Results 1 to 12 of 12
  1. #1

    Trojans In New Fedora Box

    Hello I get my New Box ( Fedora )

    I upgrade apache + cpanel + php + kernel to 2.4.26

    I intall chkrootHunter and make a full scan

    chkhunter -c

    I get a big problem

    Rootkit Hunter 1.0.9 is running

    Determining OS... Ready


    Checking binaries
    * Selftests
    Strings (command) [ OK ]


    * System tools
    Info: prelinked files found
    Performing 'known good' check...
    /usr/sbin/prelink: /sbin/depmod: Could not find variable copy reloc is against
    /sbin/depmod [ BAD ]
    /sbin/ifconfig [ OK ]
    /sbin/init [ OK ]
    /sbin/insmod [ OK ]
    /sbin/ip [ OK ]
    /sbin/ksyms [ OK ]
    /sbin/lsmod [ OK ]
    /usr/sbin/prelink: /sbin/modinfo: Could not find variable copy reloc is against
    /sbin/modinfo [ BAD ]
    /usr/sbin/prelink: /sbin/modprobe: Could not find variable copy reloc is against
    /sbin/modprobe [ BAD ]
    /sbin/rmmod [ OK ]
    /usr/sbin/prelink: /bin/cat: Could not find variable copy reloc is against
    /bin/cat [ BAD ]
    /usr/sbin/prelink: /bin/chown: Could not find variable copy reloc is against
    /bin/chown [ BAD ]
    /usr/sbin/prelink: /bin/df: Could not find variable copy reloc is against
    /usr/sbin/prelink: /bin/df: Could not find variable copy reloc is against
    /bin/df [ BAD ]
    /bin/echo [ OK ]
    /usr/sbin/prelink: /bin/egrep: Could not find variable copy reloc is against
    /usr/sbin/prelink: /bin/egrep: Could not find variable copy reloc is against
    /bin/egrep [ BAD ]
    /usr/sbin/prelink: /bin/fgrep: Could not find variable copy reloc is against
    /bin/fgrep [ OK ]
    /usr/sbin/prelink: /bin/grep: Could not find variable copy reloc is against
    /usr/sbin/prelink: /bin/grep: Could not find variable copy reloc is against
    /bin/grep [ BAD ]
    /usr/sbin/prelink: /bin/kill: Could not find variable copy reloc is against
    /bin/kill [ BAD ]
    /bin/login [ OK ]
    /usr/sbin/prelink: /bin/ls: Could not find variable copy reloc is against
    /bin/ls [ OK ]
    /usr/sbin/prelink: /bin/more: Could not find variable copy reloc is against
    /bin/more [ BAD ]
    /bin/mount [ OK ]
    /bin/netstat [ OK ]
    /bin/ps [ OK ]
    /bin/sort [ OK ]
    /bin/su [ OK ]
    /usr/bin/chattr [ OK ]
    /usr/sbin/prelink: /usr/bin/file: Could not find variable copy reloc is against
    /usr/bin/file [ BAD ]
    /usr/bin/find [ OK ]
    /usr/sbin/prelink: /usr/bin/kill: Could not find variable copy reloc is against
    /usr/sbin/prelink: /usr/bin/kill: Could not find variable copy reloc is against
    /usr/bin/kill [ BAD ]
    /usr/sbin/prelink: /usr/bin/last: Could not find variable copy reloc is against
    /usr/bin/last [ BAD ]
    /usr/bin/lastlog [ OK ]
    /usr/sbin/prelink: /usr/bin/less: Could not find variable copy reloc is against
    /usr/bin/less [ OK ]
    /usr/sbin/prelink: /usr/bin/logger: Could not find variable copy reloc is against
    /usr/bin/logger [ BAD ]
    /usr/bin/lsattr [ OK ]
    /usr/sbin/prelink: /usr/bin/md5sum: Could not find variable copy reloc is against
    /usr/sbin/prelink: /usr/bin/md5sum: Could not find variable copy reloc is against
    /usr/bin/md5sum [ BAD ]
    /usr/bin/passwd [ OK ]
    /usr/bin/pstree [ OK ]
    /usr/sbin/prelink: /usr/bin/sha1sum: Could not find variable copy reloc is against
    /usr/bin/sha1sum [ OK ]
    /usr/sbin/prelink: /usr/bin/size: Could not find variable copy reloc is against
    /usr/sbin/prelink: /usr/bin/size: Could not find variable copy reloc is against
    /usr/bin/size [ BAD ]
    /usr/sbin/prelink: /usr/bin/slocate: Could not find variable copy reloc is against
    /usr/bin/slocate [ OK ]
    /usr/sbin/prelink: /usr/bin/strace: Could not find variable copy reloc is against
    /usr/sbin/prelink: /usr/bin/strace: Could not find variable copy reloc is against
    /usr/bin/strace [ BAD ]
    /usr/sbin/prelink: /usr/bin/strings: Could not find variable copy reloc is against
    /usr/bin/strings [ OK ]
    /usr/sbin/prelink: /usr/bin/test: Could not find variable copy reloc is against
    /usr/sbin/prelink: /usr/bin/test: Could not find variable copy reloc is against
    /usr/bin/test [ BAD ]
    /usr/sbin/prelink: /usr/bin/top: Could not find variable copy reloc is against
    /usr/bin/top [ BAD ]
    /usr/sbin/prelink: /usr/bin/w: Could not find variable copy reloc is against
    /usr/sbin/prelink: /usr/bin/w: Could not find variable copy reloc is against
    /usr/bin/w [ BAD ]
    /usr/bin/whereis [ OK ]
    /usr/bin/which [ OK ]
    /usr/sbin/prelink: /usr/bin/who: Could not find variable copy reloc is against
    /usr/bin/who [ OK ]
    /usr/sbin/chroot [ OK ]
    /usr/sbin/prelink: /usr/sbin/kudzu: Could not find variable copy reloc is against
    /usr/sbin/kudzu [ BAD ]
    /usr/sbin/useradd [ OK ]
    /usr/sbin/vipw [ OK ]
    /usr/sbin/xinetd [ OK ]

