cmd: autopkgtest --apt-upgrade --output-dir=artifact-dir --summary=artifact-dir/summary --no-built-binaries --needs-internet=run --copy=/etc/resolv.conf:/etc/resolv.conf /tmp/debusine-fetch-exec-upload-l896xugr/chkrootkit-dbgsym_0.58b-4_i386.deb /tmp/debusine-fetch-exec-upload-l896xugr/chkrootkit_0.58b-4_i386.deb /tmp/debusine-fetch-exec-upload-l896xugr/chkrootkit_0.58b-4.dsc -- unshare --arch i386 --release sid --tarball /var/lib/debusine/worker/system-images/1225958/system.tar.xz
output (contains stdout and stderr):
autopkgtest [08:46:16]: starting date and time: 2025-01-28 08:46:16+0000
autopkgtest [08:46:16]: version 5.38~bpo12+1
autopkgtest [08:46:16]: host debusine-worker-amd64-hades-01; command line: /usr/bin/autopkgtest --apt-upgrade --output-dir=artifact-dir --summary=artifact-dir/summary --no-built-binaries --needs-internet=run --copy=/etc/resolv.conf:/etc/resolv.conf /tmp/debusine-fetch-exec-upload-l896xugr/chkrootkit-dbgsym_0.58b-4_i386.deb /tmp/debusine-fetch-exec-upload-l896xugr/chkrootkit_0.58b-4_i386.deb /tmp/debusine-fetch-exec-upload-l896xugr/chkrootkit_0.58b-4.dsc -- unshare --arch i386 --release sid --tarball /var/lib/debusine/worker/system-images/1225958/system.tar.xz
autopkgtest [08:46:20]: testbed dpkg architecture: i386
autopkgtest [08:46:20]: testbed apt version: 2.9.25
autopkgtest [08:46:20]: @@@@@@@@@@@@@@@@@@@@ test bed setup
Get:1 http://deb.debian.org/debian sid InRelease [205 kB]
Get:2 http://deb.debian.org/debian sid/main i386 Packages [9794 kB]
Get:3 http://deb.debian.org/debian sid/main Translation-en [7345 kB]
Get:4 http://deb.debian.org/debian sid/main i386 Components [4610 kB]
Fetched 22.0 MB in 3s (8126 kB/s)
Reading package lists...
Reading package lists...
Building dependency tree...
Reading state information...
Calculating upgrade...
The following packages will be upgraded:
binutils binutils-common binutils-gold binutils-gold-i686-linux-gnu
binutils-i686-linux-gnu gcc-14-base libatomic1 libbinutils libctf-nobfd0
libctf0 libgcc-s1 libgomp1 libgprofng0 libselinux1 libsemanage-common
libsemanage2 libsframe1 libstdc++6
18 upgraded, 0 newly installed, 0 to remove and 0 not upgraded.
Need to get 8373 kB of archives.
After this operation, 891 kB of additional disk space will be used.
Get:1 http://deb.debian.org/debian sid/main i386 libatomic1 i386 14.2.0-15 [7648 B]
Get:2 http://deb.debian.org/debian sid/main i386 gcc-14-base i386 14.2.0-15 [48.8 kB]
Get:3 http://deb.debian.org/debian sid/main i386 libstdc++6 i386 14.2.0-15 [765 kB]
Get:4 http://deb.debian.org/debian sid/main i386 libgomp1 i386 14.2.0-15 [138 kB]
Get:5 http://deb.debian.org/debian sid/main i386 libgcc-s1 i386 14.2.0-15 [88.2 kB]
Get:6 http://deb.debian.org/debian sid/main i386 libselinux1 i386 3.7-3.1 [80.4 kB]
Get:7 http://deb.debian.org/debian sid/main i386 libgprofng0 i386 2.43.90.20250127-1 [847 kB]
Get:8 http://deb.debian.org/debian sid/main i386 libctf0 i386 2.43.90.20250127-1 [94.3 kB]
Get:9 http://deb.debian.org/debian sid/main i386 libctf-nobfd0 i386 2.43.90.20250127-1 [159 kB]
Get:10 http://deb.debian.org/debian sid/main i386 binutils-gold i386 2.43.90.20250127-1 [202 kB]
Get:11 http://deb.debian.org/debian sid/main i386 binutils-i686-linux-gnu i386 2.43.90.20250127-1 [1076 kB]
Get:12 http://deb.debian.org/debian sid/main i386 libbinutils i386 2.43.90.20250127-1 [594 kB]
Get:13 http://deb.debian.org/debian sid/main i386 binutils-common i386 2.43.90.20250127-1 [2533 kB]
Get:14 http://deb.debian.org/debian sid/main i386 binutils i386 2.43.90.20250127-1 [269 kB]
Get:15 http://deb.debian.org/debian sid/main i386 binutils-gold-i686-linux-gnu i386 2.43.90.20250127-1 [1287 kB]
Get:16 http://deb.debian.org/debian sid/main i386 libsframe1 i386 2.43.90.20250127-1 [78.1 kB]
Get:17 http://deb.debian.org/debian sid/main i386 libsemanage-common all 3.7-2.1 [7208 B]
Get:18 http://deb.debian.org/debian sid/main i386 libsemanage2 i386 3.7-2.1 [98.7 kB]
Fetched 8373 kB in 0s (66.1 MB/s)
(Reading database ...
(Reading database ... 5%
(Reading database ... 10%
(Reading database ... 15%
(Reading database ... 20%
(Reading database ... 25%
(Reading database ... 30%
(Reading database ... 35%
(Reading database ... 40%
(Reading database ... 45%
(Reading database ... 50%
(Reading database ... 55%
(Reading database ... 60%
(Reading database ... 65%
(Reading database ... 70%
(Reading database ... 75%
(Reading database ... 80%
(Reading database ... 85%
(Reading database ... 90%
(Reading database ... 95%
(Reading database ... 100%
(Reading database ... 17054 files and directories currently installed.)
Preparing to unpack .../libatomic1_14.2.0-15_i386.deb ...
Unpacking libatomic1:i386 (14.2.0-15) over (14.2.0-14) ...
Preparing to unpack .../gcc-14-base_14.2.0-15_i386.deb ...
Unpacking gcc-14-base:i386 (14.2.0-15) over (14.2.0-14) ...
Setting up gcc-14-base:i386 (14.2.0-15) ...
(Reading database ...
(Reading database ... 5%
(Reading database ... 10%
(Reading database ... 15%
(Reading database ... 20%
(Reading database ... 25%
(Reading database ... 30%
(Reading database ... 35%
(Reading database ... 40%
(Reading database ... 45%
(Reading database ... 50%
(Reading database ... 55%
(Reading database ... 60%
(Reading database ... 65%
(Reading database ... 70%
(Reading database ... 75%
(Reading database ... 80%
(Reading database ... 85%
(Reading database ... 90%
(Reading database ... 95%
(Reading database ... 100%
(Reading database ... 17054 files and directories currently installed.)
Preparing to unpack .../libstdc++6_14.2.0-15_i386.deb ...
Unpacking libstdc++6:i386 (14.2.0-15) over (14.2.0-14) ...
Setting up libstdc++6:i386 (14.2.0-15) ...
(Reading database ...
(Reading database ... 5%
(Reading database ... 10%
(Reading database ... 15%
(Reading database ... 20%
(Reading database ... 25%
(Reading database ... 30%
(Reading database ... 35%
(Reading database ... 40%
(Reading database ... 45%
(Reading database ... 50%
(Reading database ... 55%
(Reading database ... 60%
(Reading database ... 65%
(Reading database ... 70%
(Reading database ... 75%
(Reading database ... 80%
(Reading database ... 85%
(Reading database ... 90%
(Reading database ... 95%
(Reading database ... 100%
(Reading database ... 17054 files and directories currently installed.)
Preparing to unpack .../libgomp1_14.2.0-15_i386.deb ...
Unpacking libgomp1:i386 (14.2.0-15) over (14.2.0-14) ...
Preparing to unpack .../libgcc-s1_14.2.0-15_i386.deb ...
Unpacking libgcc-s1:i386 (14.2.0-15) over (14.2.0-14) ...
Setting up libgcc-s1:i386 (14.2.0-15) ...
(Reading database ...
(Reading database ... 5%
(Reading database ... 10%
(Reading database ... 15%
(Reading database ... 20%
(Reading database ... 25%
(Reading database ... 30%
(Reading database ... 35%
(Reading database ... 40%
(Reading database ... 45%
(Reading database ... 50%
(Reading database ... 55%
(Reading database ... 60%
(Reading database ... 65%
(Reading database ... 70%
(Reading database ... 75%
(Reading database ... 80%
(Reading database ... 85%
(Reading database ... 90%
(Reading database ... 95%
(Reading database ... 100%
(Reading database ... 17054 files and directories currently installed.)
Preparing to unpack .../libselinux1_3.7-3.1_i386.deb ...
Unpacking libselinux1:i386 (3.7-3.1) over (3.7-3+b1) ...
Setting up libselinux1:i386 (3.7-3.1) ...
(Reading database ...
(Reading database ... 5%
(Reading database ... 10%
(Reading database ... 15%
(Reading database ... 20%
(Reading database ... 25%
(Reading database ... 30%
(Reading database ... 35%
(Reading database ... 40%
(Reading database ... 45%
(Reading database ... 50%
(Reading database ... 55%
(Reading database ... 60%
(Reading database ... 65%
(Reading database ... 70%
(Reading database ... 75%
(Reading database ... 80%
(Reading database ... 85%
(Reading database ... 90%
(Reading database ... 95%
(Reading database ... 100%
(Reading database ... 17053 files and directories currently installed.)
Preparing to unpack .../00-libgprofng0_2.43.90.20250127-1_i386.deb ...
Unpacking libgprofng0:i386 (2.43.90.20250127-1) over (2.43.90.20250122-2) ...
Preparing to unpack .../01-libctf0_2.43.90.20250127-1_i386.deb ...
Unpacking libctf0:i386 (2.43.90.20250127-1) over (2.43.90.20250122-2) ...
Preparing to unpack .../02-libctf-nobfd0_2.43.90.20250127-1_i386.deb ...
Unpacking libctf-nobfd0:i386 (2.43.90.20250127-1) over (2.43.90.20250122-2) ...
Preparing to unpack .../03-binutils-gold_2.43.90.20250127-1_i386.deb ...
Unpacking binutils-gold (2.43.90.20250127-1) over (2.43.90.20250121-2) ...
Preparing to unpack .../04-binutils-i686-linux-gnu_2.43.90.20250127-1_i386.deb ...
Unpacking binutils-i686-linux-gnu (2.43.90.20250127-1) over (2.43.90.20250122-2) ...
Preparing to unpack .../05-libbinutils_2.43.90.20250127-1_i386.deb ...
Unpacking libbinutils:i386 (2.43.90.20250127-1) over (2.43.90.20250122-2) ...
Preparing to unpack .../06-binutils-common_2.43.90.20250127-1_i386.deb ...
Unpacking binutils-common:i386 (2.43.90.20250127-1) over (2.43.90.20250122-2) ...
Preparing to unpack .../07-binutils_2.43.90.20250127-1_i386.deb ...
Unpacking binutils (2.43.90.20250127-1) over (2.43.90.20250122-2) ...
Preparing to unpack .../08-binutils-gold-i686-linux-gnu_2.43.90.20250127-1_i386.deb ...
Unpacking binutils-gold-i686-linux-gnu (2.43.90.20250127-1) over (2.43.90.20250121-2) ...
Preparing to unpack .../09-libsframe1_2.43.90.20250127-1_i386.deb ...
Unpacking libsframe1:i386 (2.43.90.20250127-1) over (2.43.90.20250122-2) ...
Preparing to unpack .../10-libsemanage-common_3.7-2.1_all.deb ...
Unpacking libsemanage-common (3.7-2.1) over (3.7-2) ...
Preparing to unpack .../11-libsemanage2_3.7-2.1_i386.deb ...
Unpacking libsemanage2:i386 (3.7-2.1) over (3.7-2+b1) ...
Setting up binutils-gold-i686-linux-gnu (2.43.90.20250127-1) ...
Setting up binutils-common:i386 (2.43.90.20250127-1) ...
Setting up libctf-nobfd0:i386 (2.43.90.20250127-1) ...
Setting up libgomp1:i386 (14.2.0-15) ...
Setting up libsemanage-common (3.7-2.1) ...
Setting up libsframe1:i386 (2.43.90.20250127-1) ...
Setting up libatomic1:i386 (14.2.0-15) ...
Setting up libsemanage2:i386 (3.7-2.1) ...
Setting up libbinutils:i386 (2.43.90.20250127-1) ...
Setting up libctf0:i386 (2.43.90.20250127-1) ...
Setting up binutils-gold (2.43.90.20250127-1) ...
Setting up binutils-i686-linux-gnu (2.43.90.20250127-1) ...
Setting up libgprofng0:i386 (2.43.90.20250127-1) ...
Setting up binutils (2.43.90.20250127-1) ...
Processing triggers for libc-bin (2.40-6) ...
Processing triggers for man-db (2.13.0-1) ...
Reading package lists...
Building dependency tree...
Reading state information...
0 upgraded, 0 newly installed, 0 to remove and 0 not upgraded.
autopkgtest [08:46:29]: testbed running kernel: Linux 6.1.0-29-amd64 #1 SMP PREEMPT_DYNAMIC Debian 6.1.123-1 (2025-01-02)
autopkgtest [08:46:30]: @@@@@@@@@@@@@@@@@@@@ source /tmp/debusine-fetch-exec-upload-l896xugr/chkrootkit_0.58b-4.dsc
dpkg-source: warning: extracting unsigned source package (/tmp/autopkgtest.agxPFS/chkrootkit_0.58b-4.dsc)
dpkg-source: info: extracting chkrootkit in src
dpkg-source: info: unpacking chkrootkit_0.58b.orig.tar.gz
dpkg-source: info: unpacking chkrootkit_0.58b-4.debian.tar.xz
dpkg-source: info: using patch list from debian/patches/series
dpkg-source: info: applying 11_logpath.patch
dpkg-source: info: applying 01_nostrip.patch
dpkg-source: info: applying Makefile-flags.patch
dpkg-source: info: applying chkdirs.patch
dpkg-source: info: applying chklastlog.patch
dpkg-source: info: applying chkproc.patch
dpkg-source: info: applying chkutmp.patch
dpkg-source: info: applying chkwtmp.patch
dpkg-source: info: applying check_wtmpx-do-not-silently-do-nothing-on-unsupported-pla.patch
dpkg-source: info: applying ifpromisc.patch
dpkg-source: info: applying strings.patch
dpkg-source: info: applying check_if_debian.patch
dpkg-source: info: applying check_php.patch
dpkg-source: info: applying README.patch
dpkg-source: info: applying chkrootkit-top-level.patch
dpkg-source: info: applying chkrootkit-w55808.patch
dpkg-source: info: applying chkrootkit-OSX_RSPLUG.patch
dpkg-source: info: applying chkrootkit-slapper.patch
dpkg-source: info: applying chkrootkit-scalper.patch
dpkg-source: info: applying chkrootkit-asp.patch
dpkg-source: info: applying chkrootkit-sniffer.patch
dpkg-source: info: applying chkrootkit-chkutmp.patch
dpkg-source: info: applying chkrootkit-z2.patch
dpkg-source: info: applying chkrootkit-wted.patch
dpkg-source: info: applying chkrootkit-bindshell.patch
dpkg-source: info: applying chkrootkit-lkm.patch
dpkg-source: info: applying chkrootkit-helper-functions-for-reporting-results.patch
dpkg-source: info: applying chkrootkit-lookfor-rootkit.patch
dpkg-source: info: applying chkrootkit-aliens.patch
dpkg-source: info: applying chkrootkit-chk_chfn.patch
dpkg-source: info: applying chkrootkit-chk_chsh.patch
dpkg-source: info: applying chkrootkit-chk_login.patch
dpkg-source: info: applying chkrootkit-chk_passwd.patch
dpkg-source: info: applying chkrootkit-chk_inetd.patch
dpkg-source: info: applying chkrootkit-chk_syslog.patch
dpkg-source: info: applying chkrootkit-chk_hdparm.patch
dpkg-source: info: applying chkrootkit-chk_gpm.patch
dpkg-source: info: applying chkrootkit-chk_mingetty.patch
dpkg-source: info: applying chkrootkit-chk_sendmail.patch
dpkg-source: info: applying chkrootkit-chk_ls.patch
dpkg-source: info: applying chkrootkit-chk_du.patch
dpkg-source: info: applying chkrootkit-chk_named.patch
dpkg-source: info: applying chkrootkit-chk_netstat.patch
dpkg-source: info: applying chkrootkit-chk_ps.patch
dpkg-source: info: applying chkrootkit-chk_pstree.patch
dpkg-source: info: applying chkrootkit-chk_crontab.patch
dpkg-source: info: applying chkrootkit-chk_top.patch
dpkg-source: info: applying chkrootkit-chk_pidof.patch
dpkg-source: info: applying chkrootkit-chk_killall.patch
dpkg-source: info: applying chkrootkit-chk_ldsopreload.patch
dpkg-source: info: applying chkrootkit-chk_basename.patch
dpkg-source: info: applying chkrootkit-chk_dirname.patch
dpkg-source: info: applying chkrootkit-chk_traceroute.patch
dpkg-source: info: applying chkrootkit-chk_rpcinfo.patch
dpkg-source: info: applying chkrootkit-chk_date.patch
dpkg-source: info: applying chkrootkit-chk_echo.patch
dpkg-source: info: applying chkrootkit-chk_env.patch
dpkg-source: info: applying chkrootkit-chk_timed.patch
dpkg-source: info: applying chkrootkit-chk_identd.patch
dpkg-source: info: applying chkrootkit-chk_init.patch
dpkg-source: info: applying chkrootkit-chk_pop2.patch
dpkg-source: info: applying chkrootkit-chk_pop3.patch
dpkg-source: info: applying chkrootkit-chk_write.patch
dpkg-source: info: applying chkrootkit-chk_w.patch
dpkg-source: info: applying chkrootkit-chk_vdir.patch
dpkg-source: info: applying chkrootkit-chk_tar.patch
dpkg-source: info: applying chkrootkit-rexedcs.patch
dpkg-source: info: applying chkrootkit-chk_mail.patch
dpkg-source: info: applying chkrootkit-chk_biff.patch
dpkg-source: info: applying chkrootkit-chk_egrep.patch
dpkg-source: info: applying chkrootkit-chk_grep.patch
dpkg-source: info: applying chkrootkit-chk_find.patch
dpkg-source: info: applying chkrootkit-chk_rlogind.patch
dpkg-source: info: applying chkrootkit-chk_lsof.patch
dpkg-source: info: applying chkrootkit-chk_amd.patch
dpkg-source: info: applying chkrootkit-chk_slogin.patch
dpkg-source: info: applying chkrootkit-chk_cron.patch
dpkg-source: info: applying chkrootkit-chk_ifconfig.patch
dpkg-source: info: applying chkrootkit-chk_rshd.patch
dpkg-source: info: applying chkrootkit-chk_tcpdump.patch
dpkg-source: info: applying chkrootkit-chk_tcpd.patch
dpkg-source: info: applying chkrootkit-chk_sshd.patch
dpkg-source: info: applying chkrootkit-chk_su.patch
dpkg-source: info: applying chkrootkit-chk_fingerd.patch
dpkg-source: info: applying chkrootkit-chk_inetdconf.patch
dpkg-source: info: applying chkrootkit-chk_telnetd.patch
dpkg-source: info: applying chkrootkit-printn.patch
dpkg-source: info: applying chkrootkit-Debian-cd.patch
autopkgtest [08:46:31]: testing package chkrootkit version 0.58b-4
autopkgtest [08:46:31]: build not needed
autopkgtest [08:46:31]: test command1: preparing testbed
Reading package lists...
Building dependency tree...
Reading state information...
The following NEW packages will be installed:
apt-utils
0 upgraded, 1 newly installed, 0 to remove and 0 not upgraded.
Need to get 341 kB of archives.
After this operation, 1096 kB of additional disk space will be used.
Get:1 http://deb.debian.org/debian sid/main i386 apt-utils i386 2.9.25 [341 kB]
Fetched 341 kB in 0s (9725 kB/s)
Selecting previously unselected package apt-utils.
(Reading database ...
(Reading database ... 5%
(Reading database ... 10%
(Reading database ... 15%
(Reading database ... 20%
(Reading database ... 25%
(Reading database ... 30%
(Reading database ... 35%
(Reading database ... 40%
(Reading database ... 45%
(Reading database ... 50%
(Reading database ... 55%
(Reading database ... 60%
(Reading database ... 65%
(Reading database ... 70%
(Reading database ... 75%
(Reading database ... 80%
(Reading database ... 85%
(Reading database ... 90%
(Reading database ... 95%
(Reading database ... 100%
(Reading database ... 17065 files and directories currently installed.)
Preparing to unpack .../apt-utils_2.9.25_i386.deb ...
Unpacking apt-utils (2.9.25) ...
Setting up apt-utils (2.9.25) ...
Processing triggers for man-db (2.13.0-1) ...
Ign:1 file:/tmp/autopkgtest.agxPFS/binaries InRelease
Get:2 file:/tmp/autopkgtest.agxPFS/binaries Release [816 B]
Get:2 file:/tmp/autopkgtest.agxPFS/binaries Release [816 B]
Ign:3 file:/tmp/autopkgtest.agxPFS/binaries Release.gpg
Get:4 file:/tmp/autopkgtest.agxPFS/binaries Packages [3034 B]
Reading package lists...
Reading package lists...
Building dependency tree...
Reading state information...
Starting pkgProblemResolver with broken count: 0
Starting 2 pkgProblemResolver with broken count: 0
Done
The following NEW packages will be installed:
chkrootkit iproute2 isc-dhcp-server libbpf1 libcap2-bin libelf1t64 libmnl0
libtirpc-common libtirpc3t64 libxtables12 net-tools
0 upgraded, 11 newly installed, 0 to remove and 0 not upgraded.
Need to get 3526 kB/3850 kB of archives.
After this operation, 15.8 MB of additional disk space will be used.
Get:1 file:/tmp/autopkgtest.agxPFS/binaries chkrootkit 0.58b-4 [324 kB]
Get:2 http://deb.debian.org/debian sid/main i386 libelf1t64 i386 0.192-4 [195 kB]
Get:3 http://deb.debian.org/debian sid/main i386 libbpf1 i386 1:1.5.0-2 [184 kB]
Get:4 http://deb.debian.org/debian sid/main i386 libmnl0 i386 1.0.5-3 [12.3 kB]
Get:5 http://deb.debian.org/debian sid/main i386 libtirpc-common all 1.3.4+ds-1.3 [10.9 kB]
Get:6 http://deb.debian.org/debian sid/main i386 libtirpc3t64 i386 1.3.4+ds-1.3+b1 [90.5 kB]
Get:7 http://deb.debian.org/debian sid/main i386 libxtables12 i386 1.8.11-2 [34.0 kB]
Get:8 http://deb.debian.org/debian sid/main i386 libcap2-bin i386 1:2.66-5+b1 [35.2 kB]
Get:9 http://deb.debian.org/debian sid/main i386 iproute2 i386 6.13.0-1 [1152 kB]
Get:10 http://deb.debian.org/debian sid/main i386 isc-dhcp-server i386 4.4.3-P1-5+b1 [1566 kB]
Get:11 http://deb.debian.org/debian sid/main i386 net-tools i386 2.10-1.1 [245 kB]
Preconfiguring packages ...
Fetched 3526 kB in 0s (13.8 MB/s)
Selecting previously unselected package libelf1t64:i386.
(Reading database ...
(Reading database ... 5%
(Reading database ... 10%
(Reading database ... 15%
(Reading database ... 20%
(Reading database ... 25%
(Reading database ... 30%
(Reading database ... 35%
(Reading database ... 40%
(Reading database ... 45%
(Reading database ... 50%
(Reading database ... 55%
(Reading database ... 60%
(Reading database ... 65%
(Reading database ... 70%
(Reading database ... 75%
(Reading database ... 80%
(Reading database ... 85%
(Reading database ... 90%
(Reading database ... 95%
(Reading database ... 100%
(Reading database ... 17147 files and directories currently installed.)
Preparing to unpack .../00-libelf1t64_0.192-4_i386.deb ...
Unpacking libelf1t64:i386 (0.192-4) ...
Selecting previously unselected package libbpf1:i386.
Preparing to unpack .../01-libbpf1_1%3a1.5.0-2_i386.deb ...
Unpacking libbpf1:i386 (1:1.5.0-2) ...
Selecting previously unselected package libmnl0:i386.
Preparing to unpack .../02-libmnl0_1.0.5-3_i386.deb ...
Unpacking libmnl0:i386 (1.0.5-3) ...
Selecting previously unselected package libtirpc-common.
Preparing to unpack .../03-libtirpc-common_1.3.4+ds-1.3_all.deb ...
Unpacking libtirpc-common (1.3.4+ds-1.3) ...
Selecting previously unselected package libtirpc3t64:i386.
Preparing to unpack .../04-libtirpc3t64_1.3.4+ds-1.3+b1_i386.deb ...
Adding 'diversion of /lib/i386-linux-gnu/libtirpc.so.3 to /lib/i386-linux-gnu/libtirpc.so.3.usr-is-merged by libtirpc3t64'
Adding 'diversion of /lib/i386-linux-gnu/libtirpc.so.3.0.0 to /lib/i386-linux-gnu/libtirpc.so.3.0.0.usr-is-merged by libtirpc3t64'
Unpacking libtirpc3t64:i386 (1.3.4+ds-1.3+b1) ...
Selecting previously unselected package libxtables12:i386.
Preparing to unpack .../05-libxtables12_1.8.11-2_i386.deb ...
Unpacking libxtables12:i386 (1.8.11-2) ...
Selecting previously unselected package libcap2-bin.
Preparing to unpack .../06-libcap2-bin_1%3a2.66-5+b1_i386.deb ...
Unpacking libcap2-bin (1:2.66-5+b1) ...
Selecting previously unselected package iproute2.
Preparing to unpack .../07-iproute2_6.13.0-1_i386.deb ...
Unpacking iproute2 (6.13.0-1) ...
Selecting previously unselected package chkrootkit.
Preparing to unpack .../08-chkrootkit.deb ...
Unpacking chkrootkit (0.58b-4) ...
Selecting previously unselected package isc-dhcp-server.
Preparing to unpack .../09-isc-dhcp-server_4.4.3-P1-5+b1_i386.deb ...
Unpacking isc-dhcp-server (4.4.3-P1-5+b1) ...
Selecting previously unselected package net-tools.
Preparing to unpack .../10-net-tools_2.10-1.1_i386.deb ...
Unpacking net-tools (2.10-1.1) ...
Setting up net-tools (2.10-1.1) ...
Setting up libtirpc-common (1.3.4+ds-1.3) ...
Setting up isc-dhcp-server (4.4.3-P1-5+b1) ...
Generating /etc/default/isc-dhcp-server...
invoke-rc.d: could not determine current runlevel
invoke-rc.d: WARNING: No init system and policy-rc.d missing! Defaulting to block.
Setting up libelf1t64:i386 (0.192-4) ...
Setting up libcap2-bin (1:2.66-5+b1) ...
Setting up chkrootkit (0.58b-4) ...
Setting up libmnl0:i386 (1.0.5-3) ...
Setting up libxtables12:i386 (1.8.11-2) ...
Setting up libbpf1:i386 (1:1.5.0-2) ...
Setting up libtirpc3t64:i386 (1.3.4+ds-1.3+b1) ...
Setting up iproute2 (6.13.0-1) ...
Processing triggers for man-db (2.13.0-1) ...
