Solved

CentOS:  Block spammer

Posted on 2014-03-04
49
1,565 Views
Last Modified: 2014-03-08
Hi All,

Everytime I enable postfix someone(s) try to send 1000's of emails.

Can someone run me through detecting their IP address and adding a rule to iptables to block them.


Thanks
0
Comment
Question by:detox1978
  • 24
  • 9
  • 7
  • +3
49 Comments
 
LVL 19

Expert Comment

by:strivoli
ID: 39902646
Did you already check if you're an Open Relay? Use www.mxtoolbox.com to run that check.
0
 
LVL 13

Expert Comment

by:Sandy
ID: 39902748
yes, this can be restricted .. you can refer below link

http://www.postfix.org/TUNING_README.html#conn_limit

and if want extensive features you can install this add-on

 http://www.j-chkmail.org/wiki/doku.php


TY/SA
0
 
LVL 2

Author Comment

by:detox1978
ID: 39902849
Open relay is not open.  I do however allow several of my customers to have catch all forwarding, which is being abused.


Is there a way to list how many times an IP is connecting?

Once identified can someone help me with the iptable rule to block the traffic.


Many thanks
0
 
LVL 13

Expert Comment

by:Sandy
ID: 39902855
that reference links are not only for the open relay.. these are the filters which can be applied to any standard config and yes there are several .pl scripts available on net by which you can get the list of top senders and then you can plan the action accordingly.

I don't suggest putting iptables on it.

TY/SA
0
 
LVL 13

Expert Comment

by:Sandy
ID: 39902860
Just in case wanna try, i can suggest using below perl script...

http://jimsun.linxnet.com/postfix_contrib.html

TY/SA
0
 
LVL 2

Author Comment

by:detox1978
ID: 39902887
I'm really looking for a quick fix.

i.e. find out how who is spamming my users and block their IP's
0
 
LVL 2

Author Comment

by:detox1978
ID: 39902901
Sandy, can you a novice through installing and running that Perl script via SSH?
0
 
LVL 19

Assisted Solution

by:strivoli
strivoli earned 63 total points
ID: 39902906
Did you run the www.mxtoolbox.com SMTP test? Please post the results omitting sensitive data.
I suspect you THINK you aren't an Open Relay but you are. Please run the test for your safety. Thanks.
0
 
LVL 13

Assisted Solution

by:Sandy
Sandy earned 125 total points
ID: 39902913
no need to install just download it to your linux box and run it with

./pflogsumm-19990121-01.pl  <logfilelocation>

it does has few prerequisite

Pflogsumm.pl requires the Date::Calc module, which can be obtained

http://search.cpan.org/dist/Date-Calc/

TY/SA
0
 
LVL 2

Author Comment

by:detox1978
ID: 39902957
How do i download the file using SSH
0
 
LVL 13

Expert Comment

by:Sandy
ID: 39902962
with below command

#wget http://jimsun.linxnet.com/downloads/pflogsumm-1.1.3.tar.gz

#tar -zxvf pflogsumm-1.1.3.tar.gz

#chmod u+x pflogsumm-19990121-01.pl

#./pflogsumm-19990121-01.pl /var/log/maillog

TY/SA
0
 
LVL 2

Author Comment

by:detox1978
ID: 39903193
Got it working.

How can I tell what the sender IP address is?
0
 
LVL 27

Assisted Solution

by:serialband
serialband earned 250 total points
ID: 39903341
Which version of linux are you running?  Do you have Amavis along with Spam Assassin installed?  Those should just be installed first, if you haven't already.

sudo apt-get install amavisd-new spamassassin clamav-daemon
https://help.ubuntu.com/community/PostfixAmavisNew


yum --enablerepo=rpmforge,rpmforge-extras install amavisd-new clamav clamav-devel clamd spamassassin
http://wiki.centos.org/HowTos/Amavisd

Get those installed and you shouldn't have to spend as much time scanning for IPs to block.  Most of them will be blocked already.  If spammers are still getting through, then you should start scanning for them.
0
 
LVL 2

Author Comment

by:detox1978
ID: 39903722
I'm running CentOS 6.5

I dont have apt-get

[root@www ~]# sudo apt-get install amavisd-new spamassassin clamav-daemon
sudo: apt-get: command not found
0
 
LVL 2

Author Comment

by:detox1978
ID: 39904282
any suggestions?
0
 
LVL 2

Author Comment

by:detox1978
ID: 39904379
I used YUM to install amavisd-new and spamassassin, however it said there was no package available for clamav-daemon


So I followed these instructions
http://solutionsfox.com/2011/04/install-clamav-on-redhat-or-centos/
0
 
LVL 2

Author Comment

by:detox1978
ID: 39904619
I've followed the setup instructions, but i'm still seeing loads of emails in the logs.

There must be an easy way to stop people from hammering my server
0
 
LVL 2

Author Comment

by:detox1978
ID: 39904631
Here's a couple of lines from the log;

Mar  4 21:27:26 www postfix/smtpd[11411]: disconnect from 85-171-248-212.rev.numericable.fr[85.171.248.212]
Mar  4 21:28:24 www postfix/smtpd[11411]: connect from 189-72-71-7.bnut3700.dsl.brasiltelecom.net.br[189.72.71.7]
Mar  4 21:28:24 www postfix/smtpd[11411]: NOQUEUE: reject: RCPT from 189-72-71-7.bnut3700.dsl.brasiltelecom.net.br[189.72.71.7]: 554 5.7.1 <hi@mydomain.co.uk>: Relay access denied; from=<hi@brasiltelecom.net.br> to=<hi@mydomain.co.uk> proto=ESMTP helo=<189-72-71-7.bnut3700.dsl.brasiltelecom.net.br>
Mar  4 21:28:24 www postfix/smtpd[11411]: disconnect from 189-72-71-7.bnut3700.dsl.brasiltelecom.net.br[189.72.71.7]

Open in new window

0
 
LVL 27

Assisted Solution

by:serialband
serialband earned 250 total points
ID: 39905118
I gave 2 instructions, one for ubuntu, one for centos.  The 2nd one was for CentOS.  I'm repeating it down here for convenience.

yum --enablerepo=rpmforge,rpmforge-extras install amavisd-new clamav clamav-devel clamd spamassassin

http://wiki.centos.org/HowTos/Amavisd


The log fragment you've posted shows that the relay is being denied.  Are you getting actual spam in your email?

You could install Fail2ban and configure it to block multiple attempts from the same website.
rpm -Uvh http://dl.fedoraproject.org/pub/epel/6/x86_64/epel-release-6-8.noarch.rpm
yum install fail2ban

Open in new window

Edit /etc/fail2ban/jail.conf find the section with postfix and enable it.  Change the  maxretry and other settings to match what you need.
https://www.digitalocean.com/community/articles/how-to-protect-ssh-with-fail2ban-on-centos-6
https://serverfault.com/questions/529175/suggestions-to-block-mail-relay-attempts

You could also just configure postfix /etc/postfix/main.cf:
 smtpd_recipient_restrictions = permit_sasl_authenticated, permit_mynetworks, reject_unauth_destination,check_client_access hash:/etc/postfix/client_access

Open in new window

Then edit /etc/postfix/client_access
189.72.71.7 REJECT
85.171.248.212 REJECT

postmap /etc/postfix/client_access
/etc/rc.d/init.d/postfix restart

Open in new window

http://www.clearfoundation.com/component/option,com_kunena/Itemid,232/catid,14/func,view/id,16422/

For the quick fix, you could also grep for the spam email in your logs to see which ips they're coming from.  If it's all form similar domains, just put an iptables entry to drop them before it ever gets to postfix.

iptables -A INPUT -s IP-ADDRESS -j DROP
for your above 2 cases
iptables -A INPUT -s 189.72.71.7 -j DROP
iptables -A INPUT -s 85.171.248.212 -j DROP
0
 
LVL 13

Expert Comment

by:Sandy
ID: 39905524
I am unable to understand why amavis and spamassian comes into the picture..  these are mainly used to enabled the filters over mails to get rid of unwanted spam mails.

What i can suggest is to install CSF firewall in case you just wanted to see who all are coming or accessing your server and making these activities.

TY/SA
0
 
LVL 61

Expert Comment

by:gheist
ID: 39906368
Postgrey will stop wild viruses, but human mind will be able to work around to send a mail
0
 
LVL 2

Author Comment

by:detox1978
ID: 39906605
Can someone have a look at the log and confirm these are inbound spam messages.  As my server is unable to email Yahoo.  I've spoke to my host and they have kindly said I can have a new IP once the issue is under control.


Sample log below;

Mar  5 15:28:55 www postfix/smtpd[22492]: connect from unknown[87.200.165.234]
Mar  5 15:28:56 www postfix/smtpd[22492]: disconnect from unknown[87.200.165.234]
Mar  5 15:28:56 www postfix/smtpd[22678]: warning: 200.51.193.198: address not listed for hostname host198.advance.com.ar
Mar  5 15:28:56 www postfix/smtpd[22678]: connect from unknown[200.51.193.198]
Mar  5 15:28:58 www postfix/smtpd[22678]: NOQUEUE: reject: RCPT from unknown[200.51.193.198]: 554 5.7.1 <f00241@mydomain1.co.uk>: Relay access denied; from=<f00241@advance.com.ar> to=<f00241@mydomain1.co.uk> proto=ESMTP helo=<host198.advance.com.ar>
Mar  5 15:28:59 www postfix/smtpd[22678]: disconnect from unknown[200.51.193.198]
Mar  5 15:29:00 www postfix/smtpd[22509]: connect from unknown[92.85.73.253]
Mar  5 15:29:00 www postfix/smtpd[22492]: connect from unknown[92.84.142.219]
Mar  5 15:29:00 www postfix/smtpd[22509]: NOQUEUE: reject: RCPT from unknown[92.85.73.253]: 554 5.7.1 <42934d51b@mydomain1.co.uk>: Relay access denied; from=<42934d51b@apssurveying.co.uk> to=<42934d51b@mydomain1.co.uk> proto=ESMTP helo=<[92.85.73.253]>
Mar  5 15:29:00 www postfix/smtpd[22509]: disconnect from unknown[92.85.73.253]
Mar  5 15:29:00 www postfix/smtpd[22492]: NOQUEUE: reject: RCPT from unknown[92.84.142.219]: 554 5.7.1 <f2fadae@mydomain2.co.uk>: Relay access denied; from=<f2fadae@belgrein.biz> to=<f2fadae@mydomain2.co.uk> proto=ESMTP helo=<[92.84.142.219]>
Mar  5 15:29:01 www postfix/smtpd[22492]: disconnect from unknown[92.84.142.219]
Mar  5 15:29:12 www postfix/smtpd[22678]: warning: 66.60.189.210: address not listed for hostname 210.189-60-66.biz.static.surewest.net
Mar  5 15:29:12 www postfix/smtpd[22678]: connect from unknown[66.60.189.210]
Mar  5 15:29:13 www postfix/smtpd[22678]: NOQUEUE: reject: RCPT from unknown[66.60.189.210]: 554 5.7.1 <786a8d0@mydomain2.co.uk>: Relay access denied; from=<786a8d0@surewest.net> to=<786a8d0@mydomain2.co.uk> proto=ESMTP helo=<210.189-60-66.biz.static.surewest.net>
Mar  5 15:29:13 www postfix/smtpd[22678]: disconnect from unknown[66.60.189.210]
Mar  5 15:29:14 www postfix/smtpd[22509]: connect from unknown[186.92.151.188]
Mar  5 15:29:14 www postfix/smtpd[22509]: NOQUEUE: reject: RCPT from unknown[186.92.151.188]: 554 5.7.1 <2706f62f@mydomain1.co.uk>: Relay access denied; from=<2706f62f@cantv.net> to=<2706f62f@mydomain1.co.uk> proto=ESMTP helo=<dba5c97bc.dslam-172-17-192-245-304-398-may-04.dsl.cantv.net>
Mar  5 15:29:14 www postfix/smtpd[22509]: disconnect from unknown[186.92.151.188]
Mar  5 15:29:21 www postfix/smtpd[22678]: warning: 181.164.1.154: address not listed for hostname 154-1-164-181.fibertel.com.ar
Mar  5 15:29:21 www postfix/smtpd[22678]: connect from unknown[181.164.1.154]
Mar  5 15:29:21 www postfix/smtpd[22678]: NOQUEUE: reject: RCPT from unknown[181.164.1.154]: 554 5.7.1 <7804016ce@mydomain2.co.uk>: Relay access denied; from=<7804016ce@fibertel.com.ar> to=<7804016ce@mydomain2.co.uk> proto=ESMTP helo=<PC.fibertel.com.ar>
Mar  5 15:29:21 www postfix/smtpd[22678]: disconnect from unknown[181.164.1.154]
Mar  5 15:29:23 www postfix/smtpd[22509]: connect from net23-98-245-109.mbb.telenor.rs[109.245.98.23]
Mar  5 15:29:23 www postfix/smtpd[22509]: NOQUEUE: reject: RCPT from net23-98-245-109.mbb.telenor.rs[109.245.98.23]: 554 5.7.1 <eb40561@mydomain2.co.uk>: Relay access denied; from=<eb40561@torresprotectiongroup.com> to=<eb40561@mydomain2.co.uk> proto=ESMTP helo=<AKI-PC>
Mar  5 15:29:23 www postfix/smtpd[22509]: disconnect from net23-98-245-109.mbb.telenor.rs[109.245.98.23]
Mar  5 15:29:36 www postfix/smtpd[22678]: connect from 111-241-54-169.dynamic.hinet.net[111.241.54.169]
Mar  5 15:29:37 www postfix/smtpd[22678]: NOQUEUE: reject: RCPT from 111-241-54-169.dynamic.hinet.net[111.241.54.169]: 554 5.7.1 <wKrdFwWF@mydomain1.co.uk>: Relay access denied; from=<wKrdFwWF@linevents.nl> to=<wKrdFwWF@mydomain1.co.uk> proto=ESMTP helo=<LazyCat>
Mar  5 15:29:37 www postfix/smtpd[22678]: disconnect from 111-241-54-169.dynamic.hinet.net[111.241.54.169]
Mar  5 15:29:39 www postfix/smtpd[22509]: connect from unknown[91.114.70.114]
Mar  5 15:29:39 www postfix/smtpd[22509]: NOQUEUE: reject: RCPT from unknown[91.114.70.114]: 554 5.7.1 <d242353c@mydomain2.co.uk>: Relay access denied; from=<d242353c@dsldevice.lan> to=<d242353c@mydomain2.co.uk> proto=ESMTP helo=<dsldevice.lan>
Mar  5 15:29:39 www postfix/smtpd[22509]: disconnect from unknown[91.114.70.114]
Mar  5 15:29:41 www postfix/smtpd[22678]: connect from 24-134-239-139-dynip.superkabel.de[24.134.239.139]
Mar  5 15:29:41 www postfix/smtpd[22678]: NOQUEUE: reject: RCPT from 24-134-239-139-dynip.superkabel.de[24.134.239.139]: 554 5.7.1 <2c5cd27@mydomain1.co.uk>: Relay access denied; from=<2c5cd27@24-134-239-139-dynip.superkabel.de> to=<2c5cd27@mydomain1.co.uk> proto=ESMTP helo=<24-134-239-139-dynip.superkabel.de>
Mar  5 15:29:41 www postfix/smtpd[22678]: disconnect from 24-134-239-139-dynip.superkabel.de[24.134.239.139]
Mar  5 15:29:47 www postfix/smtpd[22509]: connect from 7-236-114-200.fibertel.com.ar[200.114.236.7]
Mar  5 15:29:48 www postfix/smtpd[22509]: NOQUEUE: reject: RCPT from 7-236-114-200.fibertel.com.ar[200.114.236.7]: 554 5.7.1 <51a2332fd@mydomain1.co.uk>: Relay access denied; from=<51a2332fd@fibertel.com.ar> to=<51a2332fd@mydomain1.co.uk> proto=ESMTP helo=<7-236-114-200.fibertel.com.ar>
Mar  5 15:29:48 www postfix/smtpd[22509]: disconnect from 7-236-114-200.fibertel.com.ar[200.114.236.7]
Mar  5 15:29:49 www postfix/smtpd[22678]: connect from 157-157-141-176.dsl.dynamic.simnet.is[157.157.141.176]
Mar  5 15:29:49 www postfix/smtpd[22678]: NOQUEUE: reject: RCPT from 157-157-141-176.dsl.dynamic.simnet.is[157.157.141.176]: 554 5.7.1 <bbc70ee8d@mydomain2.co.uk>: Relay access denied; from=<bbc70ee8d@dsldevice.lan> to=<bbc70ee8d@mydomain2.co.uk> proto=ESMTP helo=<dsldevice.lan>
Mar  5 15:29:49 www postfix/smtpd[22678]: disconnect from 157-157-141-176.dsl.dynamic.simnet.is[157.157.141.176]
Mar  5 15:30:01 www postfix/smtpd[22509]: connect from unknown[89.186.183.103]
Mar  5 15:30:01 www postfix/smtpd[22678]: warning: 190.143.143.250: address not listed for hostname ip-gt.190.143.143.250.telefonica-ca.net
Mar  5 15:30:01 www postfix/smtpd[22678]: connect from unknown[190.143.143.250]
Mar  5 15:30:01 www postfix/smtpd[22509]: NOQUEUE: reject: RCPT from unknown[89.186.183.103]: 554 5.7.1 <bd09ef88@mydomain2.co.uk>: Relay access denied; from=<bd09ef88@designfortheuser.com> to=<bd09ef88@mydomain2.co.uk> proto=ESMTP helo=<[89.186.183.103]>
Mar  5 15:30:01 www postfix/smtpd[22678]: NOQUEUE: reject: RCPT from unknown[190.143.143.250]: 554 5.7.1 <a468dd7@mydomain1.co.uk>: Relay access denied; from=<a468dd7@ahhsac.com> to=<a468dd7@mydomain1.co.uk> proto=ESMTP helo=<SERVIDOR-INT>
Mar  5 15:30:01 www postfix/smtpd[22678]: disconnect from unknown[190.143.143.250]
Mar  5 15:30:01 www postfix/smtpd[22509]: disconnect from unknown[89.186.183.103]
Mar  5 15:30:02 www postfix/smtpd[22678]: connect from net-91-81-28-18.cust.vodafonedsl.it[91.81.28.18]
Mar  5 15:30:02 www postfix/smtpd[22678]: NOQUEUE: reject: RCPT from net-91-81-28-18.cust.vodafonedsl.it[91.81.28.18]: 554 5.7.1 <1d850271@mydomain2.co.uk>: Relay access denied; from=<1d850271@thebncgroup.net> to=<1d850271@mydomain2.co.uk> proto=ESMTP helo=<net-91-81-28-18.cust.vodafonedsl.it>
Mar  5 15:30:02 www postfix/smtpd[22678]: disconnect from net-91-81-28-18.cust.vodafonedsl.it[91.81.28.18]

Open in new window

0
 
LVL 61

Accepted Solution

by:
gheist earned 62 total points
ID: 39906647
Yes:
warning - they have no reverse dns
NOQUEUE - mail was rejected for reason after
none of mails was accepted for delivery.

If you run local dns server look into DNS blacklists. Maybe they can be sent home before SMTP session.
0
 
LVL 27

Assisted Solution

by:serialband
serialband earned 250 total points
ID: 39906674
@Sandy
If you've read the entire thread and followed it through properly, you'll note that his initial question did not include logs showing the relays were already being blocked, so you have to cover all bases.  I answered the first part of the question until he provided the logs.  When he responded with the logs, I provided several additional pieces to the puzzle to block the relays from even being received.

Also, blocking spam is a multilevel activity.  The ones that get through still need to be filtered for viruses.  He may already have them installed, but it's good to make sure.
0
Top 6 Sources for Identifying Threat Actor TTPs

Understanding your enemy is essential. These six sources will help you identify the most popular threat actor tactics, techniques, and procedures (TTPs).

 
LVL 2

Author Comment

by:detox1978
ID: 39906725
I think installing fail2ban resolved the spamming issue.  As these rules have been added to my iptables;

[root@www ~]# iptables -L
Chain INPUT (policy ACCEPT)
target     prot opt source               destination
fail2ban-SMTP  tcp  --  anywhere             anywhere            tcp dpt:smtp
DROP       tcp  --  anywhere             anywhere            tcp dpt:smtp state NEW recent: UPDATE seconds: 60 hit_count: 10 name: DEFAULT side: source
           tcp  --  anywhere             anywhere            tcp dpt:smtp state NEW recent: SET name: DEFAULT side: source
           tcp  --  anywhere             anywhere            tcp dpt:smtp state NEW recent: SET name: DEFAULT side: source
DROP       tcp  --  anywhere             anywhere            tcp dpt:smtp state NEW recent: UPDATE seconds: 60 hit_count: 10 name: DEFAULT side: source

Chain FORWARD (policy ACCEPT)
target     prot opt source               destination

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination

Chain fail2ban-SMTP (1 references)
target     prot opt source               destination
DROP       all  --  static.vnpt-hanoi.com.vn  anywhere
DROP       all  --  118-163-142-187.HINET-IP.hinet.net  anywhere
DROP       all  --  109-93-7-244.dynamic.isp.telekom.rs  anywhere
DROP       all  --  77-46-215-86.static.isp.telekom.rs  anywhere
RETURN     all  --  anywhere             anywhere

Open in new window


So do you think my spam issue is under control.  I'm looking for confirmation before I switch my IP.

Any suggestions on what else I can check?
0
 
LVL 61

Expert Comment

by:gheist
ID: 39906737
Blocking 4 billions of possible spammer IPs is very inefficient...
Once your ACL builds up you may block good people too and unlike with postfix you will have no logs to check at all.
0
 
LVL 2

Author Comment

by:detox1978
ID: 39906780
Gheist, what do you suggest I do?
0
 
LVL 27

Assisted Solution

by:serialband
serialband earned 250 total points
ID: 39906804
You can always contact yahoo to get unblocked, although they are the most tedious major provider to deal with when you legitimately need to get unblocked.

Fail2ban defaults are to block for 10 minutes and unblock.  After a day or 2, the spammers go away and switch IPs.  This should significantly reduce your log size.  I did this at a university for ssh ports, and all the brute force attacks dwindled to occasional probes.  (The previous guy didn't believe in firewalls.)  They all want easy access and will look for easier targets.
0
 
LVL 2

Author Comment

by:detox1978
ID: 39906842
I agree they will eventually move on.  However I only want to switch when the issue is resolved - i.e. my ISP wont give me a third IP.

Are there anymore checks I can do?
0
 
LVL 61

Expert Comment

by:gheist
ID: 39906854
If you have yahoo! mailbox you are their customer and they will be more helpful.
I suggest you stay with postfix blocking spam very well. if system load grows too much (like 100 messages/second) you can relax it alot using DNSBL and gerylisting.
0
 
LVL 27

Expert Comment

by:serialband
ID: 39908101
Those logs look like postfix has already blocked email.  Fail2ban blocks them using iptables at the firewall level.  If your logs only show a handful of blocked connection attempts per IP address, then they've stopped connecting to you.  If they were still connecting, you'd continue to see periodic connections form the same IP addresses.

awk '{$1=$2=$3=$4=$5=""; print $0}' /var/log/postfix |sort

The advantage of fail2ban is that it will eventually unblock.  So you'll know when they've stopped connecting because your logs got smaller.  If they continue connecting, you'll continue to see many entries from the same IP addresses, but spread out

Do you have a managed switch or firewall that can view your inbound traffic to now if any are still coming in?  Have you checked with your ISP about network traffic?  Are they still seeing relays in their logs?

Have you contacted yahoo to get you off their spam/relay block?  If your ISP has a limited number of IPs to give you, you're going to exhaust them when it comes to yahoo.  You should contact them to get all your IPs off their block lists.
0
 
LVL 2

Author Comment

by:detox1978
ID: 39908152
Thanks for the info.

I dont have a firewall or switch.  It;s a VPS.

I've emptied my mail log and will use that command to check how many connections i receive.



Here is my ip tables


[root@www ~]# iptables -L
Chain INPUT (policy ACCEPT)
target     prot opt source               destination
fail2ban-SMTP  tcp  --  anywhere             anywhere            tcp dpt:smtp
DROP       tcp  --  anywhere             anywhere            tcp dpt:smtp state NEW recent: UPDATE seconds: 60 hit_count: 10 name: DEFAULT side: source
           tcp  --  anywhere             anywhere            tcp dpt:smtp state NEW recent: SET name: DEFAULT side: source
           tcp  --  anywhere             anywhere            tcp dpt:smtp state NEW recent: SET name: DEFAULT side: source
DROP       tcp  --  anywhere             anywhere            tcp dpt:smtp state NEW recent: UPDATE seconds: 60 hit_count: 10 name: DEFAULT side: source

Chain FORWARD (policy ACCEPT)
target     prot opt source               destination

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination

Chain fail2ban-SMTP (1 references)
target     prot opt source               destination
DROP       all  --  opengate.giga-komputer.pl  anywhere
DROP       all  --  static.vnpt-hanoi.com.vn  anywhere
DROP       all  --  118-163-142-187.HINET-IP.hinet.net  anywhere
DROP       all  --  109-93-7-244.dynamic.isp.telekom.rs  anywhere
DROP       all  --  77-46-215-86.static.isp.telekom.rs  anywhere
RETURN     all  --  anywhere             anywhere

Open in new window



How do I drop these rules, as I want to readd them but reduce the number from 10 to 3, as three emails is loads for my customers.

DROP       tcp  --  anywhere             anywhere            tcp dpt:smtp state NEW recent: UPDATE seconds: 60 hit_count: 10 name: DEFAULT side: source
           tcp  --  anywhere             anywhere            tcp dpt:smtp state NEW recent: SET name: DEFAULT side: source
           tcp  --  anywhere             anywhere            tcp dpt:smtp state NEW recent: SET name: DEFAULT side: source
DROP       tcp  --  anywhere             anywhere            tcp dpt:smtp state NEW recent: UPDATE seconds: 60 hit_count: 10 name: DEFAULT side: source

Open in new window

0
 
LVL 2

Author Comment

by:detox1978
ID: 39908180
I've just used you command to grab the log from the last minute.  Does anything stand out.  These lines look dodgy to me, are they outbound emails my server is trying to send?  as it should only relay to a set number of email address in my postfix config file as all i use postfix for is to forward emails to my customers;


122645A878: from=<drugs_cheapest14@dsldevice.lan>, size=54807, nrcpt=1 (queue active)

     19C01A2846: to=<0c3097a01@procono.es>, relay=none, delay=38324, delays=38323/0.09/0.2/0, dsn=4.4.1, status=deferred (connect to procono.es[212.225.255.229]:25: Connection refused)

     376CCA2976: to=<pertain40@yahoo.com>, relay=mta7.am0.yahoodns.net[98.138.112.34]:25, delay=34255, delays=34254/0.15/0.38/0.04, dsn=4.7.1, status=deferred (host mta7.am0.yahoodns.net[98.138.112.34] said: 421 4.7.1 [TS03] All messages from 65.181.127.74 will be permanently deferred; Retrying will NOT succeed. See http://postmaster.yahoo.com/421-ts03.html (in reply to MAIL FROM command))

     99043A283F: to=<ExIaxeASNh@airtelbroadband.in>, relay=none, delay=38406, delays=38376/0.16/30/0, dsn=4.4.1, status=deferred (connect to airtelbroadband.in[125.19.17.20]:25: Connection timed out)

Open in new window


here's the log from the last minute
# awk '{$1=$2=$3=$4=$5=""; print $0}' /var/log/maillog |sort
     0F75FA26CD: from=<>, size=4572, nrcpt=1 (queue active)
     0F75FA26CD: to=<8ab7a526@business.telecomitalia.it>, relay=mail-abs.telecomitalia.it[217.169.121.14]:25, delay=38453, delays=38452/0.17/0.41/0.23, dsn=4.3.2, status=deferred (host mail-abs.telecomitalia.it[217.169.121.14] said: 421 4.3.2 System not accepting network messages (in reply to end of DATA command))
     122645A878: from=<drugs_cheapest14@dsldevice.lan>, size=54807, nrcpt=1 (queue active)
     122645A878: to=<my.customers@email.com>, orig_to=<sales@mycustomersdomain4.com>, relay=mx-eu.mail.am0.yahoodns.net[188.125.69.79]:25, delay=8991, delays=8991/0.11/0.31/0.08, dsn=4.7.1, status=deferred (host mx-eu.mail.am0.yahoodns.net[188.125.69.79] said: 421 4.7.1 [TS03] All messages from 65.181.127.74 will be permanently deferred; Retrying will NOT succeed. See http://postmaster.yahoo.com/421-ts03.html (in reply to MAIL FROM command))
     17BA9A270E: from=<cheapest_meds5@epidos.com>, size=55292, nrcpt=1 (queue active)
     17BA9A270E: to=<my.customers@email.com>, orig_to=<sales@mycustomersdomain4.com>, relay=mx-eu.mail.am0.yahoodns.net[188.125.69.79]:25, delay=55122, delays=55122/0.13/0.32/0.16, dsn=4.7.1, status=deferred (host mx-eu.mail.am0.yahoodns.net[188.125.69.79] said: 421 4.7.1 [TS03] All messages from 65.181.127.74 will be permanently deferred; Retrying will NOT succeed. See http://postmaster.yahoo.com/421-ts03.html (in reply to MAIL FROM command))
     19C01A2846: from=<>, size=4348, nrcpt=1 (queue active)
     19C01A2846: to=<0c3097a01@procono.es>, relay=none, delay=38324, delays=38323/0.09/0.2/0, dsn=4.4.1, status=deferred (connect to procono.es[212.225.255.229]:25: Connection refused)
     33C8DA2AA4: from=<>, size=4251, nrcpt=1 (queue active)
     33C8DA2AA4: to=<4f5c47449@goloxy.com>, relay=none, delay=55243, delays=55240/0.17/2.7/0, dsn=4.4.3, status=deferred (Host or domain name not found. Name service error for name=goloxy.com type=MX: Host not found, try again)
     376CCA2976: from=<>, size=4390, nrcpt=1 (queue active)
     376CCA2976: host mta5.am0.yahoodns.net[66.196.118.33] said: 421 4.7.1 [TS03] All messages from 65.181.127.74 will be permanently deferred; Retrying will NOT succeed. See http://postmaster.yahoo.com/421-ts03.html (in reply to MAIL FROM command)
     376CCA2976: lost connection with mta5.am0.yahoodns.net[66.196.118.33] while sending RCPT TO
     376CCA2976: to=<pertain40@yahoo.com>, relay=mta7.am0.yahoodns.net[98.138.112.34]:25, delay=34255, delays=34254/0.15/0.38/0.04, dsn=4.7.1, status=deferred (host mta7.am0.yahoodns.net[98.138.112.34] said: 421 4.7.1 [TS03] All messages from 65.181.127.74 will be permanently deferred; Retrying will NOT succeed. See http://postmaster.yahoo.com/421-ts03.html (in reply to MAIL FROM command))
     37A98A262C: from=<>, size=4374, nrcpt=1 (queue active)
     37A98A262C: to=<483d085f5@al7loh.com>, relay=none, delay=38372, delays=38370/0.16/1.4/0, dsn=4.4.3, status=deferred (Host or domain name not found. Name service error for name=al7loh.com type=MX: Host not found, try again)
     3CFFEA39E0: from=<root@www.mycustomersdomain2.com>, size=57760, nrcpt=1 (queue active)
     3CFFEA39E0: message-id=<20140306003027.3CFFEA39E0@www.mycustomersdomain2.com>
     3CFFEA39E0: removed
     3CFFEA39E0: to=<root@www.mycustomersdomain2.com>, orig_to=<root>, relay=local, delay=25, delays=25/0.05/0/0.01, dsn=2.0.0, status=sent (delivered to mailbox)
     3CFFEA39E0: uid=0 from=<root>
     66CA0A34E3: from=<>, size=4512, nrcpt=1 (queue active)
     66CA0A34E3: to=<7a50f07@business.telecomitalia.it>, relay=mail-abs.telecomitalia.it[217.169.121.14]:25, delay=38390, delays=38389/0.17/0.41/0.34, dsn=4.3.2, status=deferred (host mail-abs.telecomitalia.it[217.169.121.14] said: 421 4.3.2 System not accepting network messages (in reply to end of DATA command))
     67114A2ADA: from=<>, size=4567, nrcpt=1 (queue active)
     67114A2ADA: to=<305024dd@business.telecomitalia.it>, relay=mail-abs.telecomitalia.it[217.169.121.14]:25, delay=55241, delays=55240/0.16/0.41/0.23, dsn=4.3.2, status=deferred (host mail-abs.telecomitalia.it[217.169.121.14] said: 421 4.3.2 System not accepting network messages (in reply to end of DATA command))
     6A3C65A85A: from=<noreply@beautyserve.net>, size=37095, nrcpt=1 (queue active)
     6A3C65A85A: to=<my.customer@yahooemail.com>, orig_to=<sales@mycustomersdomain3.com>, relay=mx-eu.mail.am0.yahoodns.net[188.125.69.79]:25, delay=1108, delays=1107/0.15/0.31/0.08, dsn=4.7.1, status=deferred (host mx-eu.mail.am0.yahoodns.net[188.125.69.79] said: 421 4.7.1 [TS03] All messages from 65.181.127.74 will be permanently deferred; Retrying will NOT succeed. See http://postmaster.yahoo.com/421-ts03.html (in reply to MAIL FROM command))
     89BB4A2634: from=<>, size=4435, nrcpt=1 (queue active)
     89BB4A2634: to=<cd811916d@veloxzone.com.br>, relay=none, delay=34261, delays=34261/0.13/0.31/0, dsn=4.4.1, status=deferred (connect to veloxzone.com.br[200.223.8.81]:25: Connection refused)
     99043A283F: from=<>, size=4490, nrcpt=1 (queue active)
     99043A283F: to=<ExIaxeASNh@airtelbroadband.in>, relay=none, delay=38406, delays=38376/0.16/30/0, dsn=4.4.1, status=deferred (connect to airtelbroadband.in[125.19.17.20]:25: Connection timed out)
     9B019A2822: from=<>, size=4413, nrcpt=1 (queue active)
     9B019A2822: to=<YBwxjObP@veloxzone.com.br>, relay=none, delay=34243, delays=34243/0.16/0.35/0, dsn=4.4.1, status=deferred (connect to veloxzone.com.br[200.223.8.81]:25: Connection refused)
     BD280A29EC: from=<>, size=4492, nrcpt=1 (queue active)
     BD280A29EC: to=<762e048@business.telecomitalia.it>, relay=mail-abs.telecomitalia.it[217.169.121.14]:25, delay=38422, delays=38421/0.17/0.41/0.54, dsn=4.3.2, status=deferred (host mail-abs.telecomitalia.it[217.169.121.14] said: 421 4.3.2 System not accepting network messages (in reply to end of DATA command))
     E061DA285A: from=<>, size=4223, nrcpt=1 (queue active)
     E061DA285A: to=<nrvjhyfle@sky.com>, relay=mx-eu.mail.am0.yahoodns.net[188.125.69.79]:25, delay=38408, delays=38407/0.05/0.32/0.08, dsn=4.7.1, status=deferred (host mx-eu.mail.am0.yahoodns.net[188.125.69.79] said: 421 4.7.1 [TS03] All messages from 65.181.127.74 will be permanently deferred; Retrying will NOT succeed. See http://postmaster.yahoo.com/421-ts03.html (in reply to MAIL FROM command))
     E660AA2590: from=<>, size=4416, nrcpt=1 (queue active)
     E660AA2590: to=<nickmarsh@static.techtelnet.net>, relay=none, delay=38336, delays=38305/0.08/30/0, dsn=4.4.1, status=deferred (connect to static.techtelnet.net[91.237.88.245]:25: Connection timed out)
     NOQUEUE: reject: RCPT from 122-171-114-200.fibertel.com.ar[200.114.171.122]: 554 5.7.1 <3ace04f3@mycustomersdomain1.com>: Relay access denied; from=<3ace04f3@fibertel.com.ar> to=<3ace04f3@mycustomersdomain1.com> proto=ESMTP helo=<122-171-114-200.fibertel.com.ar>
     NOQUEUE: reject: RCPT from 14-33-136-123.ip.esc.net.au[123.136.33.14]: 554 5.7.1 <360797f@mycustomersdomain2.com>: Relay access denied; from=<360797f@esc.net.au> to=<360797f@mycustomersdomain2.com> proto=ESMTP helo=<14-33-136-123.ip.esc.net.au>
     NOQUEUE: reject: RCPT from 155.14.125.91.dyn.plus.net[91.125.14.155]: 554 5.7.1 <GbbbGWuB@mycustomersdomain1.com>: Relay access denied; from=<GbbbGWuB@plus.net> to=<GbbbGWuB@mycustomersdomain1.com> proto=ESMTP helo=<155.14.125.91.dyn.plus.net>
     NOQUEUE: reject: RCPT from 177-0-72-130.3g.brasiltelecom.net.br[177.0.72.130]: 554 5.7.1 <f92533914@mycustomersdomain2.com>: Relay access denied; from=<f92533914@brasiltelecom.net.br> to=<f92533914@mycustomersdomain2.com> proto=ESMTP helo=<177-0-72-130.3g.brasiltelecom.net.br>
     NOQUEUE: reject: RCPT from 186-78-165-42.baf.movistar.cl[186.78.165.42]: 554 5.7.1 <069b400b@mycustomersdomain1.com>: Relay access denied; from=<069b400b@movistar.cl> to=<069b400b@mycustomersdomain1.com> proto=ESMTP helo=<186-78-196-178.baf.movistar.cl>
     NOQUEUE: reject: RCPT from 186-79-106-140.baf.movistar.cl[186.79.106.140]: 554 5.7.1 <Buvuhb@mycustomersdomain1.com>: Relay access denied; from=<Buvuhb@movistar.cl> to=<Buvuhb@mycustomersdomain1.com> proto=ESMTP helo=<186-79-106-140.baf.movistar.cl>
     NOQUEUE: reject: RCPT from 187-5-85-203.cbace701.dsl.brasiltelecom.net.br[187.5.85.203]: 554 5.7.1 <9c4f89910@mycustomersdomain1.com>: Relay access denied; from=<9c4f89910@brasiltelecom.net.br> to=<9c4f89910@mycustomersdomain1.com> proto=ESMTP helo=<187-5-85-203.cbace701.dsl.brasiltelecom.net.br>
     NOQUEUE: reject: RCPT from 201-14-237-208.smace701.dsl.brasiltelecom.net.br[201.14.237.208]: 554 5.7.1 <c69bf2f@mycustomersdomain2.com>: Relay access denied; from=<c69bf2f@brasiltelecom.net.br> to=<c69bf2f@mycustomersdomain2.com> proto=ESMTP helo=<201-14-237-208.smace701.dsl.brasiltelecom.net.br>
     NOQUEUE: reject: RCPT from 246-0-17-190.fibertel.com.ar[190.17.0.246]: 554 5.7.1 <KlXdpvjbh@mycustomersdomain2.com>: Relay access denied; from=<KlXdpvjbh@fibertel.com.ar> to=<KlXdpvjbh@mycustomersdomain2.com> proto=ESMTP helo=<desktop.fibertel.com.ar>
     NOQUEUE: reject: RCPT from 58-84-167-213.e-wire.net.au[58.84.167.213]: 554 5.7.1 <31eb5ab@mycustomersdomain1.com>: Relay access denied; from=<31eb5ab@e-wire.net.au> to=<31eb5ab@mycustomersdomain1.com> proto=ESMTP helo=<58-84-167-213.e-wire.net.au>
     NOQUEUE: reject: RCPT from 90-232-114-200.fibertel.com.ar[200.114.232.90]: 554 5.7.1 <a75b51b2@mycustomersdomain2.com>: Relay access denied; from=<a75b51b2@fibertel.com.ar> to=<a75b51b2@mycustomersdomain2.com> proto=ESMTP helo=<90-232-114-200.fibertel.com.ar>
     NOQUEUE: reject: RCPT from IGLD-84-228-71-191.inter.net.il[84.228.71.191]: 554 5.7.1 <67b2345@mycustomersdomain2.com>: Relay access denied; from=<67b2345@inter.net.il> to=<67b2345@mycustomersdomain2.com> proto=ESMTP helo=<IGLD-84-228-71-191.inter.net.il>
     NOQUEUE: reject: RCPT from LLagny-156-35-28-230.w80-14.abo.wanadoo.fr[80.14.236.230]: 554 5.7.1 <0a8cb8797@mycustomersdomain1.com>: Relay access denied; from=<0a8cb8797@wanadoo.fr> to=<0a8cb8797@mycustomersdomain1.com> proto=ESMTP helo=<LLagny-156-35-28-230.w80-14.abo.wanadoo.fr>
     NOQUEUE: reject: RCPT from c-69-250-130-18.hsd1.md.comcast.net[69.250.130.18]: 554 5.7.1 <fb99b2a@mycustomersdomain1.com>: Relay access denied; from=<fb99b2a@comcast.net> to=<fb99b2a@mycustomersdomain1.com> proto=ESMTP helo=<c-69-250-130-18.hsd1.md.comcast.net>
     NOQUEUE: reject: RCPT from cpe-72-178-198-33.stx.res.rr.com[72.178.198.33]: 554 5.7.1 <steve@mycustomersdomain1.com>: Relay access denied; from=<steve@rr.com> to=<steve@mycustomersdomain1.com> proto=ESMTP helo=<cpe-72-178-198-33.stx.res.rr.com>
     NOQUEUE: reject: RCPT from eurotaxiiasi.iasi.rdsnet.ro[86.124.173.57]: 554 5.7.1 <ca5ec6f@mycustomersdomain2.com>: Relay access denied; from=<ca5ec6f@iasi.rdsnet.ro> to=<ca5ec6f@mycustomersdomain2.com> proto=ESMTP helo=<eurotaxiiasi.iasi.rdsnet.ro>
     NOQUEUE: reject: RCPT from fixed-203-219-157.iusacell.net[189.203.219.157]: 554 5.7.1 <6b2f7b6@mycustomersdomain1.com>: Relay access denied; from=<6b2f7b6@fixed-203-219-157.iusacell.net> to=<6b2f7b6@mycustomersdomain1.com> proto=ESMTP helo=<fixed-203-219-157.iusacell.net>
     NOQUEUE: reject: RCPT from r186-52-94-123.dialup.adsl.anteldata.net.uy[186.52.94.123]: 554 5.7.1 <ebefc208c@mycustomersdomain2.com>: Relay access denied; from=<ebefc208c@fiatofedmond.com> to=<ebefc208c@mycustomersdomain2.com> proto=ESMTP helo=<r186-52-105-12.dialup.adsl.anteldata.net.uy>
     NOQUEUE: reject: RCPT from turtlemtcomm.pat.k12.nd.us[165.234.100.93]: 554 5.7.1 <kvivtdvlyn@mycustomersdomain2.com>: Relay access denied; from=<kvivtdvlyn@sakhawat.org> to=<kvivtdvlyn@mycustomersdomain2.com> proto=ESMTP helo=<[165.234.100.93]>
     NOQUEUE: reject: RCPT from unknown[14.192.210.235]: 554 5.7.1 <0dc9c89@mycustomersdomain1.com>: Relay access denied; from=<0dc9c89@danetti.com> to=<0dc9c89@mycustomersdomain1.com> proto=ESMTP helo=<[14.192.210.235]>
     NOQUEUE: reject: RCPT from unknown[151.77.171.27]: 554 5.7.1 <3a767c7@mycustomersdomain1.com>: Relay access denied; from=<3a767c7@impararefacile.it> to=<3a767c7@mycustomersdomain1.com> proto=ESMTP helo=<[151.77.171.27]>
     NOQUEUE: reject: RCPT from unknown[177.236.141.184]: 554 5.7.1 <qSeldYC@mycustomersdomain1.com>: Relay access denied; from=<qSeldYC@cablemas.com.mx> to=<qSeldYC@mycustomersdomain1.com> proto=ESMTP helo=<usuario.cpe.mex.cablemas.com.mx>
     NOQUEUE: reject: RCPT from unknown[181.228.3.30]: 554 5.7.1 <jjcxkYkoP@mycustomersdomain1.com>: Relay access denied; from=<jjcxkYkoP@prima.com.ar> to=<jjcxkYkoP@mycustomersdomain1.com> proto=ESMTP helo=<30-3-228-181.cab.prima.com.ar>
     NOQUEUE: reject: RCPT from unknown[181.55.55.200]: 554 5.7.1 <10620f3@mycustomersdomain2.com>: Relay access denied; from=<10620f3@cable.net.co> to=<10620f3@mycustomersdomain2.com> proto=ESMTP helo=<Dynamic-IP-18155055200.cable.net.co>
     NOQUEUE: reject: RCPT from unknown[186.114.119.233]: 554 5.7.1 <ab5fe2ac@mycustomersdomain2.com>: Relay access denied; from=<ab5fe2ac@smartadsdirect.com> to=<ab5fe2ac@mycustomersdomain2.com> proto=ESMTP helo=<[186.114.119.233]>
     NOQUEUE: reject: RCPT from unknown[186.116.225.226]: 554 5.7.1 <969d076ee@mycustomersdomain1.com>: Relay access denied; from=<969d076ee@ceccarialomita.ro> to=<969d076ee@mycustomersdomain1.com> proto=ESMTP helo=<[186.116.225.226]>
     NOQUEUE: reject: RCPT from unknown[186.136.253.254]: 554 5.7.1 <c5ccfae01@mycustomersdomain2.com>: Relay access denied; from=<c5ccfae01@fibertel.com.ar> to=<c5ccfae01@mycustomersdomain2.com> proto=ESMTP helo=<Usuario-PC.fibertel.com.ar>
     NOQUEUE: reject: RCPT from unknown[186.176.244.202]: 554 5.7.1 <900a3b3a6@mycustomersdomain2.com>: Relay access denied; from=<900a3b3a6@bitingdogpress.com> to=<900a3b3a6@mycustomersdomain2.com> proto=ESMTP helo=<[186.176.244.202]>
     NOQUEUE: reject: RCPT from unknown[186.36.45.7]: 554 5.7.1 <0d6ad9f9e@mycustomersdomain2.com>: Relay access denied; from=<0d6ad9f9e@dimosthenis.gr> to=<0d6ad9f9e@mycustomersdomain2.com> proto=ESMTP helo=<FAMILIA-PC>
     NOQUEUE: reject: RCPT from unknown[187.208.126.23]: 554 5.7.1 <b5bea1266@mycustomersdomain1.com>: Relay access denied; from=<b5bea1266@backalleyskates.com> to=<b5bea1266@mycustomersdomain1.com> proto=ESMTP helo=<dsl-187-208-126-23-dyn.prod-infinitum.com.mx>
     NOQUEUE: reject: RCPT from unknown[188.85.255.22]: 554 5.7.1 <f1553c966@mycustomersdomain2.com>: Relay access denied; from=<f1553c966@carpasydisenosferrali.com> to=<f1553c966@mycustomersdomain2.com> proto=ESMTP helo=<static-22-255-85-188.ipcom.comunitel.net>
     NOQUEUE: reject: RCPT from unknown[189.89.83.218]: 554 5.7.1 <5dbceab9@mycustomersdomain2.com>: Relay access denied; from=<5dbceab9@xpertonline.ro> to=<5dbceab9@mycustomersdomain2.com> proto=ESMTP helo=<[189.89.83.218]>
     NOQUEUE: reject: RCPT from unknown[190.186.166.185]: 554 5.7.1 <OsPZVQEG@mycustomersdomain2.com>: Relay access denied; from=<OsPZVQEG@jennlawlor.com> to=<OsPZVQEG@mycustomersdomain2.com> proto=ESMTP helo=<dynamic-ip-adsl-190.186.166.185.cotas.com.bo>
     NOQUEUE: reject: RCPT from unknown[190.192.4.117]: 554 5.7.1 <dc99c1e@mycustomersdomain2.com>: Relay access denied; from=<dc99c1e@nairabuy.com> to=<dc99c1e@mycustomersdomain2.com> proto=ESMTP helo=<117-4-192-190.cab.prima.net.ar>
     NOQUEUE: reject: RCPT from unknown[190.221.69.61]: 554 5.7.1 <03ded1d66@mycustomersdomain1.com>: Relay access denied; from=<03ded1d66@bobconley.com> to=<03ded1d66@mycustomersdomain1.com> proto=ESMTP helo=<host61.190-221-69.telmex.net.ar>
     NOQUEUE: reject: RCPT from unknown[190.232.40.134]: 554 5.7.1 <fd6360b@mycustomersdomain2.com>: Relay access denied; from=<fd6360b@905logistics.com> to=<fd6360b@mycustomersdomain2.com> proto=ESMTP helo=<[190.232.40.134]>
     NOQUEUE: reject: RCPT from unknown[190.233.29.244]: 554 5.7.1 <1adc774@mycustomersdomain2.com>: Relay access denied; from=<1adc774@wincourtransportation.com> to=<1adc774@mycustomersdomain2.com> proto=ESMTP helo=<[190.233.29.244]>
     NOQUEUE: reject: RCPT from unknown[190.247.255.102]: 554 5.7.1 <c1c87d6c@mycustomersdomain2.com>: Relay access denied; from=<c1c87d6c@fibertel.com.ar> to=<c1c87d6c@mycustomersdomain2.com> proto=ESMTP helo=<102-255-247-190.fibertel.com.ar>
     NOQUEUE: reject: RCPT from unknown[190.252.230.231]: 554 5.7.1 <b67346c@mycustomersdomain2.com>: Relay access denied; from=<b67346c@sigma99.com> to=<b67346c@mycustomersdomain2.com> proto=ESMTP helo=<[190.252.230.231]>
     NOQUEUE: reject: RCPT from unknown[190.84.143.128]: 554 5.7.1 <a501f92@mycustomersdomain1.com>: Relay access denied; from=<a501f92@cable.net.co> to=<a501f92@mycustomersdomain1.com> proto=ESMTP helo=<Dynamic-IP-19084143128.cable.net.co>
     NOQUEUE: reject: RCPT from unknown[195.243.163.154]: 554 5.7.1 <7e6ad411@mycustomersdomain1.com>: Relay access denied; from=<7e6ad411@ROUTERBSZ.Bethesda-diakonie.intern> to=<7e6ad411@mycustomersdomain1.com> proto=ESMTP helo=<ROUTERBSZ.Bethesda-diakonie.intern>
     NOQUEUE: reject: RCPT from unknown[200.89.112.118]: 554 5.7.1 <3bc9f3c8@mycustomersdomain2.com>: Relay access denied; from=<3bc9f3c8@enlight-youth.com> to=<3bc9f3c8@mycustomersdomain2.com> proto=ESMTP helo=<[181.48.132.58]>
     NOQUEUE: reject: RCPT from unknown[201.183.95.209]: 554 5.7.1 <04a5213@mycustomersdomain1.com>: Relay access denied; from=<04a5213@ecutel.net> to=<04a5213@mycustomersdomain1.com> proto=ESMTP helo=<host-201-183-95-209.ecutel.net>
     NOQUEUE: reject: RCPT from unknown[201.218.89.135]: 554 5.7.1 <196b934d@mycustomersdomain2.com>: Relay access denied; from=<196b934d@cableonda.net> to=<196b934d@mycustomersdomain2.com> proto=ESMTP helo=<hogar-340583937.cpe.cableonda.net>
     NOQUEUE: reject: RCPT from unknown[36.88.50.115]: 554 5.7.1 <382ba0a@mycustomersdomain1.com>: Relay access denied; from=<382ba0a@vesinhsaigon.com> to=<382ba0a@mycustomersdomain1.com> proto=ESMTP helo=<USER>
     NOQUEUE: reject: RCPT from unknown[64.187.185.2]: 554 5.7.1 <513f9d01b@mycustomersdomain1.com>: Relay access denied; from=<513f9d01b@static.fibrenoire.ca> to=<513f9d01b@mycustomersdomain1.com> proto=ESMTP helo=<IP-64-187-185-2.static.fibrenoire.ca>
     NOQUEUE: reject: RCPT from unknown[80.122.63.206]: 554 5.7.1 <f164298de6c32105@mycustomersdomain2.com>: Relay access denied; from=<f164298de6c32105@dsldevice.lan> to=<f164298de6c32105@mycustomersdomain2.com> proto=ESMTP helo=<dsldevice.lan>
     NOQUEUE: reject: RCPT from unknown[90.175.41.144]: 554 5.7.1 <DQSbixJyKG@mycustomersdomain1.com>: Relay access denied; from=<DQSbixJyKG@goggomobil.nl> to=<DQSbixJyKG@mycustomersdomain1.com> proto=ESMTP helo=<[90.175.41.144]>
     connect from 122-171-114-200.fibertel.com.ar[200.114.171.122]
     connect from 14-33-136-123.ip.esc.net.au[123.136.33.14]
     connect from 155.14.125.91.dyn.plus.net[91.125.14.155]
     connect from 177-0-72-130.3g.brasiltelecom.net.br[177.0.72.130]
     connect from 186-78-165-42.baf.movistar.cl[186.78.165.42]
     connect from 186-79-106-140.baf.movistar.cl[186.79.106.140]
     connect from 187-5-85-203.cbace701.dsl.brasiltelecom.net.br[187.5.85.203]
     connect from 201-14-237-208.smace701.dsl.brasiltelecom.net.br[201.14.237.208]
     connect from 24-119-87-226.cpe.cableone.net[24.119.87.226]
     connect from 246-0-17-190.fibertel.com.ar[190.17.0.246]
     connect from 58-84-167-213.e-wire.net.au[58.84.167.213]
     connect from 74.86.158.107-static.reverse.softlayer.com[74.86.158.107]
     connect from 90-232-114-200.fibertel.com.ar[200.114.232.90]
     connect from IGLD-84-228-71-191.inter.net.il[84.228.71.191]
     connect from LLagny-156-35-28-230.w80-14.abo.wanadoo.fr[80.14.236.230]
     connect from c-69-250-130-18.hsd1.md.comcast.net[69.250.130.18]
     connect from cpe-72-178-198-33.stx.res.rr.com[72.178.198.33]
     connect from eurotaxiiasi.iasi.rdsnet.ro[86.124.173.57]
     connect from fixed-203-219-157.iusacell.net[189.203.219.157]
     connect from r186-52-94-123.dialup.adsl.anteldata.net.uy[186.52.94.123]
     connect from turtlemtcomm.pat.k12.nd.us[165.234.100.93]
     connect from unknown[14.192.210.235]
     connect from unknown[151.77.171.27]
     connect from unknown[177.236.141.184]
     connect from unknown[181.228.3.30]
     connect from unknown[181.55.55.200]
     connect from unknown[186.114.119.233]
     connect from unknown[186.116.225.226]
     connect from unknown[186.136.253.254]
     connect from unknown[186.176.244.202]
     connect from unknown[186.36.45.7]
     connect from unknown[187.208.126.23]
     connect from unknown[188.85.255.22]
     connect from unknown[189.89.83.218]
     connect from unknown[190.186.166.185]
     connect from unknown[190.192.4.117]
     connect from unknown[190.221.69.61]
     connect from unknown[190.232.40.134]
     connect from unknown[190.233.29.244]
     connect from unknown[190.247.255.102]
     connect from unknown[190.252.230.231]
     connect from unknown[190.84.143.128]
     connect from unknown[195.243.163.154]
     connect from unknown[200.89.112.118]
     connect from unknown[201.183.95.209]
     connect from unknown[201.218.89.135]
     connect from unknown[36.88.50.115]
     connect from unknown[64.187.185.2]
     connect from unknown[80.122.63.206]
     connect from unknown[90.175.41.144]
     connect to airtelbroadband.in[125.19.17.20]:25: Connection timed out
     connect to procono.es[212.225.255.229]:25: Connection refused
     connect to static.techtelnet.net[91.237.88.245]:25: Connection timed out
     connect to veloxzone.com.br[200.223.8.81]:25: Connection refused
     connect to veloxzone.com.br[200.223.8.81]:25: Connection refused
     disconnect from 122-171-114-200.fibertel.com.ar[200.114.171.122]
     disconnect from 14-33-136-123.ip.esc.net.au[123.136.33.14]
     disconnect from 155.14.125.91.dyn.plus.net[91.125.14.155]
     disconnect from 177-0-72-130.3g.brasiltelecom.net.br[177.0.72.130]
     disconnect from 186-78-165-42.baf.movistar.cl[186.78.165.42]
     disconnect from 186-79-106-140.baf.movistar.cl[186.79.106.140]
     disconnect from 187-5-85-203.cbace701.dsl.brasiltelecom.net.br[187.5.85.203]
     disconnect from 201-14-237-208.smace701.dsl.brasiltelecom.net.br[201.14.237.208]
     disconnect from 24-119-87-226.cpe.cableone.net[24.119.87.226]
     disconnect from 246-0-17-190.fibertel.com.ar[190.17.0.246]
     disconnect from 58-84-167-213.e-wire.net.au[58.84.167.213]
     disconnect from 74.86.158.107-static.reverse.softlayer.com[74.86.158.107]
     disconnect from 90-232-114-200.fibertel.com.ar[200.114.232.90]
     disconnect from IGLD-84-228-71-191.inter.net.il[84.228.71.191]
     disconnect from LLagny-156-35-28-230.w80-14.abo.wanadoo.fr[80.14.236.230]
     disconnect from c-69-250-130-18.hsd1.md.comcast.net[69.250.130.18]
     disconnect from cpe-72-178-198-33.stx.res.rr.com[72.178.198.33]
     disconnect from eurotaxiiasi.iasi.rdsnet.ro[86.124.173.57]
     disconnect from fixed-203-219-157.iusacell.net[189.203.219.157]
     disconnect from r186-52-94-123.dialup.adsl.anteldata.net.uy[186.52.94.123]
     disconnect from turtlemtcomm.pat.k12.nd.us[165.234.100.93]
     disconnect from unknown[14.192.210.235]
     disconnect from unknown[151.77.171.27]
     disconnect from unknown[177.236.141.184]
     disconnect from unknown[181.228.3.30]
     disconnect from unknown[181.55.55.200]
     disconnect from unknown[186.114.119.233]
     disconnect from unknown[186.116.225.226]
     disconnect from unknown[186.136.253.254]
     disconnect from unknown[186.176.244.202]
     disconnect from unknown[186.36.45.7]
     disconnect from unknown[187.208.126.23]
     disconnect from unknown[188.85.255.22]
     disconnect from unknown[189.89.83.218]
     disconnect from unknown[190.186.166.185]
     disconnect from unknown[190.192.4.117]
     disconnect from unknown[190.221.69.61]
     disconnect from unknown[190.232.40.134]
     disconnect from unknown[190.233.29.244]
     disconnect from unknown[190.247.255.102]
     disconnect from unknown[190.252.230.231]
     disconnect from unknown[190.84.143.128]
     disconnect from unknown[195.243.163.154]
     disconnect from unknown[200.89.112.118]
     disconnect from unknown[201.183.95.209]
     disconnect from unknown[201.218.89.135]
     disconnect from unknown[36.88.50.115]
     disconnect from unknown[64.187.185.2]
     disconnect from unknown[80.122.63.206]
     disconnect from unknown[90.175.41.144]
     lost connection after CONNECT from 74.86.158.107-static.reverse.softlayer.com[74.86.158.107]
     lost connection after MAIL from 24-119-87-226.cpe.cableone.net[24.119.87.226]
     statistics: max cache size 11 at Mar 6 00:22:18
     statistics: max connection count 1 for (smtp:86.135.52.238) at Mar 6 00:18:05
     statistics: max connection rate 1/60s for (smtp:86.135.52.238) at Mar 6 00:18:05
     warning: 177.236.141.184: address not listed for hostname 177.236.141.184.cable.dyn.cableonline.com.mx
     warning: 181.228.3.30: address not listed for hostname 30-3-228-181.cab.prima.com.ar
     warning: 181.55.55.200: address not listed for hostname Dynamic-IP-18155055200.cable.net.co
     warning: 186.136.253.254: address not listed for hostname 254-253-136-186.fibertel.com.ar
     warning: 187.208.126.23: address not listed for hostname dsl-187-208-126-23-dyn.prod-infinitum.com.mx
     warning: 188.85.255.22: address not listed for hostname static-22-255-85-188.ipcom.comunitel.net
     warning: 190.186.166.185: address not listed for hostname dynamic-ip-adsl-190.186.166.185.cotas.com.bo
     warning: 190.192.4.117: address not listed for hostname 117-4-192-190.cab.prima.net.ar
     warning: 190.221.69.61: address not listed for hostname host61.190-221-69.telmex.net.ar
     warning: 190.247.255.102: address not listed for hostname 102-255-247-190.fibertel.com.ar
     warning: 190.84.143.128: address not listed for hostname Dynamic-IP-19084143128.cable.net.co
     warning: 200.89.112.118: address not listed for hostname total-pool4-118.metrotel.net.co
     warning: 201.183.95.209: address not listed for hostname host-201-183-95-209.ecutel.net
     warning: 201.218.89.135: address not listed for hostname cm-201-218-089-135.cpe-dynamic.cableonda.net
     warning: 64.187.185.2: address not listed for hostname IP-64-187-185-2.static.fibrenoire.ca

Open in new window

0
 
LVL 13

Expert Comment

by:Sandy
ID: 39908501
check whether you have rootkit installed.. to me now it seems like some honey pot is installed. check in /tmp and /var/tmp..

TY/SA
0
 
LVL 61

Expert Comment

by:gheist
ID: 39908584
You need to clean up your mail queue, it is full of spam.

Can you post all the address checks you do in postfix so we can review and tell how to make it back good?
0
 
LVL 2

Author Comment

by:detox1978
ID: 39908665
Sandy, how do i check for a honeypot?

Gheist, how do I get the info you want?
0
 
LVL 2

Author Comment

by:detox1978
ID: 39908685
I've installed rootkit hunter using these instructions;

http://lintut.com/install-rootkit-hunter-rkhunter-on-rhelcentos-fedora-and-debianubuntu-based-dustribution/

Here's the results

=~=~=~=~=~=~=~=~=~=~=~= PuTTY log 2014.03.06 09:08:58 =~=~=~=~=~=~=~=~=~=~=~=
/var/log/rkhunter.log
[09:08:02] Running Rootkit Hunter version 1.4.0 on www
[09:08:02]
[09:08:02] Info: Start date is Thu Mar  6 09:08:02 GMT 2014
[09:08:02]
[09:08:02] Checking configuration file and command-line options...
[09:08:02] Info: Detected operating system is 'Linux'
[09:08:02] Info: Found O/S name: CentOS release 6.5 (Final)
[09:08:02] Info: Command line is /usr/bin/rkhunter -c
[09:08:02] Info: Environment shell is /bin/bash; rkhunter is using bash
[09:08:02] Info: Using configuration file '/etc/rkhunter.conf'
[09:08:02] Info: Installation directory is '/usr'
[09:08:02] Info: Using language 'en'
[09:08:03] Info: Using '/var/lib/rkhunter/db' as the database directory
[09:08:03] Info: Using '/usr/lib64/rkhunter/scripts' as the support script directory
[09:08:03] Info: Using '/sbin /bin /usr/sbin /usr/bin /usr/local/bin /usr/local/sbin /usr/libexec /usr/local/libexec' as the command directories
[09:08:03] Info: Using '/var/lib/rkhunter/tmp' as the temporary directory
[09:08:03] Info: No mail-on-warning address configured
[09:08:03] Info: X will be automatically detected
[09:08:03] Info: Found the 'basename' command: /bin/basename
[09:08:03] Info: Found the 'diff' command: /usr/bin/diff
[09:08:03] Info: Found the 'dirname' command: /usr/bin/dirname
[09:08:03] Info: Found the 'file' command: /usr/bin/file
[09:08:03] Info: Found the 'find' command: /bin/find
[09:08:03] Info: Found the 'ifconfig' command: /sbin/ifconfig
[09:08:03] Info: Found the 'ip' command: /sbin/ip
[09:08:03] Info: Found the 'ldd' command: /usr/bin/ldd
[09:08:03] Info: Found the 'lsattr' command: /usr/bin/lsattr
[09:08:03] Info: Found the 'lsmod' command: /sbin/lsmod
[09:08:03] Info: Found the 'lsof' command: /usr/sbin/lsof
[09:08:04] Info: Found the 'mktemp' command: /bin/mktemp
[09:08:04] Info: Found the 'netstat' command: /bin/netstat
[09:08:04] Info: Found the 'perl' command: /usr/bin/perl
[09:08:04] Info: Found the 'pgrep' command: /usr/bin/pgrep
[09:08:04] Info: Found the 'ps' command: /bin/ps
[09:08:04] Info: Found the 'pwd' command: /bin/pwd
[09:08:04] Info: Found the 'readlink' command: /bin/readlink
[09:08:04] Info: Found the 'stat' command: /usr/bin/stat
[09:08:04] Info: Found the 'strings' command: /usr/bin/strings
[09:08:04] Info: System is not using prelinking
[09:08:04] Info: Using the '/usr/bin/sha1sum' command for the file hash checks
[09:08:04] Info: Stored hash values used hash function '/usr/bin/sha1sum'
[09:08:04] Info: Stored hash values did not use a package manager
[09:08:04] Info: The hash function field index is set to 1
[09:08:04] Info: No package manager specified: using hash function '/usr/bin/sha1sum'
[09:08:04] Info: Previous file attributes were stored
[09:08:04] Info: Enabled tests are: all
[09:08:04] Info: Disabled tests are: suspscan hidden_ports hidden_procs deleted_files packet_cap_apps
[09:08:05] Info: Including user files for file properties check:
[09:08:05]/etc/rkhunter.conf
[09:08:05] Info: Found ksym file '/proc/kallsyms'
[09:08:05] Info: Using 'date' to process epoch second times[?12l[?25h[?25l[09:08:05] Info: Found ksym file '/proc/kallsyms'
[09:08:05] Info: Using 'date' to process epoch second times
[09:08:05]
[09:08:05] Checking if the O/S has changed since last time...
[09:08:05] Info: Nothing seems to have changed.
[09:08:05] Info: Locking is not being used
[09:08:05]
[09:08:05] Starting system checks...
[09:08:05]
[09:08:05] Info: Starting test name 'system_commands'
[09:08:05] Checking system commands...
[09:08:05]
[09:08:05] Info: Starting test name 'strings'
[09:08:05] Performing 'strings' command checks
[09:08:06]   Scanning for string /usr/sbin/ntpsx[ OK ]
[09:08:06]   Scanning for string /usr/sbin/.../bkit-ava      [ OK ]
[09:08:06]   Scanning for string /usr/sbin/.../bkit-d[ OK ]
[09:08:06]   Scanning for string /usr/sbin/.../bkit-shd      [ OK ]
[09:08:06]   Scanning for string /usr/sbin/.../bkit-f[ OK ]
[09:08:06]   Scanning for string /usr/include/.../proc.h     [ OK ]
[09:08:07]   Scanning for string /usr/include/.../.bash_history [ OK ]
[09:08:07]   Scanning for string /usr/include/.../bkit-get   [ OK ]
[09:08:07]   Scanning for string /usr/include/.../bkit-dl    [ OK ]
[09:08:07]   Scanning for string /usr/include/.../bkit-screen [ OK ]
[09:08:07]   Scanning for string /usr/include/.../bkit-sleep [ OK ]
[09:08:07]   Scanning for string /usr/lib/.../bkit-adore.o   [ OK ]
[09:08:07]   Scanning for string /usr/lib/.../ls[ OK ]
[09:08:07]   Scanning for string /usr/lib/.../netstat[ OK ]
[09:08:08]   Scanning for string /usr/lib/.../lsof[ OK ]
[09:08:08]   Scanning for string /usr/lib/.../bkit-ssh/bkit-shdcfg [ OK ]
[09:08:08]   Scanning for string /usr/lib/.../bkit-ssh/bkit-shhk [ OK ]
[09:08:08]   Scanning for string /usr/lib/.../bkit-ssh/bkit-pw [ OK ]
[09:08:08]   Scanning for string /usr/lib/.../bkit-ssh/bkit-shrs [ OK ]
[09:08:08]   Scanning for string /usr/lib/.../bkit-ssh/bkit-mots [ OK ]
[09:08:08]   Scanning for string /usr/lib/.../uconf.inv      [ OK ]
[09:08:08]   Scanning for string /usr/lib/.../psr[ OK ]
[09:08:09]   Scanning for string /usr/lib/.../find[ OK ]
[09:08:09]   Scanning for string /usr/lib/.../pstree[ OK ]
[09:08:09]   Scanning for string /usr/lib/.../slocate[ OK ]
[09:08:09]   Scanning for string /usr/lib/.../du[ OK ]
[09:08:09]   Scanning for string /usr/lib/.../top[ OK ]
[09:08:09]   Scanning for string /usr/sbin/...[ OK ]
[09:08:09]   Scanning for string /usr/include/...[ OK ]
[09:08:09]   Scanning for string /usr/include/.../.tmp[ OK ]
[09:08:10]   Scanning for string /usr/lib/...[ OK ]
[09:08:10]   Scanning for string /usr/lib/.../.ssh[ OK ]
[09:08:10]   Scanning for string /usr/lib/.../bkit-ssh[ OK ]
[09:08:10]   Scanning for string /usr/lib/.bkit-[ OK ]
[09:08:10]   Scanning for string /tmp/.bkp[ OK ]
[09:08:10]   Scanning for string /tmp/.cinik[ OK ]
[09:08:10]   Scanning for string /tmp/.font-unix/.cinik      [ OK ][?12l[?25h[?25l[09:08:10]   Scanning for string /tmp/.cinik[ OK ]
[09:08:10]   Scanning for string /tmp/.font-unix/.cinik      [ OK ]
[09:08:10]   Scanning for string /lib/.sso[ OK ]
[09:08:11]   Scanning for string /lib/.so[ OK ]
[09:08:11]   Scanning for string /var/run/...dica/clean      [ OK ]
[09:08:11]   Scanning for string /var/run/...dica/dxr[ OK ]
[09:08:11]   Scanning for string /var/run/...dica/read[ OK ]
[09:08:11]   Scanning for string /var/run/...dica/write      [ OK ]
[09:08:11]   Scanning for string /var/run/...dica/lf[ OK ]
[09:08:11]   Scanning for string /var/run/...dica/xl[ OK ]
[09:08:11]   Scanning for string /var/run/...dica/xdr[ OK ]
[09:08:12]   Scanning for string /var/run/...dica/psg[ OK ]
[09:08:12]   Scanning for string /var/run/...dica/secure     [ OK ]
[09:08:12]   Scanning for string /var/run/...dica/rdx[ OK ]
[09:08:12]   Scanning for string /var/run/...dica/va[ OK ]
[09:08:12]   Scanning for string /var/run/...dica/cl.sh      [ OK ]
[09:08:12]   Scanning for string /var/run/...dica/last.log   [ OK ]
[09:08:12]   Scanning for string /usr/bin/.etc[ OK ]
[09:08:12]   Scanning for string /etc/sshd_config[ OK ]
[09:08:13]   Scanning for string /etc/ssh_host_key[ OK ]
[09:08:13]   Scanning for string /etc/ssh_random_seed[ OK ]
[09:08:13]   Scanning for string /dev/ptyp[ OK ]
[09:08:13]   Scanning for string /dev/ptyq[ OK ]
[09:08:13]   Scanning for string /dev/ptyr[ OK ]
[09:08:13]   Scanning for string /dev/ptys[ OK ]
[09:08:13]   Scanning for string /dev/ptyt[ OK ]
[09:08:13]   Scanning for string /dev/fd/.88/freshb-bsd      [ OK ]
[09:08:14]   Scanning for string /dev/fd/.88/fresht[ OK ]
[09:08:14]   Scanning for string /dev/fd/.88/zxsniff[ OK ]
[09:08:14]   Scanning for string /dev/fd/.88/zxsniff.log     [ OK ]
[09:08:14]   Scanning for string /dev/fd/.99/.ttyf00[ OK ]
[09:08:14]   Scanning for string /dev/fd/.99/.ttyp00[ OK ]
[09:08:14]   Scanning for string /dev/fd/.99/.ttyq00[ OK ]
[09:08:14]   Scanning for string /dev/fd/.99/.ttys00[ OK ]
[09:08:14]   Scanning for string /dev/fd/.99/.pwsx00[ OK ]
[09:08:15]   Scanning for string /etc/.acid[ OK ]
[09:08:15]   Scanning for string /usr/lib/.fx/sched_host.2   [ OK ]
[09:08:15]   Scanning for string /usr/lib/.fx/random_d.2     [ OK ]
[09:08:15]   Scanning for string /usr/lib/.fx/set_pid.2      [ OK ]
[09:08:15]   Scanning for string /usr/lib/.fx/setrgrp.2      [ OK ]
[09:08:15]   Scanning for string /usr/lib/.fx/TOHIDE[ OK ]
[09:08:15]   Scanning for string /usr/lib/.fx/cons.saver     [ OK ]
[09:08:15]   Scanning for string /usr/lib/.fx/adore/ava/ava  [ OK ]
[09:08:16]   Scanning for string /usr/lib/.fx/adore/adore/adore.ko [ OK ]
[09:08:16]   Scanning for string /bin/sysback[ OK ]
[09:08:16]   Scanning for string /usr/local/bin/sysback      [ OK ]
[09:08:16]   Scanning for string /usr/lib/.tbd[ OK ]
[09:08:16]   Scanning for string /dev/.lib/lib/lib/t0rns     [ OK ]
[09:08:16]   Scanning for string /dev/.lib/lib/lib/du[ OK ]
[09:08:16]   Scanning for string /dev/.lib/lib/lib/ls[ OK ]
[09:08:16]   Scanning for string /dev/.lib/lib/lib/t0rnsb    [ OK ][?12l[?25h[?25l[09:08:16]   Scanning for string /dev/.lib/lib/lib/ls[ OK ]
[09:08:16]   Scanning for string /dev/.lib/lib/lib/t0rnsb    [ OK ]
[09:08:17]   Scanning for string /dev/.lib/lib/lib/ps[ OK ]
[09:08:17]   Scanning for string /dev/.lib/lib/lib/t0rnp     [ OK ]
[09:08:17]   Scanning for string /dev/.lib/lib/lib/find      [ OK ]
[09:08:17]   Scanning for string /dev/.lib/lib/lib/ifconfig  [ OK ]
[09:08:17]   Scanning for string /dev/.lib/lib/lib/pg[ OK ]
[09:08:17]   Scanning for string /dev/.lib/lib/lib/ssh.tgz   [ OK ]
[09:08:17]   Scanning for string /dev/.lib/lib/lib/top[ OK ]
[09:08:17]   Scanning for string /dev/.lib/lib/lib/sz[ OK ]
[09:08:18]   Scanning for string /dev/.lib/lib/lib/login     [ OK ]
[09:08:18]   Scanning for string /dev/.lib/lib/lib/in.fingerd [ OK ]
[09:08:18]   Scanning for string /dev/.lib/lib/lib/1i0n.sh   [ OK ]
[09:08:18]   Scanning for string /dev/.lib/lib/lib/pstree    [ OK ]
[09:08:18]   Scanning for string /dev/.lib/lib/lib/in.telnetd [ OK ]
[09:08:18]   Scanning for string /dev/.lib/lib/lib/mjy[ OK ]
[09:08:18]   Scanning for string /dev/.lib/lib/lib/sush      [ OK ]
[09:08:18]   Scanning for string /dev/.lib/lib/lib/tfn[ OK ]
[09:08:19]   Scanning for string /dev/.lib/lib/lib/name      [ OK ]
[09:08:19]   Scanning for string /dev/.lib/lib/lib/getip.sh  [ OK ]
[09:08:19]   Scanning for string /usr/info/.torn/sh*[ OK ]
[09:08:19]   Scanning for string /usr/src/.puta/.1addr[ OK ]
[09:08:19]   Scanning for string /usr/src/.puta/.1file[ OK ]
[09:08:19]   Scanning for string /usr/src/.puta/.1proc[ OK ]
[09:08:19]   Scanning for string /usr/src/.puta/.1logz[ OK ]
[09:08:19]   Scanning for string /usr/info/.t0rn[ OK ]
[09:08:20]   Scanning for string /dev/.lib[ OK ]
[09:08:20]   Scanning for string /dev/.lib/lib[ OK ]
[09:08:20]   Scanning for string /dev/.lib/lib/lib[ OK ]
[09:08:20]   Scanning for string /dev/.lib/lib/lib/dev[ OK ]
[09:08:20]   Scanning for string /dev/.lib/lib/scan[ OK ]
[09:08:20]   Scanning for string /usr/src/.puta[ OK ]
[09:08:20]   Scanning for string /usr/man/man1/man1[ OK ]
[09:08:20]   Scanning for string /usr/man/man1/man1/lib      [ OK ]
[09:08:21]   Scanning for string /usr/man/man1/man1/lib/.lib [ OK ]
[09:08:21]   Scanning for string /usr/man/man1/man1/lib/.lib/.backup [ OK ]
[09:08:21]
[09:08:21] Info: Starting test name 'shared_libs'
[09:08:21] Performing 'shared libraries' checks
[09:08:21]   Checking for preloading variables[ None found ]
[09:08:21]   Checking for preloaded libraries[ None found ]
[09:08:21]
[09:08:21] Info: Starting test name 'shared_libs_path'
[09:08:21]   Checking LD_LIBRARY_PATH variable[ Not found ]
[09:08:22]
[09:08:22] Info: Starting test name 'properties'
[09:08:22] Performing file properties checks
[09:08:22]   Checking for prerequisites[ OK ]
[09:08:23]   /sbin/chkconfig[ OK ]
[09:08:24]   /sbin/depmod[ OK ]
[09:08:24]   /sbin/fsck[ OK ][?12l[?25h[?25l[09:08:24]   /sbin/depmod[ OK ]
[09:08:24]   /sbin/fsck[ OK ]
[09:08:25]   /sbin/fuser[ OK ]
[09:08:25]   /sbin/ifconfig[ OK ]
[09:08:26]   /sbin/ifdown[ Warning ]
[09:08:26] Warning: The command '/sbin/ifdown' has been replaced by a script: /sbin/ifdown: Bourne-Again shell script text executable
[09:08:26]   /sbin/ifup[ Warning ]
[09:08:26] Warning: The command '/sbin/ifup' has been replaced by a script: /sbin/ifup: Bourne-Again shell script text executable
[09:08:26]   /sbin/init[ OK ]
[09:08:27]   /sbin/insmod[ OK ]
[09:08:27]   /sbin/ip[ OK ]
[09:08:28]   /sbin/lsmod[ OK ]
[09:08:28]   /sbin/modinfo[ OK ]
[09:08:29]   /sbin/modprobe[ OK ]
[09:08:29]   /sbin/nologin[ OK ]
[09:08:30]   /sbin/rmmod[ OK ]
[09:08:31]   /sbin/route[ OK ]
[09:08:31]   /sbin/rsyslogd[ OK ]
[09:08:31]   /sbin/runlevel[ OK ]
[09:08:32]   /sbin/sulogin[ OK ]
[09:08:33]   /sbin/sysctl[ OK ]
[09:08:34]   /bin/awk[ OK ]
[09:08:34]   /bin/basename[ OK ]
[09:08:34]   /bin/bash[ OK ]
[09:08:35]   /bin/cat[ OK ]
[09:08:35]   /bin/chmod[ OK ]
[09:08:36]   /bin/chown[ OK ]
[09:08:36]   /bin/cp[ OK ]
[09:08:36]   /bin/cut[ OK ]
[09:08:37]   /bin/date[ OK ]
[09:08:37]   /bin/df[ OK ]
[09:08:38]   /bin/dmesg[ OK ]
[09:08:38]   /bin/echo[ OK ]
[09:08:39]   /bin/egrep[ OK ]
[09:08:39]   /bin/env[ OK ]
[09:08:39]   /bin/fgrep[ OK ]
[09:08:40]   /bin/find[ OK ]
[09:08:40]   /bin/grep[ OK ]
[09:08:41]   /bin/kill[ OK ]
[09:08:41]   /bin/logger[ OK ]
[09:08:42]   /bin/login[ OK ]
[09:08:42]   /bin/ls[ OK ]
[09:08:43]   /bin/mail[ OK ]
[09:08:43]   /bin/mktemp[ OK ]
[09:08:44]   /bin/more[ OK ]
[09:08:44]   /bin/mount[ OK ]
[09:08:44]   /bin/mv[ OK ]
[09:08:45]   /bin/netstat[ OK ]
[09:08:45]   /bin/ping[ OK ]
[09:08:46]   /bin/ps[ OK ]
[09:08:46]   /bin/pwd[ OK ][?12l[?25h[?25l[09:08:46]   /bin/ps[ OK ]
[09:08:46]   /bin/pwd[ OK ]
[09:08:46]   /bin/readlink[ OK ]
[09:08:47]   /bin/rpm[ OK ]
[09:08:47]   /bin/sed[ OK ]
[09:08:48]   /bin/sh[ OK ]
[09:08:49]   /bin/sort[ OK ]
[09:08:49]   /bin/su[ OK ]
[09:08:50]   /bin/touch[ OK ]
[09:08:50]   /bin/uname[ OK ]
[09:08:51]   /bin/gawk[ OK ]
[09:08:51]   /bin/mailx[ OK ]
[09:08:52]   /usr/sbin/adduser[ OK ]
[09:08:52]   /usr/sbin/chroot[ OK ]
[09:08:53]   /usr/sbin/groupadd[ OK ]
[09:08:54]   /usr/sbin/groupdel[ OK ]
[09:08:54]   /usr/sbin/groupmod[ OK ]
[09:08:54]   /usr/sbin/grpck[ OK ]
[09:08:55]   /usr/sbin/lsof[ OK ]
[09:08:56]   /usr/sbin/prelink[ OK ]
[09:08:57]   /usr/sbin/pwck[ OK ]
[09:08:57]   /usr/sbin/sestatus[ OK ]
[09:08:58]   /usr/sbin/tcpd[ OK ]
[09:08:59]   /usr/sbin/useradd[ OK ]
[09:08:59]   /usr/sbin/userdel[ OK ]
[09:09:00]   /usr/sbin/usermod[ OK ]
[09:09:00]   /usr/sbin/vipw[ OK ]
[09:09:01]   /usr/sbin/xinetd[ OK ]
[09:09:01]   /usr/bin/awk[ OK ]
[09:09:02]   /usr/bin/chattr[ OK ]
[09:09:02]   /usr/bin/curl[ OK ]
[09:09:03]   /usr/bin/cut[ OK ]
[09:09:03]   /usr/bin/diff[ OK ]
[09:09:03]   /usr/bin/dirname[ OK ]
[09:09:04]   /usr/bin/du[ OK ]
[09:09:04]   /usr/bin/env[ OK ]
[09:09:05]   /usr/bin/file[ OK ]
[09:09:05]   /usr/bin/find[ OK ]
[09:09:05]   /usr/bin/GET[ Warning ]
[09:09:06] Warning: The command '/usr/bin/GET' has been replaced by a script: /usr/bin/GET: a /usr/bin/perl -w script text executable
[09:09:06]   /usr/bin/groups[ OK ]
[09:09:06]   /usr/bin/head[ OK ]
[09:09:07]   /usr/bin/id[ OK ]
[09:09:07]   /usr/bin/kill[ OK ]
[09:09:08]   /usr/bin/killall[ OK ]
[09:09:08]   /usr/bin/last[ OK ]
[09:09:08]   /usr/bin/lastlog[ OK ]
[09:09:09]   /usr/bin/ldd[ Warning ]
[09:09:09] Warning: The command '/usr/bin/ldd' has been replaced by a script: /usr/bin/ldd: Bourne-Again shell script text executable
[09:09:09]   /usr/bin/less[ OK ]
[09:09:10]   /usr/bin/locate[ OK ][?12l[?25h[?25l[09:09:09]   /usr/bin/less[ OK ]
[09:09:10]   /usr/bin/locate[ OK ]
[09:09:10]   /usr/bin/logger[ OK ]
[09:09:10]   /usr/bin/lsattr[ OK ]
[09:09:11]   /usr/bin/md5sum[ OK ]
[09:09:12]   /usr/bin/newgrp[ OK ]
[09:09:12]   /usr/bin/passwd[ OK ]
[09:09:12]   /usr/bin/perl[ OK ]
[09:09:13]   /usr/bin/pgrep[ OK ]
[09:09:13]   /usr/bin/pkill[ OK ]
[09:09:14]   /usr/bin/pstree[ OK ]
[09:09:14]   /usr/bin/readlink[ OK ]
[09:09:14]   /usr/bin/rkhunter[ OK ]
[09:09:15]   /usr/bin/runcon[ OK ]
[09:09:15]   /usr/bin/sha1sum[ OK ]
[09:09:16]   /usr/bin/sha224sum[ OK ]
[09:09:16]   /usr/bin/sha256sum[ OK ]
[09:09:16]   /usr/bin/sha384sum[ OK ]
[09:09:17]   /usr/bin/sha512sum[ OK ]
[09:09:17]   /usr/bin/size[ OK ]
[09:09:18]   /usr/bin/stat[ OK ]
[09:09:18]   /usr/bin/strings[ OK ]
[09:09:19]   /usr/bin/sudo[ OK ]
[09:09:19]   /usr/bin/tail[ OK ]
[09:09:19]   /usr/bin/test[ OK ]
[09:09:20]   /usr/bin/top[ OK ]
[09:09:20]   /usr/bin/tr[ OK ]
[09:09:21]   /usr/bin/uniq[ OK ]
[09:09:21]   /usr/bin/users[ OK ]
[09:09:21]   /usr/bin/vmstat[ OK ]
[09:09:22]   /usr/bin/w[ OK ]
[09:09:22]   /usr/bin/watch[ OK ]
[09:09:23]   /usr/bin/wc[ OK ]
[09:09:23]   /usr/bin/wget[ OK ]
[09:09:23]   /usr/bin/whatis[ Warning ]
[09:09:23] Warning: The command '/usr/bin/whatis' has been replaced by a script: /usr/bin/whatis: POSIX shell script text executable
[09:09:24]   /usr/bin/whereis[ OK ]
[09:09:24]   /usr/bin/which[ OK ]
[09:09:25]   /usr/bin/who[ OK ]
[09:09:25]   /usr/bin/whoami[ OK ]
[09:09:25]   /usr/bin/gawk[ OK ]
[09:09:42]   /etc/rkhunter.conf[ OK ]
[09:10:13]
[09:10:13] Info: Starting test name 'rootkits'
[09:10:13] Checking for rootkits...
[09:10:13]
[09:10:13] Info: Starting test name 'known_rkts'
[09:10:13] Performing check of known rootkit files and directories
[09:10:13]
[09:10:13] Checking for 55808 Trojan - Variant A...
[09:10:13]   Checking for file '/tmp/.../r'[ Not found ][?12l[?25h[?25l[09:10:13] Checking for 55808 Trojan - Variant A...
[09:10:13]   Checking for file '/tmp/.../r'[ Not found ]
[09:10:13]   Checking for file '/tmp/.../a'[ Not found ]
[09:10:13] 55808 Trojan - Variant A[ Not found ]
[09:10:14]
[09:10:14] Checking for ADM Worm...
[09:10:14]   Checking for string 'w0rm'[ Not found ]
[09:10:14] ADM Worm[ Not found ]
[09:10:14]
[09:10:14] Checking for AjaKit Rootkit...
[09:10:14]   Checking for file '/dev/tux/.addr'[ Not found ]
[09:10:14]   Checking for file '/dev/tux/.proc'[ Not found ]
[09:10:14]   Checking for file '/dev/tux/.file'[ Not found ]
[09:10:14]   Checking for file '/lib/.libgh-gh/cleaner'      [ Not found ]
[09:10:14]   Checking for file '/lib/.libgh-gh/Patch/patch'  [ Not found ]
[09:10:14]   Checking for file '/lib/.libgh-gh/sb0k'[ Not found ]
[09:10:15]   Checking for directory '/dev/tux'[ Not found ]
[09:10:15]   Checking for directory '/lib/.libgh-gh'[ Not found ]
[09:10:15] AjaKit Rootkit[ Not found ]
[09:10:15]
[09:10:15] Checking for Adore Rootkit...
[09:10:15]   Checking for file '/usr/secure'[ Not found ]
[09:10:15]   Checking for file '/usr/doc/sys/qrt'[ Not found ]
[09:10:15]   Checking for file '/usr/doc/sys/run'[ Not found ]
[09:10:15]   Checking for file '/usr/doc/sys/crond'[ Not found ]
[09:10:15]   Checking for file '/usr/sbin/kfd'[ Not found ]
[09:10:16]   Checking for file '/usr/doc/kern/var'[ Not found ]
[09:10:16]   Checking for file '/usr/doc/kern/string.o'      [ Not found ]
[09:10:16]   Checking for file '/usr/doc/kern/ava'[ Not found ]
[09:10:16]   Checking for file '/usr/doc/kern/adore.o'[ Not found ]
[09:10:16]   Checking for file '/var/log/ssh/old'[ Not found ]
[09:10:16]   Checking for directory '/lib/security/.config/ssh' [ Not found ]
[09:10:16]   Checking for directory '/usr/doc/kern'[ Not found ]
[09:10:16]   Checking for directory '/usr/doc/backup'[ Not found ]
[09:10:17]   Checking for directory '/usr/doc/backup/txt'    [ Not found ]
[09:10:17]   Checking for directory '/lib/backup'[ Not found ]
[09:10:17]   Checking for directory '/lib/backup/txt'[ Not found ]
[09:10:17]   Checking for directory '/usr/doc/work'[ Not found ]
[09:10:17]   Checking for directory '/usr/doc/sys'[ Not found ]
[09:10:17]   Checking for directory '/var/log/ssh'[ Not found ]
[09:10:17]   Checking for directory '/usr/doc/.spool'[ Not found ]
[09:10:17]   Checking for directory '/usr/lib/kterm'[ Not found ]
[09:10:17] Adore Rootkit[ Not found ]
[09:10:18]
[09:10:18] Checking for aPa Kit...
[09:10:18]   Checking for file '/usr/share/.aPa'[ Not found ]
[09:10:18] aPa Kit[ Not found ]
[09:10:18]
[09:10:18] Checking for Apache Worm...
[09:10:18]   Checking for file '/bin/.log'[ Not found ]
[09:10:18] Apache Worm[ Not found ][?12l[?25h[?25l[09:10:18]   Checking for file '/bin/.log'[ Not found ]
[09:10:18] Apache Worm[ Not found ]
[09:10:18]
[09:10:18] Checking for Ambient (ark) Rootkit...
[09:10:18]   Checking for file '/usr/lib/.ark?'[ Not found ]
[09:10:18]   Checking for file '/dev/ptyxx/.log'[ Not found ]
[09:10:18]   Checking for file '/dev/ptyxx/.file'[ Not found ]
[09:10:19]   Checking for file '/dev/ptyxx/.proc'[ Not found ]
[09:10:19]   Checking for file '/dev/ptyxx/.addr'[ Not found ]
[09:10:19]   Checking for directory '/dev/ptyxx'[ Not found ]
[09:10:19] Ambient (ark) Rootkit[ Not found ]
[09:10:19]
[09:10:19] Checking for Balaur Rootkit...
[09:10:19]   Checking for file '/usr/lib/liblog.o'[ Not found ]
[09:10:19]   Checking for directory '/usr/lib/.kinetic'      [ Not found ]
[09:10:19]   Checking for directory '/usr/lib/.egcs'[ Not found ]
[09:10:19]   Checking for directory '/usr/lib/.wormie'[ Not found ]
[09:10:20] Balaur Rootkit[ Not found ]
[09:10:20]
[09:10:20] Checking for BeastKit Rootkit...
[09:10:20]   Checking for file '/usr/sbin/arobia'[ Not found ]
[09:10:20]   Checking for file '/usr/sbin/idrun'[ Not found ]
[09:10:20]   Checking for file '/usr/lib/elm/arobia/elm'     [ Not found ]
[09:10:20]   Checking for file '/usr/lib/elm/arobia/elm/hk'  [ Not found ]
[09:10:20]   Checking for file '/usr/lib/elm/arobia/elm/hk.pub' [ Not found ]
[09:10:20]   Checking for file '/usr/lib/elm/arobia/elm/sc'  [ Not found ]
[09:10:20]   Checking for file '/usr/lib/elm/arobia/elm/sd.pp' [ Not found ]
[09:10:21]   Checking for file '/usr/lib/elm/arobia/elm/sdco' [ Not found ]
[09:10:21]   Checking for file '/usr/lib/elm/arobia/elm/srsd' [ Not found ]
[09:10:21]   Checking for directory '/lib/ldd.so/bktools'    [ Not found ]
[09:10:21] BeastKit Rootkit[ Not found ]
[09:10:21]
[09:10:21] Checking for beX2 Rootkit...
[09:10:21]   Checking for file '/usr/info/termcap.info-5.gz' [ Not found ]
[09:10:21]   Checking for file '/usr/bin/sshd2'[ Not found ]
[09:10:21]   Checking for directory '/usr/include/bex'[ Not found ]
[09:10:21] beX2 Rootkit[ Not found ]
[09:10:22]
[09:10:22] Checking for BOBKit Rootkit...
[09:10:22]   Checking for file '/usr/sbin/ntpsx'[ Not found ]
[09:10:22]   Checking for file '/usr/sbin/.../bkit-ava'      [ Not found ]
[09:10:22]   Checking for file '/usr/sbin/.../bkit-d'[ Not found ]
[09:10:22]   Checking for file '/usr/sbin/.../bkit-shd'      [ Not found ]
[09:10:22]   Checking for file '/usr/sbin/.../bkit-f'[ Not found ]
[09:10:22]   Checking for file '/usr/include/.../proc.h'     [ Not found ]
[09:10:22]   Checking for file '/usr/include/.../.bash_history' [ Not found ]
[09:10:22]   Checking for file '/usr/include/.../bkit-get'   [ Not found ]
[09:10:23]   Checking for file '/usr/include/.../bkit-dl'    [ Not found ]
[09:10:23]   Checking for file '/usr/include/.../bkit-screen' [ Not found ]
[09:10:23]   Checking for file '/usr/include/.../bkit-sleep' [ Not found ]
[09:10:23]   Checking for file '/usr/lib/.../bkit-adore.o'   [ Not found ][?12l[?25h[?25l[09:10:23]   Checking for file '/usr/include/.../bkit-sleep' [ Not found ]
[09:10:23]   Checking for file '/usr/lib/.../bkit-adore.o'   [ Not found ]
[09:10:23]   Checking for file '/usr/lib/.../ls'[ Not found ]
[09:10:23]   Checking for file '/usr/lib/.../netstat'[ Not found ]
[09:10:23]   Checking for file '/usr/lib/.../lsof'[ Not found ]
[09:10:23]   Checking for file '/usr/lib/.../bkit-ssh/bkit-shdcfg' [ Not found ]
[09:10:23]   Checking for file '/usr/lib/.../bkit-ssh/bkit-shhk' [ Not found ]
[09:10:24]   Checking for file '/usr/lib/.../bkit-ssh/bkit-pw' [ Not found ]
[09:10:24]   Checking for file '/usr/lib/.../bkit-ssh/bkit-shrs' [ Not found ]
[09:10:24]   Checking for file '/usr/lib/.../bkit-ssh/bkit-mots' [ Not found ]
[09:10:24]   Checking for file '/usr/lib/.../uconf.inv'      [ Not found ]
[09:10:24]   Checking for file '/usr/lib/.../psr'[ Not found ]
[09:10:24]   Checking for file '/usr/lib/.../find'[ Not found ]
[09:10:24]   Checking for file '/usr/lib/.../pstree'[ Not found ]
[09:10:24]   Checking for file '/usr/lib/.../slocate'[ Not found ]
[09:10:24]   Checking for file '/usr/lib/.../du'[ Not found ]
[09:10:25]   Checking for file '/usr/lib/.../top'[ Not found ]
[09:10:25]   Checking for directory '/usr/sbin/...'[ Not found ]
[09:10:25]   Checking for directory '/usr/include/...'[ Not found ]
[09:10:25]   Checking for directory '/usr/include/.../.tmp'  [ Not found ]
[09:10:25]   Checking for directory '/usr/lib/...'[ Not found ]
[09:10:25]   Checking for directory '/usr/lib/.../.ssh'      [ Not found ]
[09:10:25]   Checking for directory '/usr/lib/.../bkit-ssh'  [ Not found ]
[09:10:25]   Checking for directory '/usr/lib/.bkit-'[ Not found ]
[09:10:25]   Checking for directory '/tmp/.bkp'[ Not found ]
[09:10:26] BOBKit Rootkit[ Not found ]
[09:10:26]
[09:10:26] Checking for cb Rootkit...
[09:10:26]   Checking for file '/dev/srd0'[ Not found ]
[09:10:26]   Checking for file '/lib/libproc.so.2.0.6'[ Not found ]
[09:10:26]   Checking for file '/dev/mounnt'[ Not found ]
[09:10:26]   Checking for file '/etc/rc.d/init.d/init'[ Not found ]
[09:10:26]   Checking for file '/usr/bin/.zeen/.. /cl'[ Not found ]
[09:10:26]   Checking for file '/usr/bin/.zeen/.. /.x.tgz'   [ Not found ]
[09:10:26]   Checking for file '/usr/bin/.zeen/.. /statdx'   [ Not found ]
[09:10:27]   Checking for file '/usr/bin/.zeen/.. /wted'     [ Not found ]
[09:10:27]   Checking for file '/usr/bin/.zeen/.. /write'    [ Not found ]
[09:10:27]   Checking for file '/usr/bin/.zeen/.. /scan'     [ Not found ]
[09:10:27]   Checking for file '/usr/bin/.zeen/.. /sc'[ Not found ]
[09:10:27]   Checking for file '/usr/bin/.zeen/.. /sl2'      [ Not found ]
[09:10:27]   Checking for file '/usr/bin/.zeen/.. /wroot'    [ Not found ]
[09:10:27]   Checking for file '/usr/bin/.zeen/.. /wscan'    [ Not found ]
[09:10:27]   Checking for file '/usr/bin/.zeen/.. /wu'[ Not found ]
[09:10:27]   Checking for file '/usr/bin/.zeen/.. /v'[ Not found ]
[09:10:28]   Checking for file '/usr/bin/.zeen/.. /read'     [ Not found ]
[09:10:28]   Checking for file '/usr/lib/sshrc'[ Not found ]
[09:10:28]   Checking for file '/usr/lib/ssh_host_key'[ Not found ]
[09:10:28]   Checking for file '/usr/lib/ssh_host_key.pub'   [ Not found ]
[09:10:28]   Checking for file '/usr/lib/ssh_random_seed'    [ Not found ]
[09:10:28]   Checking for file '/usr/lib/sshd_config'[ Not found ]
[09:10:28]   Checking for file '/usr/lib/shosts.equiv'[ Not found ][?12l[?25h[?25l[09:10:28]   Checking for file '/usr/lib/sshd_config'[ Not found ]
[09:10:28]   Checking for file '/usr/lib/shosts.equiv'[ Not found ]
[09:10:28]   Checking for file '/usr/lib/ssh_known_hosts'    [ Not found ]
[09:10:28]   Checking for file '/u/zappa/.ssh/pid'[ Not found ]
[09:10:29]   Checking for file '/usr/bin/.system/.. /tcp.log' [ Not found ]
[09:10:29]   Checking for file '/usr/bin/.zeen/.. /curatare/attrib' [ Not found ]
[09:10:29]   Checking for file '/usr/bin/.zeen/.. /curatare/chattr' [ Not found ]
[09:10:29]   Checking for file '/usr/bin/.zeen/.. /curatare/ps' [ Not found ]
[09:10:29]   Checking for file '/usr/bin/.zeen/.. /curatare/pstree' [ Not found ]
[09:10:29]   Checking for file '/usr/bin/.system/.. /.x/xC.o' [ Not found ]
[09:10:29]   Checking for directory '/usr/bin/.zeen'[ Not found ]
[09:10:29]   Checking for directory '/usr/bin/.zeen/.. /curatare' [ Not found ]
[09:10:30]   Checking for directory '/usr/bin/.zeen/.. /scan' [ Not found ]
[09:10:30]   Checking for directory '/usr/bin/.system/.. '   [ Not found ]
[09:10:30] cb Rootkit[ Not found ]
[09:10:30]
[09:10:30] Checking for CiNIK Worm (Slapper.B variant)...
[09:10:30]   Checking for file '/tmp/.cinik'[ Not found ]
[09:10:30]   Checking for directory '/tmp/.font-unix/.cinik' [ Not found ]
[09:10:30] CiNIK Worm (Slapper.B variant)[ Not found ]
[09:10:30]
[09:10:30] Checking for Danny-Boy's Abuse Kit...
[09:10:30]   Checking for file '/dev/mdev'[ Not found ]
[09:10:30]   Checking for file '/usr/lib/libX.a'[ Not found ]
[09:10:31] Danny-Boy's Abuse Kit[ Not found ]
[09:10:31]
[09:10:31] Checking for Devil RootKit...
[09:10:31]   Checking for file '/var/lib/games/.src'[ Not found ]
[09:10:31]   Checking for file '/dev/dsx'[ Not found ]
[09:10:31]   Checking for file '/dev/caca'[ Not found ]
[09:10:31]   Checking for file '/dev/pro'[ Not found ]
[09:10:31]   Checking for file '/bin/bye'[ Not found ]
[09:10:31]   Checking for file '/bin/homedir'[ Not found ]
[09:10:31]   Checking for file '/usr/bin/xfss'[ Not found ]
[09:10:32]   Checking for file '/usr/sbin/tzava'[ Not found ]
[09:10:32]   Checking for file '/usr/doc/tar/.../.dracusor/stuff/holber' [ Not found ]
[09:10:32]   Checking for file '/usr/doc/tar/.../.dracusor/stuff/sense' [ Not found ]
[09:10:32]   Checking for file '/usr/doc/tar/.../.dracusor/stuff/clear' [ Not found ]
[09:10:32]   Checking for file '/usr/doc/tar/.../.dracusor/stuff/tzava' [ Not found ]
[09:10:32]   Checking for file '/usr/doc/tar/.../.dracusor/stuff/citeste' [ Not found ]
[09:10:32]   Checking for file '/usr/doc/tar/.../.dracusor/stuff/killrk' [ Not found ]
[09:10:32]   Checking for file '/usr/doc/tar/.../.dracusor/stuff/searchlog' [ Not found ]
[09:10:32]   Checking for file '/usr/doc/tar/.../.dracusor/stuff/gaoaza' [ Not found ]
[09:10:33]   Checking for file '/usr/doc/tar/.../.dracusor/stuff/cleaner' [ Not found ]
[09:10:33]   Checking for file '/usr/doc/tar/.../.dracusor/stuff/shk' [ Not found ]
[09:10:33]   Checking for file '/usr/doc/tar/.../.dracusor/stuff/srs' [ Not found ]
[09:10:33]   Checking for file '/usr/doc/tar/.../.dracusor/utile.tgz' [ Not found ]
[09:10:33]   Checking for file '/usr/doc/tar/.../.dracusor/webpage' [ Not found ]
[09:10:33]   Checking for file '/usr/doc/tar/.../.dracusor/getpsy' [ Not found ]
[09:10:33]   Checking for file '/usr/doc/tar/.../.dracusor/getbnc' [ Not found ]
[09:10:33]   Checking for file '/usr/doc/tar/.../.dracusor/getemech' [ Not found ][?12l[?25h[?25l[09:10:33]   Checking for file '/usr/doc/tar/.../.dracusor/getbnc' [ Not found ]
[09:10:33]   Checking for file '/usr/doc/tar/.../.dracusor/getemech' [ Not found ]
[09:10:33]   Checking for file '/usr/doc/tar/.../.dracusor/localroot.sh' [ Not found ]
[09:10:34]   Checking for file '/usr/doc/tar/.../.dracusor/stuff/old/sense' [ Not found ]
[09:10:34]   Checking for directory '/usr/doc/tar/.../.dracusor' [ Not found ]
[09:10:34] Devil RootKit[ Not found ]
[09:10:34]
[09:10:34] Checking for Dica-Kit Rootkit...
[09:10:34]   Checking for file '/lib/.sso'[ Not found ]
[09:10:34]   Checking for file '/lib/.so'[ Not found ]
[09:10:34]   Checking for file '/var/run/...dica/clean'      [ Not found ]
[09:10:34]   Checking for file '/var/run/...dica/dxr'[ Not found ]
[09:10:34]   Checking for file '/var/run/...dica/read'[ Not found ]
[09:10:35]   Checking for file '/var/run/...dica/write'      [ Not found ]
[09:10:35]   Checking for file '/var/run/...dica/lf'[ Not found ]
[09:10:35]   Checking for file '/var/run/...dica/xl'[ Not found ]
[09:10:35]   Checking for file '/var/run/...dica/xdr'[ Not found ]
[09:10:35]   Checking for file '/var/run/...dica/psg'[ Not found ]
[09:10:35]   Checking for file '/var/run/...dica/secure'     [ Not found ]
[09:10:35]   Checking for file '/var/run/...dica/rdx'[ Not found ]
[09:10:35]   Checking for file '/var/run/...dica/va'[ Not found ]
[09:10:36]   Checking for file '/var/run/...dica/cl.sh'      [ Not found ]
[09:10:36]   Checking for file '/var/run/...dica/last.log'   [ Not found ]
[09:10:36]   Checking for file '/usr/bin/.etc'[ Not found ]
[09:10:36]   Checking for file '/etc/sshd_config'[ Not found ]
[09:10:36]   Checking for file '/etc/ssh_host_key'[ Not found ]
[09:10:36]   Checking for file '/etc/ssh_random_seed'[ Not found ]
[09:10:36]   Checking for directory '/var/run/...dica'[ Not found ]
[09:10:36]   Checking for directory '/var/run/...dica/mh'    [ Not found ]
[09:10:36]   Checking for directory '/var/run/...dica/scan'  [ Not found ]
[09:10:37] Dica-Kit Rootkit[ Not found ]
[09:10:37]
[09:10:37] Checking for Dreams Rootkit...
[09:10:37]   Checking for file '/dev/ttyoa'[ Not found ]
[09:10:37]   Checking for file '/dev/ttyof'[ Not found ]
[09:10:37]   Checking for file '/dev/ttyop'[ Not found ]
[09:10:37]   Checking for file '/usr/bin/sense'[ Not found ]
[09:10:37]   Checking for file '/usr/bin/sl2'[ Not found ]
[09:10:37]   Checking for file '/usr/bin/logclear'[ Not found ]
[09:10:37]   Checking for file '/usr/bin/(swapd)'[ Not found ]
[09:10:38]   Checking for file '/usr/bin/initrd'[ Not found ]
[09:10:38]   Checking for file '/usr/bin/crontabs'[ Not found ]
[09:10:38]   Checking for file '/usr/bin/snfs'[ Not found ]
[09:10:38]   Checking for file '/usr/lib/libsss'[ Not found ]
[09:10:38]   Checking for file '/usr/lib/libsnf.log'[ Not found ]
[09:10:38]   Checking for file '/usr/lib/libshtift/top'      [ Not found ]
[09:10:38]   Checking for file '/usr/lib/libshtift/ps'[ Not found ]
[09:10:38]   Checking for file '/usr/lib/libshtift/netstat'  [ Not found ]
[09:10:38]   Checking for file '/usr/lib/libshtift/ls'[ Not found ]
[09:10:38]   Checking for file '/usr/lib/libshtift/ifconfig' [ Not found ]
[09:10:39]   Checking for file '/usr/include/linseed.h'      [ Not found ][?12l[?25h[?25l[09:10:38]   Checking for file '/usr/lib/libshtift/ifconfig' [ Not found ]
[09:10:39]   Checking for file '/usr/include/linseed.h'      [ Not found ]
[09:10:39]   Checking for file '/usr/include/linpid.h'[ Not found ]
[09:10:39]   Checking for file '/usr/include/linkey.h'[ Not found ]
[09:10:39]   Checking for file '/usr/include/linconf.h'      [ Not found ]
[09:10:39]   Checking for file '/usr/include/iceseed.h'      [ Not found ]
[09:10:39]   Checking for file '/usr/include/icepid.h'[ Not found ]
[09:10:39]   Checking for file '/usr/include/icekey.h'[ Not found ]
[09:10:39]   Checking for file '/usr/include/iceconf.h'      [ Not found ]
[09:10:39]   Checking for directory '/dev/ida/.hpd'[ Not found ]
[09:10:40]   Checking for directory '/usr/lib/libshtift'     [ Not found ]
[09:10:40] Dreams Rootkit[ Not found ]
[09:10:40]
[09:10:40] Checking for Duarawkz Rootkit...
[09:10:40]   Checking for file '/usr/bin/duarawkz/loginpass' [ Not found ]
[09:10:40]   Checking for directory '/usr/bin/duarawkz'      [ Not found ]
[09:10:40] Duarawkz Rootkit[ Not found ]
[09:10:40]
[09:10:40] Checking for Enye LKM...
[09:10:40]   Checking for file '/etc/.enyelkmHIDE^IT.ko'     [ Not found ]
[09:10:40]   Checking for file '/etc/.enyelkmOCULTAR.ko'     [ Not found ]
[09:10:41] Enye LKM[ Not found ]
[09:10:41]
[09:10:41] Checking for Flea Linux Rootkit...
[09:10:41]   Checking for file '/etc/ld.so.hash'[ Not found ]
[09:10:41]   Checking for file '/lib/security/.config/ssh/sshd_config' [ Not found ]
[09:10:41]   Checking for file '/lib/security/.config/ssh/ssh_host_key' [ Not found ]
[09:10:41]   Checking for file '/lib/security/.config/ssh/ssh_host_key.pub' [ Not found ]
[09:10:41]   Checking for file '/lib/security/.config/ssh/ssh_random_seed' [ Not found ]
[09:10:41]   Checking for file '/usr/bin/ssh2d'[ Not found ]
[09:10:41]   Checking for file '/usr/lib/ldlibns.so'[ Not found ]
[09:10:41]   Checking for file '/usr/lib/ldlibps.so'[ Not found ]
[09:10:42]   Checking for file '/usr/lib/ldlibpst.so'[ Not found ]
[09:10:42]   Checking for file '/usr/lib/ldlibdu.so'[ Not found ]
[09:10:42]   Checking for file '/usr/lib/ldlibct.so'[ Not found ]
[09:10:42]   Checking for directory '/lib/security/.config/ssh' [ Not found ]
[09:10:42]   Checking for directory '/dev/..0'[ Not found ]
[09:10:42]   Checking for directory '/dev/..0/backup'[ Not found ]
[09:10:42] Flea Linux Rootkit[ Not found ]
[09:10:42]
[09:10:42] Checking for Fu Rootkit...
[09:10:42]   Checking for file '/sbin/xc'[ Not found ]
[09:10:43]   Checking for file '/usr/include/ivtype.h'[ Not found ]
[09:10:43]   Checking for file '/bin/.lib'[ Not found ]
[09:10:43] Fu Rootkit[ Not found ]
[09:10:43]
[09:10:43] Checking for Fuck`it Rootkit...
[09:10:43]   Checking for file '/lib/libproc.so.2.0.7'[ Not found ]
[09:10:43]   Checking for file '/dev/proc/.bash_profile'     [ Not found ]
[09:10:43]   Checking for file '/dev/proc/.bashrc'[ Not found ]
[09:10:43]   Checking for file '/dev/proc/.cshrc'[ Not found ][?12l[?25h[?25l[09:10:43]   Checking for file '/dev/proc/.bashrc'[ Not found ]
[09:10:43]   Checking for file '/dev/proc/.cshrc'[ Not found ]
[09:10:43]   Checking for file '/dev/proc/fuckit/hax0r'      [ Not found ]
[09:10:44]   Checking for file '/dev/proc/fuckit/hax0rshell' [ Not found ]
[09:10:44]   Checking for file '/dev/proc/fuckit/config/lports' [ Not found ]
[09:10:44]   Checking for file '/dev/proc/fuckit/config/rports' [ Not found ]
[09:10:44]   Checking for file '/dev/proc/fuckit/config/rkconf' [ Not found ]
[09:10:44]   Checking for file '/dev/proc/fuckit/config/password' [ Not found ]
[09:10:44]   Checking for file '/dev/proc/fuckit/config/progs' [ Not found ]
[09:10:44]   Checking for file '/dev/proc/fuckit/system-bins/init' [ Not found ]
[09:10:44]   Checking for file '/usr/lib/libcps.a'[ Not found ]
[09:10:44]   Checking for file '/usr/lib/libtty.a'[ Not found ]
[09:10:45]   Checking for directory '/dev/proc'[ Not found ]
[09:10:45]   Checking for directory '/dev/proc/fuckit'[ Not found ]
[09:10:45]   Checking for directory '/dev/proc/fuckit/system-bins' [ Not found ]
[09:10:45]   Checking for directory '/dev/proc/toolz'[ Not found ]
[09:10:45] Fuck`it Rootkit[ Not found ]
[09:10:45]
[09:10:45] Checking for GasKit Rootkit...
[09:10:45]   Checking for file '/dev/dev/gaskit/sshd/sshdd'  [ Not found ]
[09:10:45]   Checking for directory '/dev/dev'[ Not found ]
[09:10:45]   Checking for directory '/dev/dev/gaskit'[ Not found ]
[09:10:46]   Checking for directory '/dev/dev/gaskit/sshd'   [ Not found ]
[09:10:46] GasKit Rootkit[ Not found ]
[09:10:46]
[09:10:46] Checking for Heroin LKM...
[09:10:46]   Checking for kernel symbol 'heroin'[ Not found ]
[09:10:46] Heroin LKM[ Not found ]
[09:10:46]
[09:10:46] Checking for HjC Kit...
[09:10:46]   Checking for directory '/dev/.hijackerz'[ Not found ]
[09:10:46] HjC Kit[ Not found ]
[09:10:46]
[09:10:46] Checking for ignoKit Rootkit...
[09:10:46]   Checking for file '/lib/defs/p'[ Not found ]
[09:10:47]   Checking for file '/lib/defs/q'[ Not found ]
[09:10:47]   Checking for file '/lib/defs/r'[ Not found ]
[09:10:47]   Checking for file '/lib/defs/s'[ Not found ]
[09:10:47]   Checking for file '/lib/defs/t'[ Not found ]
[09:10:47]   Checking for file '/usr/lib/defs/p'[ Not found ]
[09:10:47]   Checking for file '/usr/lib/defs/q'[ Not found ]
[09:10:47]   Checking for file '/usr/lib/defs/r'[ Not found ]
[09:10:47]   Checking for file '/usr/lib/defs/s'[ Not found ]
[09:10:48]   Checking for file '/usr/lib/defs/t'[ Not found ]
[09:10:48]   Checking for file '/usr/lib/.libigno/pkunsec'   [ Not found ]
[09:10:48]   Checking for file '/usr/lib/.libigno/.igno/psybnc/psybnc' [ Not found ]
[09:10:48]   Checking for directory '/usr/lib/.libigno'      [ Not found ]
[09:10:48]   Checking for directory '/usr/lib/.libigno/.igno' [ Not found ]
[09:10:48] ignoKit Rootkit[ Not found ]
[09:10:48]
[09:10:48] Checking for IntoXonia-NG Rootkit...[?12l[?25h[?25l[09:10:48]
[09:10:48] Checking for IntoXonia-NG Rootkit...
[09:10:48]   Checking for kernel symbol 'funces'[ Not found ]
[09:10:49]   Checking for kernel symbol 'ixinit'[ Not found ]
[09:10:49]   Checking for kernel symbol 'tricks'[ Not found ]
[09:10:49]   Checking for kernel symbol 'kernel_unlink'      [ Not found ]
[09:10:49]   Checking for kernel symbol 'rootme'[ Not found ]
[09:10:49]   Checking for kernel symbol 'hide_module'[ Not found ]
[09:10:49]   Checking for kernel symbol 'find_sys_call_tbl'  [ Not found ]
[09:10:49] IntoXonia-NG Rootkit[ Not found ]
[09:10:50]
[09:10:50] Checking for Irix Rootkit...
[09:10:50]   Checking for directory '/dev/pts/01'[ Not found ]
[09:10:50]   Checking for directory '/dev/pts/01/backup'     [ Not found ]
[09:10:50]   Checking for directory '/dev/pts/01/etc'[ Not found ]
[09:10:50]   Checking for directory '/dev/pts/01/tmp'[ Not found ]
[09:10:50] Irix Rootkit[ Not found ]
[09:10:50]
[09:10:50] Checking for Jynx Rootkit...
[09:10:50]   Checking for file '/xochikit/bc'[ Not found ]
[09:10:50]   Checking for file '/xochikit/ld_poison.so'      [ Not found ]
[09:10:51]   Checking for file '/omgxochi/bc'[ Not found ]
[09:10:51]   Checking for file '/omgxochi/ld_poison.so'      [ Not found ]
[09:10:51]   Checking for directory '/xochikit'[ Not found ]
[09:10:51]   Checking for directory '/omgxochi'[ Not found ]
[09:10:51] Jynx Rootkit[ Not found ]
[09:10:51]
[09:10:51] Checking for KBeast Rootkit...
[09:10:51]   Checking for file '/usr/_h4x_/ipsecs-kbeast-v1.ko' [ Not found ]
[09:10:51]   Checking for file '/usr/_h4x_/_h4x_bd'[ Not found ]
[09:10:51]   Checking for file '/usr/_h4x_/acctlog'[ Not found ]
[09:10:52]   Checking for directory '/usr/_h4x_'[ Not found ]
[09:10:52]   Checking for kernel symbol 'h4x_delete_module'  [ Not found ]
[09:10:52]   Checking for kernel symbol 'h4x_getdents64'     [ Not found ]
[09:10:52]   Checking for kernel symbol 'h4x_kill'[ Not found ]
[09:10:52]   Checking for kernel symbol 'h4x_open'[ Not found ]
[09:10:52]   Checking for kernel symbol 'h4x_read'[ Not found ]
[09:10:53]   Checking for kernel symbol 'h4x_rename'[ Not found ]
[09:10:53]   Checking for kernel symbol 'h4x_rmdir'[ Not found ]
[09:10:53]   Checking for kernel symbol 'h4x_tcp4_seq_show'  [ Not found ]
[09:10:53]   Checking for kernel symbol 'h4x_write'[ Not found ]
[09:10:53] KBeast Rootkit[ Not found ]
[09:10:53]
[09:10:53] Checking for Kitko Rootkit...
[09:10:53]   Checking for directory '/usr/src/redhat/SRPMS/...' [ Not found ]
[09:10:53] Kitko Rootkit[ Not found ]
[09:10:54]
[09:10:54] Checking for Knark Rootkit...
[09:10:54]   Checking for file '/proc/knark/pids'[ Not found ]
[09:10:54]   Checking for directory '/proc/knark'[ Not found ]
[09:10:54] Knark Rootkit[ Not found ][?12l[?25h[?25l[09:10:54]   Checking for directory '/proc/knark'[ Not found ]
[09:10:54] Knark Rootkit[ Not found ]
[09:10:54]
[09:10:54] Checking for ld-linuxv.so Rootkit...
[09:10:54]   Checking for file '/lib/ld-linuxv.so.1'[ Not found ]
[09:10:54]   Checking for directory '/var/opt/_so_cache'     [ Not found ]
[09:10:54]   Checking for directory '/var/opt/_so_cache/ld'  [ Not found ]
[09:10:54]   Checking for directory '/var/opt/_so_cache/lc'  [ Not found ]
[09:10:54] ld-linuxv.so Rootkit[ Not found ]
[09:10:55]
[09:10:55] Checking for Li0n Worm...
[09:10:55]   Checking for file '/bin/in.telnetd'[ Not found ]
[09:10:55]   Checking for file '/bin/mjy'[ Not found ]
[09:10:55]   Checking for file '/usr/man/man1/man1/lib/.lib/mjy' [ Not found ]
[09:10:55]   Checking for file '/usr/man/man1/man1/lib/.lib/in.telnetd' [ Not found ]
[09:10:55]   Checking for file '/usr/man/man1/man1/lib/.lib/.x' [ Not found ]
[09:10:55]   Checking for file '/dev/.lib/lib/scan/1i0n.sh'  [ Not found ]
[09:10:55]   Checking for file '/dev/.lib/lib/scan/hack.sh'  [ Not found ]
[09:10:55]   Checking for file '/dev/.lib/lib/scan/bind'     [ Not found ]
[09:10:56]   Checking for file '/dev/.lib/lib/scan/randb'    [ Not found ]
[09:10:56]   Checking for file '/dev/.lib/lib/scan/scan.sh'  [ Not found ]
[09:10:56]   Checking for file '/dev/.lib/lib/scan/pscan'    [ Not found ]
[09:10:56]   Checking for file '/dev/.lib/lib/scan/star.sh'  [ Not found ]
[09:10:56]   Checking for file '/dev/.lib/lib/scan/bindx.sh' [ Not found ]
[09:10:56]   Checking for file '/dev/.lib/lib/scan/bindname.log' [ Not found ]
[09:10:56]   Checking for file '/dev/.lib/lib/1i0n.sh'[ Not found ]
[09:10:56]   Checking for file '/dev/.lib/lib/lib/netstat'   [ Not found ]
[09:10:56]   Checking for file '/dev/.lib/lib/lib/dev/.1addr' [ Not found ]
[09:10:57]   Checking for file '/dev/.lib/lib/lib/dev/.1logz' [ Not found ]
[09:10:57]   Checking for file '/dev/.lib/lib/lib/dev/.1proc' [ Not found ]
[09:10:57]   Checking for file '/dev/.lib/lib/lib/dev/.1file' [ Not found ]
[09:10:57] Li0n Worm[ Not found ]
[09:10:57]
[09:10:57] Checking for Lockit / LJK2 Rootkit...
[09:10:57]   Checking for file '/usr/lib/libmen.oo/.LJK2/ssh_config' [ Not found ]
[09:10:57]   Checking for file '/usr/lib/libmen.oo/.LJK2/ssh_host_key' [ Not found ]
[09:10:57]   Checking for file '/usr/lib/libmen.oo/.LJK2/ssh_host_key.pub' [ Not found ]
[09:10:57]   Checking for file '/usr/lib/libmen.oo/.LJK2/ssh_random_seed*' [ Not found ]
[09:10:57]   Checking for file '/usr/lib/libmen.oo/.LJK2/sshd_config' [ Not found ]
[09:10:58]   Checking for file '/usr/lib/libmen.oo/.LJK2/backdoor/RK1bd' [ Not found ]
[09:10:58]   Checking for file '/usr/lib/libmen.oo/.LJK2/backup/du' [ Not found ]
[09:10:58]   Checking for file '/usr/lib/libmen.oo/.LJK2/backup/ifconfig' [ Not found ]
[09:10:58]   Checking for file '/usr/lib/libmen.oo/.LJK2/backup/inetd.conf' [ Not found ]
[09:10:58]   Checking for file '/usr/lib/libmen.oo/.LJK2/backup/locate' [ Not found ]
[09:10:58]   Checking for file '/usr/lib/libmen.oo/.LJK2/backup/login' [ Not found ]
[09:10:58]   Checking for file '/usr/lib/libmen.oo/.LJK2/backup/ls' [ Not found ]
[09:10:58]   Checking for file '/usr/lib/libmen.oo/.LJK2/backup/netstat' [ Not found ]
[09:10:58]   Checking for file '/usr/lib/libmen.oo/.LJK2/backup/ps' [ Not found ]
[09:10:59]   Checking for file '/usr/lib/libmen.oo/.LJK2/backup/pstree' [ Not found ]
[09:10:59]   Checking for file '/usr/lib/libmen.oo/.LJK2/backup/rc.sysinit' [ Not found ]
[09:10:59]   Checking for file '/usr/lib/libmen.oo/.LJK2/backup/syslogd' [ Not found ][?12l[?25h[?25l[09:10:59]   Checking for file '/usr/lib/libmen.oo/.LJK2/backup/rc.sysinit' [ Not found ]
[09:10:59]   Checking for file '/usr/lib/libmen.oo/.LJK2/backup/syslogd' [ Not found ]
[09:10:59]   Checking for file '/usr/lib/libmen.oo/.LJK2/backup/tcpd' [ Not found ]
[09:10:59]   Checking for file '/usr/lib/libmen.oo/.LJK2/backup/top' [ Not found ]
[09:10:59]   Checking for file '/usr/lib/libmen.oo/.LJK2/clean/RK1sauber' [ Not found ]
[09:10:59]   Checking for file '/usr/lib/libmen.oo/.LJK2/clean/RK1wted' [ Not found ]
[09:10:59]   Checking for file '/usr/lib/libmen.oo/.LJK2/hack/RK1parse' [ Not found ]
[09:10:59]   Checking for file '/usr/lib/libmen.oo/.LJK2/hack/RK1sniff' [ Not found ]
[09:11:00]   Checking for file '/usr/lib/libmen.oo/.LJK2/hide/.RK1addr' [ Not found ]
[09:11:00]   Checking for file '/usr/lib/libmen.oo/.LJK2/hide/.RK1dir' [ Not found ]
[09:11:00]   Checking for file '/usr/lib/libmen.oo/.LJK2/hide/.RK1log' [ Not found ]
[09:11:00]   Checking for file '/usr/lib/libmen.oo/.LJK2/hide/.RK1proc' [ Not found ]
[09:11:00]   Checking for file '/usr/lib/libmen.oo/.LJK2/hide/RK1phidemod.c' [ Not found ]
[09:11:00]   Checking for file '/usr/lib/libmen.oo/.LJK2/modules/README.modules' [ Not found ]
[09:11:00]   Checking for file '/usr/lib/libmen.oo/.LJK2/modules/RK1hidem.c' [ Not found ]
[09:11:00]   Checking for file '/usr/lib/libmen.oo/.LJK2/modules/RK1phide' [ Not found ]
[09:11:00]   Checking for file '/usr/lib/libmen.oo/.LJK2/sshconfig/RK1ssh' [ Not found ]
[09:11:01]   Checking for directory '/usr/lib/libmen.oo/.LJK2' [ Not found ]
[09:11:01] Lockit / LJK2 Rootkit[ Not found ]
[09:11:01]
[09:11:01] Checking for Mood-NT Rootkit...
[09:11:01]   Checking for file '/sbin/init__mood-nt-_-_cthulhu' [ Not found ]
[09:11:01]   Checking for file '/_cthulhu/mood-nt.init'      [ Not found ]
[09:11:01]   Checking for file '/_cthulhu/mood-nt.conf'      [ Not found ]
[09:11:01]   Checking for file '/_cthulhu/mood-nt.sniff'     [ Not found ]
[09:11:01]   Checking for directory '/_cthulhu'[ Not found ]
[09:11:01] Mood-NT Rootkit[ Not found ]
[09:11:01]
[09:11:01] Checking for MRK Rootkit...
[09:11:02]   Checking for file '/dev/ida/.inet/pid'[ Not found ]
[09:11:02]   Checking for file '/dev/ida/.inet/ssh_host_key' [ Not found ]
[09:11:02]   Checking for file '/dev/ida/.inet/ssh_random_seed' [ Not found ]
[09:11:02]   Checking for file '/dev/ida/.inet/tcp.log'      [ Not found ]
[09:11:02]   Checking for directory '/dev/ida/.inet'[ Not found ]
[09:11:02]   Checking for directory '/var/spool/cron/.sh'    [ Not found ]
[09:11:02] MRK Rootkit[ Not found ]
[09:11:02]
[09:11:02] Checking for Ni0 Rootkit...
[09:11:02]   Checking for file '/var/lock/subsys/...datafile.../...net...' [ Not found ]
[09:11:03]   Checking for file '/var/lock/subsys/...datafile.../...port...' [ Not found ]
[09:11:03]   Checking for file '/var/lock/subsys/...datafile.../...ps...' [ Not found ]
[09:11:03]   Checking for file '/var/lock/subsys/...datafile.../...file...' [ Not found ]
[09:11:03]   Checking for directory '/tmp/waza'[ Not found ]
[09:11:03]   Checking for directory '/var/lock/subsys/...datafile...' [ Not found ]
[09:11:03]   Checking for directory '/usr/sbin/es'[ Not found ]
[09:11:03] Ni0 Rootkit[ Not found ]
[09:11:03]
[09:11:03] Checking for Ohhara Rootkit...
[09:11:03]   Checking for file '/var/lock/subsys/...datafile.../...datafile.../in.smbd.log' [ Not found ]
[09:11:04]   Checking for directory '/var/lock/subsys/...datafile...' [ Not found ]
[09:11:04]   Checking for directory '/var/lock/subsys/...datafile.../...datafile...' [ Not found ][?12l[?25h[?25l[09:11:04]   Checking for directory '/var/lock/subsys/...datafile...' [ Not found ]
[09:11:04]   Checking for directory '/var/lock/subsys/...datafile.../...datafile...' [ Not found ]
[09:11:04]   Checking for directory '/var/lock/subsys/...datafile.../...datafile.../bin' [ Not found ]
[09:11:04]   Checking for directory '/var/lock/subsys/...datafile.../...datafile.../usr/bin' [ Not found ]
[09:11:04]   Checking for directory '/var/lock/subsys/...datafile.../...datafile.../usr/sbin' [ Not found ]
[09:11:04]   Checking for directory '/var/lock/subsys/...datafile.../...datafile.../lib/security' [ Not found ]
[09:11:04] Ohhara Rootkit[ Not found ]
[09:11:04]
[09:11:04] Checking for Optic Kit (Tux) Worm...
[09:11:04]   Checking for directory '/dev/tux'[ Not found ]
[09:11:05]   Checking for directory '/usr/bin/xchk'[ Not found ]
[09:11:05]   Checking for directory '/usr/bin/xsf'[ Not found ]
[09:11:05]   Checking for directory '/usr/bin/ssh2d'[ Not found ]
[09:11:05] Optic Kit (Tux) Worm[ Not found ]
[09:11:05]
[09:11:05] Checking for Oz Rootkit...
[09:11:05]   Checking for file '/dev/.oz/.nap/rkit/terror'   [ Not found ]
[09:11:05]   Checking for directory '/dev/.oz'[ Not found ]
[09:11:05] Oz Rootkit[ Not found ]
[09:11:05]
[09:11:05] Checking for Phalanx Rootkit...
[09:11:06]   Checking for file '/uNFuNF'[ Not found ]
[09:11:06]   Checking for file '/etc/host.ph1'[ Not found ]
[09:11:06]   Checking for file '/bin/host.ph1'[ Not found ]
[09:11:06]   Checking for file '/usr/share/.home.ph1/phalanx' [ Not found ]
[09:11:06]   Checking for file '/usr/share/.home.ph1/cb'     [ Not found ]
[09:11:06]   Checking for file '/usr/share/.home.ph1/kebab'  [ Not found ]
[09:11:06]   Checking for directory '/usr/share/.home.ph1'   [ Not found ]
[09:11:06]   Checking for directory '/usr/share/.home.ph1/tty' [ Not found ]
[09:11:06] Phalanx Rootkit[ Not found ]
[09:11:07]
[09:11:07] Checking for Phalanx2 Rootkit...
[09:11:07]   Checking for file '/etc/khubd.p2/.p2rc'[ Not found ]
[09:11:07]   Checking for file '/etc/khubd.p2/.phalanx2'     [ Not found ]
[09:11:07]   Checking for file '/etc/khubd.p2/.sniff'[ Not found ]
[09:11:07]   Checking for file '/etc/khubd.p2/sshgrab.py'    [ Not found ]
[09:11:07]   Checking for file '/etc/lolzz.p2/.p2rc'[ Not found ]
[09:11:07]   Checking for file '/etc/lolzz.p2/.phalanx2'     [ Not found ]
[09:11:07]   Checking for file '/etc/lolzz.p2/.sniff'[ Not found ]
[09:11:07]   Checking for file '/etc/lolzz.p2/sshgrab.py'    [ Not found ]
[09:11:08]   Checking for file '/etc/cron.d/zupzzplaceholder' [ Not found ]
[09:11:08]   Checking for file '/usr/lib/zupzz.p2/.p-2.3d'   [ Not found ]
[09:11:08]   Checking for file '/usr/lib/zupzz.p2/.p2rc'     [ Not found ]
[09:11:08]   Checking for directory '/etc/khubd.p2'[ Not found ]
[09:11:08]   Checking for directory '/etc/lolzz.p2'[ Not found ]
[09:11:08]   Checking for directory '/usr/lib/zupzz.p2'      [ Not found ]
[09:11:09] Phalanx2 Rootkit[ Not found ]
[09:11:09]
[09:11:09] Checking for Phalanx2 Rootkit (extended tests)...
[09:11:09]   Checking for directory '/etc/khubd.p2'[ Not found ]
[09:11:09]   Checking for directory '/etc/lolzz.p2'[ Not found ][?12l[?25h[?25l[09:11:09]   Checking for directory '/etc/khubd.p2'[ Not found ]
[09:11:09]   Checking for directory '/etc/lolzz.p2'[ Not found ]
[09:11:09]   Checking for directory '/usr/lib/zupzz.p2'      [ Not found ]
[09:11:09] Phalanx2 Rootkit (extended tests)[ Not found ]
[09:11:09]
[09:11:09] Checking for Portacelo Rootkit...
[09:11:09]   Checking for file '/var/lib/.../.ak'[ Not found ]
[09:11:09]   Checking for file '/var/lib/.../.hk'[ Not found ]
[09:11:10]   Checking for file '/var/lib/.../.rs'[ Not found ]
[09:11:10]   Checking for file '/var/lib/.../.p'[ Not found ]
[09:11:10]   Checking for file '/var/lib/.../getty'[ Not found ]
[09:11:10]   Checking for file '/var/lib/.../lkt.o'[ Not found ]
[09:11:11]   Checking for file '/var/lib/.../show'[ Not found ]
[09:11:11]   Checking for file '/var/lib/.../nlkt.o'[ Not found ]
[09:11:11]   Checking for file '/var/lib/.../ssshrc'[ Not found ]
[09:11:11]   Checking for file '/var/lib/.../sssh_equiv'     [ Not found ]
[09:11:11]   Checking for file '/var/lib/.../sssh_known_hosts' [ Not found ]
[09:11:11]   Checking for file '/var/lib/.../sssh_pid'[ Not found ]
[09:11:12]   Checking for file '~/.sssh/known_hosts'[ Not found ]
[09:11:12] Portacelo Rootkit[ Not found ]
[09:11:12]
[09:11:12] Checking for R3dstorm Toolkit...
[09:11:12]   Checking for file '/var/log/tk02/see_all'[ Not found ]
[09:11:12]   Checking for file '/var/log/tk02/.scris'[ Not found ]
[09:11:12]   Checking for file '/bin/.../sshd/sbin/sshd1'    [ Not found ]
[09:11:12]   Checking for file '/bin/.../hate/sk'[ Not found ]
[09:11:12]   Checking for file '/bin/.../see_all'[ Not found ]
[09:11:12]   Checking for directory '/var/log/tk02'[ Not found ]
[09:11:13]   Checking for directory '/var/log/tk02/old'      [ Not found ]
[09:11:13]   Checking for directory '/bin/...'[ Not found ]
[09:11:13] R3dstorm Toolkit[ Not found ]
[09:11:13]
[09:11:13] Checking for RH-Sharpe's Rootkit...
[09:11:13]   Checking for file '/bin/lps'[ Not found ]
[09:11:13]   Checking for file '/usr/bin/lpstree'[ Not found ]
[09:11:13]   Checking for file '/usr/bin/ltop'[ Not found ]
[09:11:13]   Checking for file '/usr/bin/lkillall'[ Not found ]
[09:11:13]   Checking for file '/usr/bin/ldu'[ Not found ]
[09:11:14]   Checking for file '/usr/bin/lnetstat'[ Not found ]
[09:11:14]   Checking for file '/usr/bin/wp'[ Not found ]
[09:11:14]   Checking for file '/usr/bin/shad'[ Not found ]
[09:11:14]   Checking for file '/usr/bin/vadim'[ Not found ]
[09:11:14]   Checking for file '/usr/bin/slice'[ Not found ]
[09:11:14]   Checking for file '/usr/bin/cleaner'[ Not found ]
[09:11:15]   Checking for file '/usr/include/rpcsvc/du'      [ Not found ]
[09:11:15] RH-Sharpe's Rootkit[ Not found ]
[09:11:15]
[09:11:15] Checking for RSHA's Rootkit...
[09:11:15]   Checking for file '/bin/kr4p'[ Not found ]
[09:11:15]   Checking for file '/usr/bin/n3tstat'[ Not found ]
[09:11:15]   Checking for file '/usr/bin/chsh2'[ Not found ][?12l[?25h[?25l[09:11:15]   Checking for file '/usr/bin/n3tstat'[ Not found ]
[09:11:15]   Checking for file '/usr/bin/chsh2'[ Not found ]
[09:11:15]   Checking for file '/usr/bin/slice2'[ Not found ]
[09:11:15]   Checking for file '/usr/src/linux/arch/alpha/lib/.lib/.1proc' [ Not found ]
[09:11:16]   Checking for file '/etc/rc.d/arch/alpha/lib/.lib/.1addr' [ Not found ]
[09:11:16]   Checking for directory '/etc/rc.d/rsha'[ Not found ]
[09:11:16]   Checking for directory '/etc/rc.d/arch/alpha/lib/.lib' [ Not found ]
[09:11:16] RSHA's Rootkit[ Not found ]
[09:11:16]
[09:11:16] Checking for Scalper Worm...
[09:11:16]   Checking for file '/tmp/.a'[ Not found ]
[09:11:16]   Checking for file '/tmp/.uua'[ Not found ]
[09:11:16] Scalper Worm[ Not found ]
[09:11:16]
[09:11:16] Checking for Sebek LKM...
[09:11:17]   Checking for kernel symbol 'adore or sebek'     [ Not found ]
[09:11:17] Sebek LKM[ Not found ]
[09:11:17]
[09:11:17] Checking for Shutdown Rootkit...
[09:11:17]   Checking for file '/usr/man/man5/.. /.dir/scannah/asus' [ Not found ]
[09:11:17]   Checking for file '/usr/man/man5/.. /.dir/see'  [ Not found ]
[09:11:17]   Checking for file '/usr/man/man5/.. /.dir/nscd' [ Not found ]
[09:11:17]   Checking for file '/usr/man/man5/.. /.dir/alpd' [ Not found ]
[09:11:17]   Checking for file '/etc/rc.d/rc.local '[ Not found ]
[09:11:17]   Checking for directory '/usr/man/man5/.. /.dir' [ Not found ]
[09:11:18]   Checking for directory '/usr/man/man5/.. /.dir/scannah' [ Not found ]
[09:11:18]   Checking for directory '/etc/rc.d/rc0.d/.. /.dir' [ Not found ]
[09:11:18] Shutdown Rootkit[ Not found ]
[09:11:18]
[09:11:18] Checking for SHV4 Rootkit...
[09:11:18]   Checking for file '/etc/ld.so.hash'[ Not found ]
[09:11:18]   Checking for file '/lib/libext-2.so.7'[ Not found ]
[09:11:18]   Checking for file '/lib/lidps1.so'[ Not found ]
[09:11:19]   Checking for file '/lib/libproc.a'[ Not found ]
[09:11:19]   Checking for file '/lib/libproc.so.2.0.6'[ Not found ]
[09:11:19]   Checking for file '/lib/ldd.so/tks'[ Not found ]
[09:11:19]   Checking for file '/lib/ldd.so/tkp'[ Not found ]
[09:11:19]   Checking for file '/lib/ldd.so/tksb'[ Not found ]
[09:11:19]   Checking for file '/lib/security/.config/sshd'  [ Not found ]
[09:11:19]   Checking for file '/lib/security/.config/ssh/ssh_host_key' [ Not found ]
[09:11:19]   Checking for file '/lib/security/.config/ssh/ssh_host_key.pub' [ Not found ]
[09:11:19]   Checking for file '/lib/security/.config/ssh/ssh_random_seed' [ Not found ]
[09:11:20]   Checking for file '/usr/include/file.h'[ Not found ]
[09:11:20]   Checking for file '/usr/include/hosts.h'[ Not found ]
[09:11:20]   Checking for file '/usr/include/lidps1.so'      [ Not found ]
[09:11:20]   Checking for file '/usr/include/log.h'[ Not found ]
[09:11:20]   Checking for file '/usr/include/proc.h'[ Not found ]
[09:11:20]   Checking for file '/usr/sbin/xntps'[ Not found ]
[09:11:20]   Checking for file '/dev/srd0'[ Not found ]
[09:11:20]   Checking for directory '/lib/ldd.so'[ Not found ]
[09:11:20]   Checking for directory '/lib/security/.config'  [ Not found ][?12l[?25h[?25l[09:11:20]   Checking for directory '/lib/ldd.so'[ Not found ]
[09:11:20]   Checking for directory '/lib/security/.config'  [ Not found ]
[09:11:21]   Checking for directory '/lib/security/.config/ssh' [ Not found ]
[09:11:21] SHV4 Rootkit[ Not found ]
[09:11:21]
[09:11:21] Checking for SHV5 Rootkit...
[09:11:21]   Checking for file '/etc/sh.conf'[ Not found ]
[09:11:21]   Checking for file '/lib/libproc.a'[ Not found ]
[09:11:21]   Checking for file '/lib/libproc.so.2.0.6'[ Not found ]
[09:11:21]   Checking for file '/lib/lidps1.so'[ Not found ]
[09:11:21]   Checking for file '/lib/libsh.so/bash'[ Not found ]
[09:11:21]   Checking for file '/usr/include/file.h'[ Not found ]
[09:11:21]   Checking for file '/usr/include/hosts.h'[ Not found ]
[09:11:22]   Checking for file '/usr/include/log.h'[ Not found ]
[09:11:22]   Checking for file '/usr/include/proc.h'[ Not found ]
[09:11:22]   Checking for file '/lib/libsh.so/shdcf2'[ Not found ]
[09:11:22]   Checking for file '/lib/libsh.so/shhk'[ Not found ]
[09:11:22]   Checking for file '/lib/libsh.so/shhk.pub'      [ Not found ]
[09:11:22]   Checking for file '/lib/libsh.so/shrs'[ Not found ]
[09:11:22]   Checking for file '/usr/lib/libsh/.bashrc'      [ Not found ]
[09:11:22]   Checking for file '/usr/lib/libsh/shsb'[ Not found ]
[09:11:23]   Checking for file '/usr/lib/libsh/hide'[ Not found ]
[09:11:23]   Checking for file '/usr/lib/libsh/.sniff/shsniff' [ Not found ]
[09:11:23]   Checking for file '/usr/lib/libsh/.sniff/shp'   [ Not found ]
[09:11:23]   Checking for file '/dev/srd0'[ Not found ]
[09:11:23]   Checking for directory '/lib/libsh.so'[ Not found ]
[09:11:23]   Checking for directory '/usr/lib/libsh'[ Not found ]
[09:11:23]   Checking for directory '/usr/lib/libsh/utilz'   [ Not found ]
[09:11:23]   Checking for directory '/usr/lib/libsh/.backup' [ Not found ]
[09:11:23] SHV5 Rootkit[ Not found ]
[09:11:24]
[09:11:24] Checking for Sin Rootkit...
[09:11:24]   Checking for file '/dev/.haos/haos1/.f/Denyed'  [ Not found ]
[09:11:24]   Checking for file '/dev/ttyoa'[ Not found ]
[09:11:24]   Checking for file '/dev/ttyof'[ Not found ]
[09:11:24]   Checking for file '/dev/ttyop'[ Not found ]
[09:11:24]   Checking for file '/dev/ttyos'[ Not found ]
[09:11:24]   Checking for file '/usr/lib/.lib'[ Not found ]
[09:11:24]   Checking for file '/usr/lib/sn/.X'[ Not found ]
[09:11:24]   Checking for file '/usr/lib/sn/.sys'[ Not found ]
[09:11:25]   Checking for file '/usr/lib/ld/.X'[ Not found ]
[09:11:25]   Checking for file '/usr/man/man1/...'[ Not found ]
[09:11:25]   Checking for file '/usr/man/man1/.../.m'[ Not found ]
[09:11:25]   Checking for file '/usr/man/man1/.../.w'[ Not found ]
[09:11:25]   Checking for directory '/usr/lib/sn'[ Not found ]
[09:11:25]   Checking for directory '/usr/lib/man1/...'      [ Not found ]
[09:11:25]   Checking for directory '/dev/.haos'[ Not found ]
[09:11:25] Sin Rootkit[ Not found ]
[09:11:25]
[09:11:25] Checking for Slapper Worm...
[09:11:25]   Checking for file '/tmp/.bugtraq'[ Not found ][?12l[?25h[?25l[09:11:25] Checking for Slapper Worm...
[09:11:25]   Checking for file '/tmp/.bugtraq'[ Not found ]
[09:11:26]   Checking for file '/tmp/.uubugtraq'[ Not found ]
[09:11:26]   Checking for file '/tmp/.bugtraq.c'[ Not found ]
[09:11:26]   Checking for file '/tmp/httpd'[ Not found ]
[09:11:26]   Checking for file '/tmp/.unlock'[ Not found ]
[09:11:26]   Checking for file '/tmp/update'[ Not found ]
[09:11:26]   Checking for file '/tmp/.cinik'[ Not found ]
[09:11:26]   Checking for file '/tmp/.b'[ Not found ]
[09:11:26] Slapper Worm[ Not found ]
[09:11:26]
[09:11:26] Checking for Sneakin Rootkit...
[09:11:27]   Checking for directory '/tmp/.X11-unix/.../rk'  [ Not found ]
[09:11:27] Sneakin Rootkit[ Not found ]
[09:11:27]
[09:11:27] Checking for 'Spanish' Rootkit...
[09:11:27]   Checking for file '/dev/ptyq'[ Not found ]
[09:11:27]   Checking for file '/bin/ad'[ Not found ]
[09:11:27]   Checking for file '/bin/ava'[ Not found ]
[09:11:27]   Checking for file '/bin/server'[ Not found ]
[09:11:27]   Checking for file '/usr/sbin/rescue'[ Not found ]
[09:11:27]   Checking for file '/usr/share/.../chrps'[ Not found ]
[09:11:28]   Checking for file '/usr/share/.../chrifconfig'  [ Not found ]
[09:11:28]   Checking for file '/usr/share/.../netstat'      [ Not found ]
[09:11:28]   Checking for file '/usr/share/.../linsniffer'   [ Not found ]
[09:11:28]   Checking for file '/usr/share/.../charbd'[ Not found ]
[09:11:28]   Checking for file '/usr/share/.../charbd2'      [ Not found ]
[09:11:28]   Checking for file '/usr/share/.../charbd3'      [ Not found ]
[09:11:28]   Checking for file '/usr/share/.../charbd4'      [ Not found ]
[09:11:28]   Checking for file '/usr/man/tmp/update.tgz'     [ Not found ]
[09:11:28]   Checking for file '/var/lib/rpm/db.rpm'[ Not found ]
[09:11:29]   Checking for file '/var/cache/man/.cat'[ Not found ]
[09:11:29]   Checking for file '/var/spool/lpd/remote/.lpq'  [ Not found ]
[09:11:29]   Checking for directory '/usr/share/...'[ Not found ]
[09:11:29] 'Spanish' Rootkit[ Not found ]
[09:11:29]
[09:11:29] Checking for Suckit Rootkit...
[09:11:29]   Checking for file '/sbin/initsk12'[ Not found ]
[09:11:29]   Checking for file '/sbin/initxrk'[ Not found ]
[09:11:29]   Checking for file '/usr/bin/null'[ Not found ]
[09:11:30]   Checking for file '/usr/share/locale/sk/.sk12/sk' [ Not found ]
[09:11:30]   Checking for file '/etc/rc.d/rc0.d/S23kmdac'    [ Not found ]
[09:11:30]   Checking for file '/etc/rc.d/rc1.d/S23kmdac'    [ Not found ]
[09:11:30]   Checking for file '/etc/rc.d/rc2.d/S23kmdac'    [ Not found ]
[09:11:30]   Checking for file '/etc/rc.d/rc3.d/S23kmdac'    [ Not found ]
[09:11:30]   Checking for file '/etc/rc.d/rc4.d/S23kmdac'    [ Not found ]
[09:11:31]   Checking for file '/etc/rc.d/rc5.d/S23kmdac'    [ Not found ]
[09:11:31]   Checking for file '/etc/rc.d/rc6.d/S23kmdac'    [ Not found ]
[09:11:31]   Checking for directory '/dev/sdhu0/tehdrakg'    [ Not found ]
[09:11:31]   Checking for directory '/etc/.MG'[ Not found ]
[09:11:31]   Checking for directory '/usr/share/locale/sk/.sk12' [ Not found ][?12l[?25h[?25l[09:11:31]   Checking for directory '/etc/.MG'[ Not found ]
[09:11:31]   Checking for directory '/usr/share/locale/sk/.sk12' [ Not found ]
[09:11:31]   Checking for directory '/usr/lib/perl5/site_perl/i386-linux/auto/TimeDate/.packlist' [ Not found ]
[09:11:31] Suckit Rootkit[ Not found ]
[09:11:32]
[09:11:32] Checking for Superkit Rootkit...
[09:11:32]   Checking for file '/usr/man/.sman/sk/backsh'    [ Not found ]
[09:11:32]   Checking for file '/usr/man/.sman/sk/izbtrag'   [ Not found ]
[09:11:32]   Checking for file '/usr/man/.sman/sk/sksniff'   [ Not found ]
[09:11:32]   Checking for file '/var/www/cgi-bin/cgiback.cgi' [ Not found ]
[09:11:32]   Checking for directory '/usr/man/.sman/sk'      [ Not found ]
[09:11:32] Superkit Rootkit[ Not found ]
[09:11:32]
[09:11:32] Checking for TBD (Telnet BackDoor)...
[09:11:33]   Checking for file '/usr/lib/.tbd'[ Not found ]
[09:11:33] TBD (Telnet BackDoor)[ Not found ]
[09:11:33]
[09:11:33] Checking for TeLeKiT Rootkit...
[09:11:33]   Checking for file '/usr/man/man3/.../TeLeKiT/bin/sniff' [ Not found ]
[09:11:33]   Checking for file '/usr/man/man3/.../TeLeKiT/bin/telnetd' [ Not found ]
[09:11:33]   Checking for file '/usr/man/man3/.../TeLeKiT/bin/teleulo' [ Not found ]
[09:11:33]   Checking for file '/usr/man/man3/.../cl'[ Not found ]
[09:11:33]   Checking for file '/dev/ptyr'[ Not found ]
[09:11:33]   Checking for file '/dev/ptyp'[ Not found ]
[09:11:33]   Checking for file '/dev/ptyq'[ Not found ]
[09:11:34]   Checking for file '/dev/hda06'[ Not found ]
[09:11:34]   Checking for file '/usr/info/libc1.so'[ Not found ]
[09:11:34]   Checking for directory '/usr/man/man3/...'      [ Not found ]
[09:11:34]   Checking for directory '/usr/man/man3/.../lsniff' [ Not found ]
[09:11:34]   Checking for directory '/usr/man/man3/.../TeLeKiT' [ Not found ]
[09:11:34] TeLeKiT Rootkit[ Not found ]
[09:11:34]
[09:11:34] Checking for T0rn Rootkit...
[09:11:34]   Checking for file '/dev/.lib/lib/lib/t0rns'     [ Not found ]
[09:11:34]   Checking for file '/dev/.lib/lib/lib/du'[ Not found ]
[09:11:35]   Checking for file '/dev/.lib/lib/lib/ls'[ Not found ]
[09:11:35]   Checking for file '/dev/.lib/lib/lib/t0rnsb'    [ Not found ]
[09:11:35]   Checking for file '/dev/.lib/lib/lib/ps'[ Not found ]
[09:11:35]   Checking for file '/dev/.lib/lib/lib/t0rnp'     [ Not found ]
[09:11:35]   Checking for file '/dev/.lib/lib/lib/find'      [ Not found ]
[09:11:35]   Checking for file '/dev/.lib/lib/lib/ifconfig'  [ Not found ]
[09:11:35]   Checking for file '/dev/.lib/lib/lib/pg'[ Not found ]
[09:11:35]   Checking for file '/dev/.lib/lib/lib/ssh.tgz'   [ Not found ]
[09:11:35]   Checking for file '/dev/.lib/lib/lib/top'[ Not found ]
[09:11:36]   Checking for file '/dev/.lib/lib/lib/sz'[ Not found ]
[09:11:36]   Checking for file '/dev/.lib/lib/lib/login'     [ Not found ]
[09:11:36]   Checking for file '/dev/.lib/lib/lib/in.fingerd' [ Not found ]
[09:11:36]   Checking for file '/dev/.lib/lib/lib/1i0n.sh'   [ Not found ]
[09:11:36]   Checking for file '/dev/.lib/lib/lib/pstree'    [ Not found ]
[09:11:36]   Checking for file '/dev/.lib/lib/lib/in.telnetd' [ Not found ]
[09:11:36]   Checking for file '/dev/.lib/lib/lib/mjy'[ Not found ][?12l[?25h[?25l[09:11:36]   Checking for file '/dev/.lib/lib/lib/in.telnetd' [ Not found ]
[09:11:36]   Checking for file '/dev/.lib/lib/lib/mjy'[ Not found ]
[09:11:36]   Checking for file '/dev/.lib/lib/lib/sush'      [ Not found ]
[09:11:36]   Checking for file '/dev/.lib/lib/lib/tfn'[ Not found ]
[09:11:37]   Checking for file '/dev/.lib/lib/lib/name'      [ Not found ]
[09:11:37]   Checking for file '/dev/.lib/lib/lib/getip.sh'  [ Not found ]
[09:11:37]   Checking for file '/usr/info/.torn/sh*'[ Not found ]
[09:11:37]   Checking for file '/usr/src/.puta/.1addr'[ Not found ]
[09:11:37]   Checking for file '/usr/src/.puta/.1file'[ Not found ]
[09:11:37]   Checking for file '/usr/src/.puta/.1proc'[ Not found ]
[09:11:37]   Checking for file '/usr/src/.puta/.1logz'[ Not found ]
[09:11:37]   Checking for file '/usr/info/.t0rn'[ Not found ]
[09:11:37]   Checking for directory '/dev/.lib'[ Not found ]
[09:11:38]   Checking for directory '/dev/.lib/lib'[ Not found ]
[09:11:38]   Checking for directory '/dev/.lib/lib/lib'      [ Not found ]
[09:11:38]   Checking for directory '/dev/.lib/lib/lib/dev'  [ Not found ]
[09:11:38]   Checking for directory '/dev/.lib/lib/scan'     [ Not found ]
[09:11:38]   Checking for directory '/usr/src/.puta'[ Not found ]
[09:11:38]   Checking for directory '/usr/man/man1/man1'     [ Not found ]
[09:11:38]   Checking for directory '/usr/man/man1/man1/lib' [ Not found ]
[09:11:38]   Checking for directory '/usr/man/man1/man1/lib/.lib' [ Not found ]
[09:11:38]   Checking for directory '/usr/man/man1/man1/lib/.lib/.backup' [ Not found ]
[09:11:39] T0rn Rootkit[ Not found ]
[09:11:39]
[09:11:39] Checking for trNkit Rootkit...
[09:11:39]   Checking for file '/usr/lib/libbins.la'[ Not found ]
[09:11:39]   Checking for file '/usr/lib/libtcs.so'[ Not found ]
[09:11:39]   Checking for file '/dev/.ttpy/ulogin.sh'[ Not found ]
[09:11:39]   Checking for file '/dev/.ttpy/tcpshell.sh'      [ Not found ]
[09:11:39]   Checking for file '/dev/.ttpy/bupdu'[ Not found ]
[09:11:39]   Checking for file '/dev/.ttpy/buloc'[ Not found ]
[09:11:39]   Checking for file '/dev/.ttpy/buloc1'[ Not found ]
[09:11:40]   Checking for file '/dev/.ttpy/buloc2'[ Not found ]
[09:11:40]   Checking for file '/dev/.ttpy/stat'[ Not found ]
[09:11:40]   Checking for file '/dev/.ttpy/backps'[ Not found ]
[09:11:40]   Checking for file '/dev/.ttpy/tree'[ Not found ]
[09:11:40]   Checking for file '/dev/.ttpy/topk'[ Not found ]
[09:11:40]   Checking for file '/dev/.ttpy/wold'[ Not found ]
[09:11:40]   Checking for file '/dev/.ttpy/whoold'[ Not found ]
[09:11:40]   Checking for file '/dev/.ttpy/backdoors'[ Not found ]
[09:11:40] trNkit Rootkit[ Not found ]
[09:11:41]
[09:11:41] Checking for Trojanit Kit...
[09:11:41]   Checking for file '/bin/.ls'[ Not found ]
[09:11:41]   Checking for file '/bin/.ps'[ Not found ]
[09:11:41]   Checking for file '/bin/.netstat'[ Not found ]
[09:11:41]   Checking for file '/usr/bin/.nop'[ Not found ]
[09:11:41]   Checking for file '/usr/bin/.who'[ Not found ]
[09:11:41] Trojanit Kit[ Not found ]
[09:11:41]
[09:11:41] Checking for Tuxtendo Rootkit...[?12l[?25h[?25l[09:11:41]
[09:11:41] Checking for Tuxtendo Rootkit...
[09:11:41]   Checking for file '/lib/libproc.so.2.0.7'[ Not found ]
[09:11:41]   Checking for file '/usr/bin/xchk'[ Not found ]
[09:11:42]   Checking for file '/usr/bin/xsf'[ Not found ]
[09:11:42]   Checking for file '/dev/tux/suidsh'[ Not found ]
[09:11:42]   Checking for file '/dev/tux/.addr'[ Not found ]
[09:11:42]   Checking for file '/dev/tux/.cron'[ Not found ]
[09:11:42]   Checking for file '/dev/tux/.file'[ Not found ]
[09:11:42]   Checking for file '/dev/tux/.log'[ Not found ]
[09:11:42]   Checking for file '/dev/tux/.proc'[ Not found ]
[09:11:42]   Checking for file '/dev/tux/.iface'[ Not found ]
[09:11:42]   Checking for file '/dev/tux/.pw'[ Not found ]
[09:11:43]   Checking for file '/dev/tux/.df'[ Not found ]
[09:11:43]   Checking for file '/dev/tux/.ssh'[ Not found ]
[09:11:43]   Checking for file '/dev/tux/.tux'[ Not found ]
[09:11:43]   Checking for file '/dev/tux/ssh2/sshd2_config'  [ Not found ]
[09:11:43]   Checking for file '/dev/tux/ssh2/hostkey'[ Not found ]
[09:11:43]   Checking for file '/dev/tux/ssh2/hostkey.pub'   [ Not found ]
[09:11:43]   Checking for file '/dev/tux/ssh2/logo'[ Not found ]
[09:11:43]   Checking for file '/dev/tux/ssh2/random_seed'   [ Not found ]
[09:11:43]   Checking for file '/dev/tux/backup/crontab'     [ Not found ]
[09:11:44]   Checking for file '/dev/tux/backup/df'[ Not found ]
[09:11:44]   Checking for file '/dev/tux/backup/dir'[ Not found ]
[09:11:44]   Checking for file '/dev/tux/backup/find'[ Not found ]
[09:11:44]   Checking for file '/dev/tux/backup/ifconfig'    [ Not found ]
[09:11:44]   Checking for file '/dev/tux/backup/locate'      [ Not found ]
[09:11:44]   Checking for file '/dev/tux/backup/netstat'     [ Not found ]
[09:11:44]   Checking for file '/dev/tux/backup/ps'[ Not found ]
[09:11:44]   Checking for file '/dev/tux/backup/pstree'      [ Not found ]
[09:11:44]   Checking for file '/dev/tux/backup/syslogd'     [ Not found ]
[09:11:45]   Checking for file '/dev/tux/backup/tcpd'[ Not found ]
[09:11:45]   Checking for file '/dev/tux/backup/top'[ Not found ]
[09:11:45]   Checking for file '/dev/tux/backup/updatedb'    [ Not found ]
[09:11:45]   Checking for file '/dev/tux/backup/vdir'[ Not found ]
[09:11:45]   Checking for directory '/dev/tux'[ Not found ]
[09:11:45]   Checking for directory '/dev/tux/ssh2'[ Not found ]
[09:11:45]   Checking for directory '/dev/tux/backup'[ Not found ]
[09:11:45] Tuxtendo Rootkit[ Not found ]
[09:11:45]
[09:11:45] Checking for URK Rootkit...
[09:11:45]   Checking for file '/dev/prom/sn.l'[ Not found ]
[09:11:46]   Checking for file '/usr/lib/ldlibps.so'[ Not found ]
[09:11:46]   Checking for file '/usr/lib/ldlibnet.so'[ Not found ]
[09:11:46]   Checking for file '/dev/pts/01/uconf.inv'[ Not found ]
[09:11:46]   Checking for file '/dev/pts/01/cleaner'[ Not found ]
[09:11:46]   Checking for file '/dev/pts/01/bin/psniff'      [ Not found ]
[09:11:46]   Checking for file '/dev/pts/01/bin/du'[ Not found ]
[09:11:46]   Checking for file '/dev/pts/01/bin/ls'[ Not found ]
[09:11:46]   Checking for file '/dev/pts/01/bin/passwd'      [ Not found ]
[09:11:47]   Checking for file '/dev/pts/01/bin/ps'[ Not found ][?12l[?25h[?25l[09:11:46]   Checking for file '/dev/pts/01/bin/passwd'      [ Not found ]
[09:11:47]   Checking for file '/dev/pts/01/bin/ps'[ Not found ]
[09:11:47]   Checking for file '/dev/pts/01/bin/psr'[ Not found ]
[09:11:47]   Checking for file '/dev/pts/01/bin/su'[ Not found ]
[09:11:47]   Checking for file '/dev/pts/01/bin/find'[ Not found ]
[09:11:47]   Checking for file '/dev/pts/01/bin/netstat'     [ Not found ]
[09:11:47]   Checking for file '/dev/pts/01/bin/ping'[ Not found ]
[09:11:47]   Checking for file '/dev/pts/01/bin/strings'     [ Not found ]
[09:11:47]   Checking for file '/dev/pts/01/bin/bash'[ Not found ]
[09:11:47]   Checking for file '/usr/man/man1/xxxxxxbin/du'  [ Not found ]
[09:11:48]   Checking for file '/usr/man/man1/xxxxxxbin/ls'  [ Not found ]
[09:11:48]   Checking for file '/usr/man/man1/xxxxxxbin/passwd' [ Not found ]
[09:11:48]   Checking for file '/usr/man/man1/xxxxxxbin/ps'  [ Not found ]
[09:11:48]   Checking for file '/usr/man/man1/xxxxxxbin/psr' [ Not found ]
[09:11:48]   Checking for file '/usr/man/man1/xxxxxxbin/su'  [ Not found ]
[09:11:48]   Checking for file '/usr/man/man1/xxxxxxbin/find' [ Not found ]
[09:11:48]   Checking for file '/usr/man/man1/xxxxxxbin/netstat' [ Not found ]
[09:11:48]   Checking for file '/usr/man/man1/xxxxxxbin/ping' [ Not found ]
[09:11:48]   Checking for file '/usr/man/man1/xxxxxxbin/strings' [ Not found ]
[09:11:48]   Checking for file '/usr/man/man1/xxxxxxbin/bash' [ Not found ]
[09:11:49]   Checking for file '/tmp/conf.inv'[ Not found ]
[09:11:49]   Checking for directory '/dev/prom'[ Not found ]
[09:11:49]   Checking for directory '/dev/pts/01'[ Not found ]
[09:11:49]   Checking for directory '/dev/pts/01/bin'[ Not found ]
[09:11:49]   Checking for directory '/usr/man/man1/xxxxxxbin' [ Not found ]
[09:11:49] URK Rootkit[ Not found ]
[09:11:49]
[09:11:49] Checking for Vampire Rootkit...
[09:11:49]   Checking for kernel symbol 'new_getdents'[ Not found ]
[09:11:50]   Checking for kernel symbol 'old_getdents'[ Not found ]
[09:11:50]   Checking for kernel symbol 'should_hide_file_name' [ Not found ]
[09:11:50]   Checking for kernel symbol 'should_hide_task_name' [ Not found ]
[09:11:50] Vampire Rootkit[ Not found ]
[09:11:50]
[09:11:50] Checking for VcKit Rootkit...
[09:11:50]   Checking for directory '/usr/include/linux/modules/lib.so' [ Not found ]
[09:11:50]   Checking for directory '/usr/include/linux/modules/lib.so/bin' [ Not found ]
[09:11:50] VcKit Rootkit[ Not found ]
[09:11:51]
[09:11:51] Checking for Volc Rootkit...
[09:11:51]   Checking for file '/usr/bin/volc'[ Not found ]
[09:11:51]   Checking for file '/usr/lib/volc/backdoor/divine' [ Not found ]
[09:11:51]   Checking for file '/usr/lib/volc/linsniff'      [ Not found ]
[09:11:51]   Checking for file '/etc/rc.d/rc1.d/S25sysconf'  [ Not found ]
[09:11:51]   Checking for file '/etc/rc.d/rc2.d/S25sysconf'  [ Not found ]
[09:11:51]   Checking for file '/etc/rc.d/rc3.d/S25sysconf'  [ Not found ]
[09:11:51]   Checking for file '/etc/rc.d/rc4.d/S25sysconf'  [ Not found ]
[09:11:51]   Checking for file '/etc/rc.d/rc5.d/S25sysconf'  [ Not found ]
[09:11:52]   Checking for directory '/var/spool/.recent'     [ Not found ]
[09:11:52]   Checking for directory '/var/spool/.recent/.files' [ Not found ]
[09:11:52]   Checking for directory '/usr/lib/volc'[ Not found ][?12l[?25h[?25l[09:11:52]   Checking for directory '/var/spool/.recent/.files' [ Not found ]
[09:11:52]   Checking for directory '/usr/lib/volc'[ Not found ]
[09:11:52]   Checking for directory '/usr/lib/volc/backup'   [ Not found ]
[09:11:52] Volc Rootkit[ Not found ]
[09:11:52]
[09:11:52] Checking for Xzibit Rootkit...
[09:11:52]   Checking for file '/dev/dsx'[ Not found ]
[09:11:52]   Checking for file '/dev/caca'[ Not found ]
[09:11:52]   Checking for file '/dev/ida/.inet/linsniffer'   [ Not found ]
[09:11:53]   Checking for file '/dev/ida/.inet/logclear'     [ Not found ]
[09:11:53]   Checking for file '/dev/ida/.inet/sense'[ Not found ]
[09:11:53]   Checking for file '/dev/ida/.inet/sl2'[ Not found ]
[09:11:53]   Checking for file '/dev/ida/.inet/sshdu'[ Not found ]
[09:11:53]   Checking for file '/dev/ida/.inet/s'[ Not found ]
[09:11:53]   Checking for file '/dev/ida/.inet/ssh_host_key' [ Not found ]
[09:11:53]   Checking for file '/dev/ida/.inet/ssh_random_seed' [ Not found ]
[09:11:53]   Checking for file '/dev/ida/.inet/sl2new.c'     [ Not found ]
[09:11:53]   Checking for file '/dev/ida/.inet/tcp.log'      [ Not found ]
[09:11:54]   Checking for file '/home/httpd/cgi-bin/becys.cgi' [ Not found ]
[09:11:54]   Checking for file '/usr/local/httpd/cgi-bin/becys.cgi' [ Not found ]
[09:11:54]   Checking for file '/usr/local/apache/cgi-bin/becys.cgi' [ Not found ]
[09:11:54]   Checking for file '/www/httpd/cgi-bin/becys.cgi' [ Not found ]
[09:11:54]   Checking for file '/www/cgi-bin/becys.cgi'      [ Not found ]
[09:11:54]   Checking for directory '/dev/ida/.inet'[ Not found ]
[09:11:54] Xzibit Rootkit[ Not found ]
[09:11:54]
[09:11:54] Checking for zaRwT.KiT Rootkit...
[09:11:55]   Checking for file '/dev/rd/s/sendmeil'[ Not found ]
[09:11:55]   Checking for file '/dev/ttyf'[ Not found ]
[09:11:55]   Checking for file '/dev/ttyp'[ Not found ]
[09:11:55]   Checking for file '/dev/ttyn'[ Not found ]
[09:11:55]   Checking for file '/rk/tulz'[ Not found ]
[09:11:55]   Checking for directory '/rk'[ Not found ]
[09:11:55]   Checking for directory '/dev/rd/s'[ Not found ]
[09:11:55] zaRwT.KiT Rootkit[ Not found ]
[09:11:55]
[09:11:55] Checking for ZK Rootkit...
[09:11:55]   Checking for file '/usr/share/.zk/zk'[ Not found ]
[09:11:56]   Checking for file '/usr/X11R6/.zk/xfs'[ Not found ]
[09:11:56]   Checking for file '/usr/X11R6/.zk/echo'[ Not found ]
[09:11:56]   Checking for file '/etc/1ssue.net'[ Not found ]
[09:11:56]   Checking for file '/etc/sysconfig/console/load.zk' [ Not found ]
[09:11:56]   Checking for directory '/usr/share/.zk'[ Not found ]
[09:11:56]   Checking for directory '/usr/X11R6/.zk'[ Not found ]
[09:11:56] ZK Rootkit[ Not found ]
[09:12:48]
[09:12:48] Info: Starting test name 'additional_rkts'
[09:12:48] Performing additional rootkit checks
[09:12:48]
[09:12:48]   Performing Suckit Rookit additional checks
[09:12:48]     Checking hard link count on '/sbin/init'      [ OK ][?12l[?25h[?25l[09:12:48]   Performing Suckit Rookit additional checks
[09:12:48]     Checking hard link count on '/sbin/init'      [ OK ]
[09:12:48]     Checking for hidden file extensions[ None found ]
[09:12:48]     Running skdet command[ Skipped ]
[09:12:48] Info: Unable to find the 'skdet' command
[09:12:48]   Suckit Rookit additional checks[ OK ]
[09:12:49]
[09:12:49] Info: Starting test name 'possible_rkt_files'
[09:12:49]   Performing check of possible rootkit files and directories
[09:12:49]     Checking for file '/dev/sdr0'[ Not found ]
[09:12:49]     Checking for file '/dev/pisu'[ Not found ]
[09:12:49]     Checking for file '/dev/xdta'[ Not found ]
[09:12:49]     Checking for file '/dev/saux'[ Not found ]
[09:12:49]     Checking for file '/dev/hdx'[ Not found ]
[09:12:50]     Checking for file '/dev/hdx1'[ Not found ]
[09:12:50]     Checking for file '/dev/hdx2'[ Not found ]
[09:12:50]     Checking for file '/dev/ptyy'[ Not found ]
[09:12:50]     Checking for file '/dev/ptyu'[ Not found ]
[09:12:50]     Checking for file '/dev/ptyv'[ Not found ]
[09:12:50]     Checking for file '/dev/hdbb'[ Not found ]
[09:12:51]     Checking for file '/tmp/.syshackfile'[ Not found ]
[09:12:51]     Checking for file '/tmp/.bash_history'[ Not found ]
[09:12:51]     Checking for file '/usr/info/.clib'[ Not found ]
[09:12:51]     Checking for file '/usr/sbin/tcp.log'[ Not found ]
[09:12:51]     Checking for file '/usr/bin/take/pid'[ Not found ]
[09:12:51]     Checking for file '/sbin/create'[ Not found ]
[09:12:52]     Checking for file '/dev/ttypz'[ Not found ]
[09:12:52]     Checking for file '/var/log/tcp.log'[ Not found ]
[09:12:52]     Checking for file '/usr/include/audit.h'      [ Not found ]
[09:12:52]     Checking for file '/usr/bin/sourcemask'[ Not found ]
[09:12:52]     Checking for file '/usr/bin/ras2xm'[ Not found ]
[09:12:52]     Checking for file '/dev/xmx'[ Not found ]
[09:12:52]     Checking for file '/usr/sbin/gpm.root'[ Not found ]
[09:12:53]     Checking for file '/bin/vobiscum'[ Not found ]
[09:12:53]     Checking for file '/bin/psr'[ Not found ]
[09:12:53]     Checking for file '/dev/kdx'[ Not found ]
[09:12:53]     Checking for file '/dev/dkx'[ Not found ]
[09:12:53]     Checking for file '/usr/sbin/sshd3'[ Not found ]
[09:12:53]     Checking for file '/usr/sbin/jcd'[ Not found ]
[09:12:54]     Checking for file '/etc/rc.d/init.d/jcd'      [ Not found ]
[09:12:54]     Checking for file '/usr/sbin/atd2'[ Not found ]
[09:12:54]     Checking for file '/home/httpd/cgi-bin/linux.cgi' [ Not found ]
[09:12:54]     Checking for file '/home/httpd/cgi-bin/psid'  [ Not found ]
[09:12:54]     Checking for file '/home/httpd/cgi-bin/void.cgi' [ Not found ]
[09:12:54]     Checking for file '/etc/rc.d/init.d/system'   [ Not found ]
[09:12:55]     Checking for file '/etc/rc.d/rc3.d/S93users'  [ Not found ]
[09:12:55]     Checking for file '/tmp/.ush'[ Not found ]
[09:12:55]     Checking for file '/usr/lib/libhidefile.so'   [ Not found ]
[09:12:55]     Checking for file '/etc/cron.d/kmod'[ Not found ]
[09:12:55]     Checking for file '/usr/lib/dmis/dmisd'[ Not found ]
[09:12:55]     Checking for file '/lib/secure/libhij.so'     [ Not found ][?12l[?25h[?25l[09:12:55]     Checking for file '/usr/lib/dmis/dmisd'[ Not found ]
[09:12:55]     Checking for file '/lib/secure/libhij.so'     [ Not found ]
[09:12:56]     Checking for file '/usr/sbin/sshd3'[ Not found ]
[09:12:56]     Checking for file '/etc/rc.d/init.d/crontab'  [ Not found ]
[09:12:56]     Checking for file '/etc/rc.d/init.d/jcd'      [ Not found ]
[09:12:56]     Checking for file '/usr/sbin/atd2'[ Not found ]
[09:12:56]     Checking for file '/etc/rc.d/rc5.d/S93users'  [ Not found ]
[09:12:56]     Checking for file '/usr/include/mysql/mysql.hh1' [ Not found ]
[09:12:57]     Checking for file '/etc/init.d/xfs3'[ Not found ]
[09:12:57]     Checking for file '/usr/sbin/t.txt'[ Not found ]
[09:12:57]     Checking for file '/usr/sbin/change'[ Not found ]
[09:12:57]     Checking for file '/usr/sbin/s'[ Not found ]
[09:12:57]     Checking for file '/bin/f'[ Not found ]
[09:12:57]     Checking for file '/bin/i'[ Not found ]
[09:12:57]     Checking for file '/lib/libncom.so.4.0.1'     [ Not found ]
[09:12:58]     Checking for file '/sbin/zinit'[ Not found ]
[09:12:58]     Checking for file '/tmp/pass_ssh.log'[ Not found ]
[09:12:58]     Checking for file '/usr/include/gpm2.h'[ Not found ]
[09:12:58]     Checking for file '/etc/ssh/.sshd_auth'[ Not found ]
[09:12:58]     Checking for file '/usr/lib/.sshd.h'[ Not found ]
[09:12:58]     Checking for file '/var/run/.defunct'[ Not found ]
[09:12:59]     Checking for file '/etc/httpd/run/.defunct'   [ Not found ]
[09:12:59]     Checking for file '/usr/share/pci.r'[ Not found ]
[09:12:59]     Checking for file '/etc/cron.daily/dnsquery'  [ Not found ]
[09:12:59]     Checking for file '/usr/lib/libutil1.2.1.2.so' [ Not found ]
[09:12:59]     Checking for file '/bin/ceva'[ Not found ]
[09:13:00]     Checking for file '/sbin/syslogd '[ Not found ]
[09:13:00]     Checking for file '/usr/include/shup.h'[ Not found ]
[09:13:00]     Checking for file '/etc/rpm/sshdOLD'[ Not found ]
[09:13:00]     Checking for file '/etc/rpm/sshOLD'[ Not found ]
[09:13:00]     Checking for file '/usr/share/passwd.h'[ Not found ]
[09:13:00]     Checking for file '/lib/.xsyslog'[ Not found ]
[09:13:01]     Checking for file '/etc/.xsyslog'[ Not found ]
[09:13:01]     Checking for file '/lib/.ssyslog'[ Not found ]
[09:13:01]     Checking for file '/tmp/.sendmail'[ Not found ]
[09:13:01]     Checking for file '/usr/share/sshd.sync'      [ Not found ]
[09:13:01]     Checking for file '/bin/zcut'[ Not found ]
[09:13:01]     Checking for file '/usr/bin/zmuie'[ Not found ]
[09:13:02]     Checking for directory '/dev/ptyas'[ Not found ]
[09:13:02]     Checking for directory '/usr/bin/take'[ Not found ]
[09:13:02]     Checking for directory '/usr/src/.lib'[ Not found ]
[09:13:02]     Checking for directory '/usr/share/man/man1/.1c' [ Not found ]
[09:13:03]     Checking for directory '/lib/lblip.tk'[ Not found ]
[09:13:03]     Checking for directory '/usr/sbin/...'[ Not found ]
[09:13:03]     Checking for directory '/usr/share/.gun'      [ Not found ]
[09:13:03]     Checking for directory '/unde/vrei/tu/sa/te/ascunzi/in/server' [ Not found ]
[09:13:03]     Checking for directory '/usr/man/man1/..  /.dir' [ Not found ]
[09:13:03]     Checking for directory '/usr/X11R6/include/X11/...' [ Not found ]
[09:13:04]     Checking for directory '/usr/X11R6/lib/X11/.fonts/misc/...' [ Not found ]
[09:13:04]     Checking for directory '/tmp/.sys'[ Not found ]
[09:13:04]     Checking for directory '/tmp/''[ Not found ][?12l[?25h[?25l[09:13:04]     Checking for directory '/tmp/.sys'[ Not found ]
[09:13:04]     Checking for directory '/tmp/''[ Not found ]
[09:13:04]     Checking for directory '/tmp/.,'[ Not found ]
[09:13:04]     Checking for directory '/tmp/,.,'[ Not found ]
[09:13:04]     Checking for directory '/dev/shm/emilien'     [ Not found ]
[09:13:04]     Checking for directory '/var/tmp/.log'[ Not found ]
[09:13:05]     Checking for directory '/tmp/zmeu/... '[ Not found ]
[09:13:05]     Checking for directory '/var/log/ssh'[ Not found ]
[09:13:05]     Checking for directory '/dev/ida'[ Not found ]
[09:13:05]     Checking for directory '/var/lib/games/.src/ssk/shit' [ Not found ]
[09:13:05]     Checking for directory '/usr/lib/libshtift'   [ Not found ]
[09:13:05]     Checking for directory '/usr/src/.poop'[ Not found ]
[09:13:06]     Checking for directory '/dev/wd4'[ Not found ]
[09:13:06]     Checking for directory '/var/run/.tmp'[ Not found ]
[09:13:06]     Checking for directory '/usr/man/man1/lib/.lib' [ Not found ]
[09:13:06]     Checking for directory '/dev/portd'[ Not found ]
[09:13:06]     Checking for directory '/dev/...'[ Not found ]
[09:13:06]     Checking for directory '/usr/share/man/mansps' [ Not found ]
[09:13:07]     Checking for directory '/lib/.so'[ Not found ]
[09:13:07]     Checking for directory '/lib/.sso'[ Not found ]
[09:13:07]     Checking for directory '/usr/include/sslv3'   [ Not found ]
[09:13:07]     Checking for directory '/dev/shm/sshd'[ Not found ]
[09:13:07]     Checking for directory '/usr/share/locale/mk/.dev/sk' [ Not found ]
[09:13:08]     Checking for directory '/usr/share/locale/mk/.dev' [ Not found ]
[09:13:08]     Checking for directory '/usr/include/netda.h' [ Not found ]
[09:13:08]     Checking for directory '/usr/include/.ssh'    [ Not found ]
[09:13:08]     Checking for directory '/usr/share/locale/jp/. ' [ Not found ]
[09:13:08]     Checking for directory '/usr/share/.sqe'      [ Not found ]
[09:13:08]   Checking for possible rootkit files and directories [ None found ]
[09:13:08]
[09:13:08] Info: Starting test name 'possible_rkt_strings'
[09:13:09]   Performing check for possible rootkit strings
[09:13:09] Info: Using system startup paths: /etc/rc.d /etc/inittab
[09:13:09]     Checking for string 'LOGNAME=root'[ Not found ]
[09:13:09]     Checking for string 'phalanx'[ Not found ]
[09:13:09]     Checking for string '/dev/proc/fuckit'[ Not found ]
[09:13:10]     Checking for string 'FUCK'[ Not found ]
[09:13:10]     Checking for string 'backdoor'[ Not found ]
[09:13:10]     Checking for string '/usr/bin/rcpc'[ Not found ]
[09:13:10]     Checking for string '/usr/sbin/login'[ Not found ]
[09:13:10]     Checking for string '/dev/ptyxx/.proc'[ Not found ]
[09:13:10]     Checking for string 'vt200'[ Not found ]
[09:13:11]     Checking for string '/usr/bin/xstat'[ Not found ]
[09:13:11]     Checking for string '/bin/envpc'[ Not found ]
[09:13:11]     Checking for string 'L4m3r0x'[ Not found ]
[09:13:11]     Checking for string '/lib/libext'[ Not found ]
[09:13:11]     Checking for string '/usr/sbin/login'[ Not found ]
[09:13:12]     Checking for string '/usr/lib/.tbd'[ Not found ]
[09:13:12]     Checking for string 'sendmail'[ Not found ]
[09:13:12]     Checking for string 'cocacola'[ Not found ]
[09:13:12]     Checking for string 'joao'[ Not found ][?12l[?25h[?25l[09:13:12]     Checking for string 'cocacola'[ Not found ]
[09:13:12]     Checking for string 'joao'[ Not found ]
[09:13:12]     Checking for string '/dev/ptyxx/.file'[ Not found ]
[09:13:13]     Checking for string '/dev/ptyxx/.file'[ Not found ]
[09:13:13]     Checking for string '/dev/sgk'[ Not found ]
[09:13:13]     Checking for string '/var/lock/subsys/...datafile...' [ Not found ]
[09:13:13]     Checking for string '/usr/lib/.tbd'[ Not found ]
[09:13:13]     Checking for string '/dev/proc/fuckit'[ Not found ]
[09:13:13]     Checking for string '/lib/.sso'[ Not found ]
[09:13:14]     Checking for string '/var/lock/subsys/...datafile...' [ Not found ]
[09:13:14]     Checking for string '/dev/caca'[ Not found ]
[09:13:14]     Checking for string '/dev/ttyoa'[ Not found ]
[09:13:14]     Checking for string '/usr/lib/ldlibns.so'     [ Not found ]
[09:13:14]     Checking for string '/dev/ptyxx/.addr'[ Not found ]
[09:13:15]     Checking for string 'syg'[ Not found ]
[09:13:15]     Checking for string '/var/lock/subsys/...datafile...' [ Not found ]
[09:13:15]     Checking for string '/dev/pts/01'[ Not found ]
[09:13:15]     Checking for string 'tw33dl3'[ Not found ]
[09:13:15]     Checking for string 'psniff'[ Not found ]
[09:13:16]     Checking for string 'uconf.inv'[ Not found ]
[09:13:16]     Checking for string 'lib/ldlibps.so'[ Not found ]
[09:13:16]     Checking for string '/usr/lib/ldlibpst.so'    [ Not found ]
[09:13:16]     Checking for string 'libproc.so.2.0.7'[ Not found ]
[09:13:16]     Checking for string '/dev/ptyxx/.proc'[ Not found ]
[09:13:17]     Checking for string '/dev/ptyxx/.proc'[ Not found ]
[09:13:17]     Checking for string 'libproc.so.2.0.7'[ Not found ]
[09:13:17]     Checking for string 'libproc.so.2.0.7'[ Not found ]
[09:13:17]     Checking for string '/bin/bash'[ Not found ]
[09:13:17]     Checking for string '/dev/ptyxx'[ Not found ]
[09:13:18]     Checking for string '/.config'[ Not found ]
[09:13:18]     Checking for string '\$.*\$\!.*\!\!\$'[ Not found ]
[09:13:18]     Checking for string 'backdoor.h'[ Not found ]
[09:13:18]     Checking for string 'backdoor_active'[ Not found ]
[09:13:18]     Checking for string 'magic_pass_active'[ Not found ]
[09:13:19]     Checking for string '/usr/include/gpm2.h'     [ Not found ]
[09:13:19]     Checking for string '/usr/include/openssl'    [ Not found ]
[09:13:19]     Checking for string 'aion'[ Not found ]
[09:13:19]     Checking for string 'pcszPass'[ Not found ]
[09:13:19]     Checking for string 'LogPass'[ Not found ]
[09:13:20]     Checking for string 'Login_Check'[ Not found ]
[09:13:20]     Checking for string 'includes.h'[ Not found ]
[09:13:20]     Checking for string 'DecodeString'[ Not found ]
[09:13:20]     Checking for string 'EncodeString'[ Not found ]
[09:13:21]     Checking for string '/dev/xdta'[ Not found ]
[09:13:21]     Checking for string '/usr/lib/.tbd'[ Not found ]
[09:13:21]     Checking for string '/dev/ptyxx/.proc'[ Not found ]
[09:13:24]     Checking for string 'in.inetd'[ Not found ]
[09:13:24]     Checking for string '#<HIDE_.*>'[ Not found ]
[09:13:25]     Checking for string 'bin/xchk'[ Not found ]
[09:13:26]     Checking for string 'bin/xsf'[ Not found ]
[09:13:27]     Checking for string '/usr/bin/ssh2d'[ Not found ][?12l[?25h[?25l[09:13:26]     Checking for string 'bin/xsf'[ Not found ]
[09:13:27]     Checking for string '/usr/bin/ssh2d'[ Not found ]
[09:13:27]     Checking for string '/usr/sbin/xntps'[ Not found ]
[09:13:28]     Checking for string 'ttyload'[ Not found ]
[09:13:29]     Checking for string '/etc/rc.d/init.d/init'   [ Not found ]
[09:13:30]     Checking for string 'usr/bin/xfss'[ Not found ]
[09:13:30]     Checking for string '/usr/sbin/rpc.netinet'   [ Not found ]
[09:13:31]     Checking for string '/usr/lib/.fx/cons.saver' [ Not found ]
[09:13:32]     Checking for string '/usr/lib/.fx/xs'[ Not found ]
[09:13:33]     Checking for string '/ssh2d'[ Not found ]
[09:13:33]     Checking for string '/dev/kmod'[ Not found ]
[09:13:34]     Checking for string '/crth.o'[ Not found ]
[09:13:35]     Checking for string '/crtz.o'[ Not found ]
[09:13:36]     Checking for string '/dev/dos'[ Not found ]
[09:13:36]     Checking for string '/lpq'[ Not found ]
[09:13:37]     Checking for string '/usr/sbin/rescue'[ Not found ]
[09:13:38]     Checking for string '/usr/lib/lpstart'[ Not found ]
[09:13:39]     Checking for string '/volc'[ Not found ]
[09:13:39]     Checking for string 'sourcemask'[ Not found ]
[09:13:40]     Checking for string '/bin/vobiscum'[ Not found ]
[09:13:41]     Checking for string '/usr/sbin/in.telnet'     [ Not found ]
[09:13:42]     Checking for string '/usr/bin/hdparm?-t1?-X53?-p' [ Not found ]
[09:13:42]     Checking for string '/lib/.xsyslog'[ Not found ]
[09:13:43]     Checking for string '/etc/.xsyslog'[ Not found ]
[09:13:44]     Checking for string '/lib/.ssyslog'[ Not found ]
[09:13:45]     Checking for string '/tmp/.sendmail'[ Not found ]
[09:13:45]     Checking for string '/lib/ldd.so/tkps'[ Not found ]
[09:13:45]     Checking for string 't0rnkit'[ Not found ]
[09:13:46]     Checking for string '/dev/proc/fuckit'[ Not found ]
[09:13:46]     Checking for string 'backdoor.h'[ Not found ]
[09:13:46]     Checking for string 'backdoor_active'[ Not found ]
[09:13:46]     Checking for string 'magic_pass_active'[ Not found ]
[09:13:46]     Checking for string '/usr/include/gpm2.h'     [ Not found ]
[09:13:47]     Checking for string 'libproc.so.2.0.7'[ Not found ]
[09:13:47]     Checking for string 'libproc.so.2.0.7'[ Not found ]
[09:13:47]     Checking for string 'libproc.so.2.0.7'[ Not found ]
[09:13:47]     Checking for string '/usr/lib/ldlibct.so'     [ Not found ]
[09:13:47]     Checking for string '/usr/lib/ldlibdu.so'     [ Not found ]
[09:13:48]     Checking for string '/dev/ptyxx/.file'[ Not found ]
[09:13:48]     Checking for string 'libproc.so.2.0.7'[ Not found ]
[09:13:48]     Checking for string '/usr/include/mysql/mysql.hh1' [ Not found ]
[09:13:48]     Checking for string '/usr/include/mysql/mysql.hh1' [ Not found ]
[09:13:48]     Checking for string '/usr/include/mysql/mysql.hh1' [ Not found ]
[09:13:49]     Checking for string '/usr/include/mysql/mysql.hh1' [ Not found ]
[09:13:49]     Checking for string '/usr/include/mysql/mysql.hh1' [ Not found ]
[09:13:49]     Checking for string '/usr/include/mysql/mysql.hh1' [ Not found ]
[09:13:49]   Checking for possible rootkit strings[ None found ]
[09:13:49]
[09:13:49] Info: Starting test name 'malware'
[09:13:49] Performing malware checks
[09:13:50][?12l[?25h[?25l[09:13:49] Performing malware checks
[09:13:50]
[09:13:50] Info: Test 'deleted_files' disabled at users request.
[09:13:50]
[09:13:50] Info: Starting test name 'running_procs'
[09:13:52]   Checking running processes for suspicious files [ None found ]
[09:13:52]
[09:13:52] Info: Test 'hidden_procs' disabled at users request.
[09:13:52]
[09:13:52] Info: Test 'suspscan' disabled at users request.
[09:13:52]
[09:13:52] Info: Starting test name 'other_malware'
[09:13:52]   Performing check for login backdoors
[09:13:52]     Checking for '/bin/.login'[ Not found ]
[09:13:52]     Checking for '/sbin/.login'[ Not found ]
[09:13:52]   Checking for login backdoors[ None found ]
[09:13:52]
[09:13:52]   Performing check for suspicious directories
[09:13:52]     Checking for directory '/usr/X11R6/bin/.,/copy' [ Not found ]
[09:13:52]     Checking for directory '/dev/rd/cdb'[ Not found ]
[09:13:53]   Checking for suspicious directories[ None found ]
[09:13:53]
[09:13:53]   Checking for software intrusions[ Skipped ]
[09:13:53] Info: Check skipped - tripwire not installed
[09:13:53]
[09:13:53]   Performing check for sniffer log files
[09:13:53]     Checking for file '/usr/lib/libice.log'[ Not found ]
[09:13:53]     Checking for file '/dev/prom/sn.l'[ Not found ]
[09:13:53]     Checking for file '/dev/fd/.88/zxsniff.log'   [ Not found ]
[09:13:53]   Checking for sniffer log files[ None found ]
[09:13:53]
[09:13:53] Info: Starting test name 'trojans'
[09:13:54] Performing trojan specific checks
[09:13:54]   Checking for enabled inetd services[ Skipped ]
[09:13:54] Info: Check skipped - file '/etc/inetd.conf' does not exist.
[09:13:54]
[09:13:54]   Performing check for enabled xinetd services
[09:13:54] Info: Using xinetd configuration file '/etc/xinetd.conf'
[09:13:54]     Checking '/etc/xinetd.conf' for enabled services [ None found ]
[09:13:54]Found 'includedir /etc/xinetd.d' directive
[09:13:54]     Checking '/etc/xinetd.d/chargen-dgram' for enabled services [ None found ]
[09:13:55]     Checking '/etc/xinetd.d/chargen-stream' for enabled services [ None found ]
[09:13:55]     Checking '/etc/xinetd.d/daytime-dgram' for enabled services [ None found ]
[09:13:55]     Checking '/etc/xinetd.d/daytime-stream' for enabled services [ None found ]
[09:13:55]     Checking '/etc/xinetd.d/discard-dgram' for enabled services [ None found ]
[09:13:55]     Checking '/etc/xinetd.d/discard-stream' for enabled services [ None found ]
[09:13:55]     Checking '/etc/xinetd.d/echo-dgram' for enabled services [ None found ]
[09:13:56]     Checking '/etc/xinetd.d/echo-stream' for enabled services [ None found ]
[09:13:56]     Checking '/etc/xinetd.d/rsync' for enabled services [ None found ]
[09:13:56]     Checking '/etc/xinetd.d/tcpmux-server' for enabled services [ None found ]
[09:13:56]     Checking '/etc/xinetd.d/time-dgram' for enabled services [ None found ][?12l[?25h[?25l[09:13:56]     Checking '/etc/xinetd.d/tcpmux-server' for enabled services [ None found ]
[09:13:56]     Checking '/etc/xinetd.d/time-dgram' for enabled services [ None found ]
[09:13:56]     Checking '/etc/xinetd.d/time-stream' for enabled services [ None found ]
[09:13:57]   Checking for enabled xinetd services[ None found ]
[09:13:57]   Checking for Apache backdoor[ Not found ]
[09:13:58]
[09:13:58] Info: Starting test name 'os_specific'
[09:13:58] Performing Linux specific checks
[09:13:58]   Checking loaded kernel modules[ OK ]
[09:13:58] Info: Using modules pathname of '/lib/modules/2.6.32-431.5.1.el6.x86_64'
[09:14:08]   Checking kernel module names[ OK ]
[09:14:11]
[09:14:11] Info: Starting test name 'network'
[09:14:11] Checking the network...
[09:14:11]
[09:14:11] Performing checks on the network ports
[09:14:11] Info: Starting test name 'ports'
[09:14:11]   Performing check for backdoor ports
[09:14:11]     Checking for TCP port 1524[ Not found ]
[09:14:11]     Checking for TCP port 1984[ Not found ]
[09:14:12]     Checking for UDP port 2001[ Not found ]
[09:14:12]     Checking for TCP port 2006[ Not found ]
[09:14:12]     Checking for TCP port 2128[ Not found ]
[09:14:12]     Checking for TCP port 6666[ Not found ]
[09:14:12]     Checking for TCP port 6667[ Not found ]
[09:14:13]     Checking for TCP port 6668[ Not found ]
[09:14:13]     Checking for TCP port 6669[ Not found ]
[09:14:13]     Checking for TCP port 7000[ Not found ]
[09:14:13]     Checking for TCP port 13000[ Not found ]
[09:14:13]     Checking for TCP port 14856[ Not found ]
[09:14:14]     Checking for TCP port 25000[ Not found ]
[09:14:14]     Checking for TCP port 29812[ Not found ]
[09:14:14]     Checking for TCP port 31337[ Not found ]
[09:14:14]     Checking for TCP port 32982[ Not found ]
[09:14:14]     Checking for TCP port 33369[ Not found ]
[09:14:15]     Checking for TCP port 47107[ Not found ]
[09:14:15]     Checking for TCP port 47018[ Not found ]
[09:14:15]     Checking for TCP port 60922[ Not found ]
[09:14:15]     Checking for TCP port 62883[ Not found ]
[09:14:15]     Checking for TCP port 65535[ Not found ]
[09:14:16]   Checking for backdoor ports[ None found ]
[09:14:16]
[09:14:16] Info: Test 'hidden_ports' disabled at users request.
[09:14:16]
[09:14:16] Performing checks on the network interfaces
[09:14:16] Info: Starting test name 'promisc'
[09:14:16]   Checking for promiscuous interfaces[ None found ]
[09:14:16]
[09:14:16] Info: Test 'packet_cap_apps' disabled at users request.
[09:14:16]
[09:14:16] Info: Starting test name 'local_host'[?12l[?25h[?25l[09:14:16]
[09:14:16] Info: Starting test name 'local_host'
[09:14:16] Checking the local host...
[09:14:16]
[09:14:16] Info: Starting test name 'startup_files'
[09:14:16] Performing system boot checks
[09:14:17]   Checking for local host name[ Found ]
[09:14:17]
[09:14:17] Info: Starting test name 'startup_malware'
[09:14:17]   Checking for system startup files[ Found ]
[09:14:20]   Checking system startup files for malware[ None found ]
[09:14:20]
[09:14:20] Info: Starting test name 'group_accounts'
[09:14:20] Performing group and account checks
[09:14:20]   Checking for passwd file[ Found ]
[09:14:20] Info: Found password file: /etc/passwd
[09:14:20]   Checking for root equivalent (UID 0) accounts   [ None found ]
[09:14:20] Info: Found shadow file: /etc/shadow
[09:14:20]   Checking for passwordless accounts[ None found ]
[09:14:20]
[09:14:20] Info: Starting test name 'passwd_changes'
[09:14:20]   Checking for passwd file changes[ Warning ]
[09:14:21] Warning: Unable to check for passwd file differences: no copy of the passwd file exists.
[09:14:21]
[09:14:21] Info: Starting test name 'group_changes'
[09:14:21]   Checking for group file changes[ Warning ]
[09:14:21] Warning: Unable to check for group file differences: no copy of the group file exists.
[09:14:21]   Checking root account shell history files[ OK ]
[09:14:21]
[09:14:21] Info: Starting test name 'system_configs'
[09:14:21] Performing system configuration file checks
[09:14:21]   Checking for a system logging configuration file [ Found ]
[09:14:21] Info: Found SSH /etc/ssh/sshd_config configuration file:
[09:14:21] Info: Rkhunter option ALLOW_SSH_ROOT_USER set to 'no'.
[09:14:22] Info: Rkhunter option ALLOW_SSH_PROT_V1 set to '0'.
[09:14:22]   Checking if SSH root access is allowed[ Warning ]
[09:14:22] Warning: The SSH configuration option 'PermitRootLogin' has not been set.The default value may be 'yes', to allow root access.
[09:14:22]   Checking if SSH protocol v1 is allowed[ Not allowed ]
[09:14:22]   Checking for a running system logging daemon    [ Found ]
[09:14:22] Info: Found rsyslog /etc/rsyslog.conf configuration file:
[09:14:22]   Checking for a system logging configuration file [ Found ]
[09:14:22]   Checking if syslog remote logging is allowed    [ Not allowed ]
[09:14:23]
[09:14:23] Info: Starting test name 'filesystem'
[09:14:23] Performing filesystem checks
[09:14:23] Info: SCAN_MODE_DEV set to 'THOROUGH'
[09:14:25]   Checking /dev for suspicious file types[ Warning ]
[09:14:25] Warning: Suspicious file types found in /dev:
[09:14:25]/dev/.udev/queue.bin: data
[09:14:25]/dev/.udev/db/block:xvda1: ASCII text[?12l[?25h[?25l[09:14:25]/dev/.udev/queue.bin: data
[09:14:25]/dev/.udev/db/block:xvda1: ASCII text
[09:14:25]/dev/.udev/db/input:event0: ASCII text
[09:14:25]/dev/.udev/db/block:xvda2: ASCII text
[09:14:25]/dev/.udev/db/block:ram9: ASCII text
[09:14:25]/dev/.udev/db/block:ram8: ASCII text
[09:14:25]/dev/.udev/db/block:ram7: ASCII text
[09:14:25]/dev/.udev/db/block:ram5: ASCII text
[09:14:25]/dev/.udev/db/block:ram4: ASCII text
[09:14:25]/dev/.udev/db/block:ram6: ASCII text
[09:14:26]/dev/.udev/db/block:ram3: ASCII text
[09:14:26]/dev/.udev/db/block:ram2: ASCII text
[09:14:26]/dev/.udev/db/block:ram15: ASCII text
[09:14:26]/dev/.udev/db/block:ram13: ASCII text
[09:14:26]/dev/.udev/db/block:ram14: ASCII text
[09:14:26]/dev/.udev/db/block:ram12: ASCII text
[09:14:26]/dev/.udev/db/block:ram11: ASCII text
[09:14:26]/dev/.udev/db/block:ram10: ASCII text
[09:14:26]/dev/.udev/db/block:ram1: ASCII text
[09:14:26]/dev/.udev/db/block:ram0: ASCII text
[09:14:26]/dev/.udev/db/block:loop7: ASCII text
[09:14:26]/dev/.udev/db/block:loop6: ASCII text
[09:14:26]/dev/.udev/db/block:loop5: ASCII text
[09:14:27]/dev/.udev/db/block:loop4: ASCII text
[09:14:27]/dev/.udev/db/block:loop3: ASCII text
[09:14:27]/dev/.udev/db/block:loop2: ASCII text
[09:14:27]/dev/.udev/db/block:loop0: ASCII text
[09:14:27]/dev/.udev/db/block:loop1: ASCII text
[09:14:27]/dev/.udev/rules.d/99-root.rules: ASCII text
[09:14:32]   Checking for hidden files and directories[ Warning ]
[09:14:32] Warning: Hidden directory found: /dev/.udev
[09:14:32] Warning: Hidden file found: /usr/share/man/man5/.k5login.5.gz: gzip compressed data, from Unix, max compression
[09:14:32] Warning: Hidden file found: /usr/share/man/man5/.k5identity.5.gz: gzip compressed data, from Unix, max compression
[09:14:32] Warning: Hidden file found: /usr/share/man/man1/..1.gz: gzip compressed data, from Unix, max compression
[09:14:32] Warning: Hidden file found: /usr/bin/.ssh.hmac: ASCII text
[09:14:32] Warning: Hidden file found: /usr/bin/.fipscheck.hmac: ASCII text
[09:14:32] Warning: Hidden file found: /usr/sbin/.sshd.hmac: ASCII text
[09:14:36]
[09:14:36] Info: Starting test name 'apps'
[09:14:36] Checking application versions...
[09:14:39] Info: Application 'exim' not found.
[09:14:39]   Checking version of GnuPG[ OK ]
[09:14:39] Info: Application 'gpg' version '2.0.14' found.
[09:14:39]   Checking version of Apache[ Warning ]
[09:14:39] Warning: Application 'httpd', version '2.2.15', is out of date, and possibly a security risk.
[09:14:40]   Checking version of Bind DNS[ OK ]
[09:14:40] Info: Application 'named' version '9.8.2rc1-RedHat-9.8.2-0.23.rc1.el6_5.1' found.
[09:14:40]   Checking version of OpenSSL[ OK ]
[09:14:40] Info: Application 'openssl' version '1.0.1e' found.
[09:14:40]   Checking version of PHP[ OK ]
[09:14:40] Info: Application 'php' version '5.3.3' found.[?12l[?25h[?25l[09:14:40]   Checking version of PHP[ OK ]
[09:14:40] Info: Application 'php' version '5.3.3' found.
[09:14:40]   Checking version of Procmail MTA[ OK ]
[09:14:40] Info: Application 'procmail' version '3.22' found.
[09:14:41] Info: Application 'proftpd' not found.
[09:14:41]   Checking version of OpenSSH[ OK ]
[09:14:41] Info: Application 'sshd' version '5.3p1' found.
[09:14:41] Info: Applications checked: 7 out of 9
[09:14:41]
[09:14:41] System checks summary
[09:14:41] =====================
[09:14:41]
[09:14:41] File properties checks...
[09:14:41] Files checked: 136
[09:14:41] Suspect files: 5
[09:14:41]
[09:14:41] Rootkit checks...
[09:14:41] Rootkits checked : 305
[09:14:41] Possible rootkits: 0
[09:14:42]
[09:14:42] Applications checks...
[09:14:42] Applications checked: 7
[09:14:42] Suspect applications: 1
[09:14:42]
[09:14:42] The system checks took: 6 minutes and 36 seconds
[09:14:42]
[09:14:42] Info: End date is Thu Mar  6 09:14:42 GMT 2014

Open in new window

0
 
LVL 2

Author Comment

by:detox1978
ID: 39908702
Looks like there was a load of spam sat in the mail queue;

[root@www ~]# postsuper -d ALL
postsuper: Deleted: 6523 messages

Open in new window

0
 
LVL 13

Assisted Solution

by:Sandy
Sandy earned 125 total points
ID: 39908714
rootkit output seems fine, r u still getting those logs ?

TY/SA
0
 
LVL 2

Author Comment

by:detox1978
ID: 39908717
is there a way to only list email sent or attempted to be sent.  i.e. not show the emails i reject.


Thanks
0
 
LVL 2

Author Comment

by:detox1978
ID: 39908740
There was 6000 emails in the mail queue.  I've deleted them, so will wait to see what shows up in the log now.
0
 
LVL 13

Expert Comment

by:Sandy
ID: 39908750
keep posting the update pls.

TY/SA
0
 
LVL 27

Expert Comment

by:serialband
ID: 39909384
Sorry, I've been a bit busy and haven't had free time to check back earlier.

rootkits?  That's a bit of a non sequitur.  It's always good to check for those periodically, but I don't believe it applies here.

You should be able to grep for all lines except the NOQUEUE lines with the following -v option.
grep -v NOQUEUE /var/log/postfix

If you need to eclude others, just pipe it to another grep -v
grep -v NOQUEUE /var/log/postfix | grep -v disconnect
0
 
LVL 2

Author Comment

by:detox1978
ID: 39909611
Skimming through the logs this line stands out;

Mar  6 14:45:09 www postfix/smtp[5730]: 4B046A2062: to=<nfo@wanadoo.fr>, relay=smtp-in.orange.fr[80.12.242.9]:25, delay=1.4, delays=0.02/0/0.83/0.54, dsn=5.0.0, status=bounced (host smtp-in.orange.fr[80.12.242.9] said: 550 Message Contains SPAM Content :: Please contact abuse@fortressitx.com for further information. (in reply to end of DATA command))

is that my server trying to send the email?  As it should only be allowed to send to the addresses listed in /etc/postfix/virtual
0
 
LVL 61

Expert Comment

by:gheist
ID: 39909755
You can install rootkit hunter from EPEL - it is configured to not complain about normal CentOS install (like common files in /dev/ etc)

Can we see your address checks from main.cf?
0
 
LVL 27

Expert Comment

by:serialband
ID: 39909901
You mentioned that you allow several customers to have catch all forwarding.  Maybe it's one of those forwards that's bouncing back.

How do I drop these rules, as I want to readd them but reduce the number from 10 to 3, as three emails is loads for my customers.  

DROP       tcp  --  anywhere             anywhere            tcp dpt:smtp state NEW recent: UPDATE seconds: 60 hit_count: 10 name: DEFAULT side: source
           tcp  --  anywhere             anywhere            tcp dpt:smtp state NEW recent: SET name: DEFAULT side: source
           tcp  --  anywhere             anywhere            tcp dpt:smtp state NEW recent: SET name: DEFAULT side: source
DROP       tcp  --  anywhere             anywhere            tcp dpt:smtp state NEW recent: UPDATE seconds: 60 hit_count: 10 name: DEFAULT side: source

Open in new window


You edit /etc/fail2ban/jail.conf and change the settings, then service fail2ban restart.
0
 
LVL 26

Expert Comment

by:skullnobrains
ID: 39912193
who is supposed to use this sever ? are you the MX of a series of domains ?
0
 
LVL 2

Author Comment

by:detox1978
ID: 39915353
I host around 20 websites.  All there domains are email enabled, so I host the MX on my VPS.

I simply forward their email to their private email account.
0
 
LVL 2

Author Comment

by:detox1978
ID: 39915355
Fail2ban appears to have got the issue under control and Yahoo have removed the block.


I've opened up two new questions;


How do I disable the fail2ban email notification everytime someone is blocked.
http://www.experts-exchange.com/OS/Linux/Q_28383786.html

How do I setup DNSBL on CentOS 6.5, ideally using YUM
http://www.experts-exchange.com/OS/Linux/Q_28383789.html
0

Featured Post

Do You Know the 4 Main Threat Actor Types?

Do you know the main threat actor types? Most attackers fall into one of four categories, each with their own favored tactics, techniques, and procedures.

Join & Write a Comment

In my business, I use the LTS (Long Term Support) versions of Linux. My workstations do real work, and so I rarely have the patience to deal with silly problems caused by an upgraded kernel that had experimental software on it to begin with from a r…
1. Introduction As many people are interested in Linux but not as many are interested or knowledgeable (enough) to install Linux on their system, here is a safe way to try out Linux on your existing (Windows) system. The idea is that you insta…
Get a first impression of how PRTG looks and learn how it works.   This video is a short introduction to PRTG, as an initial overview or as a quick start for new PRTG users.
This demo shows you how to set up the containerized NetScaler CPX with NetScaler Management and Analytics System in a non-routable Mesos/Marathon environment for use with Micro-Services applications.

706 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

20 Experts available now in Live!

Get 1:1 Help Now