    and in the last

    MD5
    MD5 compared: 79
    Incorrect MD5 checksums: 21

    File scan
    Scanned files: 307
    Possible infected files: 0
    Possible rootkits:

    Scanning took 180 seconds


    Can You help Plz to tell why I get these [Bad] Like this

  2. #2
    Join Date
    Mar 2003
    Location
    California USA
    Posts
    13,294
    heres a long shot try this:

    /usr/sbin/prelink -avmR
    Steven Ciaburri | Industry's Best Server Management - Rack911.com
    Software Auditing - 400+ Vulnerabilities Found - Quote @ https://www.RACK911Labs.com
    Fully Managed Dedicated Servers (Las Vegas, New York City, & Amsterdam) (AS62710)
    FreeBSD & Linux Server Management, Security Auditing, Server Optimization, PCI Compliance

  3. #3

    after trying

    Originally posted by thelinuxguy
    heres a long shot try this:

    /usr/sbin/prelink: /usr/bin/gaim: Could not find variable copy reloc is against
    Prelinking /usr/sbin/pure-mrtginfo
    /usr/sbin/prelink: /usr/sbin/pure-mrtginfo: Not enough room to add .dynamic entry
    Prelinking /usr/sbin/portsentry
    /usr/sbin/prelink: /usr/sbin/portsentry: Not enough room to add .dynamic entry
    Prelinking /sbin/slattach
    Prelinking /usr/sbin/imapd
    /usr/sbin/prelink: /usr/sbin/imapd: Not enough room to add .dynamic entry
    Prelinking /usr/sbin/pure-authd
    /usr/sbin/prelink: /usr/sbin/pure-authd: Not enough room to add .dynamic entry
    Prelinking /usr/bin/pure-pw
    /usr/sbin/prelink: /usr/bin/pure-pw: Could not find variable copy reloc is against
    Prelinking /usr/sbin/pure-uploadscript
    /usr/sbin/prelink: /usr/sbin/pure-uploadscript: Not enough room to add .dynamic entry
    Prelinking /usr/bin/pure-statsdecode
    /usr/sbin/prelink: /usr/bin/pure-statsdecode: Not enough room to add .dynamic entry
    Prelinking /usr/bin/userpasswd
    /usr/sbin/prelink: /usr/bin/userpasswd: Could not find variable copy reloc is against
    Prelinking /sbin/route
    Prelinking /usr/bin/userinfo
    /usr/sbin/prelink: /usr/bin/userinfo: Could not find variable copy reloc is against
    Prelinking /usr/bin/gnome-panel-screenshot
    Prelinking /bin/hostname
    /usr/sbin/prelink: /bin/hostname: Could not find variable copy reloc is against
    Prelinking /usr/bin/testgtk
    /usr/sbin/prelink: /usr/bin/testgtk: Could not find variable copy reloc is against
    Prelinking /usr/lib/qt-3.1/bin/qtconfig
    /usr/sbin/prelink: /usr/lib/qt-3.1/bin/qtconfig: Could not find variable copy reloc is against
    Prelinking /usr/bin/pure-pwconvert
    /usr/sbin/prelink: /usr/bin/pure-pwconvert: Not enough room to add .dynamic entry
    Prelinking /usr/sbin/pure-ftpwho
    /usr/sbin/prelink: /usr/sbin/pure-ftpwho: Could not find variable copy reloc is against
    Prelinking /usr/bin/pam-panel-icon
    /usr/sbin/prelink: /usr/bin/pam-panel-icon: Could not find variable copy reloc is against
    Prelinking /usr/bin/oprof_start
    /usr/sbin/prelink: /usr/bin/oprof_start: Could not find variable copy reloc is against
    Prelinking /usr/libexec/notification-area-applet
    /usr/sbin/prelink: /usr/libexec/notification-area-applet: Could not find variable copy reloc is against
    Prelinking /usr/sbin/pure-quotacheck
    /usr/sbin/prelink: /usr/sbin/pure-quotacheck: Could not find variable copy reloc is against
    Prelinking /usr/sbin/pure-ftpd
    /usr/sbin/prelink: /usr/sbin/pure-ftpd: Could not find variable copy reloc is against
    Prelinking /usr/bin/gnome-desktop-item-edit
    /usr/sbin/prelink: /usr/bin/gnome-desktop-item-edit: Could not find variable copy reloc is against
    Prelinking /usr/bin/gnome-panel
    /usr/sbin/prelink: /usr/bin/gnome-panel: Could not find variable copy reloc is against
    Prelinking /usr/bin/emacs-21.3
    /usr/sbin/prelink: /usr/bin/emacs-21.3: COPY relocations don't point into .bss or .sbss section
    Prelinking /usr/bin/consolehelper-gtk
    /usr/sbin/prelink: /usr/bin/consolehelper-gtk: Could not find variable copy reloc is against

