Hallo,...
anbei das log! (habe es gekürzt)
[17:16:47]
[17:16:47] Performing Linux specific checks
[17:16:47] Info: Starting test name 'os_specific'
[17:16:47] Checking loaded kernel modules [ OK ]
[17:16:47] Info: Using modules pathname of '/lib/modules/2.6.32-5-amd64'
[17:16:48] Checking kernel module names [ OK ]
[17:16:52]
[17:16:52] Checking the network...
[17:16:52] Info: Starting test name 'network'
[17:16:52] Info: Starting test name 'ports'
[17:16:52]
[17:16:52] Performing check for backdoor ports
[17:16:52] Checking for TCP port 1524 [ Not found ]
[17:16:52] Checking for TCP port 1984 [ Not found ]
[17:16:52] Checking for UDP port 2001 [ Not found ]
[17:16:52] Checking for TCP port 2006 [ Not found ]
[17:16:52] Checking for TCP port 2128 [ Not found ]
[17:16:52] Checking for TCP port 6666 [ Not found ]
[17:16:52] Checking for TCP port 6667 [ Not found ]
[17:16:52] Checking for TCP port 6668 [ Not found ]
[17:16:53] Checking for TCP port 6669 [ Not found ]
[17:16:53] Checking for TCP port 7000 [ Not found ]
[17:16:53] Checking for TCP port 13000 [ Not found ]
[17:16:53] Checking for TCP port 14856 [ Not found ]
[17:16:53] Checking for TCP port 25000 [ Not found ]
[17:16:53] Checking for TCP port 29812 [ Not found ]
[17:16:53] Checking for TCP port 31337 [ Not found ]
[17:16:53] Checking for TCP port 32982 [ Not found ]
[17:16:53] Checking for TCP port 33369 [ Not found ]
[17:16:53] Checking for TCP port 47107 [ Not found ]
[17:16:53] Checking for TCP port 47018 [ Not found ]
[17:16:53] Checking for TCP port 60922 [ Not found ]
[17:16:53] Checking for TCP port 62883 [ Not found ]
[17:16:53] Checking for TCP port 65535 [ Not found ]
[17:16:53]
[17:16:53] Performing checks on the network interfaces
[17:16:53] Info: Starting test name 'promisc'
[17:16:53] Checking for promiscuous interfaces [ None found ]
[17:16:53]
[17:16:53] Info: Test 'packet_cap_apps' disabled at users request.
[17:16:55]
[17:16:55] Checking the local host...
[17:16:55] Info: Starting test name 'local_host'
[17:16:55]
[17:16:55] Performing system boot checks
[17:16:55] Info: Starting test name 'startup_files'
[17:16:55] Checking for local host name [ Found ]
[17:16:55] Info: Starting test name 'startup_malware'
[17:16:55] Checking for system startup files [ Found ]
[17:16:56] Checking system startup files for malware [ None found ]
[17:16:56]
[17:16:56] Performing group and account checks
[17:16:56] Info: Starting test name 'group_accounts'
[17:16:56] Checking for passwd file [ Found ]
[17:16:56] Info: Found password file: /etc/passwd
[17:16:56] Checking for root equivalent (UID 0) accounts [ None found ]
[17:16:56] Info: Found shadow file: /etc/shadow
[17:16:56] Checking for passwordless accounts [ None found ]
[17:16:56] Info: Starting test name 'passwd_changes'
[17:16:56] Checking for passwd file changes [ None found ]
[17:16:56] Info: Starting test name 'group_changes'
[17:16:56] Checking for group file changes [ None found ]
[17:16:56] Checking root account shell history files [ OK ]
[17:16:56]
[17:16:56] Performing system configuration file checks
[17:16:56] Info: Starting test name 'system_configs'
[17:16:56] Checking for SSH configuration file [ Found ]
[17:16:56] Info: Found SSH configuration file: /etc/ssh/sshd_config
[17:16:56] Info: Rkhunter option ALLOW_SSH_ROOT_USER set to 'no'.
[17:16:56] Info: Rkhunter option ALLOW_SSH_PROT_V1 set to '0'.
[17:16:56] Checking if SSH root access is allowed [ Warning ]
[17:16:56] Warning: The SSH and rkhunter configuration options should be the same:
[17:16:56] SSH configuration option 'PermitRootLogin': yes
[17:16:56] Rkhunter configuration option 'ALLOW_SSH_ROOT_USER': no
[17:16:56] Checking if SSH protocol v1 is allowed [ Not allowed ]
[17:16:56] Checking for running syslog daemon [ Found ]
[17:16:56] Checking for syslog configuration file [ Found ]
[17:16:56] Info: Found syslog configuration file: /etc/rsyslog.conf
[17:16:56] Checking if syslog remote logging is allowed [ Not allowed ]
[17:16:56]
[17:16:56] Performing filesystem checks
[17:16:56] Info: Starting test name 'filesystem'
[17:16:56] Info: SCAN_MODE_DEV set to 'THOROUGH'
[17:16:56] Checking /dev for suspicious file types [ None found ]
[17:16:56] Checking for hidden files and directories [ Warning ]
[17:16:56] Warning: Hidden directory found: /dev/.udev
[17:16:56] Warning: Hidden directory found: /dev/.initramfs
[17:17:06]
[17:17:06] Info: Test 'apps' disabled at users request.
[17:17:06]
[17:17:06] System checks summary
[17:17:06] =====================
[17:17:06]
[17:17:06] File properties checks...
[17:17:06] Files checked: 131
[17:17:06] Suspect files: 8
[17:17:06]
[17:17:06] Rootkit checks...
[17:17:06] Rootkits checked : 250
[17:17:06] Possible rootkits: 8
[17:17:06] Rootkit names : cb Rootkit, SHV4 Rootkit, SHV5 Rootkit, SHV5 Rootkit, SHV5 Rootkit, SHV5 Rootkit, SHV5 Rootkit, Possible SHV5 Rootkit
[17:17:06]
[17:17:06] Applications checks...
[17:17:06] All checks skipped
[17:17:06]
[17:17:06] The system checks took: 51 seconds
[17:17:07]
[17:17:07] Info: End date is Mon Jän 9 17:17:07 CET 2012
Wurde ich gehackt???
Weiters habe ich soeben versucht den ssh-server neu zu installieren ohne erfolg.... die host_keys können nicht erstellt werden!
Was kann ich jetzt machen??