Processing triggers for libc-bin (2.40-6) ...
autopkgtest [08:46:37]: test command1: unshare --net debian/tests/test-chkrootkit
autopkgtest [08:46:37]: test command1: [-----------------------
copy: awk from /usr/bin/mawk to /tmp/clean
copy: cut from /usr/bin/cut to /tmp/clean
copy: echo from /usr/bin/echo to /tmp/clean
copy: grep from /usr/bin/grep to /tmp/clean
copy: find from /usr/bin/find to /tmp/clean
copy: head from /usr/bin/head to /tmp/clean
copy: id from /usr/bin/id to /tmp/clean
copy: ls from /usr/bin/ls to /tmp/clean
copy: ps from /usr/bin/ps to /tmp/clean
copy: sed from /usr/bin/sed to /tmp/clean
copy: strings from /usr/bin/i686-linux-gnu-strings to /tmp/clean
copy: uname from /usr/bin/uname to /tmp/clean
copy: ss from /usr/bin/ss to /tmp/clean
copy: netstat from /usr/bin/netstat to /tmp/clean
copy: dirname from /usr/bin/dirname to /tmp/clean
copy: xargs from /usr/bin/xargs to /tmp/clean
copy: dpkg-query from /usr/bin/dpkg-query to /tmp/clean
total 2044
drwxr-xr-x 2 root root 4096 Jan 28 08:46 .
drwxrwxrwt 5 root root 4096 Jan 28 08:46 ..
-rwxr-xr-x 1 root root 182100 Sep 12 21:55 awk
-rwxr-xr-x 1 root root 51112 Oct 23 13:08 cut
-rwxr-xr-x 1 root root 38760 Oct 23 13:08 dirname
-rwxr-xr-x 1 root root 186132 Jan 16 02:56 dpkg-query
-rwxr-xr-x 1 root root 38760 Oct 23 13:08 echo
-rwxr-xr-x 1 root root 260316 Aug 10 08:47 find
-rwxr-xr-x 1 root root 218680 Jan 4 2024 grep
-rwxr-xr-x 1 root root 55176 Oct 23 13:08 head
-rwxr-xr-x 1 root root 51112 Oct 23 13:08 id
-rwxr-xr-x 1 root root 166280 Oct 23 13:08 ls
-rwxr-xr-x 1 root root 156168 Apr 21 2024 netstat
-rwxr-xr-x 1 root root 145496 Dec 10 05:35 ps
-rwxr-xr-x 1 root root 133224 Jan 1 2024 sed
-rwxr-xr-x 1 root root 215032 Jan 24 11:03 ss
-rwxr-xr-x 1 root root 26556 Jan 27 10:12 strings
-rwxr-xr-x 1 root root 38760 Oct 23 13:08 uname
-rwxr-xr-x 1 root root 83576 Aug 10 08:47 xargs
* Running test-chkrootkit (from: /tmp/autopkgtest.agxPFS/build.Eux/src/debian/tests)...
** env
SHELL=/bin/bash
AUTOPKGTEST_NORMAL_USER=unshare
AUTOPKGTEST_TMP=/tmp/autopkgtest.agxPFS/autopkgtest_tmp
PWD=/tmp/autopkgtest.agxPFS/build.Eux/src
HOME=/root
ADTTMP=/tmp/autopkgtest.agxPFS/autopkgtest_tmp
LANG=C.UTF-8
AUTOPKGTEST_ARTIFACTS=/tmp/autopkgtest.agxPFS/command1-artifacts
USER=root
DEB_BUILD_OPTIONS=parallel=8
ADT_NORMAL_USER=unshare
SHLVL=1
ADT_ARTIFACTS=/tmp/autopkgtest.agxPFS/command1-artifacts
PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
MAIL=/var/mail/root
DEBIAN_FRONTEND=noninteractive
OLDPWD=/
_=/usr/bin/env
MY_BUILD_DIR=/tmp/autopkgtest.agxPFS
** other info
ls /var/run/utmp
ls: cannot access '/var/run/utmp': No such file or directory
ls /var/log/wtmp
-rw-rw-r-- 1 root utmp 0 Jan 27 09:01 /var/log/wtmp
ls /var/log/lastlog
-rw-rw-r-- 1 root utmp 0 Jan 27 09:01 /var/log/lastlog
* Setting up the testsuite
** README
The purpose of this tests is to check that the actual output is as we expect.
This tests that both chkrootkit (directly invoked) and its chkrootkit-daily
(systemd timer/cronjob) work with various combinations of options.
- Each test has a file listing regexps: each listed regexp must match
against the output or the test will fail: the 'fix' will often be
to update the .expected file
- (these are in debian/test/*.expected)
- Output not matched by any such regexp is listed (with some known
exceptions removed), but does not cause failure
- This testsuite is designed to run in a sbuild schroot or via the CI
pipeline on salsa.debian.org: you might need to adjust the
debian/test/*.expected files if running in some other way.
** Ensuring chkrootkit finds as much to test as we can
Making /usr/sbin/amd
Making /etc/amd.conf
Making /usr/sbin/biff
Making /etc/biff.conf
Making /usr/sbin/cron
Making /etc/cron.conf
Making /usr/sbin/crontab
Making /etc/crontab.conf
Making /usr/sbin/fingerd
Making /etc/fingerd.conf
Making /usr/sbin/in.fingerd
Making /etc/in.fingerd.conf
Making /usr/sbin/gpm
Making /etc/gpm.conf
Making /usr/sbin/hdparm
Making /etc/hdparm.conf
Making /usr/sbin/inetd
Making /etc/inetd.conf
Making /usr/sbin/in.identd
Making /etc/in.identd.conf
Making /usr/sbin/inetdconf
Making /etc/inetdconf.conf
Making /usr/sbin/init
Making /etc/init.conf
Making /usr/sbin/killall
Making /etc/killall.conf
Making /usr/sbin/lsof
Making /etc/lsof.conf
Making /usr/sbin/mail
Making /etc/mail.conf
Making /usr/sbin/mingetty
Making /etc/mingetty.conf
Making /usr/sbin/named
Making /etc/named.conf
Making /usr/sbin/in.pop2d
Making /etc/in.pop2d.conf
Making /usr/sbin/in.pop3d
Making /etc/in.pop3d.conf
Making /usr/sbin/write
Making /etc/write.conf
Making /usr/sbin/pstree
Making /etc/pstree.conf
Making /usr/sbin/rpcinfo
Making /etc/rpcinfo.conf
Making /usr/sbin/rlogind
Making /etc/rlogind.conf
Making /usr/sbin/in.rshd
Making /etc/in.rshd.conf
Making /usr/sbin/slogin
Making /etc/slogin.conf
Making /usr/sbin/sendmail
Making /etc/sendmail.conf
Making /usr/sbin/sshd
Making /etc/sshd.conf
Making /usr/sbin/syslogd
Making /etc/syslogd.conf
Making /usr/sbin/tcpd
Making /etc/tcpd.conf
Making /usr/sbin/tcpdump
Making /etc/tcpdump.conf
Making /usr/sbin/telnetd
Making /etc/telnetd.conf
Making /usr/sbin/timed
Making /etc/timed.conf
Making /usr/sbin/traceroute
Making /etc/traceroute.conf
MADE: /usr/sbin/amd /etc/amd.conf /usr/sbin/biff /etc/biff.conf /usr/sbin/cron /etc/cron.conf /usr/sbin/crontab /etc/crontab.conf /usr/sbin/fingerd /etc/fingerd.conf /usr/sbin/in.fingerd /etc/in.fingerd.conf /usr/sbin/gpm /etc/gpm.conf /usr/sbin/hdparm /etc/hdparm.conf /usr/sbin/inetd /etc/inetd.conf /usr/sbin/in.identd /etc/in.identd.conf /usr/sbin/inetdconf /etc/inetdconf.conf /usr/sbin/init /etc/init.conf /usr/sbin/killall /etc/killall.conf /usr/sbin/lsof /etc/lsof.conf /usr/sbin/mail /etc/mail.conf /usr/sbin/mingetty /etc/mingetty.conf /usr/sbin/named /etc/named.conf /usr/sbin/in.pop2d /etc/in.pop2d.conf /usr/sbin/in.pop3d /etc/in.pop3d.conf /usr/sbin/write /etc/write.conf /usr/sbin/pstree /etc/pstree.conf /usr/sbin/rpcinfo /etc/rpcinfo.conf /usr/sbin/rlogind /etc/rlogind.conf /usr/sbin/in.rshd /etc/in.rshd.conf /usr/sbin/slogin /etc/slogin.conf /usr/sbin/sendmail /etc/sendmail.conf /usr/sbin/sshd /etc/sshd.conf /usr/sbin/syslogd /etc/syslogd.conf /usr/sbin/tcpd /etc/tcpd.conf /usr/sbin/tcpdump /etc/tcpdump.conf /usr/sbin/telnetd /etc/telnetd.conf /usr/sbin/timed /etc/timed.conf /usr/sbin/traceroute /etc/traceroute.conf
MOVED to .orig: /usr/sbin/amd /etc/amd.conf /usr/sbin/biff /etc/biff.conf /usr/sbin/cron /etc/cron.conf /usr/sbin/crontab /etc/crontab.conf /usr/sbin/fingerd /etc/fingerd.conf /usr/sbin/in.fingerd /etc/in.fingerd.conf /usr/sbin/gpm /etc/gpm.conf /usr/sbin/hdparm /etc/hdparm.conf /usr/sbin/inetd /etc/inetd.conf /usr/sbin/in.identd /etc/in.identd.conf /usr/sbin/inetdconf /etc/inetdconf.conf /usr/sbin/init /etc/init.conf /usr/sbin/killall /etc/killall.conf /usr/sbin/lsof /etc/lsof.conf /usr/sbin/mail /etc/mail.conf /usr/sbin/mingetty /etc/mingetty.conf /usr/sbin/named /etc/named.conf /usr/sbin/in.pop2d /etc/in.pop2d.conf /usr/sbin/in.pop3d /etc/in.pop3d.conf /usr/sbin/write /etc/write.conf /usr/sbin/pstree /etc/pstree.conf /usr/sbin/rpcinfo /etc/rpcinfo.conf /usr/sbin/rlogind /etc/rlogind.conf /usr/sbin/in.rshd /etc/in.rshd.conf /usr/sbin/slogin /etc/slogin.conf /usr/sbin/sendmail /etc/sendmail.conf /usr/sbin/sshd /etc/sshd.conf /usr/sbin/syslogd /etc/syslogd.conf /usr/sbin/tcpd /etc/tcpd.conf /usr/sbin/tcpdump /etc/tcpdump.conf /usr/sbin/telnetd /etc/telnetd.conf /usr/sbin/timed /etc/timed.conf /usr/sbin/traceroute /etc/traceroute.conf
Done
Preserving existing /etc/chkrootkit/chkrootkit.conf as /etc/chkrootkit/chkrootkit.conf.orig
Preserving existing /etc/chkrootkit/chkrootkit.ignore as /etc/chkrootkit/chkrootkit.ignore.orig
* Testing: the main binary
** Testing: chkrootkit-0-full (/usr/sbin/chkrootkit) ...
*** Output
ROOTDIR is `/'
Checking `amd'... not infected
Checking `basename'... not infected
Checking `biff'... not infected
Checking `chfn'... not infected
Checking `chsh'... not infected
Checking `cron'... not infected
Checking `crontab'... not infected
Checking `date'... not infected
Checking `du'... not infected
Checking `dirname'... not infected
Checking `echo'... not infected
Checking `egrep'... not infected
Checking `env'... not infected
Checking `find'... not infected
Checking `fingerd'... not infected
Checking `gpm'... not infected
Checking `grep'... not infected
Checking `hdparm'... not infected
Checking `su'... not infected
Checking `ifconfig'... not infected
Checking `inetd'... not infected
Checking `inetdconf'... not infected
Checking `identd'... not infected
Checking `init'... not infected
Checking `killall'... not infected
Checking `ldsopreload'... not infected
Checking `login'... not infected
Checking `ls'... not infected
Checking `lsof'... not infected
Checking `mail'... not infected
Checking `mingetty'... not infected
Checking `netstat'... not infected
Checking `named'... not infected
Checking `passwd'... not infected
Checking `pidof'... not infected
Checking `pop2'... not infected
Checking `pop3'... not infected
Checking `ps'... not infected
Checking `pstree'... not infected
Checking `rpcinfo'... not infected
Checking `rlogind'... not infected
Checking `rshd'... not infected
Checking `slogin'... not infected
Checking `sendmail'... not infected
Checking `sshd'... not infected
Checking `syslogd'... not infected
Checking `tar'... not infected
Checking `tcpd'... not infected
Checking `tcpdump'... not infected
Checking `top'... not infected
Checking `telnetd'... not infected
Checking `timed'... not infected
Checking `traceroute'... not infected
Checking `vdir'... not infected
Checking `w'... not infected
Checking `write'... not infected
Checking `aliens'... started
Searching for suspicious files in /dev... not found
Searching for known suspicious directories... not found
Searching for known suspicious files... not found
Searching for sniffer's logs... not found
Searching for HiDrootkit rootkit... not found
Searching for t0rn rootkit... not found
Searching for t0rn v8 (or variation)... not found
Searching for Lion rootkit... not found
Searching for RSHA rootkit... not found
Searching for RH-Sharpe rootkit... not found
Searching for Ambient (ark) rootkit... not found
Searching for suspicious files and dirs... not found
Searching for LPD Worm... not found
Searching for Ramen Worm rootkit... not found
Searching for Maniac rootkit... not found
Searching for RK17 rootkit... not found
Searching for Ducoci rootkit... not found
Searching for Adore Worm... not found
Searching for ShitC Worm... not found
Searching for Omega Worm... not found
Searching for Sadmind/IIS Worm... not found
Searching for MonKit... not found
Searching for Showtee rootkit... not found
Searching for OpticKit... not found
Searching for T.R.K... not found
Searching for Mithra rootkit... not found
Searching for OBSD rootkit v1... not tested
Searching for LOC rootkit... not found
Searching for Romanian rootkit... not found
Searching for HKRK rootkit... not found
Searching for Suckit rootkit... not found
Searching for Volc rootkit... not found
Searching for Gold2 rootkit... not found
Searching for TC2 rootkit... not found
Searching for Anonoying rootkit... not found
Searching for ZK rootkit... not found
Searching for ShKit rootkit... not found
Searching for AjaKit rootkit... not found
Searching for zaRwT rootkit... not found
Searching for Madalin rootkit... not found
Searching for Fu rootkit... not found
Searching for Kenga3 rootkit... not found
Searching for ESRK rootkit... not found
Searching for rootedoor... not found
Searching for ENYELKM rootkit... not found
Searching for common ssh-scanners... not found
Searching for Linux/Ebury 1.4 - Operation Windigo... not tested
Searching for Linux/Ebury 1.6... not tested
Searching for 64-bit Linux Rootkit... not found
Searching for 64-bit Linux Rootkit modules... not found
Searching for Mumblehard... not found
Searching for Backdoor.Linux.Mokes.a... not found
Searching for Malicious TinyDNS... not found
Searching for Linux.Xor.DDoS... WARNING
WARNING: Possible Linux.Xor.DDoS installed:
/tmp/autopkgtest.agxPFS/wrapper.sh [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/check_php [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/debian/rules [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/debian/tests/test-chkrootkit [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/debian/tests/find-debs-that-are-enhanced [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/debian/chkrootkit-daily [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/check_if_debian [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-w55808.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-chk_sendmail.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-chk_lsof.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-chk_pidof.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-z2.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-chk_inetdconf.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-chkutmp.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-chk_w.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-chk_pop2.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-chk_killall.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-chk_pstree.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-chk_tcpd.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-chk_slogin.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-slapper.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-helper-functions-for-reporting-results.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-chk_mail.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-chk_chsh.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-chk_inetd.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-chk_date.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-chk_tar.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-chk_basename.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-aliens.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-rexedcs.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-chk_ls.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-chk_crontab.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-OSX_RSPLUG.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-chk_echo.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-chk_named.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-bindshell.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-chk_vdir.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-chk_amd.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-chk_tcpdump.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-chk_timed.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-chk_top.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-chk_netstat.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-chk_identd.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-chk_hdparm.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-chk_mingetty.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-chk_traceroute.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-chk_rshd.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-lkm.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-chk_env.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-printn.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-chk_telnetd.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-chk_rpcinfo.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-chk_biff.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-scalper.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-asp.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-chk_find.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-chk_rlogind.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-lookfor-rootkit.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-chk_pop3.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-chk_login.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-chk_grep.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-sniffer.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-chk_gpm.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-chk_ldsopreload.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-chk_syslog.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-chk_egrep.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-chk_sshd.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-Debian-cd.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-chk_passwd.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-chk_fingerd.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-chk_ps.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-chk_cron.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-wted.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-chk_du.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-chk_init.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-chk_ifconfig.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-chk_write.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-chk_dirname.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-chk_su.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-top-level.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-chk_chfn.patch/chkrootkit [Not from a Debian package]
/tmp/test-chkrootkit-false-positive [Not from a Debian package]
/tmp/clean/netstat [Not from a Debian package]
/tmp/clean/uname [Not from a Debian package]
/tmp/clean/dirname [Not from a Debian package]
/tmp/clean/xargs [Not from a Debian package]
/tmp/clean/grep [Not from a Debian package]
/tmp/clean/ss [Not from a Debian package]
/tmp/clean/ls [Not from a Debian package]
/tmp/clean/dpkg-query [Not from a Debian package]
/tmp/clean/head [Not from a Debian package]
/tmp/clean/id [Not from a Debian package]
/tmp/clean/awk [Not from a Debian package]
/tmp/clean/ps [Not from a Debian package]
/tmp/clean/echo [Not from a Debian package]
/tmp/clean/cut [Not from a Debian package]
/tmp/clean/strings [Not from a Debian package]
/tmp/clean/sed [Not from a Debian package]
/tmp/clean/find [Not from a Debian package]
Searching for Linux.Proxy.1.0... not found
Searching for CrossRAT... not found
Searching for Hidden Cobra... not found
Searching for Rocke Miner rootkit... not found
Searching for PWNLNX4 lkm rootkit... not found
Searching for PWNLNX6 lkm rootkit... not found
Searching for Umbreon lrk... not found
Searching for Kinsing.a backdoor rootkit... not found
Searching for RotaJakiro backdoor rootkit... not found
Searching for Syslogk LKM rootkit... not found
Searching for Kovid LKM rootkit... not tested
Searching for Tsunami DDoS Malware rootkit... not found
Searching for Linux BPF Door... not found
Searching for suspect PHP files... not found
Searching for zero-size shell history files in /root... not found
Searching for hardlinked shell history files in /root... not found
Checking `aliens'... finished
Checking `asp'... not infected
Checking `bindshell'... not found
Checking `lkm'... started
Searching for Adore LKM... not tested
Searching for sebek LKM (Adore based)... not tested
Searching for knark LKM rootkit... not found
Searching for for hidden processes with chkproc... not found
Searching for for hidden directories using chkdirs... not found
Checking `lkm'... finished
Checking `rexedcs'... not found
Checking `sniffer'... not found
Checking `w55808'... not found
Checking `wted'... not found
Checking `scalper'... not found
Checking `slapper'... not found
Checking `z2'... not found
Checking `chkutmp'... not tested
Checking `OSX_RSPLUG'... not tested
**** Files in log
total 8.0K
drwxr-xr-x 2 root root 4.0K Dec 18 23:50 .
drwxr-xr-x 4 root root 4.0K Jan 28 08:46 ..
*** Test of content of output follows...
**** Test for '^ROOTDIR is `/'$'
ROOTDIR is `/'
OK
**** Test for '^Checking `amd'\.\.\. not infected$'
Checking `amd'... not infected
OK
**** Test for '^Checking `basename'\.\.\. not infected$'
Checking `basename'... not infected
OK
**** Test for '^Checking `biff'\.\.\. not infected$'
Checking `biff'... not infected
OK
**** Test for '^Checking `chfn'\.\.\. not infected$'
Checking `chfn'... not infected
OK
**** Test for '^Checking `chsh'\.\.\. not infected$'
Checking `chsh'... not infected
OK
**** Test for '^Checking `cron'\.\.\. not infected$'
Checking `cron'... not infected
OK
**** Test for '^Checking `crontab'\.\.\. not infected$'
Checking `crontab'... not infected
OK
**** Test for '^Checking `date'\.\.\. not infected$'
Checking `date'... not infected
OK
**** Test for '^Checking `du'\.\.\. not infected$'
Checking `du'... not infected
OK
**** Test for '^Checking `dirname'\.\.\. not infected$'
Checking `dirname'... not infected
OK
**** Test for '^Checking `echo'\.\.\. not infected$'
Checking `echo'... not infected
OK
**** Test for '^Checking `egrep'\.\.\. not infected$'
Checking `egrep'... not infected
OK
**** Test for '^Checking `env'\.\.\. not infected$'
Checking `env'... not infected
OK
**** Test for '^Checking `find'\.\.\. not infected$'
Checking `find'... not infected
OK
**** Test for '^Checking `fingerd'\.\.\. not infected$'
Checking `fingerd'... not infected
OK
**** Test for '^Checking `gpm'\.\.\. not infected$'
Checking `gpm'... not infected
OK
**** Test for '^Checking `grep'\.\.\. not infected$'
Checking `grep'... not infected
OK
**** Test for '^Checking `hdparm'\.\.\. not infected$'
Checking `hdparm'... not infected
OK
**** Test for '^Checking `su'\.\.\. not infected$'
Checking `su'... not infected
OK
**** Test for '^Checking `ifconfig'\.\.\. not infected$'
Checking `ifconfig'... not infected
OK
**** Test for '^Checking `inetd'\.\.\. not infected$'
Checking `inetd'... not infected
OK
**** Test for '^Checking `inetdconf'\.\.\. not infected$'
Checking `inetdconf'... not infected
OK
**** Test for '^Checking `identd'\.\.\. not infected$'
Checking `identd'... not infected
OK
**** Test for '^Checking `init'\.\.\. not infected$'
Checking `init'... not infected
OK
**** Test for '^Checking `killall'\.\.\. not infected$'
Checking `killall'... not infected
OK
**** Test for '^Checking `ldsopreload'\.\.\. not infected$'
Checking `ldsopreload'... not infected
OK
**** Test for '^Checking `login'\.\.\. not infected$'
Checking `login'... not infected
OK
**** Test for '^Checking `ls'\.\.\. not infected$'
Checking `ls'... not infected
OK
**** Test for '^Checking `lsof'\.\.\. not infected$'
Checking `lsof'... not infected
OK
**** Test for '^Checking `mail'\.\.\. not infected$'
Checking `mail'... not infected
OK
**** Test for '^Checking `mingetty'\.\.\. not infected$'
Checking `mingetty'... not infected
OK
**** Test for '^Checking `netstat'\.\.\. not infected$'
Checking `netstat'... not infected
OK
**** Test for '^Checking `named'\.\.\. not infected$'
Checking `named'... not infected
OK
**** Test for '^Checking `passwd'\.\.\. not infected$'
Checking `passwd'... not infected
OK
**** Test for '^Checking `pidof'\.\.\. not infected$'
Checking `pidof'... not infected
OK
**** Test for '^Checking `pop2'\.\.\. not infected$'
Checking `pop2'... not infected
OK
**** Test for '^Checking `pop3'\.\.\. not infected$'
Checking `pop3'... not infected
OK
**** Test for '^Checking `ps'\.\.\. not infected$'
Checking `ps'... not infected
OK
**** Test for '^Checking `pstree'\.\.\. not infected$'
Checking `pstree'... not infected
OK
**** Test for '^Checking `rpcinfo'\.\.\. not infected$'
Checking `rpcinfo'... not infected
OK
**** Test for '^Checking `rlogind'\.\.\. not infected$'
Checking `rlogind'... not infected
OK
**** Test for '^Checking `rshd'\.\.\. not infected$'
Checking `rshd'... not infected
OK
**** Test for '^Checking `slogin'\.\.\. not infected$'
Checking `slogin'... not infected
OK
**** Test for '^Checking `sendmail'\.\.\. not infected$'
Checking `sendmail'... not infected
OK
**** Test for '^Checking `sshd'\.\.\. not infected$'
Checking `sshd'... not infected
OK
**** Test for '^Checking `syslogd'\.\.\. not infected$'
Checking `syslogd'... not infected
OK
**** Test for '^Checking `tar'\.\.\. not infected$'
Checking `tar'... not infected
OK
**** Test for '^Checking `tcpd'\.\.\. not infected$'
Checking `tcpd'... not infected
OK
**** Test for '^Checking `tcpdump'\.\.\. not infected$'
Checking `tcpdump'... not infected
OK
**** Test for '^Checking `top'\.\.\. not infected$'
Checking `top'... not infected
OK
**** Test for '^Checking `telnetd'\.\.\. not infected$'
Checking `telnetd'... not infected
OK
**** Test for '^Checking `timed'\.\.\. not infected$'
Checking `timed'... not infected
OK
**** Test for '^Checking `traceroute'\.\.\. not infected$'
Checking `traceroute'... not infected
OK
**** Test for '^Checking `vdir'\.\.\. not infected$'
Checking `vdir'... not infected
OK
**** Test for '^Checking `w'\.\.\. not infected$'
Checking `w'... not infected
OK
**** Test for '^Checking `write'\.\.\. not infected$'
Checking `write'... not infected
OK
**** Test for '^Checking `aliens'\.\.\. started$'
Checking `aliens'... started
OK
**** Test for '^Searching for suspicious files in /dev\.\.\. not found$'
Searching for suspicious files in /dev... not found
OK
**** Test for '^Searching for known suspicious directories\.\.\. not found$'
Searching for known suspicious directories... not found
OK
**** Test for '^Searching for known suspicious files\.\.\. not found$'
Searching for known suspicious files... not found
OK
**** Test for '^Searching for sniffer's logs\.\.\. not found$'
Searching for sniffer's logs... not found
OK
**** Test for '^Searching for HiDrootkit rootkit\.\.\. not found$'
Searching for HiDrootkit rootkit... not found
OK
**** Test for '^Searching for t0rn rootkit\.\.\. not found$'
Searching for t0rn rootkit... not found
OK
**** Test for '^Searching for t0rn v8 \(or variation\)\.\.\. not found$'
Searching for t0rn v8 (or variation)... not found
OK
**** Test for '^Searching for Lion rootkit\.\.\. not found$'
Searching for Lion rootkit... not found
OK
**** Test for '^Searching for RSHA rootkit\.\.\. not found$'
Searching for RSHA rootkit... not found
OK
**** Test for '^Searching for RH-Sharpe rootkit\.\.\. not found$'
Searching for RH-Sharpe rootkit... not found
OK
**** Test for '^Searching for Ambient \(ark\) rootkit\.\.\. not found$'
Searching for Ambient (ark) rootkit... not found
OK
**** Test for '^Searching for suspicious files and dirs\.\.\. not found$'
Searching for suspicious files and dirs... not found
OK
**** Test for '^Searching for LPD Worm\.\.\. not found$'
Searching for LPD Worm... not found
OK
**** Test for '^Searching for Ramen Worm rootkit\.\.\. not found$'
Searching for Ramen Worm rootkit... not found
OK
**** Test for '^Searching for Maniac rootkit\.\.\. not found$'
Searching for Maniac rootkit... not found
OK
**** Test for '^Searching for RK17 rootkit\.\.\. not found$'
Searching for RK17 rootkit... not found
OK
**** Test for '^Searching for Ducoci rootkit\.\.\. not found$'
Searching for Ducoci rootkit... not found
OK
**** Test for '^Searching for Adore Worm\.\.\. not found$'
Searching for Adore Worm... not found
OK
**** Test for '^Searching for ShitC Worm\.\.\. not found$'
Searching for ShitC Worm... not found
OK
**** Test for '^Searching for Omega Worm\.\.\. not found$'
Searching for Omega Worm... not found
OK
**** Test for '^Searching for Sadmind/IIS Worm\.\.\. not found$'
Searching for Sadmind/IIS Worm... not found
OK
**** Test for '^Searching for MonKit\.\.\. not found$'
Searching for MonKit... not found
OK
**** Test for '^Searching for Showtee rootkit\.\.\. not found$'
Searching for Showtee rootkit... not found
OK
**** Test for '^Searching for OpticKit\.\.\. not found$'
Searching for OpticKit... not found
OK
**** Test for '^Searching for T\.R\.K\.\.\. not found$'
Searching for T.R.K... not found
OK
**** Test for '^Searching for Mithra rootkit\.\.\. not found$'
Searching for Mithra rootkit... not found
OK
**** Test for '^Searching for OBSD rootkit v1\.\.\. not tested$'
Searching for OBSD rootkit v1... not tested
OK
**** Test for '^Searching for LOC rootkit\.\.\. not found$'
Searching for LOC rootkit... not found
OK
**** Test for '^Searching for Romanian rootkit\.\.\. not found$'
Searching for Romanian rootkit... not found
OK
**** Test for '^Searching for HKRK rootkit\.\.\. not found$'
Searching for HKRK rootkit... not found
OK
**** Test for '^Searching for Suckit rootkit\.\.\. not found$'
Searching for Suckit rootkit... not found
OK
**** Test for '^Searching for Volc rootkit\.\.\. not found$'
Searching for Volc rootkit... not found
OK
**** Test for '^Searching for Gold2 rootkit\.\.\. not found$'
Searching for Gold2 rootkit... not found
OK
**** Test for '^Searching for TC2 rootkit\.\.\. not found$'
Searching for TC2 rootkit... not found
OK
**** Test for '^Searching for Anonoying rootkit\.\.\. not found$'
Searching for Anonoying rootkit... not found
OK
**** Test for '^Searching for ZK rootkit\.\.\. not found$'
Searching for ZK rootkit... not found
OK
**** Test for '^Searching for ShKit rootkit\.\.\. not found$'
Searching for ShKit rootkit... not found
OK
**** Test for '^Searching for AjaKit rootkit\.\.\. not found$'
Searching for AjaKit rootkit... not found
OK
**** Test for '^Searching for zaRwT rootkit\.\.\. not found$'
Searching for zaRwT rootkit... not found
OK
**** Test for '^Searching for Madalin rootkit\.\.\. not found$'
Searching for Madalin rootkit... not found
OK
**** Test for '^Searching for Fu rootkit\.\.\. not found$'
Searching for Fu rootkit... not found
OK
**** Test for '^Searching for Kenga3 rootkit\.\.\. not found$'
Searching for Kenga3 rootkit... not found
OK
**** Test for '^Searching for ESRK rootkit\.\.\. not found$'
Searching for ESRK rootkit... not found
OK
**** Test for '^Searching for rootedoor\.\.\. not found$'
Searching for rootedoor... not found
OK
**** Test for '^Searching for ENYELKM rootkit\.\.\. not found$'
Searching for ENYELKM rootkit... not found
OK
**** Test for '^Searching for common ssh-scanners\.\.\. not found$'
Searching for common ssh-scanners... not found
OK
**** Test for '^Searching for Linux/Ebury 1\.4 - Operation Windigo\.\.\. (not found|not tested)$'
Searching for Linux/Ebury 1.4 - Operation Windigo... not tested
OK
**** Test for '^Searching for Linux/Ebury 1\.6\.\.\. (not found|not tested)$'
Searching for Linux/Ebury 1.6... not tested
OK
**** Test for '^Searching for 64-bit Linux Rootkit\.\.\. not found$'
Searching for 64-bit Linux Rootkit... not found
OK
**** Test for '^Searching for 64-bit Linux Rootkit modules\.\.\. not found$'
Searching for 64-bit Linux Rootkit modules... not found
OK
**** Test for '^Searching for Mumblehard\.\.\. not found$'
Searching for Mumblehard... not found
OK
**** Test for '^Searching for Backdoor\.Linux\.Mokes\.a\.\.\. not found$'
Searching for Backdoor.Linux.Mokes.a... not found
OK
**** Test for '^Searching for Malicious TinyDNS\.\.\. not found$'
Searching for Malicious TinyDNS... not found
OK
**** Test for '^Searching for Linux\.Xor\.DDoS\.\.\. WARNING$'
Searching for Linux.Xor.DDoS... WARNING
OK
**** Test for '^WARNING: Possible Linux\.Xor\.DDoS installed:$'
WARNING: Possible Linux.Xor.DDoS installed:
OK
**** Test for '^$'
OK
**** Test for '^/tmp/test-chkrootkit-false-positive \[Not from a Debian package\]$'
/tmp/test-chkrootkit-false-positive [Not from a Debian package]
OK
**** Test for '^/tmp/clean/.+$'
/tmp/clean/netstat [Not from a Debian package]
/tmp/clean/uname [Not from a Debian package]
/tmp/clean/dirname [Not from a Debian package]
/tmp/clean/xargs [Not from a Debian package]
/tmp/clean/grep [Not from a Debian package]
/tmp/clean/ss [Not from a Debian package]
/tmp/clean/ls [Not from a Debian package]
/tmp/clean/dpkg-query [Not from a Debian package]
/tmp/clean/head [Not from a Debian package]
/tmp/clean/id [Not from a Debian package]
/tmp/clean/awk [Not from a Debian package]
/tmp/clean/ps [Not from a Debian package]
/tmp/clean/echo [Not from a Debian package]
/tmp/clean/cut [Not from a Debian package]
/tmp/clean/strings [Not from a Debian package]
/tmp/clean/sed [Not from a Debian package]
/tmp/clean/find [Not from a Debian package]
OK
**** Test for '^Searching for Linux\.Proxy\.1\.0\.\.\. not found$'
Searching for Linux.Proxy.1.0... not found
OK
**** Test for '^Searching for CrossRAT\.\.\. not found$'
Searching for CrossRAT... not found
OK
**** Test for '^Searching for Hidden Cobra\.\.\. not found$'
Searching for Hidden Cobra... not found
OK
**** Test for '^Searching for Rocke Miner rootkit\.\.\. not found$'
Searching for Rocke Miner rootkit... not found
OK
**** Test for '^Searching for PWNLNX4 lkm rootkit\.\.\. not found$'
Searching for PWNLNX4 lkm rootkit... not found
OK
**** Test for '^Searching for PWNLNX6 lkm rootkit\.\.\. not found$'
Searching for PWNLNX6 lkm rootkit... not found
OK
**** Test for '^Searching for Umbreon lrk\.\.\. not found$'
Searching for Umbreon lrk... not found
OK
**** Test for '^Searching for Kinsing\.a backdoor rootkit\.\.\. not found$'
Searching for Kinsing.a backdoor rootkit... not found
OK
**** Test for '^Searching for RotaJakiro backdoor rootkit\.\.\. not found$'
Searching for RotaJakiro backdoor rootkit... not found
OK
**** Test for '^Searching for Syslogk LKM rootkit\.\.\. not found$'
Searching for Syslogk LKM rootkit... not found
OK
**** Test for '^Searching for Kovid LKM rootkit\.\.\. not tested$'
Searching for Kovid LKM rootkit... not tested
OK
**** Test for '^Searching for Tsunami DDoS Malware rootkit\.\.\. not found$'
Searching for Tsunami DDoS Malware rootkit... not found
OK
**** Test for '^Searching for Linux BPF Door\.\.\. not found$'
Searching for Linux BPF Door... not found
OK
**** Test for '^Searching for suspect PHP files\.\.\. not found$'
Searching for suspect PHP files... not found
OK
**** Test for '^Searching for zero-size shell history files in /root\.\.\. not found$'
Searching for zero-size shell history files in /root... not found
OK
**** Test for '^Searching for hardlinked shell history files in /root\.\.\. not found$'
Searching for hardlinked shell history files in /root... not found
OK
**** Test for '^Checking `aliens'\.\.\. finished$'
Checking `aliens'... finished
OK
**** Test for '^Checking `asp'\.\.\. not infected$'
Checking `asp'... not infected
OK
**** Test for '^Checking `bindshell'\.\.\. not found$'
Checking `bindshell'... not found
OK
**** Test for '^Checking `lkm'\.\.\. started$'
Checking `lkm'... started
OK
**** Test for '^Searching for Adore LKM\.\.\. not (tested|found)$'
Searching for Adore LKM... not tested
OK
**** Test for '^Searching for sebek LKM \(Adore based\)\.\.\. not (tested|found)$'
Searching for sebek LKM (Adore based)... not tested
OK
**** Test for '^Searching for knark LKM rootkit\.\.\. not found$'
Searching for knark LKM rootkit... not found
OK
**** Test for '^Checking `lkm'\.\.\. finished$'
Checking `lkm'... finished
OK
**** Test for '^Searching for for hidden processes with chkproc\.\.\. not found$'
Searching for for hidden processes with chkproc... not found
OK
**** Test for '^Searching for for hidden directories using chkdirs\.\.\.'
Searching for for hidden directories using chkdirs... not found
OK
**** Test for '^Checking `rexedcs'\.\.\. not found$'
Checking `rexedcs'... not found
OK
**** Test for '^Checking `sniffer'\.\.\. not found$'
Checking `sniffer'... not found
OK
**** Test for '^Checking `w55808'\.\.\. not found$'
Checking `w55808'... not found
OK
**** Test for '^Checking `wted'\.\.\. not (tested|found)$'
Checking `wted'... not found
OK
**** Test for '^Checking `scalper'\.\.\. not found$'
Checking `scalper'... not found
OK
**** Test for '^Checking `slapper'\.\.\. not found$'
Checking `slapper'... not found
OK
**** Test for '^Checking `z2'\.\.\. not (tested|found)$'
Checking `z2'... not found
OK
**** Test for '^Checking `chkutmp'\.\.\.'
Checking `chkutmp'... not tested
OK
**** Test for '^Checking `OSX_RSPLUG'\.\.\. not tested$'
Checking `OSX_RSPLUG'... not tested
OK
** PASS: Testing: chkrootkit-0-full (/usr/sbin/chkrootkit) done: PASS
** Testing: chkrootkit-1-full (/usr/sbin/chkrootkit) ...
*** Output
ROOTDIR is `/'
Checking `amd'... not infected
Checking `basename'... not infected
Checking `biff'... not infected
Checking `chfn'... not infected
Checking `chsh'... not infected
Checking `cron'... not infected
Checking `crontab'... not infected
Checking `date'... not infected
Checking `du'... not infected
Checking `dirname'... not infected
Checking `echo'... not infected
Checking `egrep'... not infected
Checking `env'... not infected
Checking `find'... not infected
Checking `fingerd'... not infected
Checking `gpm'... not infected
Checking `grep'... not infected
Checking `hdparm'... not infected
Checking `su'... not infected
Checking `ifconfig'... not infected
Checking `inetd'... not infected
Checking `inetdconf'... not infected
Checking `identd'... not infected
Checking `init'... not infected
Checking `killall'... not infected
Checking `ldsopreload'... not infected
Checking `login'... not infected
Checking `ls'... not infected
Checking `lsof'... not infected
Checking `mail'... not infected
Checking `mingetty'... not infected
Checking `netstat'... not infected
Checking `named'... not infected
Checking `passwd'... not infected
Checking `pidof'... not infected
Checking `pop2'... not infected
Checking `pop3'... not infected
Checking `ps'... not infected
Checking `pstree'... not infected
Checking `rpcinfo'... not infected
Checking `rlogind'... not infected
Checking `rshd'... not infected
Checking `slogin'... not infected
Checking `sendmail'... not infected
Checking `sshd'... not infected
Checking `syslogd'... not infected
Checking `tar'... not infected
Checking `tcpd'... not infected
Checking `tcpdump'... not infected
Checking `top'... not infected
Checking `telnetd'... not infected
Checking `timed'... not infected
Checking `traceroute'... not infected
Checking `vdir'... not infected
Checking `w'... not infected
Checking `write'... not infected
Checking `aliens'... started
Searching for suspicious files in /dev... not found
Searching for known suspicious directories... not found
Searching for known suspicious files... not found
Searching for sniffer's logs... not found
Searching for HiDrootkit rootkit... not found
Searching for t0rn rootkit... not found
Searching for t0rn v8 (or variation)... not found
Searching for Lion rootkit... not found
Searching for RSHA rootkit... not found
Searching for RH-Sharpe rootkit... not found
Searching for Ambient (ark) rootkit... not found
Searching for suspicious files and dirs... WARNING
WARNING: The following suspicious files and directories were found:
/usr/lib/.1 [Not from a Debian package]
/usr/lib/.DIR-aaa [Not from a Debian package]
/usr/lib/... [Not from a Debian package]
/usr/lib/.bbb [Not from a Debian package]
/usr/lib/...DIR [Not from a Debian package]
/usr/lib/.1DIR [Not from a Debian package]
/usr/lib/.aaa [Not from a Debian package]
Searching for LPD Worm... not found
Searching for Ramen Worm rootkit... not found
Searching for Maniac rootkit... not found
Searching for RK17 rootkit... not found
Searching for Ducoci rootkit... not found
Searching for Adore Worm... not found
Searching for ShitC Worm... not found
Searching for Omega Worm... not found
Searching for Sadmind/IIS Worm... not found
Searching for MonKit... not found
Searching for Showtee rootkit... not found
Searching for OpticKit... not found
Searching for T.R.K... not found
Searching for Mithra rootkit... not found
Searching for OBSD rootkit v1... not tested
Searching for LOC rootkit... not found
Searching for Romanian rootkit... not found
Searching for HKRK rootkit... not found
Searching for Suckit rootkit... not found
Searching for Volc rootkit... not found
Searching for Gold2 rootkit... not found
Searching for TC2 rootkit... not found
Searching for Anonoying rootkit... not found
Searching for ZK rootkit... not found
Searching for ShKit rootkit... not found
Searching for AjaKit rootkit... not found
Searching for zaRwT rootkit... not found
Searching for Madalin rootkit... not found
Searching for Fu rootkit... not found
Searching for Kenga3 rootkit... not found
Searching for ESRK rootkit... not found
Searching for rootedoor... not found
Searching for ENYELKM rootkit... not found
Searching for common ssh-scanners... not found
Searching for Linux/Ebury 1.4 - Operation Windigo... not tested
Searching for Linux/Ebury 1.6... not tested
Searching for 64-bit Linux Rootkit... not found
Searching for 64-bit Linux Rootkit modules... not found
Searching for Mumblehard... not found
Searching for Backdoor.Linux.Mokes.a... not found
Searching for Malicious TinyDNS... not found
Searching for Linux.Xor.DDoS... WARNING
WARNING: Possible Linux.Xor.DDoS installed:
/tmp/autopkgtest.agxPFS/wrapper.sh [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/check_php [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/debian/rules [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/debian/tests/test-chkrootkit [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/debian/tests/find-debs-that-are-enhanced [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/debian/chkrootkit-daily [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/check_if_debian [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-w55808.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-chk_sendmail.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-chk_lsof.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-chk_pidof.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-z2.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-chk_inetdconf.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-chkutmp.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-chk_w.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-chk_pop2.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-chk_killall.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-chk_pstree.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-chk_tcpd.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-chk_slogin.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-slapper.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-helper-functions-for-reporting-results.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-chk_mail.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-chk_chsh.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-chk_inetd.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-chk_date.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-chk_tar.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-chk_basename.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-aliens.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-rexedcs.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-chk_ls.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-chk_crontab.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-OSX_RSPLUG.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-chk_echo.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-chk_named.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-bindshell.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-chk_vdir.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-chk_amd.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-chk_tcpdump.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-chk_timed.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-chk_top.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-chk_netstat.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-chk_identd.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-chk_hdparm.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-chk_mingetty.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-chk_traceroute.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-chk_rshd.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-lkm.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-chk_env.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-printn.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-chk_telnetd.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-chk_rpcinfo.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-chk_biff.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-scalper.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-asp.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-chk_find.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-chk_rlogind.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-lookfor-rootkit.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-chk_pop3.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-chk_login.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-chk_grep.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-sniffer.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-chk_gpm.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-chk_ldsopreload.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-chk_syslog.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-chk_egrep.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-chk_sshd.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-Debian-cd.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-chk_passwd.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-chk_fingerd.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-chk_ps.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-chk_cron.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-wted.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-chk_du.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-chk_init.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-chk_ifconfig.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-chk_write.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-chk_dirname.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-chk_su.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-top-level.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-chk_chfn.patch/chkrootkit [Not from a Debian package]
/tmp/test-chkrootkit-false-positive [Not from a Debian package]
/tmp/clean/netstat [Not from a Debian package]
/tmp/clean/uname [Not from a Debian package]
/tmp/clean/dirname [Not from a Debian package]
/tmp/clean/xargs [Not from a Debian package]
/tmp/clean/grep [Not from a Debian package]
/tmp/clean/ss [Not from a Debian package]
/tmp/clean/ls [Not from a Debian package]
/tmp/clean/dpkg-query [Not from a Debian package]
/tmp/clean/head [Not from a Debian package]
/tmp/clean/id [Not from a Debian package]
/tmp/clean/awk [Not from a Debian package]
/tmp/clean/ps [Not from a Debian package]
/tmp/clean/echo [Not from a Debian package]
/tmp/clean/cut [Not from a Debian package]
/tmp/clean/strings [Not from a Debian package]
/tmp/clean/sed [Not from a Debian package]
/tmp/clean/find [Not from a Debian package]
Searching for Linux.Proxy.1.0... not found
Searching for CrossRAT... not found
Searching for Hidden Cobra... not found
Searching for Rocke Miner rootkit... not found
Searching for PWNLNX4 lkm rootkit... not found
Searching for PWNLNX6 lkm rootkit... not found
Searching for Umbreon lrk... not found
Searching for Kinsing.a backdoor rootkit... not found
Searching for RotaJakiro backdoor rootkit... not found
Searching for Syslogk LKM rootkit... not found
Searching for Kovid LKM rootkit... not tested
Searching for Tsunami DDoS Malware rootkit... not found
Searching for Linux BPF Door... not found
Searching for suspect PHP files... not found
Searching for zero-size shell history files in /root... not found
Searching for hardlinked shell history files in /root... not found
Checking `aliens'... finished
Checking `asp'... not infected
Checking `bindshell'... not found
Checking `lkm'... started
Searching for Adore LKM... not tested
Searching for sebek LKM (Adore based)... not tested
Searching for knark LKM rootkit... not found
Searching for for hidden processes with chkproc... not found
Searching for for hidden directories using chkdirs... not found
Checking `lkm'... finished
Checking `rexedcs'... not found
Checking `sniffer'... not found
Checking `w55808'... not found
Checking `wted'... not found
Checking `scalper'... not found
Checking `slapper'... not found
Checking `z2'... not found
Checking `chkutmp'... not tested
Checking `OSX_RSPLUG'... not tested
**** Files in log
total 8.0K
drwxr-xr-x 2 root root 4.0K Dec 18 23:50 .
drwxr-xr-x 4 root root 4.0K Jan 28 08:46 ..
*** Test of content of output follows...
**** Test for '^ROOTDIR is `/'$'
ROOTDIR is `/'
OK
**** Test for '^Checking `amd'\.\.\. not infected$'
Checking `amd'... not infected
OK
**** Test for '^Checking `basename'\.\.\. not infected$'
Checking `basename'... not infected
OK
**** Test for '^Checking `biff'\.\.\. not infected$'
Checking `biff'... not infected
OK
**** Test for '^Checking `chfn'\.\.\. not infected$'
Checking `chfn'... not infected
OK
**** Test for '^Checking `chsh'\.\.\. not infected$'
Checking `chsh'... not infected
OK
**** Test for '^Checking `cron'\.\.\. not infected$'
Checking `cron'... not infected
OK
**** Test for '^Checking `crontab'\.\.\. not infected$'
Checking `crontab'... not infected
OK
**** Test for '^Checking `date'\.\.\. not infected$'
Checking `date'... not infected
OK
**** Test for '^Checking `du'\.\.\. not infected$'
Checking `du'... not infected
OK
**** Test for '^Checking `dirname'\.\.\. not infected$'
Checking `dirname'... not infected
OK
**** Test for '^Checking `echo'\.\.\. not infected$'
Checking `echo'... not infected
OK
**** Test for '^Checking `egrep'\.\.\. not infected$'
Checking `egrep'... not infected
OK
**** Test for '^Checking `env'\.\.\. not infected$'
Checking `env'... not infected
OK
**** Test for '^Checking `find'\.\.\. not infected$'
Checking `find'... not infected
OK
**** Test for '^Checking `fingerd'\.\.\. not infected$'
Checking `fingerd'... not infected
OK
**** Test for '^Checking `gpm'\.\.\. not infected$'
Checking `gpm'... not infected
OK
**** Test for '^Checking `grep'\.\.\. not infected$'
Checking `grep'... not infected
OK
**** Test for '^Checking `hdparm'\.\.\. not infected$'
Checking `hdparm'... not infected
OK
**** Test for '^Checking `su'\.\.\. not infected$'
Checking `su'... not infected
OK
**** Test for '^Checking `ifconfig'\.\.\. not infected$'
Checking `ifconfig'... not infected
OK
**** Test for '^Checking `inetd'\.\.\. not infected$'
Checking `inetd'... not infected
OK
**** Test for '^Checking `inetdconf'\.\.\. not infected$'
Checking `inetdconf'... not infected
OK
**** Test for '^Checking `identd'\.\.\. not infected$'
Checking `identd'... not infected
OK
**** Test for '^Checking `init'\.\.\. not infected$'
Checking `init'... not infected
OK
**** Test for '^Checking `killall'\.\.\. not infected$'
Checking `killall'... not infected
OK
**** Test for '^Checking `ldsopreload'\.\.\. not infected$'
Checking `ldsopreload'... not infected
OK
**** Test for '^Checking `login'\.\.\. not infected$'
Checking `login'... not infected
OK
**** Test for '^Checking `ls'\.\.\. not infected$'
Checking `ls'... not infected
OK
**** Test for '^Checking `lsof'\.\.\. not infected$'
Checking `lsof'... not infected
OK
**** Test for '^Checking `mail'\.\.\. not infected$'
Checking `mail'... not infected
OK
**** Test for '^Checking `mingetty'\.\.\. not infected$'
Checking `mingetty'... not infected
OK
**** Test for '^Checking `netstat'\.\.\. not infected$'
Checking `netstat'... not infected
OK
**** Test for '^Checking `named'\.\.\. not infected$'
Checking `named'... not infected
OK
**** Test for '^Checking `passwd'\.\.\. not infected$'
Checking `passwd'... not infected
OK
**** Test for '^Checking `pidof'\.\.\. not infected$'
Checking `pidof'... not infected
OK
**** Test for '^Checking `pop2'\.\.\. not infected$'
Checking `pop2'... not infected
OK
**** Test for '^Checking `pop3'\.\.\. not infected$'
Checking `pop3'... not infected
OK
**** Test for '^Checking `ps'\.\.\. not infected$'
Checking `ps'... not infected
OK
**** Test for '^Checking `pstree'\.\.\. not infected$'
Checking `pstree'... not infected
OK
**** Test for '^Checking `rpcinfo'\.\.\. not infected$'
Checking `rpcinfo'... not infected
OK
**** Test for '^Checking `rlogind'\.\.\. not infected$'
Checking `rlogind'... not infected
OK
**** Test for '^Checking `rshd'\.\.\. not infected$'
Checking `rshd'... not infected
OK
**** Test for '^Checking `slogin'\.\.\. not infected$'
Checking `slogin'... not infected
OK
**** Test for '^Checking `sendmail'\.\.\. not infected$'
Checking `sendmail'... not infected
OK
**** Test for '^Checking `sshd'\.\.\. not infected$'
Checking `sshd'... not infected
OK
**** Test for '^Checking `syslogd'\.\.\. not infected$'
Checking `syslogd'... not infected
OK
**** Test for '^Checking `tar'\.\.\. not infected$'
Checking `tar'... not infected
OK
**** Test for '^Checking `tcpd'\.\.\. not infected$'
Checking `tcpd'... not infected
OK
**** Test for '^Checking `tcpdump'\.\.\. not infected$'
Checking `tcpdump'... not infected
OK
**** Test for '^Checking `top'\.\.\. not infected$'
Checking `top'... not infected
OK
**** Test for '^Checking `telnetd'\.\.\. not infected$'
Checking `telnetd'... not infected
OK
**** Test for '^Checking `timed'\.\.\. not infected$'
Checking `timed'... not infected
OK
**** Test for '^Checking `traceroute'\.\.\. not infected$'
Checking `traceroute'... not infected
OK
**** Test for '^Checking `vdir'\.\.\. not infected$'
Checking `vdir'... not infected
OK
**** Test for '^Checking `w'\.\.\. not infected$'
Checking `w'... not infected
OK
**** Test for '^Checking `write'\.\.\. not infected$'
Checking `write'... not infected
OK
**** Test for '^Checking `aliens'\.\.\. started$'
Checking `aliens'... started
OK
**** Test for '^Searching for suspicious files in /dev\.\.\. not found$'
Searching for suspicious files in /dev... not found
OK
**** Test for '^Searching for known suspicious directories\.\.\. not found$'
Searching for known suspicious directories... not found
OK
**** Test for '^Searching for known suspicious files\.\.\. not found$'
Searching for known suspicious files... not found
OK
**** Test for '^Searching for sniffer's logs\.\.\. not found$'
Searching for sniffer's logs... not found
OK
**** Test for '^Searching for HiDrootkit rootkit\.\.\. not found$'
Searching for HiDrootkit rootkit... not found
OK
**** Test for '^Searching for t0rn rootkit\.\.\. not found$'
Searching for t0rn rootkit... not found
OK
**** Test for '^Searching for t0rn v8 \(or variation\)\.\.\. not found$'
Searching for t0rn v8 (or variation)... not found
OK
**** Test for '^Searching for Lion rootkit\.\.\. not found$'
Searching for Lion rootkit... not found
OK
**** Test for '^Searching for RSHA rootkit\.\.\. not found$'
Searching for RSHA rootkit... not found
OK
**** Test for '^Searching for RH-Sharpe rootkit\.\.\. not found$'
Searching for RH-Sharpe rootkit... not found
OK
**** Test for '^Searching for Ambient \(ark\) rootkit\.\.\. not found$'
Searching for Ambient (ark) rootkit... not found
OK
**** Test for '^Searching for suspicious files and dirs\.\.\. WARNING$'
Searching for suspicious files and dirs... WARNING
OK
**** Test for '^$'
OK
**** Test for '^WARNING: The following suspicious files and directories were found:$'
WARNING: The following suspicious files and directories were found:
OK
**** Test for '^(/usr)?/lib/\.1 \[Not from a Debian package\]$'
/usr/lib/.1 [Not from a Debian package]
OK
**** Test for '^(/usr)?/lib/\.aaa \[Not from a Debian package\]$'
/usr/lib/.aaa [Not from a Debian package]
OK
**** Test for '^(/usr)?/lib/\.1DIR \[Not from a Debian package\]$'
/usr/lib/.1DIR [Not from a Debian package]
OK
**** Test for '^(/usr)?/lib/\.\.\.DIR \[Not from a Debian package\]$'
/usr/lib/...DIR [Not from a Debian package]
OK
**** Test for '^(/usr)?/lib/\.bbb \[Not from a Debian package\]$'
/usr/lib/.bbb [Not from a Debian package]
OK
**** Test for '^(/usr)?/lib/\.DIR-aaa \[Not from a Debian package\]$'
/usr/lib/.DIR-aaa [Not from a Debian package]
OK
**** Test for '^(/usr)?/lib/\.\.\. \[Not from a Debian package\]$'
/usr/lib/... [Not from a Debian package]
OK
**** Test for '^Searching for LPD Worm\.\.\. not found$'
Searching for LPD Worm... not found
OK
**** Test for '^Searching for Ramen Worm rootkit\.\.\. not found$'
Searching for Ramen Worm rootkit... not found
OK
**** Test for '^Searching for Maniac rootkit\.\.\. not found$'
Searching for Maniac rootkit... not found
OK
**** Test for '^Searching for RK17 rootkit\.\.\. not found$'
Searching for RK17 rootkit... not found
OK
**** Test for '^Searching for Ducoci rootkit\.\.\. not found$'
Searching for Ducoci rootkit... not found
OK
**** Test for '^Searching for Adore Worm\.\.\. not found$'
Searching for Adore Worm... not found
OK
**** Test for '^Searching for ShitC Worm\.\.\. not found$'
Searching for ShitC Worm... not found
OK
**** Test for '^Searching for Omega Worm\.\.\. not found$'
Searching for Omega Worm... not found
OK
**** Test for '^Searching for Sadmind/IIS Worm\.\.\. not found$'
Searching for Sadmind/IIS Worm... not found
OK
**** Test for '^Searching for MonKit\.\.\. not found$'
Searching for MonKit... not found
OK
**** Test for '^Searching for Showtee rootkit\.\.\. not found$'
Searching for Showtee rootkit... not found
OK
**** Test for '^Searching for OpticKit\.\.\. not found$'
Searching for OpticKit... not found
OK
**** Test for '^Searching for T\.R\.K\.\.\. not found$'
Searching for T.R.K... not found
OK
**** Test for '^Searching for Mithra rootkit\.\.\. not found$'
Searching for Mithra rootkit... not found
OK
**** Test for '^Searching for OBSD rootkit v1\.\.\. not tested$'
Searching for OBSD rootkit v1... not tested
OK
**** Test for '^Searching for LOC rootkit\.\.\. not found$'
Searching for LOC rootkit... not found
OK
**** Test for '^Searching for Romanian rootkit\.\.\. not found$'
Searching for Romanian rootkit... not found
OK
**** Test for '^Searching for HKRK rootkit\.\.\. not found$'
Searching for HKRK rootkit... not found
OK
**** Test for '^Searching for Suckit rootkit\.\.\. not found$'
Searching for Suckit rootkit... not found
OK
**** Test for '^Searching for Volc rootkit\.\.\. not found$'
Searching for Volc rootkit... not found
OK
**** Test for '^Searching for Gold2 rootkit\.\.\. not found$'
Searching for Gold2 rootkit... not found
OK
**** Test for '^Searching for TC2 rootkit\.\.\. not found$'
Searching for TC2 rootkit... not found
OK
**** Test for '^Searching for Anonoying rootkit\.\.\. not found$'
Searching for Anonoying rootkit... not found
OK
**** Test for '^Searching for ZK rootkit\.\.\. not found$'
Searching for ZK rootkit... not found
OK
**** Test for '^Searching for ShKit rootkit\.\.\. not found$'
Searching for ShKit rootkit... not found
OK
**** Test for '^Searching for AjaKit rootkit\.\.\. not found$'
Searching for AjaKit rootkit... not found
OK
**** Test for '^Searching for zaRwT rootkit\.\.\. not found$'
Searching for zaRwT rootkit... not found
OK
**** Test for '^Searching for Madalin rootkit\.\.\. not found$'
Searching for Madalin rootkit... not found
OK
**** Test for '^Searching for Fu rootkit\.\.\. not found$'
Searching for Fu rootkit... not found
OK
**** Test for '^Searching for Kenga3 rootkit\.\.\. not found$'
Searching for Kenga3 rootkit... not found
OK
**** Test for '^Searching for ESRK rootkit\.\.\. not found$'
Searching for ESRK rootkit... not found
OK
**** Test for '^Searching for rootedoor\.\.\. not found$'
Searching for rootedoor... not found
OK
**** Test for '^Searching for ENYELKM rootkit\.\.\. not found$'
Searching for ENYELKM rootkit... not found
OK
**** Test for '^Searching for common ssh-scanners\.\.\. not found$'
Searching for common ssh-scanners... not found
OK
**** Test for '^Searching for Linux/Ebury 1\.4 - Operation Windigo\.\.\. (not found|not tested)$'
Searching for Linux/Ebury 1.4 - Operation Windigo... not tested
OK
**** Test for '^Searching for Linux/Ebury 1\.6\.\.\. (not found|not tested)$'
Searching for Linux/Ebury 1.6... not tested
OK
**** Test for '^Searching for 64-bit Linux Rootkit\.\.\. not found$'
Searching for 64-bit Linux Rootkit... not found
OK
**** Test for '^Searching for 64-bit Linux Rootkit modules\.\.\. not found$'
Searching for 64-bit Linux Rootkit modules... not found
OK
**** Test for '^Searching for Mumblehard\.\.\. not found$'
Searching for Mumblehard... not found
OK
**** Test for '^Searching for Backdoor\.Linux\.Mokes\.a\.\.\. not found$'
Searching for Backdoor.Linux.Mokes.a... not found
OK
**** Test for '^Searching for Malicious TinyDNS\.\.\. not found$'
Searching for Malicious TinyDNS... not found
OK
**** Test for '^Searching for Linux\.Xor\.DDoS\.\.\. WARNING$'
Searching for Linux.Xor.DDoS... WARNING
OK
**** Test for '^WARNING: Possible Linux\.Xor\.DDoS installed:$'
WARNING: Possible Linux.Xor.DDoS installed:
OK
**** Test for '^/tmp/clean/.+$'
/tmp/clean/netstat [Not from a Debian package]
/tmp/clean/uname [Not from a Debian package]
/tmp/clean/dirname [Not from a Debian package]
/tmp/clean/xargs [Not from a Debian package]
/tmp/clean/grep [Not from a Debian package]
/tmp/clean/ss [Not from a Debian package]
/tmp/clean/ls [Not from a Debian package]
/tmp/clean/dpkg-query [Not from a Debian package]
/tmp/clean/head [Not from a Debian package]
/tmp/clean/id [Not from a Debian package]
/tmp/clean/awk [Not from a Debian package]
/tmp/clean/ps [Not from a Debian package]
/tmp/clean/echo [Not from a Debian package]
/tmp/clean/cut [Not from a Debian package]
/tmp/clean/strings [Not from a Debian package]
/tmp/clean/sed [Not from a Debian package]
/tmp/clean/find [Not from a Debian package]
OK
**** Test for '^/tmp/test-chkrootkit-false-positive \[Not from a Debian package\]$'
/tmp/test-chkrootkit-false-positive [Not from a Debian package]
OK
**** Test for '^Searching for Linux\.Proxy\.1\.0\.\.\. not found$'
Searching for Linux.Proxy.1.0... not found
OK
**** Test for '^Searching for CrossRAT\.\.\. not found$'
Searching for CrossRAT... not found
OK
**** Test for '^Searching for Hidden Cobra\.\.\. not found$'
Searching for Hidden Cobra... not found
OK
**** Test for '^Searching for Rocke Miner rootkit\.\.\. not found$'
Searching for Rocke Miner rootkit... not found
OK
**** Test for '^Searching for PWNLNX4 lkm rootkit\.\.\. not found$'
Searching for PWNLNX4 lkm rootkit... not found
OK
**** Test for '^Searching for PWNLNX6 lkm rootkit\.\.\. not found$'
Searching for PWNLNX6 lkm rootkit... not found
OK
**** Test for '^Searching for Umbreon lrk\.\.\. not found$'
Searching for Umbreon lrk... not found
OK
**** Test for '^Searching for Kinsing\.a backdoor rootkit\.\.\. not found$'
Searching for Kinsing.a backdoor rootkit... not found
OK
**** Test for '^Searching for RotaJakiro backdoor rootkit\.\.\. not found$'
Searching for RotaJakiro backdoor rootkit... not found
OK
**** Test for '^Searching for Syslogk LKM rootkit\.\.\. not found$'
Searching for Syslogk LKM rootkit... not found
OK
**** Test for '^Searching for Kovid LKM rootkit\.\.\. not tested$'
Searching for Kovid LKM rootkit... not tested
OK
**** Test for '^Searching for Tsunami DDoS Malware rootkit\.\.\. not found$'
Searching for Tsunami DDoS Malware rootkit... not found
OK
**** Test for '^Searching for Linux BPF Door\.\.\. not found$'
Searching for Linux BPF Door... not found
OK
**** Test for '^Searching for suspect PHP files\.\.\. not found$'
Searching for suspect PHP files... not found
OK
**** Test for '^Searching for zero-size shell history files in /root\.\.\. not found$'
Searching for zero-size shell history files in /root... not found
OK
**** Test for '^Searching for hardlinked shell history files in /root\.\.\. not found$'
Searching for hardlinked shell history files in /root... not found
OK
**** Test for '^Searching for suspect PHP files\.\.\. not found$'
Searching for suspect PHP files... not found
OK
**** Test for '^Checking `aliens'\.\.\. finished$'
Checking `aliens'... finished
OK
**** Test for '^Checking `asp'\.\.\. not infected$'
Checking `asp'... not infected
OK
**** Test for '^Checking `bindshell'\.\.\. not found$'
Checking `bindshell'... not found
OK
**** Test for '^Checking `lkm'\.\.\. started$'
Checking `lkm'... started
OK
**** Test for '^Searching for Adore LKM\.\.\. not tested$'
Searching for Adore LKM... not tested
OK
**** Test for '^Searching for sebek LKM \(Adore based\)\.\.\. not tested$'
Searching for sebek LKM (Adore based)... not tested
OK
**** Test for '^Searching for knark LKM rootkit\.\.\. not found$'
Searching for knark LKM rootkit... not found
OK
**** Test for '^Searching for for hidden processes with chkproc\.\.\. not found$'
Searching for for hidden processes with chkproc... not found
OK
**** Test for '^Searching for for hidden directories using chkdirs\.\.\.'
Searching for for hidden directories using chkdirs... not found
OK
**** Test for '^Checking `lkm'\.\.\. finished$'
Checking `lkm'... finished
OK
**** Test for '^Checking `rexedcs'\.\.\. not found$'
Checking `rexedcs'... not found
OK
**** Test for '^Checking `sniffer'\.\.\. not found$'
Checking `sniffer'... not found
OK
**** Test for '^Checking `w55808'\.\.\. not found$'
Checking `w55808'... not found
OK
**** Test for '^Checking `wted'\.\.\. not (tested|found)$'
Checking `wted'... not found
OK
**** Test for '^Checking `scalper'\.\.\. not found$'
Checking `scalper'... not found
OK
**** Test for '^Checking `slapper'\.\.\. not found$'
Checking `slapper'... not found
OK
**** Test for '^Checking `z2'\.\.\. not (tested|found)$'
Checking `z2'... not found
OK
**** Test for '^Checking `chkutmp'\.\.\.'
Checking `chkutmp'... not tested
OK
**** Test for '^Checking `OSX_RSPLUG'\.\.\. not tested$'
Checking `OSX_RSPLUG'... not tested
OK
** PASS: Testing: chkrootkit-1-full (/usr/sbin/chkrootkit) done: PASS
** Testing: chkrootkit-2-quiet (/usr/sbin/chkrootkit -q) ...
*** Output
WARNING: The following suspicious files and directories were found:
/usr/lib/.1 [Not from a Debian package]
/usr/lib/.DIR-aaa [Not from a Debian package]
/usr/lib/... [Not from a Debian package]
/usr/lib/.bbb [Not from a Debian package]
/usr/lib/...DIR [Not from a Debian package]
/usr/lib/.1DIR [Not from a Debian package]
/usr/lib/.aaa [Not from a Debian package]
WARNING: Possible Linux.Xor.DDoS installed:
/tmp/autopkgtest.agxPFS/wrapper.sh [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/check_php [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/debian/rules [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/debian/tests/test-chkrootkit [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/debian/tests/find-debs-that-are-enhanced [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/debian/chkrootkit-daily [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/check_if_debian [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-w55808.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-chk_sendmail.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-chk_lsof.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-chk_pidof.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-z2.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-chk_inetdconf.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-chkutmp.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-chk_w.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-chk_pop2.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-chk_killall.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-chk_pstree.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-chk_tcpd.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-chk_slogin.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-slapper.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-helper-functions-for-reporting-results.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-chk_mail.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-chk_chsh.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-chk_inetd.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-chk_date.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-chk_tar.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-chk_basename.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-aliens.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-rexedcs.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-chk_ls.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-chk_crontab.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-OSX_RSPLUG.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-chk_echo.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-chk_named.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-bindshell.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-chk_vdir.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-chk_amd.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-chk_tcpdump.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-chk_timed.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-chk_top.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-chk_netstat.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-chk_identd.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-chk_hdparm.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-chk_mingetty.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-chk_traceroute.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-chk_rshd.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-lkm.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-chk_env.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-printn.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-chk_telnetd.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-chk_rpcinfo.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-chk_biff.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-scalper.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-asp.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-chk_find.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-chk_rlogind.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-lookfor-rootkit.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-chk_pop3.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-chk_login.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-chk_grep.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-sniffer.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-chk_gpm.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-chk_ldsopreload.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-chk_syslog.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-chk_egrep.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-chk_sshd.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-Debian-cd.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-chk_passwd.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-chk_fingerd.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-chk_ps.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-chk_cron.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-wted.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-chk_du.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-chk_init.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-chk_ifconfig.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-chk_write.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-chk_dirname.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-chk_su.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-top-level.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-chk_chfn.patch/chkrootkit [Not from a Debian package]
/tmp/test-chkrootkit-false-positive [Not from a Debian package]
/tmp/clean/netstat [Not from a Debian package]
/tmp/clean/uname [Not from a Debian package]
/tmp/clean/dirname [Not from a Debian package]
/tmp/clean/xargs [Not from a Debian package]
/tmp/clean/grep [Not from a Debian package]
/tmp/clean/ss [Not from a Debian package]
/tmp/clean/ls [Not from a Debian package]
/tmp/clean/dpkg-query [Not from a Debian package]
/tmp/clean/head [Not from a Debian package]
/tmp/clean/id [Not from a Debian package]
/tmp/clean/awk [Not from a Debian package]
/tmp/clean/ps [Not from a Debian package]
/tmp/clean/echo [Not from a Debian package]
/tmp/clean/cut [Not from a Debian package]
/tmp/clean/strings [Not from a Debian package]
/tmp/clean/sed [Not from a Debian package]
/tmp/clean/find [Not from a Debian package]
**** Files in log
total 8.0K
drwxr-xr-x 2 root root 4.0K Dec 18 23:50 .
drwxr-xr-x 4 root root 4.0K Jan 28 08:46 ..
*** Test of content of output follows...
**** Test for '^WARNING: The following suspicious files and directories were found:$'
WARNING: The following suspicious files and directories were found:
OK
**** Test for '^(/usr)?/lib/\.1 \[Not from a Debian package\]$'
/usr/lib/.1 [Not from a Debian package]
OK
**** Test for '^(/usr)?/lib/\.aaa \[Not from a Debian package\]$'
/usr/lib/.aaa [Not from a Debian package]
OK
**** Test for '^(/usr)?/lib/\.1DIR \[Not from a Debian package\]$'
/usr/lib/.1DIR [Not from a Debian package]
OK
**** Test for '^(/usr)?/lib/\.\.\.DIR \[Not from a Debian package\]$'
/usr/lib/...DIR [Not from a Debian package]
OK
**** Test for '^(/usr)?/lib/\.bbb \[Not from a Debian package\]$'
/usr/lib/.bbb [Not from a Debian package]
OK
**** Test for '^(/usr)?/lib/\.DIR-aaa \[Not from a Debian package\]$'
/usr/lib/.DIR-aaa [Not from a Debian package]
OK
**** Test for '^(/usr)?/lib/\.\.\. \[Not from a Debian package\]$'
/usr/lib/... [Not from a Debian package]
OK
**** Test for '^$'
OK
**** Test for '^WARNING: Possible Linux.Xor.DDoS installed:$'
WARNING: Possible Linux.Xor.DDoS installed:
OK
**** Test for '^/tmp/test-chkrootkit-false-positive \[Not from a Debian package\]$'
/tmp/test-chkrootkit-false-positive [Not from a Debian package]
OK
**** Test for '^/tmp/clean/.+$'
/tmp/clean/netstat [Not from a Debian package]
/tmp/clean/uname [Not from a Debian package]
/tmp/clean/dirname [Not from a Debian package]
/tmp/clean/xargs [Not from a Debian package]
/tmp/clean/grep [Not from a Debian package]
/tmp/clean/ss [Not from a Debian package]
/tmp/clean/ls [Not from a Debian package]
/tmp/clean/dpkg-query [Not from a Debian package]
/tmp/clean/head [Not from a Debian package]
/tmp/clean/id [Not from a Debian package]
/tmp/clean/awk [Not from a Debian package]
/tmp/clean/ps [Not from a Debian package]
/tmp/clean/echo [Not from a Debian package]
/tmp/clean/cut [Not from a Debian package]
/tmp/clean/strings [Not from a Debian package]
/tmp/clean/sed [Not from a Debian package]
/tmp/clean/find [Not from a Debian package]
OK
** PASS: Testing: chkrootkit-2-quiet (/usr/sbin/chkrootkit -q) done: PASS
* Testing: chkrootkit-daily - should give no output when disabled
** Testing: cron-1-with-no-config (chkrootkit-daily) ...
*** Output
**** Files in log
total 8.0K
drwxr-xr-x 2 root root 4.0K Dec 18 23:50 .
drwxr-xr-x 4 root root 4.0K Jan 28 08:46 ..
*** Test of content of output follows...
**** Expected is empty, so output should be empty
Output is indeed empty: PASS
** PASS: Testing: cron-1-with-no-config (chkrootkit-daily) done: PASS
** Testing: cron-2-disabled (chkrootkit-daily) ...
*** Output
**** Files in log
total 8.0K
drwxr-xr-x 2 root root 4.0K Dec 18 23:50 .
drwxr-xr-x 4 root root 4.0K Jan 28 08:46 ..
*** Test of content of output follows...
**** Expected is empty, so output should be empty
Output is indeed empty: PASS
** PASS: Testing: cron-2-disabled (chkrootkit-daily) done: PASS
* Testing: chkrootkit-daily (without diff mode, full output, no MAILTO)
** Testing: cron-no-diff-mode-01-full (chkrootkit-daily) ...
*** Output
ROOTDIR is `/'
Checking `amd'... not infected
Checking `basename'... not infected
Checking `biff'... not infected
Checking `chfn'... not infected
Checking `chsh'... not infected
Checking `cron'... not infected
Checking `crontab'... not infected
Checking `date'... not infected
Checking `du'... not infected
Checking `dirname'... not infected
Checking `echo'... not infected
Checking `egrep'... not infected
Checking `env'... not infected
Checking `find'... not infected
Checking `fingerd'... not infected
Checking `gpm'... not infected
Checking `grep'... not infected
Checking `hdparm'... not infected
Checking `su'... not infected
Checking `ifconfig'... not infected
Checking `inetd'... not infected
Checking `inetdconf'... not infected
Checking `identd'... not infected
Checking `init'... not infected
Checking `killall'... not infected
Checking `ldsopreload'... not infected
Checking `login'... not infected
Checking `ls'... not infected
Checking `lsof'... not infected
Checking `mail'... not infected
Checking `mingetty'... not infected
Checking `netstat'... not infected
Checking `named'... not infected
Checking `passwd'... not infected
Checking `pidof'... not infected
Checking `pop2'... not infected
Checking `pop3'... not infected
Checking `ps'... not infected
Checking `pstree'... not infected
Checking `rpcinfo'... not infected
Checking `rlogind'... not infected
Checking `rshd'... not infected
Checking `slogin'... not infected
Checking `sendmail'... not infected
Checking `sshd'... not infected
Checking `syslogd'... not infected
Checking `tar'... not infected
Checking `tcpd'... not infected
Checking `tcpdump'... not infected
Checking `top'... not infected
Checking `telnetd'... not infected
Checking `timed'... not infected
Checking `traceroute'... not infected
Checking `vdir'... not infected
Checking `w'... not infected
Checking `write'... not infected
Checking `aliens'... started
Searching for suspicious files in /dev... not found
Searching for known suspicious directories... not found
Searching for known suspicious files... not found
Searching for sniffer's logs... not found
Searching for HiDrootkit rootkit... not found
Searching for t0rn rootkit... not found
Searching for t0rn v8 (or variation)... not found
Searching for Lion rootkit... not found
Searching for RSHA rootkit... not found
Searching for RH-Sharpe rootkit... not found
Searching for Ambient (ark) rootkit... not found
Searching for suspicious files and dirs... WARNING
WARNING: The following suspicious files and directories were found:
/usr/lib/.1 [Not from a Debian package]
/usr/lib/.DIR-aaa [Not from a Debian package]
/usr/lib/... [Not from a Debian package]
/usr/lib/.bbb [Not from a Debian package]
/usr/lib/...DIR [Not from a Debian package]
/usr/lib/.1DIR [Not from a Debian package]
/usr/lib/.aaa [Not from a Debian package]
Searching for LPD Worm... not found
Searching for Ramen Worm rootkit... not found
Searching for Maniac rootkit... not found
Searching for RK17 rootkit... not found
Searching for Ducoci rootkit... not found
Searching for Adore Worm... not found
Searching for ShitC Worm... not found
Searching for Omega Worm... not found
Searching for Sadmind/IIS Worm... not found
Searching for MonKit... not found
Searching for Showtee rootkit... not found
Searching for OpticKit... not found
Searching for T.R.K... not found
Searching for Mithra rootkit... not found
Searching for OBSD rootkit v1... not tested
Searching for LOC rootkit... not found
Searching for Romanian rootkit... not found
Searching for HKRK rootkit... not found
Searching for Suckit rootkit... not found
Searching for Volc rootkit... not found
Searching for Gold2 rootkit... not found
Searching for TC2 rootkit... not found
Searching for Anonoying rootkit... not found
Searching for ZK rootkit... not found
Searching for ShKit rootkit... not found
Searching for AjaKit rootkit... not found
Searching for zaRwT rootkit... not found
Searching for Madalin rootkit... not found
Searching for Fu rootkit... not found
Searching for Kenga3 rootkit... not found
Searching for ESRK rootkit... not found
Searching for rootedoor... not found
Searching for ENYELKM rootkit... not found
Searching for common ssh-scanners... not found
Searching for Linux/Ebury 1.4 - Operation Windigo... not tested
Searching for Linux/Ebury 1.6... not tested
Searching for 64-bit Linux Rootkit... not found
Searching for 64-bit Linux Rootkit modules... not found
Searching for Mumblehard... not found
Searching for Backdoor.Linux.Mokes.a... not found
Searching for Malicious TinyDNS... not found
Searching for Linux.Xor.DDoS... WARNING
WARNING: Possible Linux.Xor.DDoS installed:
/tmp/autopkgtest.agxPFS/wrapper.sh [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/check_php [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/debian/rules [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/debian/tests/test-chkrootkit [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/debian/tests/find-debs-that-are-enhanced [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/debian/chkrootkit-daily [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/check_if_debian [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-w55808.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-chk_sendmail.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-chk_lsof.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-chk_pidof.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-z2.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-chk_inetdconf.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-chkutmp.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-chk_w.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-chk_pop2.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-chk_killall.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-chk_pstree.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-chk_tcpd.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-chk_slogin.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-slapper.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-helper-functions-for-reporting-results.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-chk_mail.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-chk_chsh.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-chk_inetd.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-chk_date.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-chk_tar.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-chk_basename.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-aliens.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-rexedcs.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-chk_ls.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-chk_crontab.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-OSX_RSPLUG.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-chk_echo.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-chk_named.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-bindshell.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-chk_vdir.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-chk_amd.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-chk_tcpdump.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-chk_timed.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-chk_top.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-chk_netstat.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-chk_identd.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-chk_hdparm.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-chk_mingetty.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-chk_traceroute.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-chk_rshd.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-lkm.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-chk_env.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-printn.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-chk_telnetd.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-chk_rpcinfo.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-chk_biff.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-scalper.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-asp.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-chk_find.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-chk_rlogind.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-lookfor-rootkit.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-chk_pop3.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-chk_login.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-chk_grep.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-sniffer.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-chk_gpm.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-chk_ldsopreload.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-chk_syslog.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-chk_egrep.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-chk_sshd.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-Debian-cd.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-chk_passwd.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-chk_fingerd.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-chk_ps.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-chk_cron.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-wted.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-chk_du.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-chk_init.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-chk_ifconfig.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-chk_write.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-chk_dirname.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-chk_su.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-top-level.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-chk_chfn.patch/chkrootkit [Not from a Debian package]
/tmp/test-chkrootkit-false-positive [Not from a Debian package]
/tmp/clean/netstat [Not from a Debian package]
/tmp/clean/uname [Not from a Debian package]
/tmp/clean/dirname [Not from a Debian package]
/tmp/clean/xargs [Not from a Debian package]
/tmp/clean/grep [Not from a Debian package]
/tmp/clean/ss [Not from a Debian package]
/tmp/clean/ls [Not from a Debian package]
/tmp/clean/dpkg-query [Not from a Debian package]
/tmp/clean/head [Not from a Debian package]
/tmp/clean/id [Not from a Debian package]
/tmp/clean/awk [Not from a Debian package]
/tmp/clean/ps [Not from a Debian package]
/tmp/clean/echo [Not from a Debian package]
/tmp/clean/cut [Not from a Debian package]
/tmp/clean/strings [Not from a Debian package]
/tmp/clean/sed [Not from a Debian package]
/tmp/clean/find [Not from a Debian package]
Searching for Linux.Proxy.1.0... not found
Searching for CrossRAT... not found
Searching for Hidden Cobra... not found
Searching for Rocke Miner rootkit... not found
Searching for PWNLNX4 lkm rootkit... not found
Searching for PWNLNX6 lkm rootkit... not found
Searching for Umbreon lrk... not found
Searching for Kinsing.a backdoor rootkit... not found
Searching for RotaJakiro backdoor rootkit... not found
Searching for Syslogk LKM rootkit... not found
Searching for Kovid LKM rootkit... not tested
Searching for Tsunami DDoS Malware rootkit... not found
Searching for Linux BPF Door... not found
Searching for suspect PHP files... not found
Searching for zero-size shell history files in /root... not found
Searching for hardlinked shell history files in /root... not found
Checking `aliens'... finished
Checking `asp'... not infected
Checking `bindshell'... not found
Checking `lkm'... started
Searching for Adore LKM... not tested
Searching for sebek LKM (Adore based)... not tested
Searching for knark LKM rootkit... not found
Searching for for hidden processes with chkproc... not found
Searching for for hidden directories using chkdirs... not found
Checking `lkm'... finished
Checking `rexedcs'... not found
Checking `sniffer'... not found
Checking `w55808'... not found
Checking `wted'... not found
Checking `scalper'... not found
Checking `slapper'... not found
Checking `z2'... not found
Checking `chkutmp'... not tested
Checking `OSX_RSPLUG'... not tested
**** Files in log
total 68K
drwxr-xr-x 2 root root 4.0K Jan 28 08:48 .
drwxr-xr-x 4 root root 4.0K Jan 28 08:46 ..
-rw-r--r-- 1 root root 20K Jan 28 08:48 chkrootkit-daily.log
-rw-r--r-- 1 root root 20K Jan 28 08:48 log.today
-rw-r--r-- 1 root root 20K Jan 28 08:48 log.today.raw
*** Test of content of output follows...
**** Test for '^ROOTDIR is `/'$'
ROOTDIR is `/'
OK
**** Test for '^Checking `amd'\.\.\. not infected$'
Checking `amd'... not infected
OK
**** Test for '^Checking `basename'\.\.\. not infected$'
Checking `basename'... not infected
OK
**** Test for '^Checking `biff'\.\.\. not infected$'
Checking `biff'... not infected
OK
**** Test for '^Checking `chfn'\.\.\. not infected$'
Checking `chfn'... not infected
OK
**** Test for '^Checking `chsh'\.\.\. not infected$'
Checking `chsh'... not infected
OK
**** Test for '^Checking `cron'\.\.\. not infected$'
Checking `cron'... not infected
OK
**** Test for '^Checking `crontab'\.\.\. not infected$'
Checking `crontab'... not infected
OK
**** Test for '^Checking `date'\.\.\. not infected$'
Checking `date'... not infected
OK
**** Test for '^Checking `du'\.\.\. not infected$'
Checking `du'... not infected
OK
**** Test for '^Checking `dirname'\.\.\. not infected$'
Checking `dirname'... not infected
OK
**** Test for '^Checking `echo'\.\.\. not infected$'
Checking `echo'... not infected
OK
**** Test for '^Checking `egrep'\.\.\. not infected$'
Checking `egrep'... not infected
OK
**** Test for '^Checking `env'\.\.\. not infected$'
Checking `env'... not infected
OK
**** Test for '^Checking `find'\.\.\. not infected$'
Checking `find'... not infected
OK
**** Test for '^Checking `fingerd'\.\.\. not infected$'
Checking `fingerd'... not infected
OK
**** Test for '^Checking `gpm'\.\.\. not infected$'
Checking `gpm'... not infected
OK
**** Test for '^Checking `grep'\.\.\. not infected$'
Checking `grep'... not infected
OK
**** Test for '^Checking `hdparm'\.\.\. not infected$'
Checking `hdparm'... not infected
OK
**** Test for '^Checking `su'\.\.\. not infected$'
Checking `su'... not infected
OK
**** Test for '^Checking `ifconfig'\.\.\. not infected$'
Checking `ifconfig'... not infected
OK
**** Test for '^Checking `inetd'\.\.\. not infected$'
Checking `inetd'... not infected
OK
**** Test for '^Checking `inetdconf'\.\.\. not infected$'
Checking `inetdconf'... not infected
OK
**** Test for '^Checking `identd'\.\.\. not infected$'
Checking `identd'... not infected
OK
**** Test for '^Checking `init'\.\.\. not infected$'
Checking `init'... not infected
OK
**** Test for '^Checking `killall'\.\.\. not infected$'
Checking `killall'... not infected
OK
**** Test for '^Checking `ldsopreload'\.\.\. not infected$'
Checking `ldsopreload'... not infected
OK
**** Test for '^Checking `login'\.\.\. not infected$'
Checking `login'... not infected
OK
**** Test for '^Checking `ls'\.\.\. not infected$'
Checking `ls'... not infected
OK
**** Test for '^Checking `lsof'\.\.\. not infected$'
Checking `lsof'... not infected
OK
**** Test for '^Checking `mail'\.\.\. not infected$'
Checking `mail'... not infected
OK
**** Test for '^Checking `mingetty'\.\.\. not infected$'
Checking `mingetty'... not infected
OK
**** Test for '^Checking `netstat'\.\.\. not infected$'
Checking `netstat'... not infected
OK
**** Test for '^Checking `named'\.\.\. not infected$'
Checking `named'... not infected
OK
**** Test for '^Checking `passwd'\.\.\. not infected$'
Checking `passwd'... not infected
OK
**** Test for '^Checking `pidof'\.\.\. not infected$'
Checking `pidof'... not infected
OK
**** Test for '^Checking `pop2'\.\.\. not infected$'
Checking `pop2'... not infected
OK
**** Test for '^Checking `pop3'\.\.\. not infected$'
Checking `pop3'... not infected
OK
**** Test for '^Checking `ps'\.\.\. not infected$'
Checking `ps'... not infected
OK
**** Test for '^Checking `pstree'\.\.\. not infected$'
Checking `pstree'... not infected
OK
**** Test for '^Checking `rpcinfo'\.\.\. not infected$'
Checking `rpcinfo'... not infected
OK
**** Test for '^Checking `rlogind'\.\.\. not infected$'
Checking `rlogind'... not infected
OK
**** Test for '^Checking `rshd'\.\.\. not infected$'
Checking `rshd'... not infected
OK
**** Test for '^Checking `slogin'\.\.\. not infected$'
Checking `slogin'... not infected
OK
**** Test for '^Checking `sendmail'\.\.\. not infected$'
Checking `sendmail'... not infected
OK
**** Test for '^Checking `sshd'\.\.\. not infected$'
Checking `sshd'... not infected
OK
**** Test for '^Checking `syslogd'\.\.\. not infected$'
Checking `syslogd'... not infected
OK
**** Test for '^Checking `tar'\.\.\. not infected$'
Checking `tar'... not infected
OK
**** Test for '^Checking `tcpd'\.\.\. not infected$'
Checking `tcpd'... not infected
OK
**** Test for '^Checking `tcpdump'\.\.\. not infected$'
Checking `tcpdump'... not infected
OK
**** Test for '^Checking `top'\.\.\. not infected$'
Checking `top'... not infected
OK
**** Test for '^Checking `telnetd'\.\.\. not infected$'
Checking `telnetd'... not infected
OK
**** Test for '^Checking `timed'\.\.\. not infected$'
Checking `timed'... not infected
OK
**** Test for '^Checking `traceroute'\.\.\. not infected$'
Checking `traceroute'... not infected
OK
**** Test for '^Checking `vdir'\.\.\. not infected$'
Checking `vdir'... not infected
OK
**** Test for '^Checking `w'\.\.\. not infected$'
Checking `w'... not infected
OK
**** Test for '^Checking `write'\.\.\. not infected$'
Checking `write'... not infected
OK
**** Test for '^Checking `aliens'\.\.\. started$'
Checking `aliens'... started
OK
**** Test for '^Searching for suspicious files in /dev\.\.\. not found$'
Searching for suspicious files in /dev... not found
OK
**** Test for '^Searching for known suspicious directories\.\.\. not found$'
Searching for known suspicious directories... not found
OK
**** Test for '^Searching for known suspicious files\.\.\. not found$'
Searching for known suspicious files... not found
OK
**** Test for '^Searching for sniffer's logs\.\.\. not found$'
Searching for sniffer's logs... not found
OK
**** Test for '^Searching for HiDrootkit rootkit\.\.\. not found$'
Searching for HiDrootkit rootkit... not found
OK
**** Test for '^Searching for t0rn rootkit\.\.\. not found$'
Searching for t0rn rootkit... not found
OK
**** Test for '^Searching for t0rn v8 \(or variation\)\.\.\. not found$'
Searching for t0rn v8 (or variation)... not found
OK
**** Test for '^Searching for Lion rootkit\.\.\. not found$'
Searching for Lion rootkit... not found
OK
**** Test for '^Searching for RSHA rootkit\.\.\. not found$'
Searching for RSHA rootkit... not found
OK
**** Test for '^Searching for RH-Sharpe rootkit\.\.\. not found$'
Searching for RH-Sharpe rootkit... not found
OK
**** Test for '^Searching for Ambient \(ark\) rootkit\.\.\. not found$'
Searching for Ambient (ark) rootkit... not found
OK
**** Test for '^Searching for suspicious files and dirs\.\.\. WARNING$'
Searching for suspicious files and dirs... WARNING
OK
**** Test for '^$'
OK
**** Test for '^WARNING: The following suspicious files and directories were found:$'
WARNING: The following suspicious files and directories were found:
OK
**** Test for '^(/usr)?/lib/\.1 \[Not from a Debian package\]$'
/usr/lib/.1 [Not from a Debian package]
OK
**** Test for '^(/usr)?/lib/\.aaa \[Not from a Debian package\]$'
/usr/lib/.aaa [Not from a Debian package]
OK
**** Test for '^(/usr)?/lib/\.1DIR \[Not from a Debian package\]$'
/usr/lib/.1DIR [Not from a Debian package]
OK
**** Test for '^(/usr)?/lib/\.\.\.DIR \[Not from a Debian package\]$'
/usr/lib/...DIR [Not from a Debian package]
OK
**** Test for '^(/usr)?/lib/\.bbb \[Not from a Debian package\]$'
/usr/lib/.bbb [Not from a Debian package]
OK
**** Test for '^(/usr)?/lib/\.DIR-aaa \[Not from a Debian package\]$'
/usr/lib/.DIR-aaa [Not from a Debian package]
OK
**** Test for '^(/usr)?/lib/\.\.\. \[Not from a Debian package\]$'
/usr/lib/... [Not from a Debian package]
OK
**** Test for '^Searching for LPD Worm\.\.\. not found$'
Searching for LPD Worm... not found
OK
**** Test for '^Searching for Ramen Worm rootkit\.\.\. not found$'
Searching for Ramen Worm rootkit... not found
OK
**** Test for '^Searching for Maniac rootkit\.\.\. not found$'
Searching for Maniac rootkit... not found
OK
**** Test for '^Searching for RK17 rootkit\.\.\. not found$'
Searching for RK17 rootkit... not found
OK
**** Test for '^Searching for Ducoci rootkit\.\.\. not found$'
Searching for Ducoci rootkit... not found
OK
**** Test for '^Searching for Adore Worm\.\.\. not found$'
Searching for Adore Worm... not found
OK
**** Test for '^Searching for ShitC Worm\.\.\. not found$'
Searching for ShitC Worm... not found
OK
**** Test for '^Searching for Omega Worm\.\.\. not found$'
Searching for Omega Worm... not found
OK
**** Test for '^Searching for Sadmind/IIS Worm\.\.\. not found$'
Searching for Sadmind/IIS Worm... not found
OK
**** Test for '^Searching for MonKit\.\.\. not found$'
Searching for MonKit... not found
OK
**** Test for '^Searching for Showtee rootkit\.\.\. not found$'
Searching for Showtee rootkit... not found
OK
**** Test for '^Searching for OpticKit\.\.\. not found$'
Searching for OpticKit... not found
OK
**** Test for '^Searching for T\.R\.K\.\.\. not found$'
Searching for T.R.K... not found
OK
**** Test for '^Searching for Mithra rootkit\.\.\. not found$'
Searching for Mithra rootkit... not found
OK
**** Test for '^Searching for OBSD rootkit v1\.\.\. not tested$'
Searching for OBSD rootkit v1... not tested
OK
**** Test for '^Searching for LOC rootkit\.\.\. not found$'
Searching for LOC rootkit... not found
OK
**** Test for '^Searching for Romanian rootkit\.\.\. not found$'
Searching for Romanian rootkit... not found
OK
**** Test for '^Searching for HKRK rootkit\.\.\. not found$'
Searching for HKRK rootkit... not found
OK
**** Test for '^Searching for Suckit rootkit\.\.\. not found$'
Searching for Suckit rootkit... not found
OK
**** Test for '^Searching for Volc rootkit\.\.\. not found$'
Searching for Volc rootkit... not found
OK
**** Test for '^Searching for Gold2 rootkit\.\.\. not found$'
Searching for Gold2 rootkit... not found
OK
**** Test for '^Searching for TC2 rootkit\.\.\. not found$'
Searching for TC2 rootkit... not found
OK
**** Test for '^Searching for Anonoying rootkit\.\.\. not found$'
Searching for Anonoying rootkit... not found
OK
**** Test for '^Searching for ZK rootkit\.\.\. not found$'
Searching for ZK rootkit... not found
OK
**** Test for '^Searching for ShKit rootkit\.\.\. not found$'
Searching for ShKit rootkit... not found
OK
**** Test for '^Searching for AjaKit rootkit\.\.\. not found$'
Searching for AjaKit rootkit... not found
OK
**** Test for '^Searching for zaRwT rootkit\.\.\. not found$'
Searching for zaRwT rootkit... not found
OK
**** Test for '^Searching for Madalin rootkit\.\.\. not found$'
Searching for Madalin rootkit... not found
OK
**** Test for '^Searching for Fu rootkit\.\.\. not found$'
Searching for Fu rootkit... not found
OK
**** Test for '^Searching for Kenga3 rootkit\.\.\. not found$'
Searching for Kenga3 rootkit... not found
OK
**** Test for '^Searching for ESRK rootkit\.\.\. not found$'
Searching for ESRK rootkit... not found
OK
**** Test for '^Searching for rootedoor\.\.\. not found$'
Searching for rootedoor... not found
OK
**** Test for '^Searching for ENYELKM rootkit\.\.\. not found$'
Searching for ENYELKM rootkit... not found
OK
**** Test for '^Searching for common ssh-scanners\.\.\. not found$'
Searching for common ssh-scanners... not found
OK
**** Test for '^Searching for Linux/Ebury 1\.4 - Operation Windigo\.\.\. (not found|not tested)$'
Searching for Linux/Ebury 1.4 - Operation Windigo... not tested
OK
**** Test for '^Searching for Linux/Ebury 1\.6\.\.\. (not found|not tested)$'
Searching for Linux/Ebury 1.6... not tested
OK
**** Test for '^Searching for 64-bit Linux Rootkit\.\.\. not found$'
Searching for 64-bit Linux Rootkit... not found
OK
**** Test for '^Searching for 64-bit Linux Rootkit modules\.\.\. not found$'
Searching for 64-bit Linux Rootkit modules... not found
OK
**** Test for '^Searching for Mumblehard\.\.\. not found$'
Searching for Mumblehard... not found
OK
**** Test for '^Searching for Backdoor\.Linux\.Mokes\.a\.\.\. not found$'
Searching for Backdoor.Linux.Mokes.a... not found
OK
**** Test for '^Searching for Malicious TinyDNS\.\.\. not found$'
Searching for Malicious TinyDNS... not found
OK
**** Test for '^Searching for Linux\.Xor\.DDoS\.\.\. WARNING$'
Searching for Linux.Xor.DDoS... WARNING
OK
**** Test for '^WARNING: Possible Linux\.Xor\.DDoS installed:$'
WARNING: Possible Linux.Xor.DDoS installed:
OK
**** Test for '^/tmp/clean/.+$'
/tmp/clean/netstat [Not from a Debian package]
/tmp/clean/uname [Not from a Debian package]
/tmp/clean/dirname [Not from a Debian package]
/tmp/clean/xargs [Not from a Debian package]
/tmp/clean/grep [Not from a Debian package]
/tmp/clean/ss [Not from a Debian package]
/tmp/clean/ls [Not from a Debian package]
/tmp/clean/dpkg-query [Not from a Debian package]
/tmp/clean/head [Not from a Debian package]
/tmp/clean/id [Not from a Debian package]
/tmp/clean/awk [Not from a Debian package]
/tmp/clean/ps [Not from a Debian package]
/tmp/clean/echo [Not from a Debian package]
/tmp/clean/cut [Not from a Debian package]
/tmp/clean/strings [Not from a Debian package]
/tmp/clean/sed [Not from a Debian package]
/tmp/clean/find [Not from a Debian package]
OK
**** Test for '^/tmp/test-chkrootkit-false-positive \[Not from a Debian package\]$'
/tmp/test-chkrootkit-false-positive [Not from a Debian package]
OK
**** Test for '^Searching for Linux\.Proxy\.1\.0\.\.\. not found$'
Searching for Linux.Proxy.1.0... not found
OK
**** Test for '^Searching for CrossRAT\.\.\. not found$'
Searching for CrossRAT... not found
OK
**** Test for '^Searching for Hidden Cobra\.\.\. not found$'
Searching for Hidden Cobra... not found
OK
**** Test for '^Searching for Rocke Miner rootkit\.\.\. not found$'
Searching for Rocke Miner rootkit... not found
OK
**** Test for '^Searching for PWNLNX4 lkm rootkit\.\.\. not found$'
Searching for PWNLNX4 lkm rootkit... not found
OK
**** Test for '^Searching for PWNLNX6 lkm rootkit\.\.\. not found$'
Searching for PWNLNX6 lkm rootkit... not found
OK
**** Test for '^Searching for Umbreon lrk\.\.\. not found$'
Searching for Umbreon lrk... not found
OK
**** Test for '^Searching for Kinsing\.a backdoor rootkit\.\.\. not found$'
Searching for Kinsing.a backdoor rootkit... not found
OK
**** Test for '^Searching for RotaJakiro backdoor rootkit\.\.\. not found$'
Searching for RotaJakiro backdoor rootkit... not found
OK
**** Test for '^Searching for Syslogk LKM rootkit\.\.\. not found$'
Searching for Syslogk LKM rootkit... not found
OK
**** Test for '^Searching for Kovid LKM rootkit\.\.\. not tested$'
Searching for Kovid LKM rootkit... not tested
OK
**** Test for '^Searching for Tsunami DDoS Malware rootkit\.\.\. not found$'
Searching for Tsunami DDoS Malware rootkit... not found
OK
**** Test for '^Searching for Linux BPF Door\.\.\. not found$'
Searching for Linux BPF Door... not found
OK
**** Test for '^Searching for suspect PHP files\.\.\. not found$'
Searching for suspect PHP files... not found
OK
**** Test for '^Searching for zero-size shell history files in /root\.\.\. not found$'
Searching for zero-size shell history files in /root... not found
OK
**** Test for '^Searching for hardlinked shell history files in /root\.\.\. not found$'
Searching for hardlinked shell history files in /root... not found
OK
**** Test for '^Searching for suspect PHP files\.\.\. not found$'
Searching for suspect PHP files... not found
OK
**** Test for '^Checking `aliens'\.\.\. finished$'
Checking `aliens'... finished
OK
**** Test for '^Checking `asp'\.\.\. not infected$'
Checking `asp'... not infected
OK
**** Test for '^Checking `bindshell'\.\.\. not found$'
Checking `bindshell'... not found
OK
**** Test for '^Checking `lkm'\.\.\. started$'
Checking `lkm'... started
OK
**** Test for '^Searching for Adore LKM\.\.\. not tested$'
Searching for Adore LKM... not tested
OK
**** Test for '^Searching for sebek LKM \(Adore based\)\.\.\. not tested$'
Searching for sebek LKM (Adore based)... not tested
OK
**** Test for '^Searching for knark LKM rootkit\.\.\. not found$'
Searching for knark LKM rootkit... not found
OK
**** Test for '^Searching for for hidden processes with chkproc\.\.\. not found$'
Searching for for hidden processes with chkproc... not found
OK
**** Test for '^Searching for for hidden directories using chkdirs\.\.\.'
Searching for for hidden directories using chkdirs... not found
OK
**** Test for '^Checking `lkm'\.\.\. finished$'
Checking `lkm'... finished
OK
**** Test for '^Checking `rexedcs'\.\.\. not found$'
Checking `rexedcs'... not found
OK
**** Test for '^Checking `sniffer'\.\.\. not found$'
Checking `sniffer'... not found
OK
**** Test for '^Checking `w55808'\.\.\. not found$'
Checking `w55808'... not found
OK
**** Test for '^Checking `wted'\.\.\. not (tested|found)$'
Checking `wted'... not found
OK
**** Test for '^Checking `scalper'\.\.\. not found$'
Checking `scalper'... not found
OK
**** Test for '^Checking `slapper'\.\.\. not found$'
Checking `slapper'... not found
OK
**** Test for '^Checking `z2'\.\.\. not (tested|found)$'
Checking `z2'... not found
OK
**** Test for '^Checking `chkutmp'\.\.\.'
Checking `chkutmp'... not tested
OK
**** Test for '^Checking `OSX_RSPLUG'\.\.\. not tested$'
Checking `OSX_RSPLUG'... not tested
OK
** PASS: Testing: cron-no-diff-mode-01-full (chkrootkit-daily) done: PASS
** Testing: cron-no-diff-mode-02-full-filter-and-ignore (chkrootkit-daily) ...
*** Output
ROOTDIR is `/'
Checking `amd'... not infected
Checking `basename'... not infected
Checking `biff'... not infected
Checking `chfn'... not infected
Checking `chsh'... not infected
Checking `cron'... not infected
Checking `crontab'... not infected
Checking `date'... not infected
Checking `du'... not infected
Checking `dirname'... not infected
Checking `echo'... not infected
Checking `egrep'... not infected
Checking `env'... not infected
Checking `find'... not infected
Checking `fingerd'... not infected
Checking `gpm'... not infected
Checking `grep'... not infected
Checking `hdparm'... not infected
Checking `su'... not infected
Checking `ifconfig'... not infected
Checking `inetd'... not infected
Checking `inetdconf'... not infected
Checking `identd'... not infected
Checking `init'... not infected
Checking `killall'... not infected
Checking `ldsopreload'... not infected
Checking `login'... not infected
Checking `ls'... not infected
Checking `lsof'... not infected
Checking `mail'... not infected
Checking `mingetty'... not infected
Checking `netstat'... not infected
Checking `named'... not infected
Checking `passwd'... not infected
Checking `pidof'... not infected
Checking `pop2'... not infected
Checking `pop3'... not infected
Checking `ps'... not infected
Checking `pstree'... not infected
Checking `rpcinfo'... not infected
Checking `rlogind'... not infected
Checking `rshd'... not infected
Checking `slogin'... not infected
Checking `sendmail'... not infected
Checking `sshd'... not infected
Checking `syslogd'... not infected
Checking `tar'... not infected
Checking `tcpd'... not infected
Checking `tcpdump'... not infected
Checking `top'... not infected
Checking `telnetd'... not infected
Checking `timed'... not infected
Checking `traceroute'... not infected
Checking `vdir'... not infected
Checking `w'... not infected
Checking `write'... not infected
Checking `aliens'... started
Searching for suspicious files in /dev... not found
Searching for known suspicious directories... not found
Searching for known suspicious files... not found
Searching for sniffer's logs... not found
Searching for HiDrootkit rootkit... not found
Searching for t0rn rootkit... not found
Searching for t0rn v8 (or variation)... not found
Searching for Lion rootkit... not found
Searching for RSHA rootkit... not found
Searching for RH-Sharpe rootkit... not found
Searching for Ambient (ark) rootkit... not found
Searching for suspicious files and dirs... WARNING
WARNING: The following suspicious files and directories were found:
/usr/lib/.1 [Not from a Debian package]
/usr/lib/... [Not from a Debian package]
CHANGED-IN-FILTER_bb [Not from a Debian package]
/usr/lib/...DIR [Not from a Debian package]
/usr/lib/.1DIR [Not from a Debian package]
Searching for LPD Worm... not found
Searching for Ramen Worm rootkit... not found
Searching for Maniac rootkit... not found
Searching for RK17 rootkit... not found
Searching for Ducoci rootkit... not found
Searching for Adore Worm... not found
Searching for ShitC Worm... not found
Searching for Omega Worm... not found
Searching for Sadmind/IIS Worm... not found
Searching for MonKit... not found
Searching for Showtee rootkit... not found
Searching for OpticKit... not found
Searching for T.R.K... not found
Searching for Mithra rootkit... not found
Searching for OBSD rootkit v1... not tested
Searching for LOC rootkit... not found
Searching for Romanian rootkit... not found
Searching for HKRK rootkit... not found
Searching for Suckit rootkit... not found
Searching for Volc rootkit... not found
Searching for Gold2 rootkit... not found
Searching for TC2 rootkit... not found
Searching for Anonoying rootkit... not found
Searching for ZK rootkit... not found
Searching for ShKit rootkit... not found
Searching for AjaKit rootkit... not found
Searching for zaRwT rootkit... not found
Searching for Madalin rootkit... not found
Searching for Fu rootkit... not found
Searching for Kenga3 rootkit... not found
Searching for ESRK rootkit... not found
Searching for rootedoor... not found
Searching for ENYELKM rootkit... not found
Searching for common ssh-scanners... not found
Searching for Linux/Ebury 1.4 - Operation Windigo... not tested
Searching for Linux/Ebury 1.6... not tested
Searching for 64-bit Linux Rootkit... not found
Searching for 64-bit Linux Rootkit modules... not found
Searching for Mumblehard... not found
Searching for Backdoor.Linux.Mokes.a... not found
Searching for Malicious TinyDNS... not found
Searching for Linux.Xor.DDoS... WARNING
WARNING: Possible Linux.Xor.DDoS installed:
/tmp/autopkgtest.agxPFS/wrapper.sh [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/check_php [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/debian/rules [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/debian/tests/test-chkrootkit [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/debian/tests/find-debs-that-are-enhanced [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/debian/chkrootkit-daily [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/check_if_debian [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-w55808.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-chk_sendmail.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-chk_lsof.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-chk_pidof.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-z2.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-chk_inetdconf.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-chkutmp.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-chk_w.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-chk_pop2.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-chk_killall.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-chk_pstree.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-chk_tcpd.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-chk_slogin.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-slapper.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-helper-functions-for-reporting-results.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-chk_mail.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-chk_chsh.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-chk_inetd.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-chk_date.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-chk_tar.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-chk_basename.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-aliens.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-rexedcs.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-chk_ls.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-chk_crontab.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-OSX_RSPLUG.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-chk_echo.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-chk_named.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-bindshell.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-chk_vdir.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-chk_amd.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-chk_tcpdump.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-chk_timed.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-chk_top.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-chk_netstat.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-chk_identd.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-chk_hdparm.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-chk_mingetty.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-chk_traceroute.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-chk_rshd.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-lkm.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-chk_env.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-printn.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-chk_telnetd.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-chk_rpcinfo.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-chk_biff.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-scalper.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-asp.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-chk_find.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-chk_rlogind.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-lookfor-rootkit.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-chk_pop3.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-chk_login.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-chk_grep.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-sniffer.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-chk_gpm.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-chk_ldsopreload.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-chk_syslog.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-chk_egrep.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-chk_sshd.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-Debian-cd.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-chk_passwd.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-chk_fingerd.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-chk_ps.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-chk_cron.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-wted.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-chk_du.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-chk_init.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-chk_ifconfig.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-chk_write.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-chk_dirname.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-chk_su.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-top-level.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-chk_chfn.patch/chkrootkit [Not from a Debian package]
/tmp/test-chkrootkit-false-positive [Not from a Debian package]
/tmp/clean/netstat [Not from a Debian package]
/tmp/clean/uname [Not from a Debian package]
/tmp/clean/dirname [Not from a Debian package]
/tmp/clean/xargs [Not from a Debian package]
/tmp/clean/grep [Not from a Debian package]
/tmp/clean/ss [Not from a Debian package]
/tmp/clean/ls [Not from a Debian package]
/tmp/clean/dpkg-query [Not from a Debian package]
/tmp/clean/head [Not from a Debian package]
/tmp/clean/id [Not from a Debian package]
/tmp/clean/awk [Not from a Debian package]
/tmp/clean/ps [Not from a Debian package]
/tmp/clean/echo [Not from a Debian package]
/tmp/clean/cut [Not from a Debian package]
/tmp/clean/strings [Not from a Debian package]
/tmp/clean/sed [Not from a Debian package]
/tmp/clean/find [Not from a Debian package]
Searching for Linux.Proxy.1.0... not found
Searching for CrossRAT... not found
Searching for Hidden Cobra... not found
Searching for Rocke Miner rootkit... not found
Searching for PWNLNX4 lkm rootkit... not found
Searching for PWNLNX6 lkm rootkit... not found
Searching for Umbreon lrk... not found
Searching for Kinsing.a backdoor rootkit... not found
Searching for RotaJakiro backdoor rootkit... not found
Searching for Syslogk LKM rootkit... not found
Searching for Kovid LKM rootkit... not tested
Searching for Tsunami DDoS Malware rootkit... not found
Searching for Linux BPF Door... not found
Searching for suspect PHP files... not found
Searching for zero-size shell history files in /root... not found
Searching for hardlinked shell history files in /root... not found
Checking `aliens'... finished
Checking `asp'... not infected
Checking `bindshell'... not found
Checking `lkm'... started
Searching for Adore LKM... not tested
Searching for sebek LKM (Adore based)... not tested
Searching for knark LKM rootkit... not found
Searching for for hidden processes with chkproc... not found
Searching for for hidden directories using chkdirs... not found
Checking `lkm'... finished
Checking `rexedcs'... not found
Checking `sniffer'... not found
Checking `w55808'... not found
Checking `wted'... not found
Checking `scalper'... not found
Checking `slapper'... not found
Checking `z2'... not found
Checking `chkutmp'... not tested
Checking `OSX_RSPLUG'... not tested
**** Files in log
total 68K
drwxr-xr-x 2 root root 4.0K Jan 28 08:48 .
drwxr-xr-x 4 root root 4.0K Jan 28 08:46 ..
-rw-r--r-- 1 root root 20K Jan 28 08:48 chkrootkit-daily.log
-rw-r--r-- 1 root root 20K Jan 28 08:48 log.today
-rw-r--r-- 1 root root 20K Jan 28 08:48 log.today.raw
*** Test of content of output follows...
**** Test for '^ROOTDIR is `/'$'
ROOTDIR is `/'
OK
**** Test for '^Checking `amd'\.\.\. not infected$'
Checking `amd'... not infected
OK
**** Test for '^Checking `basename'\.\.\. not infected$'
Checking `basename'... not infected
OK
**** Test for '^Checking `biff'\.\.\. not infected$'
Checking `biff'... not infected
OK
**** Test for '^Checking `chfn'\.\.\. not infected$'
Checking `chfn'... not infected
OK
**** Test for '^Checking `chsh'\.\.\. not infected$'
Checking `chsh'... not infected
OK
**** Test for '^Checking `cron'\.\.\. not infected$'
Checking `cron'... not infected
OK
**** Test for '^Checking `crontab'\.\.\. not infected$'
Checking `crontab'... not infected
OK
**** Test for '^Checking `date'\.\.\. not infected$'
Checking `date'... not infected
OK
**** Test for '^Checking `du'\.\.\. not infected$'
Checking `du'... not infected
OK
**** Test for '^Checking `dirname'\.\.\. not infected$'
Checking `dirname'... not infected
OK
**** Test for '^Checking `echo'\.\.\. not infected$'
Checking `echo'... not infected
OK
**** Test for '^Checking `egrep'\.\.\. not infected$'
Checking `egrep'... not infected
OK
**** Test for '^Checking `env'\.\.\. not infected$'
Checking `env'... not infected
OK
**** Test for '^Checking `find'\.\.\. not infected$'
Checking `find'... not infected
OK
**** Test for '^Checking `fingerd'\.\.\. not infected$'
Checking `fingerd'... not infected
OK
**** Test for '^Checking `gpm'\.\.\. not infected$'
Checking `gpm'... not infected
OK
**** Test for '^Checking `grep'\.\.\. not infected$'
Checking `grep'... not infected
OK
**** Test for '^Checking `hdparm'\.\.\. not infected$'
Checking `hdparm'... not infected
OK
**** Test for '^Checking `su'\.\.\. not infected$'
Checking `su'... not infected
OK
**** Test for '^Checking `ifconfig'\.\.\. not infected$'
Checking `ifconfig'... not infected
OK
**** Test for '^Checking `inetd'\.\.\. not infected$'
Checking `inetd'... not infected
OK
**** Test for '^Checking `inetdconf'\.\.\. not infected$'
Checking `inetdconf'... not infected
OK
**** Test for '^Checking `identd'\.\.\. not infected$'
Checking `identd'... not infected
OK
**** Test for '^Checking `init'\.\.\. not infected$'
Checking `init'... not infected
OK
**** Test for '^Checking `killall'\.\.\. not infected$'
Checking `killall'... not infected
OK
**** Test for '^Checking `ldsopreload'\.\.\. not infected$'
Checking `ldsopreload'... not infected
OK
**** Test for '^Checking `login'\.\.\. not infected$'
Checking `login'... not infected
OK
**** Test for '^Checking `ls'\.\.\. not infected$'
Checking `ls'... not infected
OK
**** Test for '^Checking `lsof'\.\.\. not infected$'
Checking `lsof'... not infected
OK
**** Test for '^Checking `mail'\.\.\. not infected$'
Checking `mail'... not infected
OK
**** Test for '^Checking `mingetty'\.\.\. not infected$'
Checking `mingetty'... not infected
OK
**** Test for '^Checking `netstat'\.\.\. not infected$'
Checking `netstat'... not infected
OK
**** Test for '^Checking `named'\.\.\. not infected$'
Checking `named'... not infected
OK
**** Test for '^Checking `passwd'\.\.\. not infected$'
Checking `passwd'... not infected
OK
**** Test for '^Checking `pidof'\.\.\. not infected$'
Checking `pidof'... not infected
OK
**** Test for '^Checking `pop2'\.\.\. not infected$'
Checking `pop2'... not infected
OK
**** Test for '^Checking `pop3'\.\.\. not infected$'
Checking `pop3'... not infected
OK
**** Test for '^Checking `ps'\.\.\. not infected$'
Checking `ps'... not infected
OK
**** Test for '^Checking `pstree'\.\.\. not infected$'
Checking `pstree'... not infected
OK
**** Test for '^Checking `rpcinfo'\.\.\. not infected$'
Checking `rpcinfo'... not infected
OK
**** Test for '^Checking `rlogind'\.\.\. not infected$'
Checking `rlogind'... not infected
OK
**** Test for '^Checking `rshd'\.\.\. not infected$'
Checking `rshd'... not infected
OK
**** Test for '^Checking `slogin'\.\.\. not infected$'
Checking `slogin'... not infected
OK
**** Test for '^Checking `sendmail'\.\.\. not infected$'
Checking `sendmail'... not infected
OK
**** Test for '^Checking `sshd'\.\.\. not infected$'
Checking `sshd'... not infected
OK
**** Test for '^Checking `syslogd'\.\.\. not infected$'
Checking `syslogd'... not infected
OK
**** Test for '^Checking `tar'\.\.\. not infected$'
Checking `tar'... not infected
OK
**** Test for '^Checking `tcpd'\.\.\. not infected$'
Checking `tcpd'... not infected
OK
**** Test for '^Checking `tcpdump'\.\.\. not infected$'
Checking `tcpdump'... not infected
OK
**** Test for '^Checking `top'\.\.\. not infected$'
Checking `top'... not infected
OK
**** Test for '^Checking `telnetd'\.\.\. not infected$'
Checking `telnetd'... not infected
OK
**** Test for '^Checking `timed'\.\.\. not infected$'
Checking `timed'... not infected
OK
**** Test for '^Checking `traceroute'\.\.\. not infected$'
Checking `traceroute'... not infected
OK
**** Test for '^Checking `vdir'\.\.\. not infected$'
Checking `vdir'... not infected
OK
**** Test for '^Checking `w'\.\.\. not infected$'
Checking `w'... not infected
OK
**** Test for '^Checking `write'\.\.\. not infected$'
Checking `write'... not infected
OK
**** Test for '^Checking `aliens'\.\.\. started$'
Checking `aliens'... started
OK
**** Test for '^Searching for suspicious files in /dev\.\.\. not found$'
Searching for suspicious files in /dev... not found
OK
**** Test for '^Searching for known suspicious directories\.\.\. not found$'
Searching for known suspicious directories... not found
OK
**** Test for '^Searching for known suspicious files\.\.\. not found$'
Searching for known suspicious files... not found
OK
**** Test for '^Searching for sniffer's logs\.\.\. not found$'
Searching for sniffer's logs... not found
OK
**** Test for '^Searching for HiDrootkit rootkit\.\.\. not found$'
Searching for HiDrootkit rootkit... not found
OK
**** Test for '^Searching for t0rn rootkit\.\.\. not found$'
Searching for t0rn rootkit... not found
OK
**** Test for '^Searching for t0rn v8 \(or variation\)\.\.\. not found$'
Searching for t0rn v8 (or variation)... not found
OK
**** Test for '^Searching for Lion rootkit\.\.\. not found$'
Searching for Lion rootkit... not found
OK
**** Test for '^Searching for RSHA rootkit\.\.\. not found$'
Searching for RSHA rootkit... not found
OK
**** Test for '^Searching for RH-Sharpe rootkit\.\.\. not found$'
Searching for RH-Sharpe rootkit... not found
OK
**** Test for '^Searching for Ambient \(ark\) rootkit\.\.\. not found$'
Searching for Ambient (ark) rootkit... not found
OK
**** Test for '^Searching for suspicious files and dirs\.\.\. WARNING$'
Searching for suspicious files and dirs... WARNING
OK
**** Test for '^$'
OK
**** Test for 'The following suspicious files and directories were found:$'
WARNING: The following suspicious files and directories were found:
OK
**** Test for '^(/usr)?/lib/\.1 \[Not from a Debian package\]$'
/usr/lib/.1 [Not from a Debian package]
OK
**** Test for '^(/usr)?/lib/\.1DIR \[Not from a Debian package\]$'
/usr/lib/.1DIR [Not from a Debian package]
OK
**** Test for '^(/usr)?/lib/\.\.\.DIR \[Not from a Debian package\]$'
/usr/lib/...DIR [Not from a Debian package]
OK
**** Test for '^CHANGED-IN-FILTER_bb \[Not from a Debian package\]$'
CHANGED-IN-FILTER_bb [Not from a Debian package]
OK
**** Test for '^(/usr)?/lib/\.\.\. \[Not from a Debian package\]$'
/usr/lib/... [Not from a Debian package]
OK
**** Test for '^Searching for LPD Worm\.\.\. not found$'
Searching for LPD Worm... not found
OK
**** Test for '^Searching for Ramen Worm rootkit\.\.\. not found$'
Searching for Ramen Worm rootkit... not found
OK
**** Test for '^Searching for Maniac rootkit\.\.\. not found$'
Searching for Maniac rootkit... not found
OK
**** Test for '^Searching for RK17 rootkit\.\.\. not found$'
Searching for RK17 rootkit... not found
OK
**** Test for '^Searching for Ducoci rootkit\.\.\. not found$'
Searching for Ducoci rootkit... not found
OK
**** Test for '^Searching for Adore Worm\.\.\. not found$'
Searching for Adore Worm... not found
OK
**** Test for '^Searching for ShitC Worm\.\.\. not found$'
Searching for ShitC Worm... not found
OK
**** Test for '^Searching for Omega Worm\.\.\. not found$'
Searching for Omega Worm... not found
OK
**** Test for '^Searching for Sadmind/IIS Worm\.\.\. not found$'
Searching for Sadmind/IIS Worm... not found
OK
**** Test for '^Searching for MonKit\.\.\. not found$'
Searching for MonKit... not found
OK
**** Test for '^Searching for Showtee rootkit\.\.\. not found$'
Searching for Showtee rootkit... not found
OK
**** Test for '^Searching for OpticKit\.\.\. not found$'
Searching for OpticKit... not found
OK
**** Test for '^Searching for T\.R\.K\.\.\. not found$'
Searching for T.R.K... not found
OK
**** Test for '^Searching for Mithra rootkit\.\.\. not found$'
Searching for Mithra rootkit... not found
OK
**** Test for '^Searching for OBSD rootkit v1\.\.\. not tested$'
Searching for OBSD rootkit v1... not tested
OK
**** Test for '^Searching for LOC rootkit\.\.\. not found$'
Searching for LOC rootkit... not found
OK
**** Test for '^Searching for Romanian rootkit\.\.\. not found$'
Searching for Romanian rootkit... not found
OK
**** Test for '^Searching for HKRK rootkit\.\.\. not found$'
Searching for HKRK rootkit... not found
OK
**** Test for '^Searching for Suckit rootkit\.\.\. not found$'
Searching for Suckit rootkit... not found
OK
**** Test for '^Searching for Volc rootkit\.\.\. not found$'
Searching for Volc rootkit... not found
OK
**** Test for '^Searching for Gold2 rootkit\.\.\. not found$'
Searching for Gold2 rootkit... not found
OK
**** Test for '^Searching for TC2 rootkit\.\.\. not found$'
Searching for TC2 rootkit... not found
OK
**** Test for '^Searching for Anonoying rootkit\.\.\. not found$'
Searching for Anonoying rootkit... not found
OK
**** Test for '^Searching for ZK rootkit\.\.\. not found$'
Searching for ZK rootkit... not found
OK
**** Test for '^Searching for ShKit rootkit\.\.\. not found$'
Searching for ShKit rootkit... not found
OK
**** Test for '^Searching for AjaKit rootkit\.\.\. not found$'
Searching for AjaKit rootkit... not found
OK
**** Test for '^Searching for zaRwT rootkit\.\.\. not found$'
Searching for zaRwT rootkit... not found
OK
**** Test for '^Searching for Madalin rootkit\.\.\. not found$'
Searching for Madalin rootkit... not found
OK
**** Test for '^Searching for Fu rootkit\.\.\. not found$'
Searching for Fu rootkit... not found
OK
**** Test for '^Searching for Kenga3 rootkit\.\.\. not found$'
Searching for Kenga3 rootkit... not found
OK
**** Test for '^Searching for ESRK rootkit\.\.\. not found$'
Searching for ESRK rootkit... not found
OK
**** Test for '^Searching for rootedoor\.\.\. not found$'
Searching for rootedoor... not found
OK
**** Test for '^Searching for ENYELKM rootkit\.\.\. not found$'
Searching for ENYELKM rootkit... not found
OK
**** Test for '^Searching for common ssh-scanners\.\.\. not found$'
Searching for common ssh-scanners... not found
OK
**** Test for '^Searching for Linux/Ebury 1\.4 - Operation Windigo\.\.\. (not found|not tested)$'
Searching for Linux/Ebury 1.4 - Operation Windigo... not tested
OK
**** Test for '^Searching for Linux/Ebury 1\.6\.\.\. (not found|not tested)$'
Searching for Linux/Ebury 1.6... not tested
OK
**** Test for '^Searching for 64-bit Linux Rootkit\.\.\. not found$'
Searching for 64-bit Linux Rootkit... not found
OK
**** Test for '^Searching for 64-bit Linux Rootkit modules\.\.\. not found$'
Searching for 64-bit Linux Rootkit modules... not found
OK
**** Test for '^Searching for Mumblehard\.\.\. not found$'
Searching for Mumblehard... not found
OK
**** Test for '^Searching for Backdoor\.Linux\.Mokes\.a\.\.\. not found$'
Searching for Backdoor.Linux.Mokes.a... not found
OK
**** Test for '^Searching for Malicious TinyDNS\.\.\. not found$'
Searching for Malicious TinyDNS... not found
OK
**** Test for '^Searching for Linux\.Xor\.DDoS\.\.\. WARNING$'
Searching for Linux.Xor.DDoS... WARNING
OK
**** Test for 'WARNING: Possible Linux\.Xor\.DDoS installed:$'
WARNING: Possible Linux.Xor.DDoS installed:
OK
**** Test for '^/tmp/clean/.+$'
/tmp/clean/netstat [Not from a Debian package]
/tmp/clean/uname [Not from a Debian package]
/tmp/clean/dirname [Not from a Debian package]
/tmp/clean/xargs [Not from a Debian package]
/tmp/clean/grep [Not from a Debian package]
/tmp/clean/ss [Not from a Debian package]
/tmp/clean/ls [Not from a Debian package]
/tmp/clean/dpkg-query [Not from a Debian package]
/tmp/clean/head [Not from a Debian package]
/tmp/clean/id [Not from a Debian package]
/tmp/clean/awk [Not from a Debian package]
/tmp/clean/ps [Not from a Debian package]
/tmp/clean/echo [Not from a Debian package]
/tmp/clean/cut [Not from a Debian package]
/tmp/clean/strings [Not from a Debian package]
/tmp/clean/sed [Not from a Debian package]
/tmp/clean/find [Not from a Debian package]
OK
**** Test for '^/tmp/test-chkrootkit-false-positive \[Not from a Debian package\]$'
/tmp/test-chkrootkit-false-positive [Not from a Debian package]
OK
**** Test for '^Searching for Linux\.Proxy\.1\.0\.\.\. not found$'
Searching for Linux.Proxy.1.0... not found
OK
**** Test for '^Searching for CrossRAT\.\.\. not found$'
Searching for CrossRAT... not found
OK
**** Test for '^Searching for Hidden Cobra\.\.\. not found$'
Searching for Hidden Cobra... not found
OK
**** Test for '^Searching for Rocke Miner rootkit\.\.\. not found$'
Searching for Rocke Miner rootkit... not found
OK
**** Test for '^Searching for PWNLNX4 lkm rootkit\.\.\. not found$'
Searching for PWNLNX4 lkm rootkit... not found
OK
**** Test for '^Searching for PWNLNX6 lkm rootkit\.\.\. not found$'
Searching for PWNLNX6 lkm rootkit... not found
OK
**** Test for '^Searching for Umbreon lrk\.\.\. not found$'
Searching for Umbreon lrk... not found
OK
**** Test for '^Searching for Kinsing\.a backdoor rootkit\.\.\. not found$'
Searching for Kinsing.a backdoor rootkit... not found
OK
**** Test for '^Searching for RotaJakiro backdoor rootkit\.\.\. not found$'
Searching for RotaJakiro backdoor rootkit... not found
OK
**** Test for '^Searching for Syslogk LKM rootkit\.\.\. not found$'
Searching for Syslogk LKM rootkit... not found
OK
**** Test for '^Searching for Kovid LKM rootkit\.\.\. not tested$'
Searching for Kovid LKM rootkit... not tested
OK
**** Test for '^Searching for Tsunami DDoS Malware rootkit\.\.\. not found$'
Searching for Tsunami DDoS Malware rootkit... not found
OK
**** Test for '^Searching for Linux BPF Door\.\.\. not found$'
Searching for Linux BPF Door... not found
OK
**** Test for '^Searching for zero-size shell history files in /root\.\.\. not found$'
Searching for zero-size shell history files in /root... not found
OK
**** Test for '^Searching for hardlinked shell history files in /root\.\.\. not found$'
Searching for hardlinked shell history files in /root... not found
OK
**** Test for '^Searching for suspect PHP files\.\.\. not found$'
Searching for suspect PHP files... not found
OK
**** Test for '^Checking `aliens'\.\.\. finished$'
Checking `aliens'... finished
OK
**** Test for '^Checking `asp'\.\.\. not infected$'
Checking `asp'... not infected
OK
**** Test for '^Checking `bindshell'\.\.\. not found'
Checking `bindshell'... not found
OK
**** Test for '^Checking `lkm'\.\.\. started$'
Checking `lkm'... started
OK
**** Test for '^Checking `rexedcs'\.\.\. not found$'
Checking `rexedcs'... not found
OK
**** Test for '^Searching for for hidden processes with chkproc\.\.\. not found$'
Searching for for hidden processes with chkproc... not found
OK
**** Test for '^Searching for for hidden directories using chkdirs\.\.\.'
Searching for for hidden directories using chkdirs... not found
OK
**** Test for '^Checking `lkm'\.\.\. finished$'
Checking `lkm'... finished
OK
**** Test for '^Searching for Adore LKM\.\.\. not tested'
Searching for Adore LKM... not tested
OK
**** Test for '^Searching for sebek LKM \(Adore based\)\.\.\. not tested'
Searching for sebek LKM (Adore based)... not tested
OK
**** Test for '^Searching for knark LKM rootkit\.\.\. not found'
Searching for knark LKM rootkit... not found
OK
**** Test for '^Checking `sniffer'\.\.\. not found$'
Checking `sniffer'... not found
OK
**** Test for '^Checking `w55808'\.\.\. not found$'
Checking `w55808'... not found
OK
**** Test for '^Checking `wted'\.\.\. not (tested|found)$'
Checking `wted'... not found
OK
**** Test for '^Checking `scalper'\.\.\. not found$'
Checking `scalper'... not found
OK
**** Test for '^Checking `slapper'\.\.\. not found$'
Checking `slapper'... not found
OK
**** Test for '^Checking `z2'\.\.\. not (tested|found)$'
Checking `z2'... not found
OK
**** Test for '^Checking `chkutmp'\.\.\.'
Checking `chkutmp'... not tested
OK
**** Test for '^Checking `OSX_RSPLUG'\.\.\. not tested$'
Checking `OSX_RSPLUG'... not tested
OK
** PASS: Testing: cron-no-diff-mode-02-full-filter-and-ignore (chkrootkit-daily) done: PASS
* Testing: chkrootkit-daily (without diff mode, quiet output, no MAILTO)
** Testing: cron-no-diff-mode-03-quiet (chkrootkit-daily) ...
*** Output
WARNING: The following suspicious files and directories were found:
/usr/lib/.1 [Not from a Debian package]
/usr/lib/.DIR-aaa [Not from a Debian package]
/usr/lib/... [Not from a Debian package]
/usr/lib/.bbb [Not from a Debian package]
/usr/lib/...DIR [Not from a Debian package]
/usr/lib/.1DIR [Not from a Debian package]
/usr/lib/.aaa [Not from a Debian package]
WARNING: Possible Linux.Xor.DDoS installed:
/tmp/autopkgtest.agxPFS/wrapper.sh [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/check_php [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/debian/rules [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/debian/tests/test-chkrootkit [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/debian/tests/find-debs-that-are-enhanced [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/debian/chkrootkit-daily [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/check_if_debian [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-w55808.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-chk_sendmail.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-chk_lsof.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-chk_pidof.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-z2.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-chk_inetdconf.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-chkutmp.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-chk_w.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-chk_pop2.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-chk_killall.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-chk_pstree.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-chk_tcpd.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-chk_slogin.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-slapper.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-helper-functions-for-reporting-results.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-chk_mail.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-chk_chsh.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-chk_inetd.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-chk_date.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-chk_tar.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-chk_basename.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-aliens.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-rexedcs.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-chk_ls.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-chk_crontab.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-OSX_RSPLUG.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-chk_echo.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-chk_named.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-bindshell.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-chk_vdir.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-chk_amd.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-chk_tcpdump.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-chk_timed.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-chk_top.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-chk_netstat.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-chk_identd.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-chk_hdparm.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-chk_mingetty.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-chk_traceroute.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-chk_rshd.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-lkm.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-chk_env.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-printn.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-chk_telnetd.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-chk_rpcinfo.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-chk_biff.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-scalper.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-asp.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-chk_find.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-chk_rlogind.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-lookfor-rootkit.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-chk_pop3.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-chk_login.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-chk_grep.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-sniffer.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-chk_gpm.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-chk_ldsopreload.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-chk_syslog.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-chk_egrep.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-chk_sshd.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-Debian-cd.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-chk_passwd.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-chk_fingerd.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-chk_ps.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-chk_cron.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-wted.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-chk_du.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-chk_init.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-chk_ifconfig.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-chk_write.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-chk_dirname.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-chk_su.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-top-level.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-chk_chfn.patch/chkrootkit [Not from a Debian package]
/tmp/test-chkrootkit-false-positive [Not from a Debian package]
/tmp/clean/netstat [Not from a Debian package]
/tmp/clean/uname [Not from a Debian package]
/tmp/clean/dirname [Not from a Debian package]
/tmp/clean/xargs [Not from a Debian package]
/tmp/clean/grep [Not from a Debian package]
/tmp/clean/ss [Not from a Debian package]
/tmp/clean/ls [Not from a Debian package]
/tmp/clean/dpkg-query [Not from a Debian package]
/tmp/clean/head [Not from a Debian package]
/tmp/clean/id [Not from a Debian package]
/tmp/clean/awk [Not from a Debian package]
/tmp/clean/ps [Not from a Debian package]
/tmp/clean/echo [Not from a Debian package]
/tmp/clean/cut [Not from a Debian package]
/tmp/clean/strings [Not from a Debian package]
/tmp/clean/sed [Not from a Debian package]
/tmp/clean/find [Not from a Debian package]
**** Files in log
total 44K
drwxr-xr-x 2 root root 4.0K Jan 28 08:48 .
drwxr-xr-x 4 root root 4.0K Jan 28 08:46 ..
-rw-r--r-- 1 root root 9.7K Jan 28 08:49 chkrootkit-daily.log
-rw-r--r-- 1 root root 9.7K Jan 28 08:49 log.today
-rw-r--r-- 1 root root 9.7K Jan 28 08:49 log.today.raw
*** Test of content of output follows...
**** Test for '^WARNING: The following suspicious files and directories were found:$'
WARNING: The following suspicious files and directories were found:
OK
**** Test for '^(/usr)?/lib/\.1 \[Not from a Debian package\]$'
/usr/lib/.1 [Not from a Debian package]
OK
**** Test for '^(/usr)?/lib/\.aaa \[Not from a Debian package\]$'
/usr/lib/.aaa [Not from a Debian package]
OK
**** Test for '^(/usr)?/lib/\.1DIR \[Not from a Debian package\]$'
/usr/lib/.1DIR [Not from a Debian package]
OK
**** Test for '^(/usr)?/lib/\.\.\.DIR \[Not from a Debian package\]$'
/usr/lib/...DIR [Not from a Debian package]
OK
**** Test for '^(/usr)?/lib/\.bbb \[Not from a Debian package\]$'
/usr/lib/.bbb [Not from a Debian package]
OK
**** Test for '^(/usr)?/lib/\.DIR-aaa \[Not from a Debian package\]$'
/usr/lib/.DIR-aaa [Not from a Debian package]
OK
**** Test for '^(/usr)?/lib/\.\.\. \[Not from a Debian package\]$'
/usr/lib/... [Not from a Debian package]
OK
**** Test for '^$'
OK
**** Test for '^WARNING: Possible Linux.Xor.DDoS installed:$'
WARNING: Possible Linux.Xor.DDoS installed:
OK
**** Test for '^/tmp/test-chkrootkit-false-positive \[Not from a Debian package\]$'
/tmp/test-chkrootkit-false-positive [Not from a Debian package]
OK
**** Test for '^/tmp/clean/.+$'
/tmp/clean/netstat [Not from a Debian package]
/tmp/clean/uname [Not from a Debian package]
/tmp/clean/dirname [Not from a Debian package]
/tmp/clean/xargs [Not from a Debian package]
/tmp/clean/grep [Not from a Debian package]
/tmp/clean/ss [Not from a Debian package]
/tmp/clean/ls [Not from a Debian package]
/tmp/clean/dpkg-query [Not from a Debian package]
/tmp/clean/head [Not from a Debian package]
/tmp/clean/id [Not from a Debian package]
/tmp/clean/awk [Not from a Debian package]
/tmp/clean/ps [Not from a Debian package]
/tmp/clean/echo [Not from a Debian package]
/tmp/clean/cut [Not from a Debian package]
/tmp/clean/strings [Not from a Debian package]
/tmp/clean/sed [Not from a Debian package]
/tmp/clean/find [Not from a Debian package]
OK
** PASS: Testing: cron-no-diff-mode-03-quiet (chkrootkit-daily) done: PASS
** Testing: cron-no-diff-mode-04-quiet-no-ionice (chkrootkit-daily) ...
*** Output
WARNING: The following suspicious files and directories were found:
/usr/lib/.1 [Not from a Debian package]
/usr/lib/.DIR-aaa [Not from a Debian package]
/usr/lib/... [Not from a Debian package]
/usr/lib/.bbb [Not from a Debian package]
/usr/lib/...DIR [Not from a Debian package]
/usr/lib/.1DIR [Not from a Debian package]
/usr/lib/.aaa [Not from a Debian package]
WARNING: Possible Linux.Xor.DDoS installed:
/tmp/autopkgtest.agxPFS/wrapper.sh [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/check_php [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/debian/rules [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/debian/tests/test-chkrootkit [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/debian/tests/find-debs-that-are-enhanced [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/debian/chkrootkit-daily [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/check_if_debian [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-w55808.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-chk_sendmail.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-chk_lsof.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-chk_pidof.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-z2.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-chk_inetdconf.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-chkutmp.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-chk_w.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-chk_pop2.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-chk_killall.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-chk_pstree.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-chk_tcpd.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-chk_slogin.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-slapper.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-helper-functions-for-reporting-results.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-chk_mail.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-chk_chsh.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-chk_inetd.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-chk_date.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-chk_tar.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-chk_basename.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-aliens.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-rexedcs.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-chk_ls.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-chk_crontab.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-OSX_RSPLUG.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-chk_echo.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-chk_named.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-bindshell.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-chk_vdir.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-chk_amd.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-chk_tcpdump.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-chk_timed.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-chk_top.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-chk_netstat.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-chk_identd.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-chk_hdparm.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-chk_mingetty.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-chk_traceroute.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-chk_rshd.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-lkm.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-chk_env.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-printn.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-chk_telnetd.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-chk_rpcinfo.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-chk_biff.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-scalper.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-asp.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-chk_find.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-chk_rlogind.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-lookfor-rootkit.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-chk_pop3.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-chk_login.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-chk_grep.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-sniffer.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-chk_gpm.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-chk_ldsopreload.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-chk_syslog.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-chk_egrep.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-chk_sshd.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-Debian-cd.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-chk_passwd.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-chk_fingerd.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-chk_ps.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-chk_cron.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-wted.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-chk_du.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-chk_init.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-chk_ifconfig.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-chk_write.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-chk_dirname.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-chk_su.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-top-level.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-chk_chfn.patch/chkrootkit [Not from a Debian package]
/tmp/test-chkrootkit-false-positive [Not from a Debian package]
/tmp/clean/netstat [Not from a Debian package]
/tmp/clean/uname [Not from a Debian package]
/tmp/clean/dirname [Not from a Debian package]
/tmp/clean/xargs [Not from a Debian package]
/tmp/clean/grep [Not from a Debian package]
/tmp/clean/ss [Not from a Debian package]
/tmp/clean/ls [Not from a Debian package]
/tmp/clean/dpkg-query [Not from a Debian package]
/tmp/clean/head [Not from a Debian package]
/tmp/clean/id [Not from a Debian package]
/tmp/clean/awk [Not from a Debian package]
/tmp/clean/ps [Not from a Debian package]
/tmp/clean/echo [Not from a Debian package]
/tmp/clean/cut [Not from a Debian package]
/tmp/clean/strings [Not from a Debian package]
/tmp/clean/sed [Not from a Debian package]
/tmp/clean/find [Not from a Debian package]
**** Files in log
total 44K
drwxr-xr-x 2 root root 4.0K Jan 28 08:48 .
drwxr-xr-x 4 root root 4.0K Jan 28 08:46 ..
-rw-r--r-- 1 root root 9.7K Jan 28 08:49 chkrootkit-daily.log
-rw-r--r-- 1 root root 9.7K Jan 28 08:49 log.today
-rw-r--r-- 1 root root 9.7K Jan 28 08:49 log.today.raw
*** Test of content of output follows...
**** Test for '^WARNING: The following suspicious files and directories were found:$'
WARNING: The following suspicious files and directories were found:
OK
**** Test for '^(/usr)?/lib/\.1 \[Not from a Debian package\]$'
/usr/lib/.1 [Not from a Debian package]
OK
**** Test for '^(/usr)?/lib/\.aaa \[Not from a Debian package\]$'
/usr/lib/.aaa [Not from a Debian package]
OK
**** Test for '^(/usr)?/lib/\.1DIR \[Not from a Debian package\]$'
/usr/lib/.1DIR [Not from a Debian package]
OK
**** Test for '^(/usr)?/lib/\.\.\.DIR \[Not from a Debian package\]$'
/usr/lib/...DIR [Not from a Debian package]
OK
**** Test for '^(/usr)?/lib/\.bbb \[Not from a Debian package\]$'
/usr/lib/.bbb [Not from a Debian package]
OK
**** Test for '^(/usr)?/lib/\.DIR-aaa \[Not from a Debian package\]$'
/usr/lib/.DIR-aaa [Not from a Debian package]
OK
**** Test for '^(/usr)?/lib/\.\.\. \[Not from a Debian package\]$'
/usr/lib/... [Not from a Debian package]
OK
**** Test for '^$'
OK
**** Test for '^WARNING: Possible Linux.Xor.DDoS installed:$'
WARNING: Possible Linux.Xor.DDoS installed:
OK
**** Test for '^/tmp/test-chkrootkit-false-positive \[Not from a Debian package\]$'
/tmp/test-chkrootkit-false-positive [Not from a Debian package]
OK
**** Test for '^/tmp/clean/.+$'
/tmp/clean/netstat [Not from a Debian package]
/tmp/clean/uname [Not from a Debian package]
/tmp/clean/dirname [Not from a Debian package]
/tmp/clean/xargs [Not from a Debian package]
/tmp/clean/grep [Not from a Debian package]
/tmp/clean/ss [Not from a Debian package]
/tmp/clean/ls [Not from a Debian package]
/tmp/clean/dpkg-query [Not from a Debian package]
/tmp/clean/head [Not from a Debian package]
/tmp/clean/id [Not from a Debian package]
/tmp/clean/awk [Not from a Debian package]
/tmp/clean/ps [Not from a Debian package]
/tmp/clean/echo [Not from a Debian package]
/tmp/clean/cut [Not from a Debian package]
/tmp/clean/strings [Not from a Debian package]
/tmp/clean/sed [Not from a Debian package]
/tmp/clean/find [Not from a Debian package]
OK
** PASS: Testing: cron-no-diff-mode-04-quiet-no-ionice (chkrootkit-daily) done: PASS
** Testing: cron-no-diff-mode-05-quiet-filter-and-ignore (chkrootkit-daily) ...
*** Output
WARNING: The following suspicious files and directories were found:
/usr/lib/.1 [Not from a Debian package]
/usr/lib/.DIR-aaa [Not from a Debian package]
/usr/lib/... [Not from a Debian package]
CHANGED-IN-FILTER_bb [Not from a Debian package]
/usr/lib/...DIR [Not from a Debian package]
/usr/lib/.1DIR [Not from a Debian package]
WARNING: Possible Linux.Xor.DDoS installed:
/tmp/autopkgtest.agxPFS/wrapper.sh [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/check_php [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/debian/rules [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/debian/tests/test-chkrootkit [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/debian/tests/find-debs-that-are-enhanced [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/debian/chkrootkit-daily [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/check_if_debian [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-w55808.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-chk_sendmail.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-chk_lsof.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-chk_pidof.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-z2.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-chk_inetdconf.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-chkutmp.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-chk_w.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-chk_pop2.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-chk_killall.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-chk_pstree.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-chk_tcpd.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-chk_slogin.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-slapper.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-helper-functions-for-reporting-results.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-chk_mail.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-chk_chsh.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-chk_inetd.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-chk_date.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-chk_tar.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-chk_basename.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-aliens.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-rexedcs.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-chk_ls.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-chk_crontab.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-OSX_RSPLUG.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-chk_echo.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-chk_named.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-bindshell.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-chk_vdir.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-chk_amd.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-chk_tcpdump.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-chk_timed.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-chk_top.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-chk_netstat.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-chk_identd.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-chk_hdparm.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-chk_mingetty.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-chk_traceroute.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-chk_rshd.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-lkm.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-chk_env.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-printn.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-chk_telnetd.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-chk_rpcinfo.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-chk_biff.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-scalper.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-asp.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-chk_find.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-chk_rlogind.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-lookfor-rootkit.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-chk_pop3.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-chk_login.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-chk_grep.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-sniffer.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-chk_gpm.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-chk_ldsopreload.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-chk_syslog.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-chk_egrep.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-chk_sshd.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-Debian-cd.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-chk_passwd.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-chk_fingerd.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-chk_ps.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-chk_cron.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-wted.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-chk_du.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-chk_init.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-chk_ifconfig.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-chk_write.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-chk_dirname.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-chk_su.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-top-level.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-chk_chfn.patch/chkrootkit [Not from a Debian package]
/tmp/test-chkrootkit-false-positive [Not from a Debian package]
/tmp/clean/netstat [Not from a Debian package]
/tmp/clean/uname [Not from a Debian package]
/tmp/clean/dirname [Not from a Debian package]
/tmp/clean/xargs [Not from a Debian package]
/tmp/clean/grep [Not from a Debian package]
/tmp/clean/ss [Not from a Debian package]
/tmp/clean/ls [Not from a Debian package]
/tmp/clean/dpkg-query [Not from a Debian package]
/tmp/clean/head [Not from a Debian package]
/tmp/clean/id [Not from a Debian package]
/tmp/clean/awk [Not from a Debian package]
/tmp/clean/ps [Not from a Debian package]
/tmp/clean/echo [Not from a Debian package]
/tmp/clean/cut [Not from a Debian package]
/tmp/clean/strings [Not from a Debian package]
/tmp/clean/sed [Not from a Debian package]
/tmp/clean/find [Not from a Debian package]
**** Files in log
total 44K
drwxr-xr-x 2 root root 4.0K Jan 28 08:48 .
drwxr-xr-x 4 root root 4.0K Jan 28 08:46 ..
-rw-r--r-- 1 root root 9.7K Jan 28 08:50 chkrootkit-daily.log
-rw-r--r-- 1 root root 9.7K Jan 28 08:50 log.today
-rw-r--r-- 1 root root 9.7K Jan 28 08:49 log.today.raw
*** Test of content of output follows...
**** Test for 'WARNING: The following suspicious files and directories were found:$'
WARNING: The following suspicious files and directories were found:
OK
**** Test for '^(/usr)?/lib/\.1 \[Not from a Debian package\]$'
/usr/lib/.1 [Not from a Debian package]
OK
**** Test for '^(/usr)?/lib/\.1DIR \[Not from a Debian package\]$'
/usr/lib/.1DIR [Not from a Debian package]
OK
**** Test for '^(/usr)?/lib/\.\.\.DIR \[Not from a Debian package\]$'
/usr/lib/...DIR [Not from a Debian package]
OK
**** Test for '^CHANGED-IN-FILTER_bb \[Not from a Debian package\]$'
CHANGED-IN-FILTER_bb [Not from a Debian package]
OK
**** Test for '^(/usr)?/lib/\.DIR-aaa \[Not from a Debian package\]$'
/usr/lib/.DIR-aaa [Not from a Debian package]
OK
**** Test for '^(/usr)?/lib/\.\.\. \[Not from a Debian package\]$'
/usr/lib/... [Not from a Debian package]
OK
**** Test for '^$'
OK
**** Test for '^WARNING: Possible Linux.Xor.DDoS installed:$'
WARNING: Possible Linux.Xor.DDoS installed:
OK
**** Test for '^/tmp/clean/.+ \[Not from a Debian package\]$'
/tmp/clean/netstat [Not from a Debian package]
/tmp/clean/uname [Not from a Debian package]
/tmp/clean/dirname [Not from a Debian package]
/tmp/clean/xargs [Not from a Debian package]
/tmp/clean/grep [Not from a Debian package]
/tmp/clean/ss [Not from a Debian package]
/tmp/clean/ls [Not from a Debian package]
/tmp/clean/dpkg-query [Not from a Debian package]
/tmp/clean/head [Not from a Debian package]
/tmp/clean/id [Not from a Debian package]
/tmp/clean/awk [Not from a Debian package]
/tmp/clean/ps [Not from a Debian package]
/tmp/clean/echo [Not from a Debian package]
/tmp/clean/cut [Not from a Debian package]
/tmp/clean/strings [Not from a Debian package]
/tmp/clean/sed [Not from a Debian package]
/tmp/clean/find [Not from a Debian package]
OK
**** Test for '^/tmp/test-chkrootkit-false-positive \[Not from a Debian package\]$'
/tmp/test-chkrootkit-false-positive [Not from a Debian package]
OK
** PASS: Testing: cron-no-diff-mode-05-quiet-filter-and-ignore (chkrootkit-daily) done: PASS
** Testing: cron-no-diff-mode-06-quiet-invalid-filter-is-ignored (chkrootkit-daily) ...
*** Output
Ignoring invalid $FILTER='sed s/this/is/invalid/sed/and/will/be/ignored'
WARNING: The following suspicious files and directories were found:
/usr/lib/.1 [Not from a Debian package]
/usr/lib/.DIR-aaa [Not from a Debian package]
/usr/lib/... [Not from a Debian package]
/usr/lib/.bbb [Not from a Debian package]
/usr/lib/...DIR [Not from a Debian package]
/usr/lib/.1DIR [Not from a Debian package]
WARNING: Possible Linux.Xor.DDoS installed:
/tmp/autopkgtest.agxPFS/wrapper.sh [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/check_php [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/debian/rules [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/debian/tests/test-chkrootkit [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/debian/tests/find-debs-that-are-enhanced [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/debian/chkrootkit-daily [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/check_if_debian [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-w55808.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-chk_sendmail.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-chk_lsof.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-chk_pidof.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-z2.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-chk_inetdconf.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-chkutmp.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-chk_w.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-chk_pop2.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-chk_killall.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-chk_pstree.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-chk_tcpd.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-chk_slogin.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-slapper.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-helper-functions-for-reporting-results.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-chk_mail.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-chk_chsh.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-chk_inetd.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-chk_date.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-chk_tar.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-chk_basename.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-aliens.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-rexedcs.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-chk_ls.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-chk_crontab.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-OSX_RSPLUG.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-chk_echo.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-chk_named.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-bindshell.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-chk_vdir.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-chk_amd.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-chk_tcpdump.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-chk_timed.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-chk_top.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-chk_netstat.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-chk_identd.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-chk_hdparm.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-chk_mingetty.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-chk_traceroute.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-chk_rshd.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-lkm.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-chk_env.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-printn.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-chk_telnetd.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-chk_rpcinfo.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-chk_biff.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-scalper.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-asp.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-chk_find.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-chk_rlogind.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-lookfor-rootkit.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-chk_pop3.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-chk_login.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-chk_grep.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-sniffer.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-chk_gpm.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-chk_ldsopreload.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-chk_syslog.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-chk_egrep.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-chk_sshd.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-Debian-cd.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-chk_passwd.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-chk_fingerd.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-chk_ps.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-chk_cron.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-wted.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-chk_du.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-chk_init.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-chk_ifconfig.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-chk_write.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-chk_dirname.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-chk_su.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-top-level.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-chk_chfn.patch/chkrootkit [Not from a Debian package]
/tmp/test-chkrootkit-false-positive [Not from a Debian package]
/tmp/clean/netstat [Not from a Debian package]
/tmp/clean/uname [Not from a Debian package]
/tmp/clean/dirname [Not from a Debian package]
/tmp/clean/xargs [Not from a Debian package]
/tmp/clean/grep [Not from a Debian package]
/tmp/clean/ss [Not from a Debian package]
/tmp/clean/ls [Not from a Debian package]
/tmp/clean/dpkg-query [Not from a Debian package]
/tmp/clean/head [Not from a Debian package]
/tmp/clean/id [Not from a Debian package]
/tmp/clean/awk [Not from a Debian package]
/tmp/clean/ps [Not from a Debian package]
/tmp/clean/echo [Not from a Debian package]
/tmp/clean/cut [Not from a Debian package]
/tmp/clean/strings [Not from a Debian package]
/tmp/clean/sed [Not from a Debian package]
/tmp/clean/find [Not from a Debian package]
**** Files in log
total 44K
drwxr-xr-x 2 root root 4.0K Jan 28 08:48 .
drwxr-xr-x 4 root root 4.0K Jan 28 08:46 ..
-rw-r--r-- 1 root root 9.7K Jan 28 08:50 chkrootkit-daily.log
-rw-r--r-- 1 root root 9.7K Jan 28 08:50 log.today
-rw-r--r-- 1 root root 9.7K Jan 28 08:50 log.today.raw
*** Test of content of output follows...
**** Test for '^Ignoring invalid \$FILTER='sed s/this/is/invalid/sed/and/will/be/ignored'$'
Ignoring invalid $FILTER='sed s/this/is/invalid/sed/and/will/be/ignored'
OK
**** Test for '^WARNING: The following suspicious files and directories were found:$'
WARNING: The following suspicious files and directories were found:
OK
**** Test for '^(/usr)?/lib/\.1 \[Not from a Debian package\]$'
/usr/lib/.1 [Not from a Debian package]
OK
**** Test for '^(/usr)?/lib/\.1DIR \[Not from a Debian package\]$'
/usr/lib/.1DIR [Not from a Debian package]
OK
**** Test for '^(/usr)?/lib/\.\.\.DIR \[Not from a Debian package\]$'
/usr/lib/...DIR [Not from a Debian package]
OK
**** Test for '^(/usr)?/lib/.bbb \[Not from a Debian package\]$'
/usr/lib/.bbb [Not from a Debian package]
OK
**** Test for '^(/usr)?/lib/\.DIR-aaa \[Not from a Debian package\]$'
/usr/lib/.DIR-aaa [Not from a Debian package]
OK
**** Test for '^(/usr)?/lib/\.\.\. \[Not from a Debian package\]$'
/usr/lib/... [Not from a Debian package]
OK
**** Test for '^$'
OK
**** Test for '^WARNING: Possible Linux.Xor.DDoS installed:$'
WARNING: Possible Linux.Xor.DDoS installed:
OK
**** Test for '^/tmp/clean/.+$'
/tmp/clean/netstat [Not from a Debian package]
/tmp/clean/uname [Not from a Debian package]
/tmp/clean/dirname [Not from a Debian package]
/tmp/clean/xargs [Not from a Debian package]
/tmp/clean/grep [Not from a Debian package]
/tmp/clean/ss [Not from a Debian package]
/tmp/clean/ls [Not from a Debian package]
/tmp/clean/dpkg-query [Not from a Debian package]
/tmp/clean/head [Not from a Debian package]
/tmp/clean/id [Not from a Debian package]
/tmp/clean/awk [Not from a Debian package]
/tmp/clean/ps [Not from a Debian package]
/tmp/clean/echo [Not from a Debian package]
/tmp/clean/cut [Not from a Debian package]
/tmp/clean/strings [Not from a Debian package]
/tmp/clean/sed [Not from a Debian package]
/tmp/clean/find [Not from a Debian package]
OK
**** Test for '^/tmp/test-chkrootkit-false-positive \[Not from a Debian package\]$'
/tmp/test-chkrootkit-false-positive [Not from a Debian package]
OK
** PASS: Testing: cron-no-diff-mode-06-quiet-invalid-filter-is-ignored (chkrootkit-daily) done: PASS
* Testing: chkrootkit-daily (with DIFF_MODE, full output, no MAILTO)
** Testing: cron-with-diff-mode-01-full (chkrootkit-daily) ...
*** Output
No file /var/log/chkrootkit/log.expected
This file should contain expected output from chkrootkit
Today's run produced the following output:
--- [ BEGIN: cat /var/log/chkrootkit/log.today ] ---
ROOTDIR is `/'
Checking `amd'... not infected
Checking `basename'... not infected
Checking `biff'... not infected
Checking `chfn'... not infected
Checking `chsh'... not infected
Checking `cron'... not infected
Checking `crontab'... not infected
Checking `date'... not infected
Checking `du'... not infected
Checking `dirname'... not infected
Checking `echo'... not infected
Checking `egrep'... not infected
Checking `env'... not infected
Checking `find'... not infected
Checking `fingerd'... not infected
Checking `gpm'... not infected
Checking `grep'... not infected
Checking `hdparm'... not infected
Checking `su'... not infected
Checking `ifconfig'... not infected
Checking `inetd'... not infected
Checking `inetdconf'... not infected
Checking `identd'... not infected
Checking `init'... not infected
Checking `killall'... not infected
Checking `ldsopreload'... not infected
Checking `login'... not infected
Checking `ls'... not infected
Checking `lsof'... not infected
Checking `mail'... not infected
Checking `mingetty'... not infected
Checking `netstat'... not infected
Checking `named'... not infected
Checking `passwd'... not infected
Checking `pidof'... not infected
Checking `pop2'... not infected
Checking `pop3'... not infected
Checking `ps'... not infected
Checking `pstree'... not infected
Checking `rpcinfo'... not infected
Checking `rlogind'... not infected
Checking `rshd'... not infected
Checking `slogin'... not infected
Checking `sendmail'... not infected
Checking `sshd'... not infected
Checking `syslogd'... not infected
Checking `tar'... not infected
Checking `tcpd'... not infected
Checking `tcpdump'... not infected
Checking `top'... not infected
Checking `telnetd'... not infected
Checking `timed'... not infected
Checking `traceroute'... not infected
Checking `vdir'... not infected
Checking `w'... not infected
Checking `write'... not infected
Checking `aliens'... started
Searching for suspicious files in /dev... not found
Searching for known suspicious directories... not found
Searching for known suspicious files... not found
Searching for sniffer's logs... not found
Searching for HiDrootkit rootkit... not found
Searching for t0rn rootkit... not found
Searching for t0rn v8 (or variation)... not found
Searching for Lion rootkit... not found
Searching for RSHA rootkit... not found
Searching for RH-Sharpe rootkit... not found
Searching for Ambient (ark) rootkit... not found
Searching for suspicious files and dirs... WARNING
WARNING: The following suspicious files and directories were found:
/usr/lib/.1 [Not from a Debian package]
/usr/lib/.DIR-aaa [Not from a Debian package]
/usr/lib/... [Not from a Debian package]
/usr/lib/.bbb [Not from a Debian package]
/usr/lib/...DIR [Not from a Debian package]
/usr/lib/.1DIR [Not from a Debian package]
/usr/lib/.aaa [Not from a Debian package]
Searching for LPD Worm... not found
Searching for Ramen Worm rootkit... not found
Searching for Maniac rootkit... not found
Searching for RK17 rootkit... not found
Searching for Ducoci rootkit... not found
Searching for Adore Worm... not found
Searching for ShitC Worm... not found
Searching for Omega Worm... not found
Searching for Sadmind/IIS Worm... not found
Searching for MonKit... not found
Searching for Showtee rootkit... not found
Searching for OpticKit... not found
Searching for T.R.K... not found
Searching for Mithra rootkit... not found
Searching for OBSD rootkit v1... not tested
Searching for LOC rootkit... not found
Searching for Romanian rootkit... not found
Searching for HKRK rootkit... not found
Searching for Suckit rootkit... not found
Searching for Volc rootkit... not found
Searching for Gold2 rootkit... not found
Searching for TC2 rootkit... not found
Searching for Anonoying rootkit... not found
Searching for ZK rootkit... not found
Searching for ShKit rootkit... not found
Searching for AjaKit rootkit... not found
Searching for zaRwT rootkit... not found
Searching for Madalin rootkit... not found
Searching for Fu rootkit... not found
Searching for Kenga3 rootkit... not found
Searching for ESRK rootkit... not found
Searching for rootedoor... not found
Searching for ENYELKM rootkit... not found
Searching for common ssh-scanners... not found
Searching for Linux/Ebury 1.4 - Operation Windigo... not tested
Searching for Linux/Ebury 1.6... not tested
Searching for 64-bit Linux Rootkit... not found
Searching for 64-bit Linux Rootkit modules... not found
Searching for Mumblehard... not found
Searching for Backdoor.Linux.Mokes.a... not found
Searching for Malicious TinyDNS... not found
Searching for Linux.Xor.DDoS... WARNING
WARNING: Possible Linux.Xor.DDoS installed:
/tmp/autopkgtest.agxPFS/wrapper.sh [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/check_php [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/debian/rules [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/debian/tests/test-chkrootkit [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/debian/tests/find-debs-that-are-enhanced [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/debian/chkrootkit-daily [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/check_if_debian [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-w55808.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-chk_sendmail.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-chk_lsof.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-chk_pidof.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-z2.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-chk_inetdconf.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-chkutmp.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-chk_w.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-chk_pop2.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-chk_killall.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-chk_pstree.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-chk_tcpd.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-chk_slogin.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-slapper.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-helper-functions-for-reporting-results.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-chk_mail.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-chk_chsh.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-chk_inetd.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-chk_date.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-chk_tar.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-chk_basename.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-aliens.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-rexedcs.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-chk_ls.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-chk_crontab.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-OSX_RSPLUG.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-chk_echo.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-chk_named.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-bindshell.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-chk_vdir.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-chk_amd.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-chk_tcpdump.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-chk_timed.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-chk_top.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-chk_netstat.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-chk_identd.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-chk_hdparm.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-chk_mingetty.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-chk_traceroute.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-chk_rshd.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-lkm.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-chk_env.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-printn.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-chk_telnetd.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-chk_rpcinfo.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-chk_biff.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-scalper.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-asp.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-chk_find.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-chk_rlogind.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-lookfor-rootkit.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-chk_pop3.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-chk_login.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-chk_grep.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-sniffer.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-chk_gpm.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-chk_ldsopreload.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-chk_syslog.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-chk_egrep.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-chk_sshd.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-Debian-cd.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-chk_passwd.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-chk_fingerd.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-chk_ps.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-chk_cron.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-wted.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-chk_du.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-chk_init.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-chk_ifconfig.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-chk_write.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-chk_dirname.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-chk_su.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-top-level.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-chk_chfn.patch/chkrootkit [Not from a Debian package]
/tmp/test-chkrootkit-false-positive [Not from a Debian package]
/tmp/clean/netstat [Not from a Debian package]
/tmp/clean/uname [Not from a Debian package]
/tmp/clean/dirname [Not from a Debian package]
/tmp/clean/xargs [Not from a Debian package]
/tmp/clean/grep [Not from a Debian package]
/tmp/clean/ss [Not from a Debian package]
/tmp/clean/ls [Not from a Debian package]
/tmp/clean/dpkg-query [Not from a Debian package]
/tmp/clean/head [Not from a Debian package]
/tmp/clean/id [Not from a Debian package]
/tmp/clean/awk [Not from a Debian package]
/tmp/clean/ps [Not from a Debian package]
/tmp/clean/echo [Not from a Debian package]
/tmp/clean/cut [Not from a Debian package]
/tmp/clean/strings [Not from a Debian package]
/tmp/clean/sed [Not from a Debian package]
/tmp/clean/find [Not from a Debian package]
Searching for Linux.Proxy.1.0... not found
Searching for CrossRAT... not found
Searching for Hidden Cobra... not found
Searching for Rocke Miner rootkit... not found
Searching for PWNLNX4 lkm rootkit... not found
Searching for PWNLNX6 lkm rootkit... not found
Searching for Umbreon lrk... not found
Searching for Kinsing.a backdoor rootkit... not found
Searching for RotaJakiro backdoor rootkit... not found
Searching for Syslogk LKM rootkit... not found
Searching for Kovid LKM rootkit... not tested
Searching for Tsunami DDoS Malware rootkit... not found
Searching for Linux BPF Door... not found
Searching for suspect PHP files... not found
Searching for zero-size shell history files in /root... not found
Searching for hardlinked shell history files in /root... not found
Checking `aliens'... finished
Checking `asp'... not infected
Checking `bindshell'... not found
Checking `lkm'... started
Searching for Adore LKM... not tested
Searching for sebek LKM (Adore based)... not tested
Searching for knark LKM rootkit... not found
Searching for for hidden processes with chkproc... not found
Searching for for hidden directories using chkdirs... not found
Checking `lkm'... finished
Checking `rexedcs'... not found
Checking `sniffer'... not found
Checking `w55808'... not found
Checking `wted'... not found
Checking `scalper'... not found
Checking `slapper'... not found
Checking `z2'... not found
Checking `chkutmp'... not tested
Checking `OSX_RSPLUG'... not tested
--- [ END: cat /var/log/chkrootkit/log.today ] ---
To create this file containing all output from today's run, do (as root)
# cp -a /var/log/chkrootkit/log.today /var/log/chkrootkit/log.expected
# (note that unedited output is in /var/log/chkrootkit/log.today.raw)
**** Files in log
total 72K
drwxr-xr-x 2 root root 4.0K Jan 28 08:48 .
drwxr-xr-x 4 root root 4.0K Jan 28 08:46 ..
