5

My system is an up-to-date Ubuntu 13.10

I've installed Tiger and I'm getting this

# Running chkrootkit (/usr/sbin/chkrootkit) to perform further checks...
OLD: --ALERT-- [rootkit005a] Chkrootkit has found a file which seems to be infected because of a rootkit
OLD: --ALERT-- [rootkit009a] A rootkit seems to be installed in the system
OLD: INFECTED (PORTS: 60001)

What?!

I've also tried rkhunter: doesn't really find anything directly, here's the assorted warnings

/usr/bin/unhide.rb                                       [ Warning ]
Checking for passwd file changes                         [ Warning ]
Checking for group file changes                          [ Warning ]
Checking /dev for suspicious file types                  [ Warning ]
Checking for hidden files and directories                [ Warning ]

There's also the suckit thing (described in another thread here http://ubuntuforums.org/showthread.php?t=1680428), but that's been ruled out as a bug.

Looking at

netstat -ltnp

There's nothing on this port there, well not now anyway.

How do I verify this? How do I go about it??

David
  • 372

1 Answers1

2

Whenever you want to see what process is holding a port open, use the lsof command. For a tcp port use lsof -i tcp:80 and for a udp port use lsof -i udp:53. The info will provide all the info you require as to process name, pid, and ownership. For example:

cyberfarer@Quadraphenia:~$ sudo lsof -i tcp:80
[sudo] password for cyberfarer: 
COMMAND  PID     USER   FD   TYPE DEVICE SIZE/OFF NODE NAME
apache2 2723     root    3u  IPv4  16241      0t0  TCP *:http (LISTEN)
apache2 2751 www-data    3u  IPv4  16241      0t0  TCP *:http (LISTEN)
apache2 2752 www-data    3u  IPv4  16241      0t0  TCP *:http (LISTEN)
apache2 2753 www-data    3u  IPv4  16241      0t0  TCP *:http (LISTEN)
apache2 2754 www-data    3u  IPv4  16241      0t0  TCP *:http (LISTEN)
apache2 2755 www-data    3u  IPv4  16241      0t0  TCP *:http (LISTEN)

Fast, easy, and without needless scrolling and deciphering.

Braiam
  • 69,112
user267640
  • 21