  4. #4
    Join Date
    Mar 2003
    Location
    California USA
    Posts
    13,294
    cat /etc/prelink.conf
    Steven Ciaburri | Industry's Best Server Management - Rack911.com
    Software Auditing - 400+ Vulnerabilities Found - Quote @ https://www.RACK911Labs.com
    Fully Managed Dedicated Servers (Las Vegas, New York City, & Amsterdam) (AS62710)
    FreeBSD & Linux Server Management, Security Auditing, Server Optimization, PCI Compliance

  5. #5
    # This config file contains a list of directories both with binaries
    # and libraries prelink should consider by default.
    # If a directory name is prefixed with `-l ', the directory hierarchy
    # will be walked as long as filesystem boundaries are not crossed.
    # If a directory name is prefixed with `-h ', symbolic links in a
    # directory hierarchy are followed.
    -l /bin
    -l /usr/bin
    -l /sbin
    -l /usr/sbin
    -l /usr/X11R6/bin
    -l /usr/kerberos/bin
    -l /usr/games
    -l /usr/libexec
    -l /var/ftp/bin
    -l /lib
    -l /usr/lib
    -l /usr/X11R6/lib
    -l /usr/kerberos/lib
    -l /usr/X11R6/LessTif
    -l /var/ftp/lib
    -l /lib64
    -l /usr/lib64
    -l /usr/X11R6/lib64
    -l /usr/kerberos/lib64
    -l /var/ftp/lib64

  6. #6
    Join Date
    Mar 2003
    Location
    California USA
    Posts
    13,294
    try to run

    /bin/hostname
    does it return an error? Did you run up2date or yum?
    Steven Ciaburri | Industry's Best Server Management - Rack911.com
    Software Auditing - 400+ Vulnerabilities Found - Quote @ https://www.RACK911Labs.com
    Fully Managed Dedicated Servers (Las Vegas, New York City, & Amsterdam) (AS62710)
    FreeBSD & Linux Server Management, Security Auditing, Server Optimization, PCI Compliance

  7. #7
    I don't get any error when I run hostname
    I get my host name

    I run yum - update

    I did the folowing

    # cp /etc/yum.conf /etc/yum.conf.original

    # cat /etc/yum.conf.original | sed 's/$releasever/2/g'
    > /etc/yum.conf

    # yum upgrade

    any Help Plz

  8. #8
    Join Date
    Mar 2003
    Location
    California USA
    Posts
    13,294
    Looks like you have a problem with your coreutils package try reinstalling that package
    Steven Ciaburri | Industry's Best Server Management - Rack911.com
    Software Auditing - 400+ Vulnerabilities Found - Quote @ https://www.RACK911Labs.com
    Fully Managed Dedicated Servers (Las Vegas, New York City, & Amsterdam) (AS62710)
    FreeBSD & Linux Server Management, Security Auditing, Server Optimization, PCI Compliance

  9. #9
    I reinstall coreutils package and still get the same error in rootkithunter

  10. #10
    Join Date
    Dec 2003
    Location
    Brisbane, Queensland, Australia
    Posts
    547
    Try updating the kernel and see if that helps.

  11. #11
    Join Date
    Jun 2003
    Posts
    961
    "Not enough room to add .dynamic entry"

    This means XYZ was not built with recent binutils
    (there are no spare .dynamic section entries which prelink needs ). Not only XYZ has to be built under a newer binutils but all libs linked in have to be as well.

    Try to reinstall the packages and libs in question.

  12. #12
    I solve rootkithunter by yum upgrade

    But I face another problem Now
    that yum upgrade install 1112 Packages in my server

    most of it is unnecessary Like X windows and Gimp and more

    and yum install a new Kernel 2.6.2 in lilo

    So that is a big problem Now

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •