir Abajo Respuesta Imprimir
Autor Tema: Discos duros cifrados protegidos contra escritura, al conectarlos a la placa base reescriben la bios,rootkit fijo.  (Leído 27,499 veces)
el-brujo
ehn
***
Desconectado Desconectado

Mensajes: 21.580


La libertad no se suplica, se conquista


Ver Perfil WWW
Re: Discos duros cifrados protegidos contra escritura, al conectarlos a la placa base reescriben la bios,rootkit fijo.
« Respuesta #10 en: 28 Junio 2022, 12:22 pm »

Citar
Hola, e escaneado con rkhunter, con caine, y me marca todo warnings, y 16 posibles rootkits, pero eso, posibles, ya he hecho varias cosas, han desaparecido los warnings la gran mayoría, pero me sigue marcando errores, y eso, 16 posibles rootkits creo recordar.
Si quereis el log puedo ponerlo, pero debo rescatarlo de un disco duro averiado, que si lo queréis ver, yo lo busco y lo pongo, de hecho lo haré cuando pueda.
Pero bueno, solo dice que pueden haber 16 rootkits, no que los haya.

¿Eso se lo inventa el programa???

¿Has oído hablar de los falsos positivos?

La última versión de rkhunter es de 2018

https://sourceforge.net/projects/rkhunter/files/


En línea

Hason


Desconectado Desconectado

Mensajes: 787


Keep calm and use the spiritual force


Ver Perfil WWW
Re: Discos duros cifrados protegidos contra escritura, al conectarlos a la placa base reescriben la bios,rootkit fijo.
« Respuesta #11 en: 28 Junio 2022, 19:30 pm »

Hola buenas.

Citar
El análisis que da el comando es un análisis breve...
ejécutalo al completo:

chkdsk n: /F /V /R

...son 5 fases, la 4ª y 5ª llevan mucho tiempo (horas básicamente, pero depende dle tamaño, velocidad y daños (si los hubiere) del disco)

Si ya se que estoy utilizando un comando corto de chkdsk, pero me sirve para comprobar, que no me arroja el error de el disco esta protegido contra escritura, y codigo de error 50 cuando se transferia al registro... :D por eso me vale.

De todas formas , he pasado el comando:
c: /f /x  /r

Que es más completo, y se a tirado una hora o más, y el resultado a sido ok, perfect  ;D

Ahora mismo llevo todo el día reparando discos duros que tengo unos 8 no se ahora, por ahí andarán...

Ahora mismo estoy reparando uno de 500gb,cuando este formateado a bajo nivel, le pasaré tu comando, de todas formas, tengo todas las chuletas de chkdsk, me voy a volver experto a este paso...

Ya te comentaré el resultado, pero de momento todo ok.


Citar
¿Has oído hablar de los falsos positivos?

La última versión de rkhunter es de 2018

Si señor el brujo, lo e oido, y lo e estudiado, llevo semanas o meses enchufado sin parar estudiando, (ya me dejé la cafeina, solo dos cafes por la mañana)

Ahora pondré el log, lo he recuperado del disco duro antes de formatearlo bajo nivel  ;D

Se que habían falsos positivos, ya casi lo se de memoria, hay que hacer un update del programa, y pasarle, varios comandos, entre ellos, rkhunter --propupd, luego de eso, desapareciron la gran mayoria de warning, lo podriá explicar, pero no tengo ganas, yo ya lo se, muchas horas de estudio llevo...

Pondré el log original sin hacer nada, y luego el log arreglado, y vereis que me marca no 16 si no 12 posibles rootkits, posibles, que no es seguro, pero si lo marca es por algo, y con todos los problemas que tengo, creo que puede ser... ya que el tema de los rootkits es que engañan al s.o. y se esconden... por eso, puede ser verdad.

Aparte, he descargado programas más modernos y mejores que rkhunter y chrootkit, como aide, pero en todos los que he instalado, me marca error... pero bueno... ahora empieza lo bueno para mi, fase nueva en el videojuego... con los discos duros limpios, y con un fedora original, volveré a empezar partida más limpia.

voy a poner los logs, los he rescatado antes formatear bajo nivel, primero uno sin modificar rkhunter, y luego, modificado rkhunter que arroja menos advertencias, pero lo de los rootkits si lo pone, son 12 perdón, no lo recordaba bien, aya va:

Bueno, no puedo ponerlos en el foro , por que son muy largos  :( intentaré poner lo más interesante, y si no haré dobles post.
Pero para no saturar, pondré solo la parte de los warnings y los posibles rootkits, alla va, primero , con rkhunter sin modificar los parámetros y luego modificado.

EL primero:

[code][11:27:25] Info: Starting test name 'properties'
[11:27:25] Performing file properties checks
[11:27:25] Warning: Checking for prerequisites               [ Warning ]
[11:27:25]          No output from the 'lsattr' command - all file immutable-bit checks will be skipped.
[11:27:25]          The local host configuration or operating system has changed.
[11:27:27]   /usr/local/bin/test                             [ Warning ]
[11:27:27] Warning: The file '/usr/local/bin/test' exists on the system, but it is not present in the 'rkhunter.dat' file.
[11:27:28]   /usr/sbin/adduser                               [ Warning ]
[11:27:28] Warning: The file properties have changed:
[11:27:28]          File: /usr/sbin/adduser
[11:27:28]          Current inode: 136452    Stored inode: 1191091
[11:27:28] Info: Found file '/usr/sbin/adduser': it is whitelisted for the 'script replacement' check.
[11:27:28]   /usr/sbin/chroot                                [ Warning ]
[11:27:28] Warning: The file properties have changed:
[11:27:28]          File: /usr/sbin/chroot
[11:27:28]          Current inode: 136485    Stored inode: 1191110
[11:27:28]   /usr/sbin/cron                                  [ Warning ]
[11:27:28] Warning: The file properties have changed:
[11:27:28]          File: /usr/sbin/cron
[11:27:28]          Current inode: 136497    Stored inode: 1191120
[11:27:28]   /usr/sbin/groupadd                              [ Warning ]
[11:27:28] Warning: The file properties have changed:
[11:27:28]          File: /usr/sbin/groupadd
[11:27:28]          Current hash: d703eec3ce7e9bc44ab21cb5fc7281654b108e145b85d61b88fa05dbfdb10df7
[11:27:28]          Stored hash : 7274989b6b8e7ac8201b85139ed6b32fe2f9c8cc7313e38d2c12c9eee2fa5171
[11:27:28]          Current inode: 136549    Stored inode: 1191146
[11:27:29]          Current file modification time: 1553281538 (22-mar-2019 20:05:38)
[11:27:29]          Stored file modification time : 1516892962 (25-gen-2018 16:09:22)
[11:27:29]   /usr/sbin/groupdel                              [ Warning ]
[11:27:29] Warning: The file properties have changed:
[11:27:29]          File: /usr/sbin/groupdel
[11:27:29]          Current hash: 63850f994fdab68652e8be2eaaec667e4ab9f8583bf7be094d5f91e198b28c61
[11:27:29]          Stored hash : c48d32fe2f4959167bd6bfc688c3cf29c2fcd2a6be9309114a0c6fa4422cd9d8
[11:27:29]          Current inode: 136550    Stored inode: 1191147
[11:27:29]          Current file modification time: 1553281538 (22-mar-2019 20:05:38)
[11:27:29]          Stored file modification time : 1516892962 (25-gen-2018 16:09:22)
[11:27:29]   /usr/sbin/groupmod                              [ Warning ]
[11:27:29] Warning: The file properties have changed:
[11:27:29]          File: /usr/sbin/groupmod
[11:27:29]          Current hash: 9efc88b57878fd98efdc9a98608d9b8950a7117db2a8081a2e0f6b96ace0a3f6
[11:27:29]          Stored hash : af3e688333f0d859c7447f725567aad7ab9c763dcde90b9defb84aec4d84e1f2
[11:27:29]          Current inode: 136552    Stored inode: 1191149
[11:27:29]          Current file modification time: 1553281538 (22-mar-2019 20:05:38)
[11:27:29]          Stored file modification time : 1516892962 (25-gen-2018 16:09:22)
[11:27:29]   /usr/sbin/grpck                                 [ Warning ]
[11:27:29] Warning: The file properties have changed:
[11:27:29]          File: /usr/sbin/grpck
[11:27:29]          Current hash: 259901c641944017deb7136da4d107e591390ee96925c2c99c5c8ac10f904d0c
[11:27:29]          Stored hash : 8a6407b091487d2a30b52e69f15d8c1d5d873904b77c334c150deb0274e4583c
[11:27:29]          Current inode: 136553    Stored inode: 1191150
[11:27:29]          Current file modification time: 1553281538 (22-mar-2019 20:05:38)
[11:27:29]          Stored file modification time : 1516892962 (25-gen-2018 16:09:22)
[11:27:29]   /usr/sbin/nologin                               [ Warning ]
[11:27:29] Warning: The file properties have changed:
[11:27:29]          File: /usr/sbin/nologin
[11:27:29]          Current hash: 2e68cf7abbd5ebb85efb8443257f094d35871c0a3384ba71effea98edf517ea5
[11:27:29]          Stored hash : b6a40cf6f883aa3f5042e54a4e7f455846e983fb3b1769caa580139cb4a0107f
[11:27:29]          Current inode: 136638    Stored inode: 1191197
[11:27:29]          Current file modification time: 1553281538 (22-mar-2019 20:05:38)
[11:27:29]          Stored file modification time : 1516892962 (25-gen-2018 16:09:22)
[11:27:30]   /usr/sbin/pwck                                  [ Warning ]
[11:27:30] Warning: The file properties have changed:
[11:27:30]          File: /usr/sbin/pwck
[11:27:30]          Current hash: eb29cd40cb8b153c64704dcfcd31359440ee9efe362b86d3af04b4c8f8ff6e1a
[11:27:30]          Stored hash : 2ee9608b222cf4ef2d8b1023a85f754d0a9bc0a07173634237ccf8ce0bbf0c14
[11:27:30]          Current inode: 136678    Stored inode: 1191217
[11:27:30]          Current file modification time: 1553281538 (22-mar-2019 20:05:38)
[11:27:30]          Stored file modification time : 1516892962 (25-gen-2018 16:09:22)
[11:27:30]   /usr/sbin/rsyslogd                              [ Warning ]
[11:27:30] Warning: The file properties have changed:
[11:27:30]          File: /usr/sbin/rsyslogd
[11:27:30]          Current inode: 136704    Stored inode: 1191228
[11:27:30]   /usr/sbin/sshd                                  [ Warning ]
[11:27:30] Warning: The file '/usr/sbin/sshd' exists on the system, but it is not present in the 'rkhunter.dat' file.
[11:27:30]   /usr/sbin/useradd                               [ Warning ]
[11:27:30] Warning: The file properties have changed:
[11:27:30]          File: /usr/sbin/useradd
[11:27:30]          Current hash: e808177cb21e2643fc90de0d714ab65b45e65d7805f0b72a192b204c29e737b1
[11:27:30]          Stored hash : c8077e384aaeeb998b4af43b94783875778b7ee79d79406ec27af9a5148cb3ae
[11:27:30]          Current inode: 136811    Stored inode: 1191277
[11:27:30]          Current file modification time: 1553281538 (22-mar-2019 20:05:38)
[11:27:30]          Stored file modification time : 1516892962 (25-gen-2018 16:09:22)
[11:27:30]   /usr/sbin/userdel                               [ Warning ]
[11:27:30] Warning: The file properties have changed:
[11:27:30]          File: /usr/sbin/userdel
[11:27:30]          Current hash: 4edf51b16552d105de39319e45625a77fe7ed5380f6499931990ed1da3f909ef
[11:27:30]          Stored hash : 998156c0f1d53831a978ac8c1c7a0dcdf18f1f01e59eb38c0540a5db7b759595
[11:27:30]          Current inode: 136812    Stored inode: 1191278
[11:27:30]          Current size: 84464    Stored size: 84432
[11:27:30]          Current file modification time: 1553281538 (22-mar-2019 20:05:38)
[11:27:30]          Stored file modification time : 1516892962 (25-gen-2018 16:09:22)
[11:27:31]   /usr/sbin/usermod                               [ Warning ]
[11:27:31] Warning: The file properties have changed:
[11:27:31]          File: /usr/sbin/usermod
[11:27:31]          Current hash: a3648b87a7ab645e83f4990825f7710791264b307bf763377df8d8f2a6baf567
[11:27:31]          Stored hash : 506e6ec1591e30a8b4084713a438955d411faf9362f54937c3cd19775c90c793
[11:27:31]          Current inode: 136813    Stored inode: 1191279
[11:27:31]          Current size: 126016    Stored size: 121920
[11:27:31]          Current file modification time: 1553281538 (22-mar-2019 20:05:38)
[11:27:31]          Stored file modification time : 1516892962 (25-gen-2018 16:09:22)
[11:27:31]   /usr/sbin/vipw                                  [ Warning ]
[11:27:31] Warning: The file properties have changed:
[11:27:31]          File: /usr/sbin/vipw
[11:27:31]          Current hash: da23520ecb49bfbc96334e7361e26346d319c8fc37f64f9987275eb28d49d0fb
[11:27:31]          Stored hash : 9ad29fc75e4804f85e027c7e9ecb4979da402438ec3a098829aa74cf0a5a0c72
[11:27:31]          Current inode: 136823    Stored inode: 1191285
[11:27:31]          Current file modification time: 1553281538 (22-mar-2019 20:05:38)
[11:27:31]          Stored file modification time : 1516892962 (25-gen-2018 16:09:22)
[11:27:31]   /usr/sbin/unhide                                [ Warning ]
[11:27:31] Warning: The file properties have changed:
[11:27:31]          File: /usr/sbin/unhide
[11:27:31]          Current inode: 136768    Stored inode: 1202265
[11:27:31]          Current file modification time: 1575280912 (02-dic-2019 11:01:52)
[11:27:31]          Stored file modification time : 1446528173 (03-nov-2015 06:22:53)
[11:27:31]   /usr/sbin/unhide-linux                          [ Warning ]
[11:27:31] Warning: The file properties have changed:
[11:27:31]          File: /usr/sbin/unhide-linux
[11:27:31]          Current inode: 136769    Stored inode: 1202263
[11:27:31]   /usr/sbin/unhide-posix                          [ Warning ]
[11:27:31] Warning: The file properties have changed:
[11:27:31]          File: /usr/sbin/unhide-posix
[11:27:31]          Current inode: 136770    Stored inode: 1202262
[11:27:31]   /usr/sbin/unhide-tcp                            [ Warning ]
[11:27:31] Warning: The file properties have changed:
[11:27:31]          File: /usr/sbin/unhide-tcp
[11:27:31]          Current inode: 136771    Stored inode: 1202261
[11:27:32]   /usr/bin/awk                                    [ Warning ]
[11:27:32] Warning: The file properties have changed:
[11:27:32]          File: /usr/bin/awk
[11:27:32]          Current inode: 36128    Stored inode: 1179758
[11:27:32]          Current file modification time: 1575280750 (02-dic-2019 10:59:10)
[11:27:32]          Stored file modification time : 1537264455 (18-set-2018 11:54:15)
[11:27:32]   /usr/bin/basename                               [ Warning ]
[11:27:32] Warning: The file properties have changed:
[11:27:32]          File: /usr/bin/basename
[11:27:32]          Current inode: 36134    Stored inode: 1179762
[11:27:32]   /usr/bin/chattr                                 [ Warning ]
[11:27:32] Warning: The file properties have changed:
[11:27:32]          File: /usr/bin/chattr
[11:27:32]          Current hash: 94a9adea0a0701d36ee5adcecd25ea456f01aafe6d5e0a0f0a35fa43735c59c1
[11:27:32]          Stored hash : 4bc88abb911956c5eba1837e8d3cb0a0240b8c0088cb8dd127baa7720d2e06a4
[11:27:32]          Current inode: 36254    Stored inode: 1179827
[11:27:32]          Current file modification time: 1569520918 (26-set-2019 20:01:58)
[11:27:32]          Stored file modification time : 1521918808 (24-mar-2018 20:13:28)
[11:27:32]   /usr/bin/cut                                    [ Warning ]
[11:27:32] Warning: The file properties have changed:
[11:27:32]          File: /usr/bin/cut
[11:27:32]          Current inode: 36342    Stored inode: 1179883
[11:27:32]   /usr/bin/diff                                   [ Warning ]
[11:27:32] Warning: The file properties have changed:
[11:27:32]          File: /usr/bin/diff
[11:27:32]          Current inode: 36507    Stored inode: 1179921
[11:27:32]   /usr/bin/dirname                                [ Warning ]
[11:27:32] Warning: The file properties have changed:
[11:27:32]          File: /usr/bin/dirname
[11:27:32]          Current inode: 36518    Stored inode: 1179928
[11:27:32]   /usr/bin/dpkg                                   [ Warning ]
[11:27:32] Warning: The file properties have changed:
[11:27:32]          File: /usr/bin/dpkg
[11:27:32]          Current hash: a04fbea36831ceb207e02daa0da2e7115718845fef5669c461124ec96a828b84
[11:27:32]          Stored hash : d1c3e14626a37fb57330759403ceb97b0dd286d60e3cba3b6ee465144eba1de6
[11:27:32]          Current inode: 36543    Stored inode: 1179935
[11:27:32]          Current file modification time: 1567717514 (05-set-2019 23:05:14)
[11:27:32]          Stored file modification time : 1523845521 (16-apr-2018 04:25:21)
[11:27:32]   /usr/bin/dpkg-query                             [ Warning ]
[11:27:33] Warning: The file properties have changed:
[11:27:33]          File: /usr/bin/dpkg-query
[11:27:33]          Current hash: c030fd595169bfa22d07a6a63cae77530dec6b266b021ab5cb2dec709d5b9cd5
[11:27:33]          Stored hash : 892302b08ca5fe3de11d19e3e1d2e294e095b26a9465589028ca26e448575621
[11:27:33]          Current inode: 36561    Stored inode: 1179939
[11:27:33]          Current file modification time: 1567717514 (05-set-2019 23:05:14)
[11:27:33]          Stored file modification time : 1523845521 (16-apr-2018 04:25:21)
[11:27:33]   /usr/bin/du                                     [ Warning ]
[11:27:33] Warning: The file properties have changed:
[11:27:33]          File: /usr/bin/du
[11:27:33]          Current inode: 36576    Stored inode: 1179945
[11:27:33]   /usr/bin/env                                    [ Warning ]
[11:27:33] Warning: The file properties have changed:
[11:27:33]          File: /usr/bin/env
[11:27:33]          Current inode: 36607    Stored inode: 1179968
[11:27:33]   /usr/bin/file                                   [ Warning ]
[11:27:33] Warning: The file properties have changed:
[11:27:33]          File: /usr/bin/file
[11:27:33]          Current hash: 9b00a95411bbe2f806548bea61debe9df969bb6f995b4f2da9ded779344d298a
[11:27:33]          Stored hash : e97ab1817c17511cb7cf3110997ceccb4baa587a7346ffb36fb2d103eb88f452
[11:27:33]          Current inode: 36685    Stored inode: 1180002
[11:27:33]          Current file modification time: 1572367819 (29-ott-2019 17:50:19)
[11:27:33]          Stored file modification time : 1528909779 (13-giu-2018 19:09:39)
[11:27:33]   /usr/bin/find                                   [ Warning ]
[11:27:33] Warning: The file properties have changed:
[11:27:33]          File: /usr/bin/find
[11:27:33]          Current inode: 36690    Stored inode: 1180005
[11:27:33]   /usr/bin/GET                                    [ Warning ]
[11:27:33] Warning: The file properties have changed:
[11:27:33]          File: /usr/bin/GET
[11:27:33]          Current inode: 35982    Stored inode: 1179666
[11:27:33]          Current file modification time: 1575280749 (02-dic-2019 10:59:09)
[11:27:33]          Stored file modification time : 1537264455 (18-set-2018 11:54:15)
[11:27:33]   /usr/bin/groups                                 [ Warning ]
[11:27:33] Warning: The file properties have changed:
[11:27:33]          File: /usr/bin/groups
[11:27:33]          Current inode: 36918    Stored inode: 1180119
[11:27:33]   /usr/bin/head                                   [ Warning ]
[11:27:33] Warning: The file properties have changed:
[11:27:33]          File: /usr/bin/head
[11:27:33]          Current inode: 37037    Stored inode: 1180186
[11:27:34]   /usr/bin/id                                     [ Warning ]
[11:27:34] Warning: The file properties have changed:
[11:27:34]          File: /usr/bin/id
[11:27:34]          Current inode: 37114    Stored inode: 1180221
[11:27:34]   /usr/bin/ipcs                                   [ Warning ]
[11:27:34] Warning: The file properties have changed:
[11:27:34]          File: /usr/bin/ipcs
[11:27:34]          Current hash: b2c1d5345538fcf80018453f2788cd6bec9a92b8ad575ebc56271d88762da0ab
[11:27:34]          Stored hash : 4b91575d65bd4b44c300a55c7c7474a5c4f158b72b7050d5bb7c094e030ef560
[11:27:34]          Current inode: 37184    Stored inode: 1180272
[11:27:34]          Current file modification time: 1566517666 (23-ago-2019 01:47:46)
[11:27:34]          Stored file modification time : 1526467297 (16-mag-2018 12:41:37)
[11:27:34]   /usr/bin/killall                                [ Warning ]
[11:27:34] Warning: The file properties have changed:
[11:27:34]          File: /usr/bin/killall
[11:27:34]          Current hash: ccfea15ea2ac5af918c4627bb7e43ad273ab96232bb886aa4578ccd990873c51
[11:27:34]          Stored hash : 525efa977202c43ea5d8ce0d86a42bb34be77175d8ad066e00cba374e397074f
[11:27:34]          Current inode: 37262    Stored inode: 1180323
[11:27:34]          Current size: 27768    Stored size: 23704
[11:27:34]          Current file modification time: 1544543164 (11-dic-2018 16:46:04)
[11:27:34]          Stored file modification time : 1497560089 (15-giu-2017 22:54:49)
[11:27:34]   /usr/bin/last                                   [ Warning ]
[11:27:34] Warning: The file properties have changed:
[11:27:34]          File: /usr/bin/last
[11:27:34]          Current hash: d7eb312f42dcd0a6ad00372392aa70cb17a871333136fa78fd9009e406da1813
[11:27:34]          Stored hash : 5ed758c30eb9db085fb0736e001463595e48600f71d15b956309ce35f9355a09
[11:27:34]          Current inode: 37295    Stored inode: 1180329
[11:27:34]          Current file modification time: 1566517666 (23-ago-2019 01:47:46)
[11:27:34]          Stored file modification time : 1526467297 (16-mag-2018 12:41:37)
[11:27:34]   /usr/bin/lastlog                                [ Warning ]
[11:27:34] Warning: The file properties have changed:
[11:27:34]          File: /usr/bin/lastlog
[11:27:34]          Current hash: a9af62859f4b8d8dfd76268e57587006da1a95f719554aa902e57bd41a7eab5a
[11:27:34]          Stored hash : 90e9cdc574cd27261350582c05b883deff0f1430144c6619724b361bc566565b
[11:27:34]          Current inode: 37297    Stored inode: 1180331
[11:27:34]          Current file modification time: 1553281538 (22-mar-2019 20:05:38)
[11:27:34]          Stored file modification time : 1516892962 (25-gen-2018 16:09:22)
[11:27:34]   /usr/bin/ldd                                    [ Warning ]
[11:27:34] Warning: The file properties have changed:
[11:27:34]          File: /usr/bin/ldd
[11:27:34]          Current inode: 37308    Stored inode: 1180338
[11:27:34] Info: Found file '/usr/bin/ldd': it is whitelisted for the 'script replacement' check.
[11:27:34]   /usr/bin/less                                   [ Warning ]
[11:27:34] Warning: The file properties have changed:
[11:27:34]          File: /usr/bin/less
[11:27:34]          Current inode: 37312    Stored inode: 1180340
[11:27:34]          Current file modification time: 1575280753 (02-dic-2019 10:59:13)
[11:27:35]          Stored file modification time : 1537264458 (18-set-2018 11:54:18)
[11:27:35]   /usr/bin/locate                                 [ Warning ]
[11:27:35] Warning: The file properties have changed:
[11:27:35]          File: /usr/bin/locate
[11:27:35]          Current inode: 37399    Stored inode: 1180372
[11:27:35]          Current file modification time: 1575280753 (02-dic-2019 10:59:13)
[11:27:35]          Stored file modification time : 1537264458 (18-set-2018 11:54:18)
[11:27:35]   /usr/bin/logger                                 [ Warning ]
[11:27:35] Warning: The file properties have changed:
[11:27:35]          File: /usr/bin/logger
[11:27:35]          Current hash: 2be57a5c524e722c08a74cdf5317775769a532919dad45923644f2a5d036304e
[11:27:35]          Stored hash : 31581aeddd9b97d5fd22c0576ed602c170dc6c682703f9110324f4dc1d2d7103
[11:27:35]          Current inode: 37400    Stored inode: 1180376
[11:27:35]          Current file modification time: 1566517666 (23-ago-2019 01:47:46)
[11:27:35]          Stored file modification time : 1526467297 (16-mag-2018 12:41:37)
[11:27:35]   /usr/bin/lsattr                                 [ Warning ]
[11:27:35] Warning: The file properties have changed:
[11:27:35]          File: /usr/bin/lsattr
[11:27:35]          Current hash: 9b93be49a51cc83829e4242e8c4d4bdca1a77e69dbe10b3767ee34dbe745101d
[11:27:35]          Stored hash : 20b05f6fea4561c6e04095a38e6c1bca733f05222db317f2386f010452c180b9
[11:27:35]          Current inode: 37415    Stored inode: 1180392
[11:27:35]          Current file modification time: 1569520918 (26-set-2019 20:01:58)
[11:27:35]          Stored file modification time : 1521918808 (24-mar-2018 20:13:28)
[11:27:35]   /usr/bin/lsof                                   [ Warning ]
[11:27:35] Warning: The file properties have changed:
[11:27:35]          File: /usr/bin/lsof
[11:27:35]          Current inode: 37427    Stored inode: 1180403
[11:27:35]   /usr/bin/mail                                   [ Warning ]
[11:27:35] Warning: The file properties have changed:
[11:27:35]          File: /usr/bin/mail
[11:27:35]          Current inode: 37466    Stored inode: 1204799
[11:27:35]          Current file modification time: 1575280754 (02-dic-2019 10:59:14)
[11:27:35]          Stored file modification time : 1537266339 (18-set-2018 12:25:39)
[11:27:35]   /usr/bin/md5sum                                 [ Warning ]
[11:27:35] Warning: The file properties have changed:
[11:27:35]          File: /usr/bin/md5sum
[11:27:35]          Current inode: 37560    Stored inode: 1180503
[11:27:35]   /usr/bin/mlocate                                [ Warning ]
[11:27:35] Warning: The file properties have changed:
[11:27:35]          File: /usr/bin/mlocate
[11:27:35]          Current inode: 37619    Stored inode: 1180528
[11:27:36]   /usr/bin/newgrp                                 [ Warning ]
[11:27:36] Warning: The file properties have changed:
[11:27:36]          File: /usr/bin/newgrp
[11:27:36]          Current hash: 3117850ff94fbd09f49263c68001eb6603905aa1c07d137ec852031d873a4ab1
[11:27:36]          Stored hash : a62482d823e335c9b113f78ddbe58d8d5561aea260f713f4cbf49bdb9e3e8f93
[11:27:36]          Current inode: 37720    Stored inode: 1180585
[11:27:36]          Current file modification time: 1553281538 (22-mar-2019 20:05:38)
[11:27:36]          Stored file modification time : 1516892962 (25-gen-2018 16:09:22)
[11:27:36]   /usr/bin/passwd                                 [ Warning ]
[11:27:36] Warning: The file properties have changed:
[11:27:36]          File: /usr/bin/passwd
[11:27:36]          Current hash: c9348d967627b73eeb06122ff0ca1955c870dc12a8ef1b8bc8001afa53430010
[11:27:36]          Stored hash : 74d2ffc34d86ace2f5d9dabb95de8c75abe824cd6cfc871d89faf65696241d2e
[11:27:36]          Current inode: 37834    Stored inode: 1180650
[11:27:36]          Current file modification time: 1553281538 (22-mar-2019 20:05:38)
[11:27:36]          Stored file modification time : 1516892962 (25-gen-2018 16:09:22)
[11:27:36]   /usr/bin/perl                                   [ Warning ]
[11:27:36] Warning: The file properties have changed:
[11:27:36]          File: /usr/bin/perl
[11:27:36]          Current hash: 7fbeda223ca9054154cb56e47464b5a75ebbd1a0e176f4234a3a522a48092ef4
[11:27:36]          Stored hash : bb206ce5ddccbb2f070b0e46f584c07bc22dd050c308e47eb7e0b55a40afba0e
[11:27:36]          Current inode: 37919    Stored inode: 1180714
[11:27:36]          Current size: 2097720    Stored size: 2093624
[11:27:36]          Current file modification time: 1542642884 (19-nov-2018 16:54:44)
[11:27:36]          Stored file modification time : 1531923663 (18-lug-2018 16:21:03)
[11:27:36]   /usr/bin/pgrep                                  [ Warning ]
[11:27:36] Warning: The file properties have changed:
[11:27:36]          File: /usr/bin/pgrep
[11:27:36]          Current hash: 607d268539f5073d67973cfac72f6ed116fee89f97ff0eb3f2ea60cbf3f168da
[11:27:36]          Stored hash : 52086dbdb63bf01bc6c247470a895ac1925bbd1de6452a256cdbaaa48d8e3ef7
[11:27:36]          Current inode: 37953    Stored inode: 1180741
[11:27:36]          Current file modification time: 1565365047 (09-ago-2019 17:37:27)
[11:27:36]          Stored file modification time : 1526299300 (14-mag-2018 14:01:40)
[11:27:36]   /usr/bin/pkill                                  [ Warning ]
[11:27:36] Warning: The file properties have changed:
[11:27:36]          File: /usr/bin/pkill
[11:27:36]          Current hash: 607d268539f5073d67973cfac72f6ed116fee89f97ff0eb3f2ea60cbf3f168da
[11:27:36]          Stored hash : 52086dbdb63bf01bc6c247470a895ac1925bbd1de6452a256cdbaaa48d8e3ef7
[11:27:36]          Current inode: 37975    Stored inode: 1180758
[11:27:36]          Current file modification time: 1575280755 (02-dic-2019 10:59:15)
[11:27:36]          Stored file modification time : 1537264458 (18-set-2018 11:54:18)
[11:27:36]   /usr/bin/pstree                                 [ Warning ]
[11:27:36] Warning: The file properties have changed:
[11:27:36]          File: /usr/bin/pstree
[11:27:36]          Current hash: 3ebb6d41888a42802e43416e85fbece5f83bcf02dd1614d2933c766207c12a28
[11:27:36]          Stored hash : 5ba6189beead12a699ffb5e4b1a8fb7ae88f56981e948cb7c7c15776e4f4f63e
[11:27:36]          Current inode: 38183    Stored inode: 1180928
[11:27:37]          Current file modification time: 1544543164 (11-dic-2018 16:46:04)
[11:27:37]          Stored file modification time : 1497560089 (15-giu-2017 22:54:49)
[11:27:37]   /usr/bin/rkhunter                               [ Warning ]
[11:27:37] Warning: The file properties have changed:
[11:27:37]          File: /usr/bin/rkhunter
[11:27:37]          Current inode: 38384    Stored inode: 1190555
[11:27:37]   /usr/bin/rpm                                    [ Warning ]
[11:27:37] Warning: The file '/usr/bin/rpm' exists on the system, but it is not present in the 'rkhunter.dat' file.
[11:27:37]   /usr/bin/runcon                                 [ Warning ]
[11:27:37] Warning: The file properties have changed:
[11:27:37]          File: /usr/bin/runcon
[11:27:37]          Current inode: 38429    Stored inode: 1181046
[11:27:37]   /usr/bin/sha1sum                                [ Warning ]
[11:27:37] Warning: The file properties have changed:
[11:27:37]          File: /usr/bin/sha1sum
[11:27:37]          Current inode: 38592    Stored inode: 1181099
[11:27:37]   /usr/bin/sha224sum                              [ Warning ]
[11:27:37] Warning: The file properties have changed:
[11:27:37]          File: /usr/bin/sha224sum
[11:27:37]          Current inode: 38593    Stored inode: 1181100
[11:27:37]   /usr/bin/sha256sum                              [ Warning ]
[11:27:37] Warning: The file properties have changed:
[11:27:37]          File: /usr/bin/sha256sum
[11:27:37]          Current inode: 38595    Stored inode: 1181101
[11:27:37]   /usr/bin/sha384sum                              [ Warning ]
[11:27:37] Warning: The file properties have changed:
[11:27:37]          File: /usr/bin/sha384sum
[11:27:37]          Current inode: 38596    Stored inode: 1181102
[11:27:37]   /usr/bin/sha512sum                              [ Warning ]
[11:27:37] Warning: The file properties have changed:
[11:27:37]          File: /usr/bin/sha512sum
[11:27:37]          Current inode: 38597    Stored inode: 1181103
[11:27:37]   /usr/bin/size                                   [ Warning ]
[11:27:37] Warning: The file properties have changed:
[11:27:37]          File: /usr/bin/size
[11:27:38]          Current hash: b66bd6da04e6064cab25596c7f0c0153508c6b324abad4b0daff90656a5d6a23
[11:27:38]          Stored hash : 6b478d3775e102443e90fecc81069f6a400303f9dafa46aad3510bb7af7aad88
[11:27:38]          Current inode: 38616    Stored inode: 1181114
[11:27:38]          Current file modification time: 1575280756 (02-dic-2019 10:59:16)
[11:27:38]          Stored file modification time : 1537264459 (18-set-2018 11:54:19)
[11:27:38]   /usr/bin/sort                                   [ Warning ]
[11:27:38] Warning: The file properties have changed:
[11:27:38]          File: /usr/bin/sort
[11:27:38]          Current inode: 38646    Stored inode: 1181138
[11:27:38]   /usr/bin/ssh                                    [ Warning ]
[11:27:38] Warning: The file properties have changed:
[11:27:38]          File: /usr/bin/ssh
[11:27:38]          Current hash: 7488a0b216c6aba596790344a6521d65b6736b88d2871a4e8b51d8e28b211136
[11:27:38]          Stored hash : 645effa85ccbe0d812ab4f2d4abdb4519c7c916e56c5fd95801f56b14ec4a5c1
[11:27:38]          Current inode: 38672    Stored inode: 1181155
[11:27:38]          Current file modification time: 1551701871 (04-mar-2019 13:17:51)
[11:27:38]          Stored file modification time : 1518229906 (10-feb-2018 03:31:46)
[11:27:38]   /usr/bin/stat                                   [ Warning ]
[11:27:38] Warning: The file properties have changed:
[11:27:38]          File: /usr/bin/stat
[11:27:38]          Current inode: 38687    Stored inode: 1181165
[11:27:38]   /usr/bin/strace                                 [ Warning ]
[11:27:38] Warning: The file properties have changed:
[11:27:38]          File: /usr/bin/strace
[11:27:38]          Current inode: 38693    Stored inode: 1181167
[11:27:38]   /usr/bin/strings                                [ Warning ]
[11:27:38] Warning: The file properties have changed:
[11:27:38]          File: /usr/bin/strings
[11:27:38]          Current hash: 8ceeb25efb3e3708f2d750ea5eb6131de28e624b0c686501e43d9bef170acb58
[11:27:38]          Stored hash : 9458ff5dd79759dc41788d91d15cb5d309bf1b25e3a439bc3d6ca6e3e7652d23
[11:27:38]          Current inode: 38698    Stored inode: 1181172
[11:27:38]          Current file modification time: 1575280757 (02-dic-2019 10:59:17)
[11:27:38]          Stored file modification time : 1537264459 (18-set-2018 11:54:19)
[11:27:38]   /usr/bin/sudo                                   [ Warning ]
[11:27:38] Warning: The file properties have changed:
[11:27:38]          File: /usr/bin/sudo
[11:27:38]          Current hash: 1b8166f0cd692b5d2474318e0d4b4534283339c05f5d73b125370994ac9f17fc
[11:27:38]          Stored hash : 9c7364b3d17e6aeaf5299b2b1589808ebb01d9a8757fd7d495137eea1e1a438e
[11:27:38]          Current inode: 38702    Stored inode: 1181175
[11:27:38]          Current file modification time: 1570732379 (10-ott-2019 20:32:59)
[11:27:38]          Stored file modification time : 1516234096 (18-gen-2018 01:08:16)
[11:27:38]   /usr/bin/tail                                   [ Warning ]
[11:27:38] Warning: The file properties have changed:
[11:27:38]          File: /usr/bin/tail
[11:27:38]          Current inode: 38746    Stored inode: 1181206
[11:27:39]   /usr/bin/telnet                                 [ Warning ]
[11:27:39] Warning: The file properties have changed:
[11:27:39]          File: /usr/bin/telnet
[11:27:39]          Current inode: 38767    Stored inode: 1181210
[11:27:39]          Current file modification time: 1575280757 (02-dic-2019 10:59:17)
[11:27:39]          Stored file modification time : 1537264459 (18-set-2018 11:54:19)
[11:27:39]   /usr/bin/test                                   [ Warning ]
[11:27:39] Warning: The file properties have changed:
[11:27:39]          File: /usr/bin/test
[11:27:39]          Current inode: 38769    Stored inode: 1181212
[11:27:39]   /usr/bin/top                                    [ Warning ]
[11:27:39] Warning: The file properties have changed:
[11:27:39]          File: /usr/bin/top
[11:27:39]          Current hash: 29615b5441c4ebdd6bb1e7e3301aa5f4313b326ee009645cef443fb7bab3e1e0
[11:27:39]          Stored hash : 556870c813935685d5a7e9b89ec93956937037226bbf3732adebad7338795886
[11:27:39]          Current inode: 38795    Stored inode: 1181232
[11:27:39]          Current file modification time: 1565365047 (09-ago-2019 17:37:27)
[11:27:39]          Stored file modification time : 1526299300 (14-mag-2018 14:01:40)
[11:27:39]   /usr/bin/touch                                  [ Warning ]
[11:27:39] Warning: The file properties have changed:
[11:27:39]          File: /usr/bin/touch
[11:27:39]          Current inode: 38796    Stored inode: 1181233
[11:27:39]          Current file modification time: 1575280757 (02-dic-2019 10:59:17)
[11:27:39]          Stored file modification time : 1537264459 (18-set-2018 11:54:19)
[11:27:39]   /usr/bin/tr                                     [ Warning ]
[11:27:39] Warning: The file properties have changed:
[11:27:39]          File: /usr/bin/tr
[11:27:39]          Current inode: 38798    Stored inode: 1181235
[11:27:39]   /usr/bin/uniq                                   [ Warning ]
[11:27:39] Warning: The file properties have changed:
[11:27:39]          File: /usr/bin/uniq
[11:27:39]          Current inode: 38852    Stored inode: 1181273
[11:27:39]   /usr/bin/users                                  [ Warning ]
[11:27:39] Warning: The file properties have changed:
[11:27:39]          File: /usr/bin/users
[11:27:39]          Current inode: 38885    Stored inode: 1181301
[11:27:39]   /usr/bin/vmstat                                 [ Warning ]
[11:27:39] Warning: The file properties have changed:
[11:27:39]          File: /usr/bin/vmstat
[11:27:39]          Current hash: 04e9c1121391cd6f6c8e8290d86a692185f50374a1904e848af1937acc6486ac
[11:27:39]          Stored hash : 6ecb62ad8bfba3d08a057ff3bbb171051f62e5dae7f0acdab29eb24ba3724847
[11:27:39]          Current inode: 38911    Stored inode: 1181314
[11:27:39]          Current file modification time: 1565365047 (09-ago-2019 17:37:27)
[11:27:39]          Stored file modification time : 1526299300 (14-mag-2018 14:01:40)
[11:27:40]   /usr/bin/w                                      [ Warning ]
[11:27:40] Warning: The file properties have changed:
[11:27:40]          File: /usr/bin/w
[11:27:40]          Current hash: 7d3bb116f62c76aa011b39d993ed77216b38eb21bd3463b61bad8b97248b8e01
[11:27:40]          Stored hash : e10c6009edc0c360c654601cf6d7d0b0daf344ca8ac49504105a297af8be688e
[11:27:40]          Current inode: 38917    Stored inode: 1181318
[11:27:40]          Current file modification time: 1575280758 (02-dic-2019 10:59:18)
[11:27:40]          Stored file modification time : 1537264459 (18-set-2018 11:54:19)
[11:27:40]   /usr/bin/watch                                  [ Warning ]
[11:27:40] Warning: The file properties have changed:
[11:27:40]          File: /usr/bin/watch
[11:27:40]          Current hash: 9ff08f1ffe442ba6d08a715d0464e441938f1f634c6b6f43be55f52d7969507b
[11:27:40]          Stored hash : e1b67849062109fd845612d5203709e5b62cd799a180a3be27246d5f24da7d46
[11:27:40]          Current inode: 38923    Stored inode: 1181321
[11:27:40]          Current file modification time: 1565365047 (09-ago-2019 17:37:27)
[11:27:40]          Stored file modification time : 1526299300 (14-mag-2018 14:01:40)
[11:27:40]   /usr/bin/wc                                     [ Warning ]
[11:27:40] Warning: The file properties have changed:
[11:27:40]          File: /usr/bin/wc
[11:27:40]          Current inode: 38927    Stored inode: 1181324
[11:27:40]   /usr/bin/wget                                   [ Warning ]
[11:27:40] Warning: The file properties have changed:
[11:27:40]          File: /usr/bin/wget
[11:27:40]          Current hash: 0f2b21e911bd10d795a110af7901d7860228f63cf14594ecbfb397e66000b4ae
[11:27:40]          Stored hash : 8b08160118a05cc01ba0a06217ea2266c3acc53fd57b1fe0f7c47d4b84c3a571
[11:27:40]          Current inode: 38931    Stored inode: 1181325
[11:27:40]          Current file modification time: 1554749510 (08-apr-2019 20:51:50)
[11:27:40]          Stored file modification time : 1525798921 (08-mag-2018 19:02:01)
[11:27:40]   /usr/bin/whatis                                 [ Warning ]
[11:27:40] Warning: The file properties have changed:
[11:27:40]          File: /usr/bin/whatis
[11:27:40]          Current hash: 4db12b03ae8a2b9bfdb8d275f71d60b08cf0cc6b92c13062f87960e98d34fc60
[11:27:40]          Stored hash : 9dca55b557385e2d7c47ba16372703ce1b1d7b80c5576ac5bd68c40e892e7353
[11:27:40]          Current inode: 38933    Stored inode: 1181326
[11:27:40]          Current file modification time: 1533410172 (04-ago-2018 21:16:12)
[11:27:40]          Stored file modification time : 1523099733 (07-apr-2018 13:15:33)
[11:27:40]   /usr/bin/whereis                                [ Warning ]
[11:27:40] Warning: The file properties have changed:
[11:27:40]          File: /usr/bin/whereis
[11:27:40]          Current hash: 80be7b9256ed74d577b8d7389542b224923aec50ced043fca32c64af7c2f25eb
[11:27:40]          Stored hash : fc1f9b41b89520db6267dfeb5e4a944e7de8581bea089fba05fa41ebe112b028
[11:27:40]          Current inode: 38934    Stored inode: 1181327
[11:27:40]          Current file modification time: 1566517666 (23-ago-2019 01:47:46)
[11:27:40]          Stored file modification time : 1526467297 (16-mag-2018 12:41:37)
[11:27:40]   /usr/bin/which                                  [ Warning ]
[11:27:40] Warning: The file properties have changed:
[11:27:40]          File: /usr/bin/which
[11:27:40]          Current inode: 38935    Stored inode: 1181328
[11:27:40]          Current file modification time: 1575280758 (02-dic-2019 10:59:18)
[11:27:40]          Stored file modification time : 1537264459 (18-set-2018 11:54:19)
[11:27:41]   /usr/bin/who                                    [ Warning ]
[11:27:41] Warning: The file properties have changed:
[11:27:41]          File: /usr/bin/who
[11:27:41]          Current inode: 38937    Stored inode: 1181329
[11:27:41]   /usr/bin/whoami                                 [ Warning ]
[11:27:41] Warning: The file properties have changed:
[11:27:41]          File: /usr/bin/whoami
[11:27:41]          Current inode: 38940    Stored inode: 1181330
[11:27:41]   /usr/bin/numfmt                                 [ Warning ]
[11:27:41] Warning: The file properties have changed:
[11:27:41]          File: /usr/bin/numfmt
[11:27:41]          Current inode: 37754    Stored inode: 1180608
[11:27:41]   /usr/bin/gawk                                   [ Warning ]
[11:27:41] Warning: The file properties have changed:
[11:27:41]          File: /usr/bin/gawk
[11:27:41]          Current inode: 36759    Stored inode: 1180050
[11:27:41]   /usr/bin/lwp-request                            [ Warning ]
[11:27:41] Warning: The file properties have changed:
[11:27:41]          File: /usr/bin/lwp-request
[11:27:41]          Current inode: 37441    Stored inode: 1180413
[11:27:41]          Current file modification time: 1558428953 (21-mag-2019 10:55:53)
[11:27:41]          Stored file modification time : 1514315302 (26-dic-2017 20:08:22)
[11:27:41] Warning: The command '/usr/bin/lwp-request' has been replaced by a script: /usr/bin/lwp-request: Perl script text executable
[11:27:41]   /usr/bin/mail.mailutils                         [ Warning ]
[11:27:41] Warning: The file properties have changed:
[11:27:41]          File: /usr/bin/mail.mailutils
[11:27:41]          Current inode: 37467    Stored inode: 1203803
[11:27:41]   /usr/bin/x86_64-linux-gnu-size                  [ Warning ]
[11:27:41] Warning: The file properties have changed:
[11:27:41]          File: /usr/bin/x86_64-linux-gnu-size
[11:27:41]          Current hash: b66bd6da04e6064cab25596c7f0c0153508c6b324abad4b0daff90656a5d6a23
[11:27:41]          Stored hash : 6b478d3775e102443e90fecc81069f6a400303f9dafa46aad3510bb7af7aad88
[11:27:41]          Current inode: 39017    Stored inode: 1181364
[11:27:41]          Current file modification time: 1557303247 (08-mag-2019 10:14:07)
[11:27:41]          Stored file modification time : 1526498451 (16-mag-2018 21:20:51)
[11:27:41]   /usr/bin/x86_64-linux-gnu-strings               [ Warning ]
[11:27:41] Warning: The file properties have changed:
[11:27:41]          File: /usr/bin/x86_64-linux-gnu-strings
[11:27:41]          Current hash: 8ceeb25efb3e3708f2d750ea5eb6131de28e624b0c686501e43d9bef170acb58
[11:27:41]          Stored hash : 9458ff5dd79759dc41788d91d15cb5d309bf1b25e3a439bc3d6ca6e3e7652d23
[11:27:41]          Current inode: 39018    Stored inode: 1181365
[11:27:41]          Current file modification time: 1557303247 (08-mag-2019 10:14:07)
[11:27:42]          Stored file modification time : 1526498451 (16-mag-2018 21:20:51)
[11:27:42]   /usr/bin/telnet.netkit                          [ Warning ]
[11:27:42] Warning: The file properties have changed:
[11:27:42]          File: /usr/bin/telnet.netkit
[11:27:42]          Current inode: 38768    Stored inode: 1181211
[11:27:42]   /usr/bin/w.procps                               [ Warning ]
[11:27:42] Warning: The file properties have changed:
[11:27:42]          File: /usr/bin/w.procps
[11:27:42]          Current hash: 7d3bb116f62c76aa011b39d993ed77216b38eb21bd3463b61bad8b97248b8e01
[11:27:42]          Stored hash : e10c6009edc0c360c654601cf6d7d0b0daf344ca8ac49504105a297af8be688e
[11:27:42]          Current inode: 38918    Stored inode: 1181319
[11:27:42]          Current file modification time: 1565365047 (09-ago-2019 17:37:27)
[11:27:42]          Stored file modification time : 1526299300 (14-mag-2018 14:01:40)
[11:27:42]   /sbin/depmod                                    [ Warning ]
[11:27:42] Warning: The file properties have changed:
[11:27:42]          File: /sbin/depmod
[11:27:42]          Current hash: 31e9e2579309d2c68a812d63710cb8257601970bb73344b5ff454d362bde1695
[11:27:42]          Stored hash : f06728a3741cb68fc8e57972fbf34136ee4e754c3e65d7189805b06ec1193fa3
[11:27:42]          Current inode: 35711    Stored inode: 131297
[11:27:42]          Current file modification time: 1575280748 (02-dic-2019 10:59:08)
[11:27:42]          Stored file modification time : 1537264454 (18-set-2018 11:54:14)
[11:27:42]   /sbin/fsck                       


En línea

Verse constantemente expuesto al peligro puede generar desprecio hacia él.
El que resiste, gana
Aníbal sabía como conseguir la victoria, pero no cómo utilizarla
"Houston, tenemos un problema": los detalles y curiosidades tras uno de los mensajes de alarma más famosos de la historia
https://amaltea.wordpress.com/2008/03/06/proverbios-y-refranes-grecolatinos/
Hason


Desconectado Desconectado

Mensajes: 787


Keep calm and use the spiritual force


Ver Perfil WWW
Re: Discos duros cifrados protegidos contra escritura, al conectarlos a la placa base reescriben la bios,rootkit fijo.
« Respuesta #12 en: 28 Junio 2022, 19:58 pm »

Código:
Segunda parte de rkhunter sin modificar:

[11:29:33] Info: Starting test name 'malware'
[11:29:33] Performing malware checks
[11:29:33]
[11:29:33] Info: Test 'deleted_files' disabled at users request.
[11:29:33]
[11:29:33] Info: Starting test name 'running_procs'
[11:29:37]   Checking running processes for suspicious files [ None found ]
[11:29:37]
[11:29:37] Info: Test 'hidden_procs' disabled at users request.
[11:29:38]
[11:29:38] Info: Test 'suspscan' disabled at users request.
[11:29:38]
[11:29:38] Info: Starting test name 'login_backdoors'
[11:29:38]     Checking for '/bin/.login'                    [ Not found ]
[11:29:38]     Checking for '/sbin/.login'                   [ Not found ]
[11:29:38]   Checking for login backdoors                    [ None found ]
[11:29:38]
[11:29:38] Info: Starting test name 'sniffer_logs'
[11:29:38]     Checking for file '/usr/lib/libice.log'       [ Not found ]
[11:29:38]     Checking for file '/dev/prom/sn.l'            [ Not found ]
[11:29:38]     Checking for file '/dev/fd/.88/zxsniff.log'   [ Not found ]
[11:29:38]   Checking for sniffer log files                  [ None found ]
[11:29:38]
[11:29:38] Info: Starting test name 'tripwire'
[11:29:38]   Checking for software intrusions                [ Skipped ]
[11:29:38] Info: Check skipped - tripwire not installed
[11:29:38]
[11:29:38] Info: Starting test name 'susp_dirs'
[11:29:38]     Checking for directory '/usr/X11R6/bin/.,/copy' [ Not found ]
[11:29:38]     Checking for directory '/dev/rd/cdb'          [ Not found ]
[11:29:38]   Checking for suspicious directories             [ None found ]
[11:29:38]
[11:29:38] Info: Starting test name 'ipc_shared_mem'
[11:29:38] Info: The minimum shared memory segment size to be checked (in bytes): 1048576 (1,0MB)
[11:29:38]   Checking for suspicious (large) shared memory segments [ Warning ]
[11:29:38] Warning: The following suspicious (large) shared memory segments have been found:
[11:29:38]          Process: /usr/bin/mate-panel    PID: 11695    Owner: caine    Size: 64MB (configured size allowed: 1,0MB)
[11:29:38]          Process: /usr/bin/caja    PID: 11803    Owner: caine    Size: 4,0MB (configured size allowed: 1,0MB)
[11:29:38]          Process: /usr/bin/caja    PID: 11803    Owner: caine    Size: 64MB (configured size allowed: 1,0MB)
[11:29:38]          Process: /usr/lib/firefox/firefox    PID: 12084    Owner: caine    Size: 7,6MB (configured size allowed: 1,0MB)
[11:29:38]          Process: /usr/bin/marco    PID: 11688    Owner: caine    Size: 2,0MB (configured size allowed: 1,0MB)
[11:29:38]          Process: /usr/lib/firefox/firefox    PID: 12084    Owner: caine    Size: 7,6MB (configured size allowed: 1,0MB)
[11:29:38]          Process: /usr/lib/firefox/firefox    PID: 12084    Owner: caine    Size: 7,6MB (configured size allowed: 1,0MB)
[11:29:38]          Process: /usr/bin/mate-terminal    PID: 16249    Owner: root    Size: 4,0MB (configured size allowed: 1,0MB)
[11:29:38]          Process: /usr/lib/firefox/firefox    PID: 12084    Owner: caine    Size: 7,6MB (configured size allowed: 1,0MB)
[11:29:38]          Process: /usr/bin/gnome-disks    PID: 24461    Owner: caine    Size: 4,0MB (configured size allowed: 1,0MB)
[11:29:38]          Process: /usr/bin/mate-terminal    PID: 16524    Owner: caine    Size: 4,0MB (configured size allowed: 1,0MB)
[11:29:38]          Process: /usr/bin/caja    PID: 23540    Owner: root    Size: 8,0MB (configured size allowed: 1,0MB)
[11:29:38]
[11:29:38] Info: Starting test name 'trojans'
[11:29:38] Performing trojan specific checks
[11:29:38]   Checking for enabled inetd services             [ Skipped ]
[11:29:38] Info: Check skipped - file '/etc/inetd.conf' does not exist.
[11:29:38]   Checking for enabled xinetd services            [ Skipped ]
[11:29:38] Info: Check skipped - file '/etc/xinetd.conf' does not exist.
[11:29:38]   Checking for Apache backdoor                    [ Skipped ]
[11:29:38] Info: Check skipped - no Apache module or configuration directories found.
[11:29:38]
[11:29:38] Info: Starting test name 'os_specific'
[11:29:38]   Performing Linux specific checks
[11:29:38]     Checking loaded kernel modules                [ OK ]
[11:29:38] Info: Using modules pathname of '/lib/modules/5.0.0-32-generic'
[11:29:39]     Checking kernel module names                  [ OK ]
[11:30:36]
[11:30:36] Info: Starting test name 'network'
[11:30:36] Checking the network...
[11:30:36]
[11:30:36] Performing checks on the network ports
[11:30:36] Info: Starting test name 'ports'
[11:30:36]   Performing check for backdoor ports
[11:30:36]     Checking for TCP port 1524                    [ Not found ]
[11:30:36]     Checking for TCP port 1984                    [ Not found ]
[11:30:36]     Checking for UDP port 2001                    [ Not found ]
[11:30:37]     Checking for TCP port 2006                    [ Not found ]
[11:30:37]     Checking for TCP port 2128                    [ Not found ]
[11:30:37]     Checking for TCP port 6666                    [ Not found ]
[11:30:37]     Checking for TCP port 6667                    [ Not found ]
[11:30:37]     Checking for TCP port 6668                    [ Not found ]
[11:30:37]     Checking for TCP port 6669                    [ Not found ]
[11:30:37]     Checking for TCP port 7000                    [ Not found ]
[11:30:37]     Checking for TCP port 13000                   [ Not found ]
[11:30:37]     Checking for TCP port 14856                   [ Not found ]
[11:30:37]     Checking for TCP port 25000                   [ Not found ]
[11:30:37]     Checking for TCP port 29812                   [ Not found ]
[11:30:37]     Checking for TCP port 31337                   [ Not found ]
[11:30:37]     Checking for TCP port 32982                   [ Not found ]
[11:30:37]     Checking for TCP port 33369                   [ Not found ]
[11:30:37]     Checking for TCP port 47107                   [ Not found ]
[11:30:38]     Checking for TCP port 47018                   [ Not found ]
[11:30:38]     Checking for TCP port 60922                   [ Not found ]
[11:30:38]     Checking for TCP port 62883                   [ Not found ]
[11:30:38]     Checking for TCP port 65535                   [ Not found ]
[11:30:38]   Checking for backdoor ports                     [ None found ]
[11:30:38]
[11:30:38] Info: Test 'hidden_ports' disabled at users request.
[11:30:38]
[11:30:38] Performing checks on the network interfaces
[11:30:38] Info: Starting test name 'promisc'
[11:30:38]   Checking for promiscuous interfaces             [ None found ]
[11:30:38]
[11:30:38] Info: Test 'packet_cap_apps' disabled at users request.
[11:30:38]
[11:30:38] Info: Starting test name 'local_host'
[11:30:38] Checking the local host...
[11:30:38]
[11:30:38] Info: Starting test name 'startup_files'
[11:30:38] Performing system boot checks
[11:30:38]   Checking for local host name                    [ Found ]
[11:30:38]
[11:30:38] Info: Starting test name 'startup_malware'
[11:30:38]   Checking for system startup files               [ Found ]
[11:30:40]   Checking system startup files for malware       [ None found ]
[11:30:40]
[11:30:40] Info: Starting test name 'group_accounts'
[11:30:40] Performing group and account checks
[11:30:40]   Checking for passwd file                        [ Found ]
[11:30:40] Info: Found password file: /etc/passwd
[11:30:40]   Checking for root equivalent (UID 0) accounts   [ None found ]
[11:30:40] Info: Found shadow file: /etc/shadow
[11:30:40]   Checking for passwordless accounts              [ Warning ]
[11:30:40] Warning: Found passwordless account in shadow file: caine
[11:30:40]
[11:30:40] Info: Starting test name 'passwd_changes'
[11:30:40]   Checking for passwd file changes                [ None found ]
[11:30:40]
[11:30:40] Info: Starting test name 'group_changes'
[11:30:40]   Checking for group file changes                 [ None found ]
[11:30:40]   Checking root account shell history files       [ OK ]
[11:30:40]
[11:30:40] Info: Starting test name 'system_configs'
[11:30:40] Performing system configuration file checks
[11:30:40]
[11:30:40] Info: Starting test name 'system_configs_ssh'
[11:30:40]   Checking for an SSH configuration file          [ Found ]
[11:30:40] Info: Found an SSH configuration file: /etc/ssh/sshd_config
[11:30:40] Info: Rkhunter option ALLOW_SSH_ROOT_USER set to 'no'.
[11:30:40] Info: Rkhunter option ALLOW_SSH_PROT_V1 set to '2'.
[11:30:40]   Checking if SSH root access is allowed          [ Warning ]
[11:30:40] Warning: The SSH configuration option 'PermitRootLogin' has not been set.
           The default value may be 'yes', to allow root access.
[11:30:40]   Checking if SSH protocol v1 is allowed          [ Not set ]
[11:30:40]   Checking for other suspicious configuration settings [ None found ]
[11:30:40]
[11:30:40] Info: Starting test name 'system_configs_syslog'
[11:30:40]   Checking for a running system logging daemon    [ Found ]
[11:30:40] Info: A running 'rsyslog' daemon has been found.
[11:30:40] Info: A running 'systemd-journald' daemon has been found.
[11:30:40] Info: Found an rsyslog configuration file: /etc/rsyslog.conf
[11:30:40] Info: Found a systemd configuration file: /etc/systemd/journald.conf
[11:30:41]   Checking for a system logging configuration file [ Found ]
[11:30:41]   Checking if syslog remote logging is allowed    [ Not allowed ]
[11:30:41]
[11:30:41] Info: Starting test name 'filesystem'
[11:30:41] Performing filesystem checks
[11:30:41] Info: SCAN_MODE_DEV set to 'THOROUGH'
[11:30:43]   Checking /dev for suspicious file types         [ None found ]
[11:30:43]   Checking for hidden files and directories       [ Warning ]
[11:30:43] Warning: Hidden directory found: /etc/.java
[11:30:43]   Checking for missing log files                  [ Skipped ]
[11:30:43] Info: No missing log file names configured.
[11:30:43]   Checking for empty log files                    [ Skipped ]
[11:30:43] Info: No empty log file names configured.
[11:34:53]
[11:34:53] Info: Test 'apps' disabled at users request.
[11:34:53]
[11:34:53] System checks summary
[11:34:53] =====================
[11:34:53]
[11:34:53] File properties checks...
[11:34:53] Required commands check failed
[11:34:53] Files checked: 152
[11:34:53] Suspect files: 152
[11:34:53]
[11:34:53] Rootkit checks...
[11:34:53] Rootkits checked : 500
[11:34:53] Possible rootkits: 12
[11:34:53]
[11:34:53] Applications checks...
[11:34:53] All checks skipped
[11:34:53]
[11:34:53] The system checks took: 7 minutes and 30 seconds
[11:34:53]
[11:34:53] Info: End date is gio 23 giu 2022, 11.34.53, CEST


Bien, este es el primer log, sin modificar rkhunter, arroja muchos warnings, y los posibles rootkits 12, ahora pondré en el siguiente post el análisis con rkhunter arreglado, desaparecen casi todos los warning,sigue marcando alguno, y los posibles rootkits continuan.

Sigo.
En línea

Verse constantemente expuesto al peligro puede generar desprecio hacia él.
El que resiste, gana
Aníbal sabía como conseguir la victoria, pero no cómo utilizarla
"Houston, tenemos un problema": los detalles y curiosidades tras uno de los mensajes de alarma más famosos de la historia
https://amaltea.wordpress.com/2008/03/06/proverbios-y-refranes-grecolatinos/
Hason


Desconectado Desconectado

Mensajes: 787


Keep calm and use the spiritual force


Ver Perfil WWW
Re: Discos duros cifrados protegidos contra escritura, al conectarlos a la placa base reescriben la bios,rootkit fijo.
« Respuesta #13 en: 28 Junio 2022, 20:11 pm »

Código:
[11:45:22] Info: Starting test name 'properties'
[11:45:22] Performing file properties checks
[11:45:22] Warning: Checking for prerequisites               [ Warning ]
[11:45:22]          No output from the 'lsattr' command - all file immutable-bit checks will be skipped.
[11:45:24]   /usr/local/bin/test                             [ OK ]
[11:45:25]   /usr/sbin/adduser                               [ OK ]
[11:45:25] Info: Found file '/usr/sbin/adduser': it is whitelisted for the 'script replacement' check.
[11:45:25]   /usr/sbin/chroot                                [ OK ]
[11:45:25]   /usr/sbin/cron                                  [ OK ]
[11:45:25]   /usr/sbin/groupadd                              [ OK ]
[11:45:25]   /usr/sbin/groupdel                              [ OK ]
[11:45:25]   /usr/sbin/groupmod                              [ OK ]
[11:45:25]   /usr/sbin/grpck                                 [ OK ]
[11:45:26]   /usr/sbin/nologin                               [ OK ]
[11:45:26]   /usr/sbin/pwck                                  [ OK ]
[11:45:26]   /usr/sbin/rsyslogd                              [ OK ]
[11:45:26]   /usr/sbin/sshd                                  [ OK ]
[11:45:26]   /usr/sbin/useradd                               [ OK ]
[11:45:27]   /usr/sbin/userdel                               [ OK ]
[11:45:27]   /usr/sbin/usermod                               [ OK ]
[11:45:27]   /usr/sbin/vipw                                  [ OK ]
[11:45:27]   /usr/sbin/unhide                                [ OK ]
[11:45:27]   /usr/sbin/unhide-linux                          [ OK ]
[11:45:27]   /usr/sbin/unhide-posix                          [ OK ]
[11:45:27]   /usr/sbin/unhide-tcp                            [ OK ]
[11:45:27]   /usr/bin/awk                                    [ OK ]
[11:45:27]   /usr/bin/basename                               [ OK ]
[11:45:27]   /usr/bin/chattr                                 [ OK ]
[11:45:28]   /usr/bin/cut                                    [ OK ]
[11:45:28]   /usr/bin/diff                                   [ OK ]
[11:45:28]   /usr/bin/dirname                                [ OK ]
[11:45:28]   /usr/bin/dpkg                                   [ OK ]
[11:45:28]   /usr/bin/dpkg-query                             [ OK ]
[11:45:28]   /usr/bin/du                                     [ OK ]
[11:45:28]   /usr/bin/env                                    [ OK ]
[11:45:28]   /usr/bin/file                                   [ OK ]
[11:45:28]   /usr/bin/find                                   [ OK ]
[11:45:28]   /usr/bin/GET                                    [ OK ]
[11:45:28]   /usr/bin/groups                                 [ OK ]
[11:45:28]   /usr/bin/head                                   [ OK ]
[11:45:29]   /usr/bin/id                                     [ OK ]
[11:45:29]   /usr/bin/ipcs                                   [ OK ]
[11:45:29]   /usr/bin/killall                                [ OK ]
[11:45:29]   /usr/bin/last                                   [ OK ]
[11:45:29]   /usr/bin/lastlog                                [ OK ]
[11:45:29]   /usr/bin/ldd                                    [ OK ]
[11:45:29] Info: Found file '/usr/bin/ldd': it is whitelisted for the 'script replacement' check.
[11:45:29]   /usr/bin/less                                   [ OK ]
[11:45:29]   /usr/bin/locate                                 [ OK ]
[11:45:29]   /usr/bin/logger                                 [ OK ]
[11:45:29]   /usr/bin/lsattr                                 [ OK ]
[11:45:29]   /usr/bin/lsof                                   [ OK ]
[11:45:29]   /usr/bin/mail                                   [ OK ]
[11:45:30]   /usr/bin/md5sum                                 [ OK ]
[11:45:30]   /usr/bin/mlocate                                [ OK ]
[11:45:30]   /usr/bin/newgrp                                 [ OK ]
[11:45:30]   /usr/bin/passwd                                 [ OK ]
[11:45:30]   /usr/bin/perl                                   [ OK ]
[11:45:30]   /usr/bin/pgrep                                  [ OK ]
[11:45:30]   /usr/bin/pkill                                  [ OK ]
[11:45:30]   /usr/bin/pstree                                 [ OK ]
[11:45:30]   /usr/bin/rkhunter                               [ OK ]
[11:45:30]   /usr/bin/rpm                                    [ OK ]
[11:45:30]   /usr/bin/runcon                                 [ OK ]
[11:45:31]   /usr/bin/sha1sum                                [ OK ]
[11:45:31]   /usr/bin/sha224sum                              [ OK ]
[11:45:31]   /usr/bin/sha256sum                              [ OK ]
[11:45:31]   /usr/bin/sha384sum                              [ OK ]
[11:45:31]   /usr/bin/sha512sum                              [ OK ]
[11:45:31]   /usr/bin/size                                   [ OK ]
[11:45:31]   /usr/bin/sort                                   [ OK ]
[11:45:31]   /usr/bin/ssh                                    [ OK ]
[11:45:31]   /usr/bin/stat                                   [ OK ]
[11:45:31]   /usr/bin/strace                                 [ OK ]
[11:45:31]   /usr/bin/strings                                [ OK ]
[11:45:31]   /usr/bin/sudo                                   [ OK ]
[11:45:32]   /usr/bin/tail                                   [ OK ]
[11:45:32]   /usr/bin/telnet                                 [ OK ]
[11:45:32]   /usr/bin/test                                   [ OK ]
[11:45:32]   /usr/bin/top                                    [ OK ]
[11:45:32]   /usr/bin/touch                                  [ OK ]
[11:45:32]   /usr/bin/tr                                     [ OK ]
[11:45:32]   /usr/bin/uniq                                   [ OK ]
[11:45:32]   /usr/bin/users                                  [ OK ]
[11:45:32]   /usr/bin/vmstat                                 [ OK ]
[11:45:32]   /usr/bin/w                                      [ OK ]
[11:45:32]   /usr/bin/watch                                  [ OK ]
[11:45:32]   /usr/bin/wc                                     [ OK ]
[11:45:32]   /usr/bin/wget                                   [ OK ]
[11:45:33]   /usr/bin/whatis                                 [ OK ]
[11:45:33]   /usr/bin/whereis                                [ OK ]
[11:45:33]   /usr/bin/which                                  [ OK ]
[11:45:33]   /usr/bin/who                                    [ OK ]
[11:45:33]   /usr/bin/whoami                                 [ OK ]
[11:45:33]   /usr/bin/numfmt                                 [ OK ]
[11:45:33]   /usr/bin/gawk                                   [ OK ]
[11:45:33]   /usr/bin/lwp-request                            [ Warning ]
[11:45:33] Warning: The command '/usr/bin/lwp-request' has been replaced by a script: /usr/bin/lwp-request: Perl script text executable
[11:45:33]   /usr/bin/mail.mailutils                         [ OK ]
[11:45:33]   /usr/bin/x86_64-linux-gnu-size                  [ OK ]
[11:45:33]   /usr/bin/x86_64-linux-gnu-strings               [ OK ]
[11:45:33]   /usr/bin/telnet.netkit                          [ OK ]
[11:45:33]   /usr/bin/w.procps                               [ OK ]
[11:45:34]   /sbin/depmod                                    [ OK ]
[11:45:34]   /sbin/fsck                                      [ OK ]
[11:45:34]   /sbin/ifconfig                                  [ OK ]
[11:45:34]   /sbin/ifdown                                    [ OK ]
[11:45:34]   /sbin/ifup                                      [ OK ]
[11:45:34]   /sbin/init                                      [ OK ]
[11:45:34]   /sbin/insmod                                    [ OK ]
[11:45:34]   /sbin/ip                                        [ OK ]
[11:45:35]   /sbin/lsmod                                     [ OK ]
[11:45:35]   /sbin/modinfo                                   [ OK ]
[11:45:35]   /sbin/modprobe                                  [ OK ]
[11:45:35]   /sbin/rmmod                                     [ OK ]
[11:45:35]   /sbin/route                                     [ OK ]
[11:45:35]   /sbin/runlevel                                  [ OK ]
[11:45:35]   /sbin/sulogin                                   [ OK ]
[11:45:36]   /sbin/sysctl                                    [ OK ]
[11:45:36]   /bin/bash                                       [ OK ]
[11:45:36]   /bin/cat                                        [ OK ]
[11:45:36]   /bin/chmod                                      [ OK ]
[11:45:36]   /bin/chown                                      [ OK ]
[11:45:36]   /bin/cp                                         [ OK ]
[11:45:36]   /bin/date                                       [ OK ]
[11:45:36]   /bin/df                                         [ OK ]
[11:45:37]   /bin/dmesg                                      [ OK ]
[11:45:37]   /bin/echo                                       [ OK ]
[11:45:37]   /bin/ed                                         [ OK ]
[11:45:37]   /bin/egrep                                      [ OK ]
[11:45:37] Info: Found file '/bin/egrep': it is whitelisted for the 'script replacement' check.
[11:45:37]   /bin/fgrep                                      [ OK ]
[11:45:37] Info: Found file '/bin/fgrep': it is whitelisted for the 'script replacement' check.
[11:45:37]   /bin/fuser                                      [ OK ]
[11:45:37]   /bin/grep                                       [ OK ]
[11:45:37]   /bin/ip                                         [ OK ]
[11:45:37]   /bin/kill                                       [ OK ]
[11:45:37]   /bin/less                                       [ OK ]
[11:45:38]   /bin/login                                      [ OK ]
[11:45:38]   /bin/ls                                         [ OK ]
[11:45:38]   /bin/lsmod                                      [ OK ]
[11:45:38]   /bin/mktemp                                     [ OK ]
[11:45:38]   /bin/more                                       [ OK ]
[11:45:38]   /bin/mount                                      [ OK ]
[11:45:38]   /bin/mv                                         [ OK ]
[11:45:38]   /bin/netstat                                    [ OK ]
[11:45:38]   /bin/ping                                       [ OK ]
[11:45:38]   /bin/ps                                         [ OK ]
[11:45:38]   /bin/pwd                                        [ OK ]
[11:45:39]   /bin/readlink                                   [ OK ]
[11:45:39]   /bin/sed                                        [ OK ]
[11:45:39]   /bin/sh                                         [ OK ]
[11:45:39]   /bin/su                                         [ OK ]
[11:45:39]   /bin/touch                                      [ OK ]
[11:45:39]   /bin/uname                                      [ OK ]
[11:45:39]   /bin/which                                      [ OK ]
[11:45:39] Info: Found file '/bin/which': it is whitelisted for the 'script replacement' check.
[11:45:40]   /bin/kmod                                       [ OK ]
[11:45:40]   /bin/systemd                                    [ OK ]
[11:45:40]   /bin/systemctl                                  [ OK ]
[11:45:40]   /bin/dash                                       [ OK ]
[11:45:44]   /lib/systemd/systemd                            [ OK ]
[11:45:47]
[11:45:47] Info: Starting test name 'rootkits'
[11:45:47] Checking for rootkits...
[11:45:47]
[11:45:47] Info: Starting test name 'known_rkts'
[11:45:47] Performing check of known rootkit files and directories
[11:45:47]
[11:45:47] Checking for 55808 Trojan - Variant A...
[11:45:47]   Checking for file '/tmp/.../r'                  [ Not found ]
[11:45:47]   Checking for file '/tmp/.../a'                  [ Not found ]
[11:45:47] 55808 Trojan - Variant A                          [ Not found ]
[11:45:47]
[11:45:47] Checking for ADM Worm...
[11:45:47]   Checking for string 'w0rm'                      [ Not found ]
[11:45:47] ADM Worm                                          [ Not found ]
[11:45:47]
[11:45:47] Checking for AjaKit Rootkit...
[11:45:47]   Checking for file '/dev/tux/.addr'              [ Not found ]
[11:45:47]   Checking for file '/dev/tux/.proc'              [ Not found ]
[11:45:47]   Checking for file '/dev/tux/.file'              [ Not found ]
[11:45:47]   Checking for file '/lib/.libgh-gh/cleaner'      [ Not found ]
[11:45:47]   Checking for file '/lib/.libgh-gh/Patch/patch'  [ Not found ]
[11:45:47]   Checking for file '/lib/.libgh-gh/sb0k'         [ Not found ]
[11:45:47]   Checking for directory '/dev/tux'               [ Not found ]
[11:45:47]   Checking for directory '/lib/.libgh-gh'         [ Not found ]
[11:45:47] AjaKit Rootkit                                    [ Not found ]
[11:45:47]
[11:45:47] Checking for Adore Rootkit...
[11:45:47]   Checking for file '/usr/secure'                 [ Not found ]
[11:45:47]   Checking for file '/usr/doc/sys/qrt'            [ Not found ]
[11:45:47]   Checking for file '/usr/doc/sys/run'            [ Not found ]
[11:45:47]   Checking for file '/usr/doc/sys/crond'          [ Not found ]
[11:45:47]   Checking for file '/usr/sbin/kfd'               [ Not found ]
[11:45:47]   Checking for file '/usr/doc/kern/var'           [ Not found ]
[11:45:47]   Checking for file '/usr/doc/kern/string.o'      [ Not found ]
[11:45:47]   Checking for file '/usr/doc/kern/ava'           [ Not found ]
[11:45:47]   Checking for file '/usr/doc/kern/adore.o'       [ Not found ]
[11:45:47]   Checking for file '/var/log/ssh/old'            [ Not found ]
[11:45:47]   Checking for directory '/lib/security/.config/ssh' [ Not found ]
[11:45:48]   Checking for directory '/usr/doc/kern'          [ Not found ]
[11:45:48]   Checking for directory '/usr/doc/backup'        [ Not found ]
[11:45:48]   Checking for directory '/usr/doc/backup/txt'    [ Not found ]
[11:45:48]   Checking for directory '/lib/backup'            [ Not found ]
[11:45:48]   Checking for directory '/lib/backup/txt'        [ Not found ]
[11:45:48]   Checking for directory '/usr/doc/work'          [ Not found ]
[11:45:48]   Checking for directory '/usr/doc/sys'           [ Not found ]
[11:45:48]   Checking for directory '/var/log/ssh'           [ Not found ]
[11:45:48]   Checking for directory '/usr/doc/.spool'        [ Not found ]
[11:45:48]   Checking for directory '/usr/lib/kterm'         [ Not found ]
[11:45:48] Adore Rootkit                                     [ Not found ]
[11:45:48]
[11:45:48] Checking for aPa Kit...
[11:45:48]   Checking for file '/usr/share/.aPa'             [ Not found ]
[11:45:48] aPa Kit                                           [ Not found ]
[11:45:48]
[11:45:48] Checking for Apache Worm...
[11:45:48]   Checking for file '/bin/.log'                   [ Not found ]
[11:45:48] Apache Worm                                       [ Not found ]
[11:45:48]
[11:45:48] Checking for Ambient (ark) Rootkit...
[11:45:48]   Checking for file '/usr/lib/.ark?'              [ Not found ]
[11:45:48]   Checking for file '/dev/ptyxx/.log'             [ Not found ]
[11:45:48]   Checking for file '/dev/ptyxx/.file'            [ Not found ]
[11:45:48]   Checking for file '/dev/ptyxx/.proc'            [ Not found ]
[11:45:48]   Checking for file '/dev/ptyxx/.addr'            [ Not found ]
[11:45:48]   Checking for directory '/dev/ptyxx'             [ Not found ]
[11:45:48] Ambient (ark) Rootkit                             [ Not found ]
[11:45:48]
[11:45:48] Checking for Balaur Rootkit...
[11:45:48]   Checking for file '/usr/lib/liblog.o'           [ Not found ]
[11:45:48]   Checking for directory '/usr/lib/.kinetic'      [ Not found ]
[11:45:48]   Checking for directory '/usr/lib/.egcs'         [ Not found ]
[11:45:48]   Checking for directory '/usr/lib/.wormie'       [ Not found ]
[11:45:48] Balaur Rootkit                                    [ Not found ]
[11:45:48]
[11:45:48] Checking for BeastKit Rootkit...
[11:45:48]   Checking for file '/usr/sbin/arobia'            [ Not found ]
[11:45:48]   Checking for file '/usr/sbin/idrun'             [ Not found ]
[11:45:48]   Checking for file '/usr/lib/elm/arobia/elm'     [ Not found ]
[11:45:48]   Checking for file '/usr/lib/elm/arobia/elm/hk'  [ Not found ]
[11:45:48]   Checking for file '/usr/lib/elm/arobia/elm/hk.pub' [ Not found ]
[11:45:48]   Checking for file '/usr/lib/elm/arobia/elm/sc'  [ Not found ]
[11:45:48]   Checking for file '/usr/lib/elm/arobia/elm/sd.pp' [ Not found ]
[11:45:48]   Checking for file '/usr/lib/elm/arobia/elm/sdco' [ Not found ]
[11:45:48]   Checking for file '/usr/lib/elm/arobia/elm/srsd' [ Not found ]
[11:45:48]   Checking for directory '/lib/ldd.so/bktools'    [ Not found ]
[11:45:48] BeastKit Rootkit                                  [ Not found ]
[11:45:48]
[11:45:48] Checking for beX2 Rootkit...
[11:45:48]   Checking for file '/usr/info/termcap.info-5.gz' [ Not found ]
[11:45:48]   Checking for file '/usr/bin/sshd2'              [ Not found ]
[11:45:48]   Checking for directory '/usr/include/bex'       [ Not found ]
[11:45:48] beX2 Rootkit                                      [ Not found ]
[11:45:48]
[11:45:48] Checking for BOBKit Rootkit...
[11:45:48]   Checking for file '/usr/sbin/ntpsx'             [ Not found ]
[11:45:48]   Checking for file '/usr/sbin/.../bkit-ava'      [ Not found ]
[11:45:48]   Checking for file '/usr/sbin/.../bkit-d'        [ Not found ]
[11:45:48]   Checking for file '/usr/sbin/.../bkit-shd'      [ Not found ]
[11:45:48]   Checking for file '/usr/sbin/.../bkit-f'        [ Not found ]
[11:45:48]   Checking for file '/usr/include/.../proc.h'     [ Not found ]
[11:45:48]   Checking for file '/usr/include/.../.bash_history' [ Not found ]
[11:45:48]   Checking for file '/usr/include/.../bkit-get'   [ Not found ]
[11:45:48]   Checking for file '/usr/include/.../bkit-dl'    [ Not found ]
[11:45:49]   Checking for file '/usr/include/.../bkit-screen' [ Not found ]
[11:45:49]   Checking for file '/usr/include/.../bkit-sleep' [ Not found ]
[11:45:49]   Checking for file '/usr/lib/.../bkit-adore.o'   [ Not found ]
[11:45:49]   Checking for file '/usr/lib/.../ls'             [ Not found ]
[11:45:49]   Checking for file '/usr/lib/.../netstat'        [ Not found ]
[11:45:49]   Checking for file '/usr/lib/.../lsof'           [ Not found ]
[11:45:49]   Checking for file '/usr/lib/.../bkit-ssh/bkit-shdcfg' [ Not found ]
[11:45:49]   Checking for file '/usr/lib/.../bkit-ssh/bkit-shhk' [ Not found ]
[11:45:49]   Checking for file '/usr/lib/.../bkit-ssh/bkit-pw' [ Not found ]
[11:45:49]   Checking for file '/usr/lib/.../bkit-ssh/bkit-shrs' [ Not found ]
[11:45:49]   Checking for file '/usr/lib/.../bkit-ssh/bkit-mots' [ Not found ]
[11:45:49]   Checking for file '/usr/lib/.../uconf.inv'      [ Not found ]
[11:45:49]   Checking for file '/usr/lib/.../psr'            [ Not found ]
[11:45:49]   Checking for file '/usr/lib/.../find'           [ Not found ]
[11:45:49]   Checking for file '/usr/lib/.../pstree'         [ Not found ]
[11:45:49]   Checking for file '/usr/lib/.../slocate'        [ Not found ]
[11:45:49]   Checking for file '/usr/lib/.../du'             [ Not found ]
[11:45:49]   Checking for file '/usr/lib/.../top'            [ Not found ]
[11:45:49]   Checking for directory '/usr/sbin/...'          [ Not found ]
[11:45:49]   Checking for directory '/usr/include/...'       [ Not found ]
[11:45:49]   Checking for directory '/usr/include/.../.tmp'  [ Not found ]
[11:45:49]   Checking for directory '/usr/lib/...'           [ Not found ]
[11:45:49]   Checking for directory '/usr/lib/.../.ssh'      [ Not found ]
[11:45:49]   Checking for directory '/usr/lib/.../bkit-ssh'  [ Not found ]
[11:45:49]   Checking for directory '/usr/lib/.bkit-'        [ Not found ]
[11:45:49]   Checking for directory '/tmp/.bkp'              [ Not found ]
[11:45:49] BOBKit Rootkit                                    [ Not found ]
[11:45:49]
[11:45:49] Checking for cb Rootkit...
[11:45:49]   Checking for file '/dev/srd0'                   [ Not found ]
[11:45:49]   Checking for file '/lib/libproc.so.2.0.6'       [ Not found ]
[11:45:49]   Checking for file '/dev/mounnt'                 [ Not found ]
[11:45:49]   Checking for file '/etc/rc.d/init.d/init'       [ Not found ]
[11:45:49]   Checking for file '/usr/bin/.zeen/..<SP>/cl'    [ Not found ]
[11:45:49]   Checking for file '/usr/bin/.zeen/..<SP>/.x.tgz' [ Not found ]
[11:45:49]   Checking for file '/usr/bin/.zeen/..<SP>/statdx' [ Not found ]
[11:45:49]   Checking for file '/usr/bin/.zeen/..<SP>/wted'  [ Not found ]
[11:45:49]   Checking for file '/usr/bin/.zeen/..<SP>/write' [ Not found ]
[11:45:49]   Checking for file '/usr/bin/.zeen/..<SP>/scan'  [ Not found ]
[11:45:49]   Checking for file '/usr/bin/.zeen/..<SP>/sc'    [ Not found ]
[11:45:49]   Checking for file '/usr/bin/.zeen/..<SP>/sl2'   [ Not found ]
[11:45:49]   Checking for file '/usr/bin/.zeen/..<SP>/wroot' [ Not found ]
[11:45:49]   Checking for file '/usr/bin/.zeen/..<SP>/wscan' [ Not found ]
[11:45:49]   Checking for file '/usr/bin/.zeen/..<SP>/wu'    [ Not found ]
[11:45:49]   Checking for file '/usr/bin/.zeen/..<SP>/v'     [ Not found ]
[11:45:49]   Checking for file '/usr/bin/.zeen/..<SP>/read'  [ Not found ]
[11:45:49]   Checking for file '/usr/lib/sshrc'              [ Not found ]
[11:45:49]   Checking for file '/usr/lib/ssh_host_key'       [ Not found ]
[11:45:49]   Checking for file '/usr/lib/ssh_host_key.pub'   [ Not found ]
[11:45:49]   Checking for file '/usr/lib/ssh_random_seed'    [ Not found ]
[11:45:49]   Checking for file '/usr/lib/sshd_config'        [ Not found ]
[11:45:49]   Checking for file '/usr/lib/shosts.equiv'       [ Not found ]
[11:45:49]   Checking for file '/usr/lib/ssh_known_hosts'    [ Not found ]
[11:45:49]   Checking for file '/u/zappa/.ssh/pid'           [ Not found ]
[11:45:49]   Checking for file '/usr/bin/.system/..<SP>/tcp.log' [ Not found ]
[11:45:49]   Checking for file '/usr/bin/.zeen/..<SP>/curatare/attrib' [ Not found ]
[11:45:49]   Checking for file '/usr/bin/.zeen/..<SP>/curatare/chattr' [ Not found ]
[11:45:49]   Checking for file '/usr/bin/.zeen/..<SP>/curatare/ps' [ Not found ]
[11:45:50]   Checking for file '/usr/bin/.zeen/..<SP>/curatare/pstree' [ Not found ]
[11:45:50]   Checking for file '/usr/bin/.system/..<SP>/.x/xC.o' [ Not found ]
[11:45:50]   Checking for directory '/usr/bin/.zeen'         [ Not found ]
[11:45:50]   Checking for directory '/usr/bin/.zeen/..<SP>/curatare' [ Not found ]
[11:45:50]   Checking for directory '/usr/bin/.zeen/..<SP>/scan' [ Not found ]
[11:45:50]   Checking for directory '/usr/bin/.system/..<SP>' [ Not found ]
[11:45:50] cb Rootkit                                        [ Not found ]
[11:45:50]
[11:45:50] Checking for CiNIK Worm (Slapper.B variant)...
[11:45:50]   Checking for file '/tmp/.cinik'                 [ Not found ]
[11:45:50]   Checking for directory '/tmp/.font-unix/.cinik' [ Not found ]
[11:45:50] CiNIK Worm (Slapper.B variant)                    [ Not found ]
[11:45:50]
[11:45:50] Checking for Danny-Boy's Abuse Kit...
[11:45:50]   Checking for file '/dev/mdev'                   [ Not found ]
[11:45:50]   Checking for file '/usr/lib/libX.a'             [ Not found ]
[11:45:50] Danny-Boy's Abuse Kit                             [ Not found ]
[11:45:50]
[11:45:50] Checking for Devil RootKit...
[11:45:50]   Checking for file '/var/lib/games/.src'         [ Not found ]
[11:45:50]   Checking for file '/dev/dsx'                    [ Not found ]
[11:45:50]   Checking for file '/dev/caca'                   [ Not found ]
[11:45:50]   Checking for file '/dev/pro'                    [ Not found ]
[11:45:50]   Checking for file '/bin/bye'                    [ Not found ]
[11:45:50]   Checking for file '/bin/homedir'                [ Not found ]
[11:45:50]   Checking for file '/usr/bin/xfss'               [ Not found ]
[11:45:50]   Checking for file '/usr/sbin/tzava'             [ Not found ]

Voy a poner el final, me estoy dejando muchas partes, pero pongo lo más destacable, hubiera podido ponerlo todo por partes, pero vaya lio llevo así, podías dejar poner más carácteres de escritura en el foro, por que me hubiera gustado mucho poder postear los logs completos, por que me estoy liando yo mismo.

sigo en el siguiente post con el final del analisis con rkhunter ok arreglado, como podeis ver, aquí marca menos warnings, pero marca, y  precisamente esos que marca me dan problemas.

Continuo.
En línea

Verse constantemente expuesto al peligro puede generar desprecio hacia él.
El que resiste, gana
Aníbal sabía como conseguir la victoria, pero no cómo utilizarla
"Houston, tenemos un problema": los detalles y curiosidades tras uno de los mensajes de alarma más famosos de la historia
https://amaltea.wordpress.com/2008/03/06/proverbios-y-refranes-grecolatinos/
Hason


Desconectado Desconectado

Mensajes: 787


Keep calm and use the spiritual force


Ver Perfil WWW
Re: Discos duros cifrados protegidos contra escritura, al conectarlos a la placa base reescriben la bios,rootkit fijo.
« Respuesta #14 en: 28 Junio 2022, 20:19 pm »

Citar
[ Not found ]
[11:46:03] Vampire Rootkit                                   [ Not found ]
[11:46:03]
[11:46:03] Checking for VcKit Rootkit...
[11:46:03]   Checking for directory '/usr/include/linux/modules/lib.so' [ Not found ]
[11:46:03]   Checking for directory '/usr/include/linux/modules/lib.so/bin' [ Not found ]
[11:46:03] VcKit Rootkit                                     [ Not found ]
[11:46:03]
[11:46:03] Checking for Volc Rootkit...
[11:46:03]   Checking for file '/usr/bin/volc'               [ Not found ]
[11:46:03]   Checking for file '/usr/lib/volc/backdoor/divine' [ Not found ]
[11:46:03]   Checking for file '/usr/lib/volc/linsniff'      [ Not found ]
[11:46:03]   Checking for file '/etc/rc.d/rc1.d/S25sysconf'  [ Not found ]
[11:46:03]   Checking for file '/etc/rc.d/rc2.d/S25sysconf'  [ Not found ]
[11:46:03]   Checking for file '/etc/rc.d/rc3.d/S25sysconf'  [ Not found ]
[11:46:03]   Checking for file '/etc/rc.d/rc4.d/S25sysconf'  [ Not found ]
[11:46:03]   Checking for file '/etc/rc.d/rc5.d/S25sysconf'  [ Not found ]
[11:46:03]   Checking for directory '/var/spool/.recent'     [ Not found ]
[11:46:03]   Checking for directory '/var/spool/.recent/.files' [ Not found ]
[11:46:03]   Checking for directory '/usr/lib/volc'          [ Not found ]
[11:46:03]   Checking for directory '/usr/lib/volc/backup'   [ Not found ]
[11:46:03] Volc Rootkit                                      [ Not found ]
[11:46:04]
[11:46:04] Checking for Xzibit Rootkit...
[11:46:04]   Checking for file '/dev/dsx'                    [ Not found ]
[11:46:04]   Checking for file '/dev/caca'                   [ Not found ]
[11:46:04]   Checking for file '/dev/ida/.inet/linsniffer'   [ Not found ]
[11:46:04]   Checking for file '/dev/ida/.inet/logclear'     [ Not found ]
[11:46:04]   Checking for file '/dev/ida/.inet/sense'        [ Not found ]
[11:46:04]   Checking for file '/dev/ida/.inet/sl2'          [ Not found ]
[11:46:04]   Checking for file '/dev/ida/.inet/sshdu'        [ Not found ]
[11:46:04]   Checking for file '/dev/ida/.inet/s'            [ Not found ]
[11:46:04]   Checking for file '/dev/ida/.inet/ssh_host_key' [ Not found ]
[11:46:04]   Checking for file '/dev/ida/.inet/ssh_random_seed' [ Not found ]
[11:46:04]   Checking for file '/dev/ida/.inet/sl2new.c'     [ Not found ]
[11:46:04]   Checking for file '/dev/ida/.inet/tcp.log'      [ Not found ]
[11:46:04]   Checking for file '/home/httpd/cgi-bin/becys.cgi' [ Not found ]
[11:46:04]   Checking for file '/usr/local/httpd/cgi-bin/becys.cgi' [ Not found ]
[11:46:04]   Checking for file '/usr/local/apache/cgi-bin/becys.cgi' [ Not found ]
[11:46:04]   Checking for file '/www/httpd/cgi-bin/becys.cgi' [ Not found ]
[11:46:04]   Checking for file '/www/cgi-bin/becys.cgi'      [ Not found ]
[11:46:04]   Checking for directory '/dev/ida/.inet'         [ Not found ]
[11:46:04] Xzibit Rootkit                                    [ Not found ]
[11:46:04]
[11:46:04] Checking for zaRwT.KiT Rootkit...
[11:46:04]   Checking for file '/dev/rd/s/sendmeil'          [ Not found ]
[11:46:04]   Checking for file '/dev/ttyf'                   [ Not found ]
[11:46:04]   Checking for file '/dev/ttyp'                   [ Not found ]
[11:46:04]   Checking for file '/dev/ttyn'                   [ Not found ]
[11:46:04]   Checking for file '/rk/tulz'                    [ Not found ]
[11:46:04]   Checking for directory '/rk'                    [ Not found ]
[11:46:04]   Checking for directory '/dev/rd/s'              [ Not found ]
[11:46:04] zaRwT.KiT Rootkit                                 [ Not found ]
[11:46:04]
[11:46:04] Checking for ZK Rootkit...
[11:46:04]   Checking for file '/usr/share/.zk/zk'           [ Not found ]
[11:46:04]   Checking for file '/usr/X11R6/.zk/xfs'          [ Not found ]
[11:46:04]   Checking for file '/usr/X11R6/.zk/echo'         [ Not found ]
[11:46:04]   Checking for file '/etc/1ssue.net'              [ Not found ]
[11:46:04]   Checking for file '/etc/sysconfig/console/load.zk' [ Not found ]
[11:46:04]   Checking for directory '/usr/share/.zk'         [ Not found ]
[11:46:04]   Checking for directory '/usr/X11R6/.zk'         [ Not found ]
[11:46:04] ZK Rootkit                                        [ Not found ]
[11:46:06]
[11:46:06] Info: Starting test name 'additional_rkts'
[11:46:06] Performing additional rootkit checks
[11:46:06]
[11:46:06]   Performing Suckit Rootkit additional checks
[11:46:06]     Checking hard link count on '/sbin/init'      [ OK ]
[11:46:06]     Checking for hidden file extensions           [ None found ]
[11:46:06]     Running skdet command                         [ Skipped ]
[11:46:06] Info: Unable to find the 'skdet' command
[11:46:06]   Suckit Rootkit additional checks                [ OK ]
[11:46:06]
[11:46:06] Info: Starting test name 'possible_rkt_files'
[11:46:06]   Performing check of possible rootkit files and directories
[11:46:06]     Checking for file '/dev/sdr0'                 [ Not found ]
[11:46:06]     Checking for file '/dev/pisu'                 [ Not found ]
[11:46:06]     Checking for file '/dev/xdta'                 [ Not found ]
[11:46:06]     Checking for file '/dev/saux'                 [ Not found ]
[11:46:06]     Checking for file '/dev/hdx'                  [ Not found ]
[11:46:06]     Checking for file '/dev/hdx1'                 [ Not found ]
[11:46:06]     Checking for file '/dev/hdx2'                 [ Not found ]
[11:46:06]     Checking for file '/dev/ptyy'                 [ Not found ]
[11:46:06]     Checking for file '/dev/ptyu'                 [ Not found ]
[11:46:06]     Checking for file '/dev/ptyv'                 [ Not found ]
[11:46:06]     Checking for file '/dev/hdbb'                 [ Not found ]
[11:46:06]     Checking for file '/tmp/.syshackfile'         [ Not found ]
[11:46:06]     Checking for file '/tmp/.bash_history'        [ Not found ]
[11:46:06]     Checking for file '/usr/info/.clib'           [ Not found ]
[11:46:06]     Checking for file '/usr/sbin/tcp.log'         [ Not found ]
[11:46:06]     Checking for file '/usr/bin/take/pid'         [ Not found ]
[11:46:06]     Checking for file '/sbin/create'              [ Not found ]
[11:46:06]     Checking for file '/dev/ttypz'                [ Not found ]
[11:46:06]     Checking for file '/var/log/tcp.log'          [ Not found ]
[11:46:06]     Checking for file '/usr/include/audit.h'      [ Not found ]
[11:46:06]     Checking for file '/usr/bin/sourcemask'       [ Not found ]
[11:46:06]     Checking for file '/usr/bin/ras2xm'           [ Not found ]
[11:46:06]     Checking for file '/dev/xmx'                  [ Not found ]
[11:46:06]     Checking for file '/usr/sbin/gpm.root'        [ Not found ]
[11:46:06]     Checking for file '/bin/vobiscum'             [ Not found ]
[11:46:06]     Checking for file '/bin/psr'                  [ Not found ]
[11:46:06]     Checking for file '/dev/kdx'                  [ Not found ]
[11:46:06]     Checking for file '/dev/dkx'                  [ Not found ]
[11:46:06]     Checking for file '/usr/sbin/sshd3'           [ Not found ]
[11:46:06]     Checking for file '/usr/sbin/jcd'             [ Not found ]
[11:46:06]     Checking for file '/usr/sbin/atd2'            [ Not found ]
[11:46:06]     Checking for file '/home/httpd/cgi-bin/linux.cgi' [ Not found ]
[11:46:07]     Checking for file '/home/httpd/cgi-bin/psid'  [ Not found ]
[11:46:07]     Checking for file '/home/httpd/cgi-bin/void.cgi' [ Not found ]
[11:46:07]     Checking for file '/etc/rc.d/init.d/system'   [ Not found ]
[11:46:07]     Checking for file '/etc/rc.d/rc3.d/S93users'  [ Not found ]
[11:46:07]     Checking for file '/tmp/.ush'                 [ Not found ]
[11:46:07]     Checking for file '/usr/lib/libhidefile.so'   [ Not found ]
[11:46:07]     Checking for file '/etc/cron.d/kmod'          [ Not found ]
[11:46:07]     Checking for file '/usr/lib/dmis/dmisd'       [ Not found ]
[11:46:07]     Checking for file '/lib/secure/libhij.so'     [ Not found ]
[11:46:07]     Checking for file '/usr/sbin/sshd3'           [ Not found ]
[11:46:07]     Checking for file '/etc/rc.d/init.d/crontab'  [ Not found ]
[11:46:07]     Checking for file '/etc/rc.d/init.d/jcd'      [ Not found ]
[11:46:07]     Checking for file '/usr/sbin/atd2'            [ Not found ]
[11:46:07]     Checking for file '/etc/rc.d/rc5.d/S93users'  [ Not found ]
[11:46:07]     Checking for file '/usr/include/mysql/mysql.hh1' [ Not found ]
[11:46:07]     Checking for file '/etc/init.d/xfs3'          [ Not found ]
[11:46:07]     Checking for file '/usr/sbin/t.txt'           [ Not found ]
[11:46:07]     Checking for file '/usr/sbin/change'          [ Not found ]
[11:46:07]     Checking for file '/usr/sbin/s'               [ Not found ]
[11:46:07]     Checking for file '/bin/f'                    [ Not found ]
[11:46:07]     Checking for file '/bin/i'                    [ Not found ]
[11:46:07]     Checking for file '/lib/libncom.so.4.0.1'     [ Not found ]
[11:46:07]     Checking for file '/sbin/zinit'               [ Not found ]
[11:46:07]     Checking for file '/tmp/pass_ssh.log'         [ Not found ]
[11:46:07]     Checking for file '/usr/include/gpm2.h'       [ Not found ]
[11:46:07]     Checking for file '/etc/ssh/.sshd_auth'       [ Not found ]
[11:46:07]     Checking for file '/usr/lib/.sshd.h'          [ Not found ]
[11:46:07]     Checking for file '/var/run/.defunct'         [ Not found ]
[11:46:07]     Checking for file '/etc/httpd/run/.defunct'   [ Not found ]
[11:46:07]     Checking for file '/usr/share/pci.r'          [ Not found ]
[11:46:07]     Checking for file '/etc/cron.daily/dnsquery'  [ Not found ]
[11:46:07]     Checking for file '/usr/lib/libutil1.2.1.2.so' [ Not found ]
[11:46:07]     Checking for file '/usr/lib/libppopen.so'     [ Not found ]
[11:46:07]     Checking for file '/usr/include/libutil2.1.h' [ Not found ]
[11:46:07]     Checking for file '/usr/bin/munchhausen'      [ Not found ]
[11:46:07]     Checking for file '/bin/ceva'                 [ Not found ]
[11:46:07]     Checking for file '/sbin/syslogd<SP>'         [ Not found ]
[11:46:07]     Checking for file '/usr/include/shup.h'       [ Not found ]
[11:46:07]     Checking for file '/etc/rpm/sshdOLD'          [ Not found ]
[11:46:07]     Checking for file '/etc/rpm/sshOLD'           [ Not found ]
[11:46:07]     Checking for file '/usr/share/passwd.h'       [ Not found ]
[11:46:08]     Checking for file '/lib/.xsyslog'             [ Not found ]
[11:46:08]     Checking for file '/etc/.xsyslog'             [ Not found ]
[11:46:08]     Checking for file '/lib/.ssyslog'             [ Not found ]
[11:46:08]     Checking for file '/tmp/.sendmail'            [ Not found ]
[11:46:08]     Checking for file '/usr/share/sshd.sync'      [ Not found ]
[11:46:08]     Checking for file '/bin/zcut'                 [ Not found ]
[11:46:08]     Checking for file '/usr/bin/zmuie'            [ Not found ]
[11:46:08]     Checking for file '/lib/libkeyutils.so.1.9'   [ Not found ]
[11:46:08]     Checking for file '/lib64/libkeyutils.so.1.9' [ Not found ]
[11:46:08]     Checking for file '/usr/lib/libkeyutils.so.1.9' [ Not found ]
[11:46:08]     Checking for file '/usr/lib64/libkeyutils.so.1.9' [ Not found ]
[11:46:08]     Checking for file '/IptabLes'                 [ Not found ]
[11:46:08]     Checking for file '/.IptabLex'                [ Not found ]
[11:46:08]     Checking for file '/boot/.IptabLex'           [ Not found ]
[11:46:08]     Checking for file '/boot/.IptabLes'           [ Not found ]
[11:46:08]     Checking for file '/boot/IptabLes'            [ Not found ]
[11:46:08]     Checking for file '/tmp/IptabLes'             [ Not found ]
[11:46:08]     Checking for file '/etc/rc.d/init.d/IptabLex' [ Not found ]
[11:46:08]     Checking for file '/etc/rc.d/init.d/IptabLes' [ Not found ]
[11:46:08]     Checking for file '/etc/rc.d/rc0.d/S55IptabLex' [ Not found ]
[11:46:08]     Checking for file '/etc/rc.d/rc1.d/S55IptabLex' [ Not found ]
[11:46:08]     Checking for file '/etc/rc.d/rc2.d/S55IptabLex' [ Not found ]
[11:46:08]     Checking for file '/etc/rc.d/rc3.d/S55IptabLex' [ Not found ]
[11:46:08]     Checking for file '/etc/rc.d/rc4.d/S55IptabLex' [ Not found ]
[11:46:08]     Checking for file '/etc/rc.d/rc5.d/S55IptabLex' [ Not found ]
[11:46:08]     Checking for file '/etc/rc.d/rc6.d/S55IptabLex' [ Not found ]
[11:46:08]     Checking for file '/var/lib/update-rc.d/IptabLex' [ Not found ]
[11:46:08]     Checking for file '/delallmykkk'              [ Not found ]
[11:46:08]     Checking for file '/usr/.IptabLes'            [ Not found ]
[11:46:08]     Checking for file '/usr/IptabLes'             [ Not found ]
[11:46:08]     Checking for file '/tmp/.flush'               [ Not found ]
[11:46:08]     Checking for file '/var/log/.flush'           [ Not found ]
[11:46:08]     Checking for file '/usr/.flush'               [ Not found ]
[11:46:08]     Checking for file '/etc/init.d/bluetoothdaemon' [ Not found ]
[11:46:08]     Checking for file '/usr/bin/btdaemon'         [ Not found ]
[11:46:08]     Checking for file '/etc/rc1.d/S90bluetooth'   [ Not found ]
[11:46:08]     Checking for file '/etc/rc2.d/S90bluetooth'   [ Not found ]
[11:46:08]     Checking for file '/etc/rc3.d/S90bluetooth'   [ Not found ]
[11:46:08]     Checking for file '/etc/rc4.d/S90bluetooth'   [ Not found ]
[11:46:08]     Checking for file '/etc/rc5.d/S90bluetooth'   [ Not found ]
[11:46:09]     Checking for file '/etc/rc6.d/S90bluetooth'   [ Not found ]
[11:46:09]     Checking for file '/boot/pro'                 [ Not found ]
[11:46:09]     Checking for file '/boot/proh'                [ Not found ]
[11:46:09]     Checking for file '/etc/atdd'                 [ Not found ]
[11:46:09]     Checking for file '/etc/atddd'                [ Not found ]
[11:46:09]     Checking for file '/etc/cupsdd'               [ Not found ]
[11:46:09]     Checking for file '/etc/cupsddd'              [ Not found ]
[11:46:09]     Checking for file '/etc/cupsddh'              [ Not found ]
[11:46:09]     Checking for file '/etc/dsfrefr'              [ Not found ]
[11:46:09]     Checking for file '/etc/fdsfsfvff'            [ Not found ]
[11:46:09]     Checking for file '/etc/ferwfrre'             [ Not found ]
[11:46:09]     Checking for file '/etc/fwke.cfg'             [ Not found ]
[11:46:09]     Checking for file '/etc/gdmorpen'             [ Not found ]
[11:46:09]     Checking for file '/etc/gfhddsfew'            [ Not found ]
[11:46:09]     Checking for file '/etc/gfhjrtfyhuf'          [ Not found ]
[11:46:09]     Checking for file '/etc/ksapd'                [ Not found ]
[11:46:09]     Checking for file '/etc/ksapdd'               [ Not found ]
[11:46:09]     Checking for file '/etc/kysapd'               [ Not found ]
[11:46:09]     Checking for file '/etc/kysapdd'              [ Not found ]
[11:46:09]     Checking for file '/etc/rewgtf3er4t'          [ Not found ]
[11:46:09]     Checking for file '/etc/sdmfdsfhjfe'          [ Not found ]
[11:46:09]     Checking for file '/etc/sfewfesfs'            [ Not found ]
[11:46:09]     Checking for file '/etc/sfewfesfsh'           [ Not found ]
[11:46:09]     Checking for file '/etc/sksapd'               [ Not found ]
[11:46:09]     Checking for file '/etc/sksapdd'              [ Not found ]
[11:46:09]     Checking for file '/etc/skysapd'              [ Not found ]
[11:46:09]     Checking for file '/etc/skysapdd'             [ Not found ]
[11:46:09]     Checking for file '/etc/smarvtd'              [ Not found ]
[11:46:09]     Checking for file '/etc/whitptabil'           [ Not found ]
[11:46:09]     Checking for file '/etc/xfsdx'                [ Not found ]
[11:46:09]     Checking for file '/etc/xfsdxd'               [ Not found ]
[11:46:09]     Checking for file '/tmp/bill.lock'            [ Not found ]
[11:46:09]     Checking for file '/tmp/gates.lock'           [ Not found ]
[11:46:09]     Checking for file '/tmp/gates.lod'            [ Not found ]
[11:46:09]     Checking for file '/tmp/moni.lock'            [ Not found ]
[11:46:09]     Checking for file '/tmp/moni.lod'             [ Not found ]
[11:46:09]     Checking for file '/tmp/notify.file'          [ Not found ]
[11:46:09]     Checking for file '/usr/bin/.sshd'            [ Not found ]
[11:46:09]     Checking for file '/usr/bin/bsd-port/getty'   [ Not found ]
[11:46:09]     Checking for file '/usr/bin/bsd-port/getty.lock' [ Not found ]
[11:46:10]     Checking for file '/usr/bin/bsd-port/udevd.lock' [ Not found ]
[11:46:10]     Checking for file '/usr/bin/pojie'            [ Not found ]
[11:46:10]     Checking for file '/usr/lib/libamplify.so'    [ Not found ]
[11:46:10]     Checking for file '/etc/init.d/DbSecuritySpt' [ Not found ]
[11:46:10]     Checking for file '/etc/rc.d/init.d/DbSecuritySpt' [ Not found ]
[11:46:10]     Checking for file '/etc/cron.hourly/gcc.sh'   [ Not found ]
[11:46:10]     Checking for file '/root/2016ttfacai'         [ Not found ]
[11:46:10]     Checking for file '/proc/rs_dev'              [ Not found ]
[11:46:10]     Checking for file '/var/run/sftp.pid'         [ Not found ]
[11:46:10]     Checking for file '/var/run/udev.pid'         [ Not found ]
[11:46:10]     Checking for file '/var/run/mount.pid'        [ Not found ]
[11:46:10]     Checking for file '/etc/cron.hourly/cron.sh'  [ Not found ]
[11:46:10]     Checking for file '/etc/cron.hourly/udev.sh'  [ Not found ]
[11:46:10]     Checking for file '/etc/cron.hourly/udev.sh'  [ Not found ]
[11:46:10]     Checking for file '/lib/libgcc.so'            [ Not found ]
[11:46:10]     Checking for file '/lib/libgcc.so.bak'        [ Not found ]
[11:46:10]     Checking for file '/lib/libgcc4.so'           [ Not found ]
[11:46:10]     Checking for file '/lib/libgcc4.4.so'         [ Not found ]
[11:46:10]     Checking for file '/lib/udev/udev'            [ Not found ]
[11:46:10]     Checking for file '/lib/udev/debug'           [ Not found ]
[11:46:10]     Checking for directory '/dev/ptyas'           [ Not found ]
[11:46:10]     Checking for directory '/usr/bin/take'        [ Not found ]
[11:46:10]     Checking for directory '/usr/src/.lib'        [ Not found ]
[11:46:10]     Checking for directory '/usr/share/man/man1/.1c' [ Not found ]
[11:46:10]     Checking for directory '/lib/lblip.tk'        [ Not found ]
[11:46:10]     Checking for directory '/usr/sbin/...'        [ Not found ]
[11:46:10]     Checking for directory '/usr/share/.gun'      [ Not found ]
[11:46:10]     Checking for directory '/unde/vrei/tu/sa/te/ascunzi/in/server' [ Not found ]
[11:46:10]     Checking for directory '/usr/man/man1/..<SP><SP>/.dir' [ Not found ]
[11:46:10]     Checking for directory '/usr/X11R6/include/X11/...' [ Not found ]
[11:46:10]     Checking for directory '/usr/X11R6/lib/X11/.fonts/misc/...' [ Not found ]
[11:46:10]     Checking for directory '/tmp/.sys'            [ Not found ]
[11:46:10]     Checking for directory '/tmp/''               [ Not found ]
[11:46:10]     Checking for directory '/tmp/.,'              [ Not found ]
[11:46:10]     Checking for directory '/tmp/,.,'             [ Not found ]
[11:46:10]     Checking for directory '/dev/shm/emilien'     [ Not found ]
[11:46:10]     Checking for directory '/var/tmp/.log'        [ Not found ]
[11:46:10]     Checking for directory '/tmp/zmeu/...<SP>'    [ Not found ]
[11:46:10]     Checking for directory '/var/log/ssh'         [ Not found ]
[11:46:10]     Checking for directory '/dev/ida'             [ Not found ]
[11:46:10]     Checking for directory '/var/lib/games/.src/ssk/shit' [ Not found ]
[11:46:11]     Checking for directory '/usr/lib/libshtift'   [ Not found ]
[11:46:11]     Checking for directory '/usr/src/.poop'       [ Not found ]
[11:46:11]     Checking for directory '/dev/wd4'             [ Not found ]
[11:46:11]     Checking for directory '/var/run/.tmp'        [ Not found ]
[11:46:11]     Checking for directory '/usr/man/man1/lib/.lib' [ Not found ]
[11:46:11]     Checking for directory '/dev/portd'           [ Not found ]
[11:46:11]     Checking for directory '/dev/...'             [ Not found ]
[11:46:11]     Checking for directory '/usr/share/man/mansps' [ Not found ]
[11:46:11]     Checking for directory '/lib/.so'             [ Not found ]
[11:46:11]     Checking for directory '/lib/.sso'            [ Not found ]
[11:46:11]     Checking for directory '/usr/include/sslv3'   [ Not found ]
[11:46:11]     Checking for directory '/dev/shm/sshd'        [ Not found ]
[11:46:11]     Checking for directory '/usr/share/locale/mk/.dev/sk' [ Not found ]
[11:46:11]     Checking for directory '/usr/share/locale/mk/.dev' [ Not found ]
[11:46:11]     Checking for directory '/usr/include/netda.h' [ Not found ]
[11:46:11]     Checking for directory '/usr/include/.ssh'    [ Not found ]
[11:46:11]     Checking for directory '/usr/share/locale/jp/.<SP>' [ Not found ]
[11:46:11]     Checking for directory '/usr/share/.sqe'      [ Not found ]
[11:46:11]   Checking for possible rootkit files and directories [ None found ]
[11:46:11]
[11:46:11] Info: Starting test name 'possible_rkt_strings'
[11:46:11]   Performing check for possible rootkit strings
[11:46:11] Info: Using system startup paths: /etc/init.d /etc/systemd/system
[11:46:11]     Checking for string 'phalanx'                 [ Not found ]
[11:46:11]     Checking for string '/dev/proc/fuckit'        [ Not found ]
[11:46:11]     Checking for string 'FUCK'                    [ Not found ]
[11:46:11]     Checking for string 'backdoor'                [ Not found ]
[11:46:11]     Checking for string '/usr/bin/rcpc'           [ Not found ]
[11:46:11]     Checking for string '/usr/sbin/login'         [ Not found ]
[11:46:11]     Checking for string '/dev/ptyxx/.proc'        [ Not found ]
[11:46:11]     Checking for string 'vt200'                   [ Not found ]
[11:46:11]     Checking for string '/usr/bin/xstat'          [ Not found ]
[11:46:11]     Checking for string '/bin/envpc'              [ Not found ]
[11:46:11]     Checking for string 'L4m3r0x'                 [ Not found ]
[11:46:11]     Checking for string '/lib/libext'             [ Not found ]
[11:46:11]     Checking for string '/usr/sbin/login'         [ Not found ]
[11:46:11]     Checking for string '/usr/lib/.tbd'           [ Not found ]
[11:46:11]     Checking for string 'sendmail'                [ Not found ]
[11:46:12]     Checking for string 'cocacola'                [ Not found ]
[11:46:12]     Checking for string 'joao'                    [ Not found ]
[11:46:12]     Checking for string '/dev/ptyxx/.file'        [ Not found ]
[11:46:12]     Checking for string '/dev/ptyxx/.file'        [ Not found ]
[11:46:12]     Checking for string '/dev/sgk'                [ Not found ]
[11:46:12]     Checking for string '/var/lock/subsys/...datafile...' [ Not found ]
[11:46:12]     Checking for string '/usr/lib/.tbd'           [ Not found ]
[11:46:12]     Checking for string '/dev/proc/fuckit'        [ Not found ]
[11:46:12]     Checking for string '/lib/.sso'               [ Not found ]
[11:46:12]     Checking for string '/var/lock/subsys/...datafile...' [ Not found ]
[11:46:12]     Checking for string '/dev/caca'               [ Not found ]
[11:46:12]     Checking for string '/dev/ttyoa'              [ Not found ]
[11:46:12]     Checking for string '/usr/lib/ldlibns.so'     [ Not found ]
[11:46:12]     Checking for string '/dev/ptyxx/.addr'        [ Not found ]
[11:46:12]     Checking for string 'syg'                     [ Not found ]
[11:46:12]     Checking for string '/var/lock/subsys/...datafile...' [ Not found ]
[11:46:12]     Checking for string '/dev/pts/01'             [ Not found ]
[11:46:12]     Checking for string 'tw33dl3'                 [ Not found ]
[11:46:12]     Checking for string 'psniff'                  [ Not found ]
[11:46:12]     Checking for string 'uconf.inv'               [ Not found ]
[11:46:12]     Checking for string 'lib/ldlibps.so'          [ Not found ]
[11:46:12]     Checking for string '/usr/lib/ldlibpst.so'    [ Not found ]
[11:46:12]     Checking for string 'libproc.so.2.0.7'        [ Not found ]
[11:46:12]     Checking for string '/dev/ptyxx/.proc'        [ Not found ]
[11:46:12]     Checking for string '/dev/ptyxx/.proc'        [ Not found ]
[11:46:12]     Checking for string 'libproc.so.2.0.7'        [ Not found ]
[11:46:12]     Checking for string 'libproc.so.2.0.7'        [ Not found ]
[11:46:12]     Checking for string '/bin/bash'               [ Not found ]
[11:46:12]     Checking for string '/dev/ptyxx'              [ Not found ]
[11:46:12]     Checking for string '/.config'                [ Not found ]
[11:46:12]     Checking for string '\$.*\$\!.*\!\!\$'        [ Not found ]
[11:46:12]     Checking for string 'backdoor.h'              [ Not found ]
[11:46:12]     Checking for string 'backdoor_active'         [ Not found ]
[11:46:12]     Checking for string 'magic_pass_active'       [ Not found ]
[11:46:12]     Checking for string '/usr/include/gpm2.h'     [ Not found ]
[11:46:13]     Checking for string '/usr/include/openssl'    [ Not found ]
[11:46:13]     Checking for string 'aion'                    [ Not found ]
[11:46:13]     Checking for string 'pcszPass'                [ Not found ]
[11:46:13]     Checking for string 'LogPass'                 [ Not found ]
[11:46:13]     Checking for string 'Login_Check'             [ Not found ]
[11:46:13]     Checking for string 'includes.h'              [ Not found ]
[11:46:13]     Checking for string 'DecodeString'            [ Not found ]
[11:46:13]     Checking for string 'EncodeString'            [ Not found ]
[11:46:13]     Checking for string 'libns2.so'               [ Not found ]
[11:46:13]     Checking for string 'libns5.so'               [ Not found ]
[11:46:13]     Checking for string 'libpw3.so'               [ Not found ]
[11:46:13]     Checking for string 'libpw5.so'               [ Not found ]
[11:46:13]     Checking for string 'libsbr.so'               [ Not found ]
[11:46:13]     Checking for string 'libslr.so'               [ Not found ]
[11:46:13]     Checking for string '/usr/lib/.tbd'           [ Not found ]
[11:46:13]     Checking for string '/dev/ptyxx/.proc'        [ Not found ]
[11:46:13]     Checking for string 'in.inetd'                [ Not found ]
[11:46:14]     Checking for string '#<HIDE_.*>'              [ Not found ]
[11:46:14]     Checking for string 'bin/xchk'                [ Not found ]
[11:46:14]     Checking for string 'bin/xsf'                 [ Not found ]
[11:46:14]     Checking for string '/usr/bin/ssh2d'          [ Not found ]
[11:46:14]     Checking for string '/usr/sbin/xntps'         [ Not found ]
[11:46:15]     Checking for string 'ttyload'                 [ Not found ]
[11:46:15]     Checking for string '/etc/rc.d/init.d/init'   [ Not found ]
[11:46:15]     Checking for string 'usr/bin/xfss'            [ Not found ]
[11:46:15]     Checking for string '/usr/sbin/rpc.netinet'   [ Not found ]
[11:46:16]     Checking for string '/usr/lib/.fx/cons.saver' [ Not found ]
[11:46:16]     Checking for string '/usr/lib/.fx/xs'         [ Not found ]
[11:46:16]     Checking for string '/ssh2d'                  [ Not found ]
[11:46:16]     Checking for string '/dev/kmod'               [ Not found ]
[11:46:17]     Checking for string '/crth.o'                 [ Not found ]
[11:46:17]     Checking for string '/crtz.o'                 [ Not found ]
[11:46:17]     Checking for string '/dev/dos'                [ Not found ]
[11:46:17]     Checking for string '/lpq'                    [ Not found ]
[11:46:18]     Checking for string '/usr/sbin/rescue'        [ Not found ]
[11:46:18]     Checking for string '/usr/lib/lpstart'        [ Not found ]
[11:46:18]     Checking for string '/volc'                   [ Not found ]
[11:46:18]     Checking for string 'sourcemask'              [ Not found ]
[11:46:19]     Checking for string '/bin/vobiscum'           [ Not found ]
[11:46:19]     Checking for string '/usr/sbin/in.telnet'     [ Not found ]
[11:46:19]     Checking for string '/usr/bin/hdparm?-t1?-X53?-p' [ Not found ]
[11:46:20]     Checking for string '/lib/.xsyslog'           [ Not found ]
[11:46:20]     Checking for string '/etc/.xsyslog'           [ Not found ]
[11:46:20]     Checking for string '/lib/.ssyslog'           [ Not found ]
[11:46:20]     Checking for string '/tmp/.sendmail'          [ Not found ]
[11:46:20]     Checking for string 'IptabLex'                [ Not found ]
[11:46:21]     Checking for string 'IptabLes'                [ Not found ]
[11:46:21]     Checking for string '/lib/ldd.so/tkps'        [ Not found ]
[11:46:21]     Checking for string 't0rnkit'                 [ Not found ]
[11:46:21]     Checking for string '/dev/proc/fuckit'        [ Not found ]
[11:46:21]     Checking for string 'backdoor.h'              [ Not found ]
[11:46:21]     Checking for string 'backdoor_active'         [ Not found ]
[11:46:21]     Checking for string 'magic_pass_active'       [ Not found ]
[11:46:21]     Checking for string '/usr/include/gpm2.h'     [ Not found ]
[11:46:21]     Checking for string 'libproc.so.2.0.7'        [ Not found ]
[11:46:21]     Checking for string 'libproc.so.2.0.7'        [ Not found ]
[11:46:21]     Checking for string 'libproc.so.2.0.7'        [ Not found ]
[11:46:21]     Checking for string '/usr/lib/ldlibct.so'     [ Not found ]
[11:46:21]     Checking for string '/usr/lib/ldlibdu.so'     [ Not found ]
[11:46:21]     Checking for string '/dev/ptyxx/.file'        [ Not found ]
[11:46:21]     Checking for string 'libproc.so.2.0.7'        [ Not found ]
[11:46:21]     Checking for string '/dev/ida/.inet'          [ Not found ]
[11:46:21]     Checking for string '/usr/include/mysql/mysql.hh1' [ Not found ]
[11:46:21]     Checking for string '/usr/include/mysql/mysql.hh1' [ Not found ]
[11:46:21]     Checking for string '/usr/include/mysql/mysql.hh1' [ Not found ]
[11:46:21]     Checking for string '/usr/include/mysql/mysql.hh1' [ Not found ]
[11:46:21]     Checking for string '/usr/include/mysql/mysql.hh1' [ Not found ]
[11:46:21]     Checking for string '/usr/include/mysql/mysql.hh1' [ Not found ]
[11:46:21]     Checking for string 'backconnect'             [ Not found ]
[11:46:21]     Checking for string 'magic?packet?received'   [ Not found ]
[11:46:21]   Checking for possible rootkit strings           [ None found ]
[11:46:21]
[11:46:21] Info: Starting test name 'malware'
[11:46:21] Performing malware checks
[11:46:21]
[11:46:21] Info: Test 'deleted_files' disabled at users request.
[11:46:21]
[11:46:21] Info: Starting test name 'running_procs'
[11:46:26]   Checking running processes for suspicious files [ None found ]
[11:46:26]
[11:46:26] Info: Test 'hidden_procs' disabled at users request.
[11:46:26]
[11:46:26] Info: Test 'suspscan' disabled at users request.
[11:46:26]
[11:46:26] Info: Starting test name 'login_backdoors'
[11:46:26]     Checking for '/bin/.login'                    [ Not found ]
[11:46:26]     Checking for '/sbin/.login'                   [ Not found ]
[11:46:26]   Checking for login backdoors                    [ None found ]
[11:46:26]
[11:46:26] Info: Starting test name 'sniffer_logs'
[11:46:26]     Checking for file '/usr/lib/libice.log'       [ Not found ]
[11:46:26]     Checking for file '/dev/prom/sn.l'            [ Not found ]
[11:46:26]     Checking for file '/dev/fd/.88/zxsniff.log'   [ Not found ]
[11:46:26]   Checking for sniffer log files                  [ None found ]
[11:46:26]
[11:46:26] Info: Starting test name 'tripwire'
[11:46:26]   Checking for software intrusions                [ Skipped ]
[11:46:26] Info: Check skipped - tripwire not installed
[11:46:26]
[11:46:26] Info: Starting test name 'susp_dirs'
[11:46:26]     Checking for directory '/usr/X11R6/bin/.,/copy' [ Not found ]
[11:46:26]     Checking for directory '/dev/rd/cdb'          [ Not found ]
[11:46:26]   Checking for suspicious directories             [ None found ]
[11:46:26]
[11:46:26] Info: Starting test name 'ipc_shared_mem'
[11:46:26] Info: The minimum shared memory segment size to be checked (in bytes): 1048576 (1,0MB)
[11:46:27]   Checking for suspicious (large) shared memory segments [ Warning ]
[11:46:27] Warning: The following suspicious (large) shared memory segments have been found:
[11:46:27]          Process: /usr/bin/mate-panel    PID: 11695    Owner: caine    Size: 64MB (configured size allowed: 1,0MB)
[11:46:27]          Process: /usr/bin/caja    PID: 11803    Owner: caine    Size: 4,0MB (configured size allowed: 1,0MB)
[11:46:27]          Process: /usr/bin/caja    PID: 11803    Owner: caine    Size: 64MB (configured size allowed: 1,0MB)
[11:46:27]          Process: /usr/lib/firefox/firefox    PID: 12084    Owner: caine    Size: 7,6MB (configured size allowed: 1,0MB)
[11:46:27]          Process: /usr/bin/marco    PID: 11688    Owner: caine    Size: 2,0MB (configured size allowed: 1,0MB)
[11:46:27]          Process: /usr/lib/firefox/firefox    PID: 12084    Owner: caine    Size: 7,6MB (configured size allowed: 1,0MB)
[11:46:27]          Process: /usr/lib/firefox/firefox    PID: 12084    Owner: caine    Size: 7,6MB (configured size allowed: 1,0MB)
[11:46:27]          Process: /usr/bin/mate-terminal    PID: 16249    Owner: root    Size: 4,0MB (configured size allowed: 1,0MB)
[11:46:27]          Process: /usr/lib/firefox/firefox    PID: 12084    Owner: caine    Size: 7,6MB (configured size allowed: 1,0MB)
[11:46:27]          Process: /usr/bin/gnome-disks    PID: 24461    Owner: caine    Size: 4,0MB (configured size allowed: 1,0MB)
[11:46:27]          Process: /usr/bin/mate-terminal    PID: 16524    Owner: caine    Size: 4,0MB (configured size allowed: 1,0MB)
[11:46:27]          Process: /usr/bin/caja    PID: 23540    Owner: root    Size: 8,0MB (configured size allowed: 1,0MB)
[11:46:27]
[11:46:27] Info: Starting test name 'trojans'
[11:46:27] Performing trojan specific checks
[11:46:27]   Checking for enabled inetd services             [ Skipped ]
[11:46:27] Info: Check skipped - file '/etc/inetd.conf' does not exist.
[11:46:27]   Checking for enabled xinetd services            [ Skipped ]
[11:46:27] Info: Check skipped - file '/etc/xinetd.conf' does not exist.
[11:46:27]   Checking for Apache backdoor                    [ Skipped ]
[11:46:27] Info: Check skipped - no Apache module or configuration directories found.
[11:46:27]
[11:46:27] Info: Starting test name 'os_specific'
[11:46:27]   Performing Linux specific checks
[11:46:27]     Checking loaded kernel modules                [ OK ]
[11:46:27] Info: Using modules pathname of '/lib/modules/5.0.0-32-generic'
[11:46:27]     Checking kernel module names                  [ OK ]
[11:46:32]
[11:46:32] Info: Starting test name 'network'
[11:46:32] Checking the network...
[11:46:32]
[11:46:32] Performing checks on the network ports
[11:46:32] Info: Starting test name 'ports'
[11:46:32]   Performing check for backdoor ports
[11:46:32]     Checking for TCP port 1524                    [ Not found ]
[11:46:32]     Checking for TCP port 1984                    [ Not found ]
[11:46:32]     Checking for UDP port 2001                    [ Not found ]
[11:46:33]     Checking for TCP port 2006                    [ Not found ]
[11:46:33]     Checking for TCP port 2128                    [ Not found ]
[11:46:33]     Checking for TCP port 6666                    [ Not found ]
[11:46:33]     Checking for TCP port 6667                    [ Not found ]
[11:46:33]     Checking for TCP port 6668                    [ Not found ]
[11:46:33]     Checking for TCP port 6669                    [ Not found ]
[11:46:33]     Checking for TCP port 7000                    [ Not found ]
[11:46:33]     Checking for TCP port 13000                   [ Not found ]
[11:46:33]     Checking for TCP port 14856                   [ Not found ]
[11:46:33]     Checking for TCP port 25000                   [ Not found ]
[11:46:33]     Checking for TCP port 29812                   [ Not found ]
[11:46:33]     Checking for TCP port 31337                   [ Not found ]
[11:46:33]     Checking for TCP port 32982                   [ Not found ]
[11:46:33]     Checking for TCP port 33369                   [ Not found ]
[11:46:34]     Checking for TCP port 47107                   [ Not found ]
[11:46:34]     Checking for TCP port 47018                   [ Not found ]
[11:46:34]     Checking for TCP port 60922                   [ Not found ]
[11:46:34]     Checking for TCP port 62883                   [ Not found ]
[11:46:34]     Checking for TCP port 65535                   [ Not found ]
[11:46:34]   Checking for backdoor ports                     [ None found ]
[11:46:34]
[11:46:34] Info: Test 'hidden_ports' disabled at users request.
[11:46:34]
[11:46:34] Performing checks on the network interfaces
[11:46:34] Info: Starting test name 'promisc'
[11:46:34]   Checking for promiscuous interfaces             [ None found ]
[11:46:34]
[11:46:34] Info: Test 'packet_cap_apps' disabled at users request.
[11:46:34]
[11:46:34] Info: Starting test name 'local_host'
[11:46:34] Checking the local host...
[11:46:34]
[11:46:34] Info: Starting test name 'startup_files'
[11:46:34] Performing system boot checks
[11:46:34]   Checking for local host name                    [ Found ]
[11:46:34]
[11:46:34] Info: Starting test name 'startup_malware'
[11:46:34]   Checking for system startup files               [ Found ]
[11:46:36]   Checking system startup files for malware       [ None found ]
[11:46:36]
[11:46:36] Info: Starting test name 'group_accounts'
[11:46:36] Performing group and account checks
[11:46:36]   Checking for passwd file                        [ Found ]
[11:46:36] Info: Found password file: /etc/passwd
[11:46:36]   Checking for root equivalent (UID 0) accounts   [ None found ]
[11:46:36] Info: Found shadow file: /etc/shadow
[11:46:36]   Checking for passwordless accounts              [ Warning ]
[11:46:36] Warning: Found passwordless account in shadow file: caine
[11:46:36]
[11:46:36] Info: Starting test name 'passwd_changes'
[11:46:36]   Checking for passwd file changes                [ None found ]
[11:46:36]
[11:46:36] Info: Starting test name 'group_changes'
[11:46:36]   Checking for group file changes                 [ None found ]
[11:46:36]   Checking root account shell history files       [ OK ]
[11:46:36]
[11:46:36] Info: Starting test name 'system_configs'
[11:46:36] Performing system configuration file checks
[11:46:36]
[11:46:36] Info: Starting test name 'system_configs_ssh'
[11:46:36]   Checking for an SSH configuration file          [ Found ]
[11:46:36] Info: Found an SSH configuration file: /etc/ssh/sshd_config
[11:46:36] Info: Rkhunter option ALLOW_SSH_ROOT_USER set to 'no'.
[11:46:36] Info: Rkhunter option ALLOW_SSH_PROT_V1 set to '2'.
[11:46:36]   Checking if SSH root access is allowed          [ Warning ]
[11:46:36] Warning: The SSH configuration option 'PermitRootLogin' has not been set.
           The default value may be 'yes', to allow root access.
[11:46:36]   Checking if SSH protocol v1 is allowed          [ Not set ]
[11:46:36]   Checking for other suspicious configuration settings [ None found ]
[11:46:36]
[11:46:36] Info: Starting test name 'system_configs_syslog'
[11:46:36]   Checking for a running system logging daemon    [ Found ]
[11:46:36] Info: A running 'rsyslog' daemon has been found.
[11:46:36] Info: A running 'systemd-journald' daemon has been found.
[11:46:36] Info: Found an rsyslog configuration file: /etc/rsyslog.conf
[11:46:36] Info: Found a systemd configuration file: /etc/systemd/journald.conf
[11:46:37]   Checking for a system logging configuration file [ Found ]
[11:46:37]   Checking if syslog remote logging is allowed    [ Not allowed ]
[11:46:37]
[11:46:37] Info: Starting test name 'filesystem'
[11:46:37] Performing filesystem checks
[11:46:37] Info: SCAN_MODE_DEV set to 'THOROUGH'
[11:46:38]   Checking /dev for suspicious file types         [ None found ]
[11:46:39]   Checking for hidden files and directories       [ Warning ]
[11:46:39] Warning: Hidden directory found: /etc/.java
[11:46:39]   Checking for missing log files                  [ Skipped ]
[11:46:39] Info: No missing log file names configured.
[11:46:39]   Checking for empty log files                    [ Skipped ]
[11:46:39] Info: No empty log file names configured.
[11:47:18]
[11:47:18] Info: Test 'apps' disabled at users request.
[11:47:18]
[11:47:18] System checks summary
[11:47:18] =====================
[11:47:18]
[11:47:18] File properties checks...
[11:47:18] Required commands check failed
[11:47:18] Files checked: 152
[11:47:18] Suspect files: 1
[11:47:18]
[11:47:18] Rootkit checks...
[11:47:18] Rootkits checked : 500
[11:47:18] Possible rootkits: 12
[11:47:18]
[11:47:18] Applications checks...
[11:47:18] All checks skipped
[11:47:18]
[11:47:18] The system checks took: 1 minute and 59 seconds
[11:47:18]
[11:47:18] Info: End date is gio 23 giu 2022, 11.47.18, CEST

Bueno ya veis.Ahora haré otro post explicativo.
En línea

Verse constantemente expuesto al peligro puede generar desprecio hacia él.
El que resiste, gana
Aníbal sabía como conseguir la victoria, pero no cómo utilizarla
"Houston, tenemos un problema": los detalles y curiosidades tras uno de los mensajes de alarma más famosos de la historia
https://amaltea.wordpress.com/2008/03/06/proverbios-y-refranes-grecolatinos/
Hason


Desconectado Desconectado

Mensajes: 787


Keep calm and use the spiritual force


Ver Perfil WWW
Re: Discos duros cifrados protegidos contra escritura, al conectarlos a la placa base reescriben la bios,rootkit fijo.
« Respuesta #15 en: 28 Junio 2022, 20:41 pm »

Bien, como podeís observar si habeis leido todas las líneas de código del análisis, algo hay, se ve.
Pero claro, voy a aclarar lo siguiente:
Grabé el sistema operativo caine, desde el pc infectado, con los discos duros protegidos contra escritura, entonces, supongo, que tiene que ver bastante.

Ahora que he conseguido saltarme la protección contra escritura de los discos, o eso me parece a mi.... , voy a instalar de nuevo en el disco duro limpio otro sistema operativo, bien será windows 8.1 original, o bien fedora que me grabaron y creo está bien.

Entonces, con los discos duros limpios, espero poder instalar correctamente los sistemas operativos, o eso espero, x dios, ya entonces, descargaré caine o desde el mismo fedora, volveré a hacer el scan, y supongo, que la cosa va a cambiar bastante, si dios quiere, y todo va según tengo pensado, que , tal vez no, pero espero que si...

Cuando tenga todo montado ok, volveré a analizar, y compartiré los resultados, espero poder hacerlo,ya mi vida es esto, necesito repararlo como sea, es cuestión de salud mental.

Se lo dedico a los supuestos 12 rootkits:



Continuará.

Saludos
En línea

Verse constantemente expuesto al peligro puede generar desprecio hacia él.
El que resiste, gana
Aníbal sabía como conseguir la victoria, pero no cómo utilizarla
"Houston, tenemos un problema": los detalles y curiosidades tras uno de los mensajes de alarma más famosos de la historia
https://amaltea.wordpress.com/2008/03/06/proverbios-y-refranes-grecolatinos/
Tachikomaia


Desconectado Desconectado

Mensajes: 1.180


Superhacker (es broma xD )


Ver Perfil
Re: Discos duros cifrados protegidos contra escritura, al conectarlos a la placa base reescriben la bios,rootkit fijo.
« Respuesta #16 en: 28 Junio 2022, 20:56 pm »

¿Qué tiene que ver 12 monos contigo?  :o
En línea

Hason


Desconectado Desconectado

Mensajes: 787


Keep calm and use the spiritual force


Ver Perfil WWW
Re: Discos duros cifrados protegidos contra escritura, al conectarlos a la placa base reescriben la bios,rootkit fijo.
« Respuesta #17 en: 28 Junio 2022, 21:10 pm »

Hola Tachikomaia  , es simplemente una parodia, una forma de reirme de los supuestos 12 rootkits que tengo, o supuestamente tengo... que no es seguro vale, pero todo apunta que si, entonces, es una forma de reirme de ellos en su cara...
no se si me entiendes, por que ellos leen todo lo que publico, entonces por eso mi actitud incomprensible para muchos de vosotros... es por que los que me hacen esto me siguen... si nombro algún programa que me va bien, me lo jodén por ejemplol... entonces, ya no quiero dar información demasiada...

Es simplemente una parodia humorística.

Serapis, acabo de formatear a bajo nivel con una herramienta x (para que no se enteren los 12 monos) y estoy pasando tu comando, la verdad, que es más extenso, en un disco de 500 gb me dice, que tardará dos horas y media, en cuanto lo escanee, postearé el resultado, y saldré de dudas si realmente lo he conseguido o no.

Hasta dentro de unas horas.

Saludos.
En línea

Verse constantemente expuesto al peligro puede generar desprecio hacia él.
El que resiste, gana
Aníbal sabía como conseguir la victoria, pero no cómo utilizarla
"Houston, tenemos un problema": los detalles y curiosidades tras uno de los mensajes de alarma más famosos de la historia
https://amaltea.wordpress.com/2008/03/06/proverbios-y-refranes-grecolatinos/
Hason


Desconectado Desconectado

Mensajes: 787


Keep calm and use the spiritual force


Ver Perfil WWW
Re: Discos duros cifrados protegidos contra escritura, al conectarlos a la placa base reescriben la bios,rootkit fijo.
« Respuesta #18 en: 29 Junio 2022, 00:32 am »

Buenas he vuelto  ::)

El resultado del scan que me ha recomendado serapis en un disco de 500gb es el siguiente, creo esta correcto, si no me equivoco  :D, si creeis que está mal decirmelo.

Código:
Microsoft Windows [Versión 6.3.9600]
(c) 2013 Microsoft Corporation. Todos los derechos reservados.

C:\Windows\system32>chkdsk r: /f /v /r
El tipo del sistema de archivos es NTFS.
La etiqueta de volumen es 500gb hight.

Etapa 1: Examen de la estructura básica del sistema de archivos...


  256 registros de archivos procesados.

Comprobación de archivos completada.


  0 registros de archivos grandes procesados.


  0 registros de archivos no válidos procesados.

Etapa 2: Examen de la vinculación de nombres de archivos...


  276 entradas de índice procesadas.

Comprobación de índices completada.


  0 archivos no indizados examinados.


  0 archivos no indizados recuperados.

Etapa 3: Examen de los descriptores de seguridad...
Liberando 1 entradas de índice no usadas del índice $SII del archivo 9.
Liberando 1 entradas de índice no usadas del índice $SDH del archivo 9.
Liberando 1 descriptores de seguridad no usados.
Comprobación de descriptores de seguridad completada.


  10 archivos de datos procesados.

Etapa 4: Búsqueda de clústeres incorrectos en los datos del archivo de usuario..
.


  240 archivos procesados.

Comprobación de datos de archivo completada.

Etapa 5: Búsqueda de clústeres incorrectos disponibles...


  122026168 clústeres disponibles procesados.

La comprobación del espacio disponible se completó.

Se examinó el sistema de archivos sin encontrar problemas.
No se requieren más acciones.

 488253439 KB de espacio total en disco.
     67648 KB en 6 archivos.
         8 KB en 12 índices.
         0 KB en sectores defectuosos.
     81107 KB en uso por el sistema.
El archivo de registro ha ocupado      65536 kilobytes.
 488104676 KB disponibles en disco.

      4096 bytes en cada unidad de asignación.
 122063359 unidades de asignación en disco en total.
 122026169 unidades de asignación disponibles en disco.

C:\Windows\system32>

Yo creo está correcto,rectificarme si eso, pero esto no se que es:

Código:
Etapa 3: Examen de los descriptores de seguridad...
Liberando 1 entradas de índice no usadas del índice $SII del archivo 9.
Liberando 1 entradas de índice no usadas del índice $SDH del archivo 9.
Liberando 1 descriptores de seguridad no usados.
Comprobación de descriptores de seguridad completada.

Creo que lo conseguí, rectificarme si eso, por que estoy muy contento, demasiado, no se si abrir otra botella de vino para celebrarlo...

¿pero si sabeis que es esto de los descriptores de seguridad, podriais decirmelo?? con todo el vino, no tengo ganas de buscarlo, pero creo está correcto,no dice ningún error, tranquilos, si no mañána lo buscaré, yo con ver que no marca ningún error, estoy mega contento, madre mia x dios, hoy es un día grande para mi.
Viva este día, a partir de ahora mientras viva, este días será festivo para mi, será más importante que cualquier día festivo que pueda haber.


Serapis¿que opinas?
ahora mismo estoy formateando el último disco duro, solo dejo sin formatear el que tengo los videos x, y los juegos para batocera, además de música,ese me lo estoy pensando si formatearlo también, por que , si lo formateo , vida nueva, pero, me jode por los juegos,el porno me da igual, puedo descargarlo en un momento el que quiera, pero los juegos son más laboriosos de descargar y encontrarlos, y tengo toda la colección, por eso me resigno de formatear el último disco duro corrupto que tengo.



Si está correcto, madre mia que alegria más grande.

Mañana instalaré sistema operativo nuevo en los discos limpios  :D, si hay algún error con la bios, llamaré a tito willem programmer, sacaré el chip y lo reprogramaré, pero creo que está bien la bios ahora por que la grabe externamente y la protegí.... no se si pueden desprotegerme la bios si la protegí con tito willem  :xD :laugh: :xD ya veré, que ahora estoy algo euforico, e igual mañána me encuentro algún cuento depresivo....


Saludos.
En línea

Verse constantemente expuesto al peligro puede generar desprecio hacia él.
El que resiste, gana
Aníbal sabía como conseguir la victoria, pero no cómo utilizarla
"Houston, tenemos un problema": los detalles y curiosidades tras uno de los mensajes de alarma más famosos de la historia
https://amaltea.wordpress.com/2008/03/06/proverbios-y-refranes-grecolatinos/
MinusFour
Moderador Global
***
Desconectado Desconectado

Mensajes: 5.529


I'm fourth.


Ver Perfil WWW
Re: Discos duros cifrados protegidos contra escritura, al conectarlos a la placa base reescriben la bios,rootkit fijo.
« Respuesta #19 en: 29 Junio 2022, 01:38 am »

Ya te digo yo. No tienes nada. Si acaso el PC va descompuesto con todas las "pruebas" que haces. Y deja de celebrar estas "victorias" con botellas de vino que solo te creas un ciclo vicioso. Si estando sobrio no ves que no tienes nada, estando ebrio vas a sentir que Stallman te llama. Y claro, solo vas a acabar mas ebrio.

Deja ya de estar toqueteando eso que en una de esas te vas a buscar una herramienta que si tenga premio.
En línea

Páginas: 1 [2] 3 Ir Arriba Respuesta Imprimir 

Ir a:  

Mensajes similares
Asunto Iniciado por Respuestas Vistas Último mensaje
problema placa base tras actualizar bios
Hardware
tAySeR 4 4,664 Último mensaje 31 Julio 2010, 16:41 pm
por Aprendiz-Oscuro
permisos para escritura en discos duros desde Bactrak y Suse
GNU/Linux
manuelgaralonso 1 3,271 Último mensaje 19 Septiembre 2010, 22:57 pm
por Foxy Rider
Los discos duros cifrados no son seguros
Noticias
wolfbcn 0 1,429 Último mensaje 2 Enero 2013, 19:03 pm
por wolfbcn
HTML5 tiene un error que permite la escritura remota en discos duros
Noticias
wolfbcn 1 3,152 Último mensaje 4 Marzo 2013, 14:52 pm
por Novlucker
placa base(SATA) no reconoce 2 discos duros IDE con unos adaptadores IDE<->SATA
Hardware
gabi6 8 8,467 Último mensaje 2 Noviembre 2013, 21:00 pm
por mad_soft
WAP2 - Aviso Legal - Powered by SMF 1.1.21 | SMF © 2006-2008, Simple Machines