-rw-r--r-- 1 root root 21K Jan 28 08:51 chkrootkit-daily.log
-rw-r--r-- 1 root root 20K Jan 28 08:51 log.today
-rw-r--r-- 1 root root 20K Jan 28 08:51 log.today.raw
*** Test of content of output follows...
**** Test for '^No file /var/log/chkrootkit/log\.expected$'
No file /var/log/chkrootkit/log.expected
OK
**** Test for '^This file should contain expected output from chkrootkit$'
This file should contain expected output from chkrootkit
OK
**** Test for '^$'
OK
**** Test for '^Today's run produced the following output:$'
Today's run produced the following output:
OK
**** Test for '^--- \[ BEGIN: cat /var/log/chkrootkit/log\.today \] ---$'
--- [ BEGIN: cat /var/log/chkrootkit/log.today ] ---
OK
**** Test for '^ROOTDIR is `/'$'
ROOTDIR is `/'
OK
**** Test for '^Checking `amd'\.\.\. not infected$'
Checking `amd'... not infected
OK
**** Test for '^Checking `basename'\.\.\. not infected$'
Checking `basename'... not infected
OK
**** Test for '^Checking `biff'\.\.\. not infected$'
Checking `biff'... not infected
OK
**** Test for '^Checking `chfn'\.\.\. not infected$'
Checking `chfn'... not infected
OK
**** Test for '^Checking `chsh'\.\.\. not infected$'
Checking `chsh'... not infected
OK
**** Test for '^Checking `cron'\.\.\. not infected$'
Checking `cron'... not infected
OK
**** Test for '^Checking `crontab'\.\.\. not infected$'
Checking `crontab'... not infected
OK
**** Test for '^Checking `date'\.\.\. not infected$'
Checking `date'... not infected
OK
**** Test for '^Checking `du'\.\.\. not infected$'
Checking `du'... not infected
OK
**** Test for '^Checking `dirname'\.\.\. not infected$'
Checking `dirname'... not infected
OK
**** Test for '^Checking `echo'\.\.\. not infected$'
Checking `echo'... not infected
OK
**** Test for '^Checking `egrep'\.\.\. not infected$'
Checking `egrep'... not infected
OK
**** Test for '^Checking `env'\.\.\. not infected$'
Checking `env'... not infected
OK
**** Test for '^Checking `find'\.\.\. not infected$'
Checking `find'... not infected
OK
**** Test for '^Checking `fingerd'\.\.\. not infected$'
Checking `fingerd'... not infected
OK
**** Test for '^Checking `gpm'\.\.\. not infected$'
Checking `gpm'... not infected
OK
**** Test for '^Checking `grep'\.\.\. not infected$'
Checking `grep'... not infected
OK
**** Test for '^Checking `hdparm'\.\.\. not infected$'
Checking `hdparm'... not infected
OK
**** Test for '^Checking `su'\.\.\. not infected$'
Checking `su'... not infected
OK
**** Test for '^Checking `ifconfig'\.\.\. not infected$'
Checking `ifconfig'... not infected
OK
**** Test for '^Checking `inetd'\.\.\. not infected$'
Checking `inetd'... not infected
OK
**** Test for '^Checking `inetdconf'\.\.\. not infected$'
Checking `inetdconf'... not infected
OK
**** Test for '^Checking `identd'\.\.\. not infected$'
Checking `identd'... not infected
OK
**** Test for '^Checking `init'\.\.\. not infected$'
Checking `init'... not infected
OK
**** Test for '^Checking `killall'\.\.\. not infected$'
Checking `killall'... not infected
OK
**** Test for '^Checking `ldsopreload'\.\.\. not infected$'
Checking `ldsopreload'... not infected
OK
**** Test for '^Checking `login'\.\.\. not infected$'
Checking `login'... not infected
OK
**** Test for '^Checking `ls'\.\.\. not infected$'
Checking `ls'... not infected
OK
**** Test for '^Checking `lsof'\.\.\. not infected$'
Checking `lsof'... not infected
OK
**** Test for '^Checking `mail'\.\.\. not infected$'
Checking `mail'... not infected
OK
**** Test for '^Checking `mingetty'\.\.\. not infected$'
Checking `mingetty'... not infected
OK
**** Test for '^Checking `netstat'\.\.\. not infected$'
Checking `netstat'... not infected
OK
**** Test for '^Checking `named'\.\.\. not infected$'
Checking `named'... not infected
OK
**** Test for '^Checking `passwd'\.\.\. not infected$'
Checking `passwd'... not infected
OK
**** Test for '^Checking `pidof'\.\.\. not infected$'
Checking `pidof'... not infected
OK
**** Test for '^Checking `pop2'\.\.\. not infected$'
Checking `pop2'... not infected
OK
**** Test for '^Checking `pop3'\.\.\. not infected$'
Checking `pop3'... not infected
OK
**** Test for '^Checking `ps'\.\.\. not infected$'
Checking `ps'... not infected
OK
**** Test for '^Checking `pstree'\.\.\. not infected$'
Checking `pstree'... not infected
OK
**** Test for '^Checking `rpcinfo'\.\.\. not infected$'
Checking `rpcinfo'... not infected
OK
**** Test for '^Checking `rlogind'\.\.\. not infected$'
Checking `rlogind'... not infected
OK
**** Test for '^Checking `rshd'\.\.\. not infected$'
Checking `rshd'... not infected
OK
**** Test for '^Checking `slogin'\.\.\. not infected$'
Checking `slogin'... not infected
OK
**** Test for '^Checking `sendmail'\.\.\. not infected$'
Checking `sendmail'... not infected
OK
**** Test for '^Checking `sshd'\.\.\. not infected$'
Checking `sshd'... not infected
OK
**** Test for '^Checking `syslogd'\.\.\. not infected$'
Checking `syslogd'... not infected
OK
**** Test for '^Checking `tar'\.\.\. not infected$'
Checking `tar'... not infected
OK
**** Test for '^Checking `tcpd'\.\.\. not infected$'
Checking `tcpd'... not infected
OK
**** Test for '^Checking `tcpdump'\.\.\. not infected$'
Checking `tcpdump'... not infected
OK
**** Test for '^Checking `top'\.\.\. not infected$'
Checking `top'... not infected
OK
**** Test for '^Checking `telnetd'\.\.\. not infected$'
Checking `telnetd'... not infected
OK
**** Test for '^Checking `timed'\.\.\. not infected$'
Checking `timed'... not infected
OK
**** Test for '^Checking `traceroute'\.\.\. not infected$'
Checking `traceroute'... not infected
OK
**** Test for '^Checking `vdir'\.\.\. not infected$'
Checking `vdir'... not infected
OK
**** Test for '^Checking `w'\.\.\. not infected$'
Checking `w'... not infected
OK
**** Test for '^Checking `write'\.\.\. not infected$'
Checking `write'... not infected
OK
**** Test for '^Checking `aliens'\.\.\. started$'
Checking `aliens'... started
OK
**** Test for '^Searching for suspicious files in /dev\.\.\. not found$'
Searching for suspicious files in /dev... not found
OK
**** Test for '^Searching for known suspicious directories\.\.\. not found$'
Searching for known suspicious directories... not found
OK
**** Test for '^Searching for known suspicious files\.\.\. not found$'
Searching for known suspicious files... not found
OK
**** Test for '^Searching for sniffer's logs\.\.\. not found$'
Searching for sniffer's logs... not found
OK
**** Test for '^Searching for HiDrootkit rootkit\.\.\. not found$'
Searching for HiDrootkit rootkit... not found
OK
**** Test for '^Searching for t0rn rootkit\.\.\. not found$'
Searching for t0rn rootkit... not found
OK
**** Test for '^Searching for t0rn v8 \(or variation\)\.\.\. not found$'
Searching for t0rn v8 (or variation)... not found
OK
**** Test for '^Searching for Lion rootkit\.\.\. not found$'
Searching for Lion rootkit... not found
OK
**** Test for '^Searching for RSHA rootkit\.\.\. not found$'
Searching for RSHA rootkit... not found
OK
**** Test for '^Searching for RH-Sharpe rootkit\.\.\. not found$'
Searching for RH-Sharpe rootkit... not found
OK
**** Test for '^Searching for Ambient \(ark\) rootkit\.\.\. not found$'
Searching for Ambient (ark) rootkit... not found
OK
**** Test for '^Searching for suspicious files and dirs\.\.\. WARNING$'
Searching for suspicious files and dirs... WARNING
OK
**** Test for '^WARNING: The following suspicious files and directories were found:$'
WARNING: The following suspicious files and directories were found:
OK
**** Test for '^(/usr)?/lib/\.1 \[Not from a Debian package\]$'
/usr/lib/.1 [Not from a Debian package]
OK
**** Test for '^(/usr)?/lib/\.aaa \[Not from a Debian package\]$'
/usr/lib/.aaa [Not from a Debian package]
OK
**** Test for '^(/usr)?/lib/\.1DIR \[Not from a Debian package\]$'
/usr/lib/.1DIR [Not from a Debian package]
OK
**** Test for '^(/usr)?/lib/\.\.\.DIR \[Not from a Debian package\]$'
/usr/lib/...DIR [Not from a Debian package]
OK
**** Test for '^(/usr)?/lib/\.bbb \[Not from a Debian package\]$'
/usr/lib/.bbb [Not from a Debian package]
OK
**** Test for '^(/usr)?/lib/\.DIR-aaa \[Not from a Debian package\]$'
/usr/lib/.DIR-aaa [Not from a Debian package]
OK
**** Test for '^(/usr)?/lib/\.\.\. \[Not from a Debian package\]$'
/usr/lib/... [Not from a Debian package]
OK
**** Test for '^$'
OK
**** Test for '^Searching for LPD Worm\.\.\. not found$'
Searching for LPD Worm... not found
OK
**** Test for '^Searching for Ramen Worm rootkit\.\.\. not found$'
Searching for Ramen Worm rootkit... not found
OK
**** Test for '^Searching for Maniac rootkit\.\.\. not found$'
Searching for Maniac rootkit... not found
OK
**** Test for '^Searching for RK17 rootkit\.\.\. not found$'
Searching for RK17 rootkit... not found
OK
**** Test for '^Searching for Ducoci rootkit\.\.\. not found$'
Searching for Ducoci rootkit... not found
OK
**** Test for '^Searching for Adore Worm\.\.\. not found$'
Searching for Adore Worm... not found
OK
**** Test for '^Searching for ShitC Worm\.\.\. not found$'
Searching for ShitC Worm... not found
OK
**** Test for '^Searching for Omega Worm\.\.\. not found$'
Searching for Omega Worm... not found
OK
**** Test for '^Searching for Sadmind/IIS Worm\.\.\. not found$'
Searching for Sadmind/IIS Worm... not found
OK
**** Test for '^Searching for MonKit\.\.\. not found$'
Searching for MonKit... not found
OK
**** Test for '^Searching for Showtee rootkit\.\.\. not found$'
Searching for Showtee rootkit... not found
OK
**** Test for '^Searching for OpticKit\.\.\. not found$'
Searching for OpticKit... not found
OK
**** Test for '^Searching for T\.R\.K\.\.\. not found$'
Searching for T.R.K... not found
OK
**** Test for '^Searching for Mithra rootkit\.\.\. not found$'
Searching for Mithra rootkit... not found
OK
**** Test for '^Searching for OBSD rootkit v1\.\.\. not tested$'
Searching for OBSD rootkit v1... not tested
OK
**** Test for '^Searching for LOC rootkit\.\.\. not found$'
Searching for LOC rootkit... not found
OK
**** Test for '^Searching for Romanian rootkit\.\.\. not found$'
Searching for Romanian rootkit... not found
OK
**** Test for '^Searching for HKRK rootkit\.\.\. not found$'
Searching for HKRK rootkit... not found
OK
**** Test for '^Searching for Suckit rootkit\.\.\. not found$'
Searching for Suckit rootkit... not found
OK
**** Test for '^Searching for Volc rootkit\.\.\. not found$'
Searching for Volc rootkit... not found
OK
**** Test for '^Searching for Gold2 rootkit\.\.\. not found$'
Searching for Gold2 rootkit... not found
OK
**** Test for '^Searching for TC2 rootkit\.\.\. not found$'
Searching for TC2 rootkit... not found
OK
**** Test for '^Searching for Anonoying rootkit\.\.\. not found$'
Searching for Anonoying rootkit... not found
OK
**** Test for '^Searching for ZK rootkit\.\.\. not found$'
Searching for ZK rootkit... not found
OK
**** Test for '^Searching for ShKit rootkit\.\.\. not found$'
Searching for ShKit rootkit... not found
OK
**** Test for '^Searching for AjaKit rootkit\.\.\. not found$'
Searching for AjaKit rootkit... not found
OK
**** Test for '^Searching for zaRwT rootkit\.\.\. not found$'
Searching for zaRwT rootkit... not found
OK
**** Test for '^Searching for Madalin rootkit\.\.\. not found$'
Searching for Madalin rootkit... not found
OK
**** Test for '^Searching for Fu rootkit\.\.\. not found$'
Searching for Fu rootkit... not found
OK
**** Test for '^Searching for Kenga3 rootkit\.\.\. not found$'
Searching for Kenga3 rootkit... not found
OK
**** Test for '^Searching for ESRK rootkit\.\.\. not found$'
Searching for ESRK rootkit... not found
OK
**** Test for '^Searching for rootedoor\.\.\. not found$'
Searching for rootedoor... not found
OK
**** Test for '^Searching for ENYELKM rootkit\.\.\. not found$'
Searching for ENYELKM rootkit... not found
OK
**** Test for '^Searching for common ssh-scanners\.\.\. not found$'
Searching for common ssh-scanners... not found
OK
**** Test for '^Searching for Linux/Ebury 1\.4 - Operation Windigo\.\.\. (not found|not tested)$'
Searching for Linux/Ebury 1.4 - Operation Windigo... not tested
OK
**** Test for '^Searching for Linux/Ebury 1\.6\.\.\. (not found|not tested)$'
Searching for Linux/Ebury 1.6... not tested
OK
**** Test for '^Searching for 64-bit Linux Rootkit\.\.\. not found$'
Searching for 64-bit Linux Rootkit... not found
OK
**** Test for '^Searching for 64-bit Linux Rootkit modules\.\.\. not found$'
Searching for 64-bit Linux Rootkit modules... not found
OK
**** Test for '^Searching for Mumblehard\.\.\. not found$'
Searching for Mumblehard... not found
OK
**** Test for '^Searching for Backdoor\.Linux\.Mokes\.a\.\.\. not found$'
Searching for Backdoor.Linux.Mokes.a... not found
OK
**** Test for '^Searching for Malicious TinyDNS\.\.\. not found$'
Searching for Malicious TinyDNS... not found
OK
**** Test for '^Searching for Linux\.Xor\.DDoS\.\.\. WARNING$'
Searching for Linux.Xor.DDoS... WARNING
OK
**** Test for '^WARNING: Possible Linux\.Xor\.DDoS installed:$'
WARNING: Possible Linux.Xor.DDoS installed:
OK
**** Test for '^/tmp/test-chkrootkit-false-positive \[Not from a Debian package\]$'
/tmp/test-chkrootkit-false-positive [Not from a Debian package]
OK
**** Test for '^/tmp/clean/.+$'
/tmp/clean/netstat [Not from a Debian package]
/tmp/clean/uname [Not from a Debian package]
/tmp/clean/dirname [Not from a Debian package]
/tmp/clean/xargs [Not from a Debian package]
/tmp/clean/grep [Not from a Debian package]
/tmp/clean/ss [Not from a Debian package]
/tmp/clean/ls [Not from a Debian package]
/tmp/clean/dpkg-query [Not from a Debian package]
/tmp/clean/head [Not from a Debian package]
/tmp/clean/id [Not from a Debian package]
/tmp/clean/awk [Not from a Debian package]
/tmp/clean/ps [Not from a Debian package]
/tmp/clean/echo [Not from a Debian package]
/tmp/clean/cut [Not from a Debian package]
/tmp/clean/strings [Not from a Debian package]
/tmp/clean/sed [Not from a Debian package]
/tmp/clean/find [Not from a Debian package]
OK
**** Test for '^Searching for Linux\.Proxy\.1\.0\.\.\. not found$'
Searching for Linux.Proxy.1.0... not found
OK
**** Test for '^Searching for CrossRAT\.\.\. not found$'
Searching for CrossRAT... not found
OK
**** Test for '^Searching for Hidden Cobra\.\.\. not found$'
Searching for Hidden Cobra... not found
OK
**** Test for '^Searching for Rocke Miner rootkit\.\.\. not found$'
Searching for Rocke Miner rootkit... not found
OK
**** Test for '^Searching for PWNLNX4 lkm rootkit\.\.\. not found$'
Searching for PWNLNX4 lkm rootkit... not found
OK
**** Test for '^Searching for PWNLNX6 lkm rootkit\.\.\. not found$'
Searching for PWNLNX6 lkm rootkit... not found
OK
**** Test for '^Searching for Umbreon lrk\.\.\. not found$'
Searching for Umbreon lrk... not found
OK
**** Test for '^Searching for Kinsing\.a backdoor rootkit\.\.\. not found$'
Searching for Kinsing.a backdoor rootkit... not found
OK
**** Test for '^Searching for RotaJakiro backdoor rootkit\.\.\. not found$'
Searching for RotaJakiro backdoor rootkit... not found
OK
**** Test for '^Searching for Syslogk LKM rootkit\.\.\. not found$'
Searching for Syslogk LKM rootkit... not found
OK
**** Test for '^Searching for Kovid LKM rootkit\.\.\. not tested$'
Searching for Kovid LKM rootkit... not tested
OK
**** Test for '^Searching for Tsunami DDoS Malware rootkit\.\.\. not found$'
Searching for Tsunami DDoS Malware rootkit... not found
OK
**** Test for '^Searching for Linux BPF Door\.\.\. not found$'
Searching for Linux BPF Door... not found
OK
**** Test for '^Searching for suspect PHP files\.\.\. not found$'
Searching for suspect PHP files... not found
OK
**** Test for '^Searching for zero-size shell history files in /root\.\.\. not found$'
Searching for zero-size shell history files in /root... not found
OK
**** Test for '^Searching for hardlinked shell history files in /root\.\.\. not found$'
Searching for hardlinked shell history files in /root... not found
OK
**** Test for '^Checking `aliens'\.\.\. finished$'
Checking `aliens'... finished
OK
**** Test for '^Checking `asp'\.\.\. not infected$'
Checking `asp'... not infected
OK
**** Test for '^Checking `bindshell'\.\.\. not found$'
Checking `bindshell'... not found
OK
**** Test for '^Checking `lkm'\.\.\. started$'
Checking `lkm'... started
OK
**** Test for '^Searching for Adore LKM\.\.\. not tested$'
Searching for Adore LKM... not tested
OK
**** Test for '^Searching for sebek LKM \(Adore based\)\.\.\. not tested$'
Searching for sebek LKM (Adore based)... not tested
OK
**** Test for '^Searching for knark LKM rootkit... not found$'
Searching for knark LKM rootkit... not found
OK
**** Test for '^Searching for for hidden processes with chkproc\.\.\. not found$'
Searching for for hidden processes with chkproc... not found
OK
**** Test for '^Searching for for hidden directories using chkdirs\.\.\.'
Searching for for hidden directories using chkdirs... not found
OK
**** Test for '^Checking `lkm'\.\.\. finished$'
Checking `lkm'... finished
OK
**** Test for '^Checking `rexedcs'\.\.\. not found$'
Checking `rexedcs'... not found
OK
**** Test for '^Checking `sniffer'\.\.\. not found$'
Checking `sniffer'... not found
OK
**** Test for '^Checking `w55808'\.\.\. not found$'
Checking `w55808'... not found
OK
**** Test for '^Checking `wted'\.\.\. not (tested|found)$'
Checking `wted'... not found
OK
**** Test for '^Checking `scalper'\.\.\. not found$'
Checking `scalper'... not found
OK
**** Test for '^Checking `slapper'\.\.\. not found$'
Checking `slapper'... not found
OK
**** Test for '^Checking `z2'\.\.\. not (tested|found)$'
Checking `z2'... not found
OK
**** Test for '^Checking `chkutmp'\.\.\.'
Checking `chkutmp'... not tested
OK
**** Test for '^Checking `OSX_RSPLUG'\.\.\. not tested$'
Checking `OSX_RSPLUG'... not tested
OK
**** Test for '^--- \[ END: cat /var/log/chkrootkit/log\.today \] ---$'
--- [ END: cat /var/log/chkrootkit/log.today ] ---
OK
**** Test for '^To create this file containing all output from today's run, do \(as root\)$'
To create this file containing all output from today's run, do (as root)
OK
**** Test for '^# cp -a /var/log/chkrootkit/log\.today /var/log/chkrootkit/log\.expected$'
# cp -a /var/log/chkrootkit/log.today /var/log/chkrootkit/log.expected
OK
**** Test for '^# \(note that unedited output is in /var/log/chkrootkit/log\.today\.raw\)$'
# (note that unedited output is in /var/log/chkrootkit/log.today.raw)
OK
** PASS: Testing: cron-with-diff-mode-01-full (chkrootkit-daily) done: PASS
** Testing: cron-with-diff-mode-02-full-rerun (chkrootkit-daily) ...
*** Output
No file /var/log/chkrootkit/log.expected
This file should contain expected output from chkrootkit
Today's run produced the following output:
--- [ BEGIN: cat /var/log/chkrootkit/log.today ] ---
ROOTDIR is `/'
Checking `amd'... not infected
Checking `basename'... not infected
Checking `biff'... not infected
Checking `chfn'... not infected
Checking `chsh'... not infected
Checking `cron'... not infected
Checking `crontab'... not infected
Checking `date'... not infected
Checking `du'... not infected
Checking `dirname'... not infected
Checking `echo'... not infected
Checking `egrep'... not infected
Checking `env'... not infected
Checking `find'... not infected
Checking `fingerd'... not infected
Checking `gpm'... not infected
Checking `grep'... not infected
Checking `hdparm'... not infected
Checking `su'... not infected
Checking `ifconfig'... not infected
Checking `inetd'... not infected
Checking `inetdconf'... not infected
Checking `identd'... not infected
Checking `init'... not infected
Checking `killall'... not infected
Checking `ldsopreload'... not infected
Checking `login'... not infected
Checking `ls'... not infected
Checking `lsof'... not infected
Checking `mail'... not infected
Checking `mingetty'... not infected
Checking `netstat'... not infected
Checking `named'... not infected
Checking `passwd'... not infected
Checking `pidof'... not infected
Checking `pop2'... not infected
Checking `pop3'... not infected
Checking `ps'... not infected
Checking `pstree'... not infected
Checking `rpcinfo'... not infected
Checking `rlogind'... not infected
Checking `rshd'... not infected
Checking `slogin'... not infected
Checking `sendmail'... not infected
Checking `sshd'... not infected
Checking `syslogd'... not infected
Checking `tar'... not infected
Checking `tcpd'... not infected
Checking `tcpdump'... not infected
Checking `top'... not infected
Checking `telnetd'... not infected
Checking `timed'... not infected
Checking `traceroute'... not infected
Checking `vdir'... not infected
Checking `w'... not infected
Checking `write'... not infected
Checking `aliens'... started
Searching for suspicious files in /dev... not found
Searching for known suspicious directories... not found
Searching for known suspicious files... not found
Searching for sniffer's logs... not found
Searching for HiDrootkit rootkit... not found
Searching for t0rn rootkit... not found
Searching for t0rn v8 (or variation)... not found
Searching for Lion rootkit... not found
Searching for RSHA rootkit... not found
Searching for RH-Sharpe rootkit... not found
Searching for Ambient (ark) rootkit... not found
Searching for suspicious files and dirs... WARNING
WARNING: The following suspicious files and directories were found:
/usr/lib/.1 [Not from a Debian package]
/usr/lib/.DIR-aaa [Not from a Debian package]
/usr/lib/... [Not from a Debian package]
/usr/lib/.bbb [Not from a Debian package]
/usr/lib/...DIR [Not from a Debian package]
/usr/lib/.1DIR [Not from a Debian package]
/usr/lib/.aaa [Not from a Debian package]
Searching for LPD Worm... not found
Searching for Ramen Worm rootkit... not found
Searching for Maniac rootkit... not found
Searching for RK17 rootkit... not found
Searching for Ducoci rootkit... not found
Searching for Adore Worm... not found
Searching for ShitC Worm... not found
Searching for Omega Worm... not found
Searching for Sadmind/IIS Worm... not found
Searching for MonKit... not found
Searching for Showtee rootkit... not found
Searching for OpticKit... not found
Searching for T.R.K... not found
Searching for Mithra rootkit... not found
Searching for OBSD rootkit v1... not tested
Searching for LOC rootkit... not found
Searching for Romanian rootkit... not found
Searching for HKRK rootkit... not found
Searching for Suckit rootkit... not found
Searching for Volc rootkit... not found
Searching for Gold2 rootkit... not found
Searching for TC2 rootkit... not found
Searching for Anonoying rootkit... not found
Searching for ZK rootkit... not found
Searching for ShKit rootkit... not found
Searching for AjaKit rootkit... not found
Searching for zaRwT rootkit... not found
Searching for Madalin rootkit... not found
Searching for Fu rootkit... not found
Searching for Kenga3 rootkit... not found
Searching for ESRK rootkit... not found
Searching for rootedoor... not found
Searching for ENYELKM rootkit... not found
Searching for common ssh-scanners... not found
Searching for Linux/Ebury 1.4 - Operation Windigo... not tested
Searching for Linux/Ebury 1.6... not tested
Searching for 64-bit Linux Rootkit... not found
Searching for 64-bit Linux Rootkit modules... not found
Searching for Mumblehard... not found
Searching for Backdoor.Linux.Mokes.a... not found
Searching for Malicious TinyDNS... not found
Searching for Linux.Xor.DDoS... WARNING
WARNING: Possible Linux.Xor.DDoS installed:
/tmp/autopkgtest.agxPFS/wrapper.sh [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/check_php [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/debian/rules [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/debian/tests/test-chkrootkit [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/debian/tests/find-debs-that-are-enhanced [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/debian/chkrootkit-daily [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/check_if_debian [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-w55808.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-chk_sendmail.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-chk_lsof.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-chk_pidof.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-z2.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-chk_inetdconf.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-chkutmp.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-chk_w.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-chk_pop2.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-chk_killall.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-chk_pstree.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-chk_tcpd.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-chk_slogin.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-slapper.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-helper-functions-for-reporting-results.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-chk_mail.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-chk_chsh.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-chk_inetd.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-chk_date.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-chk_tar.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-chk_basename.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-aliens.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-rexedcs.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-chk_ls.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-chk_crontab.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-OSX_RSPLUG.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-chk_echo.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-chk_named.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-bindshell.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-chk_vdir.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-chk_amd.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-chk_tcpdump.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-chk_timed.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-chk_top.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-chk_netstat.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-chk_identd.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-chk_hdparm.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-chk_mingetty.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-chk_traceroute.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-chk_rshd.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-lkm.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-chk_env.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-printn.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-chk_telnetd.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-chk_rpcinfo.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-chk_biff.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-scalper.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-asp.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-chk_find.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-chk_rlogind.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-lookfor-rootkit.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-chk_pop3.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-chk_login.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-chk_grep.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-sniffer.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-chk_gpm.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-chk_ldsopreload.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-chk_syslog.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-chk_egrep.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-chk_sshd.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-Debian-cd.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-chk_passwd.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-chk_fingerd.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-chk_ps.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-chk_cron.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-wted.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-chk_du.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-chk_init.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-chk_ifconfig.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-chk_write.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-chk_dirname.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-chk_su.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-top-level.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-chk_chfn.patch/chkrootkit [Not from a Debian package]
/tmp/test-chkrootkit-false-positive [Not from a Debian package]
/tmp/clean/netstat [Not from a Debian package]
/tmp/clean/uname [Not from a Debian package]
/tmp/clean/dirname [Not from a Debian package]
/tmp/clean/xargs [Not from a Debian package]
/tmp/clean/grep [Not from a Debian package]
/tmp/clean/ss [Not from a Debian package]
/tmp/clean/ls [Not from a Debian package]
/tmp/clean/dpkg-query [Not from a Debian package]
/tmp/clean/head [Not from a Debian package]
/tmp/clean/id [Not from a Debian package]
/tmp/clean/awk [Not from a Debian package]
/tmp/clean/ps [Not from a Debian package]
/tmp/clean/echo [Not from a Debian package]
/tmp/clean/cut [Not from a Debian package]
/tmp/clean/strings [Not from a Debian package]
/tmp/clean/sed [Not from a Debian package]
/tmp/clean/find [Not from a Debian package]
Searching for Linux.Proxy.1.0... not found
Searching for CrossRAT... not found
Searching for Hidden Cobra... not found
Searching for Rocke Miner rootkit... not found
Searching for PWNLNX4 lkm rootkit... not found
Searching for PWNLNX6 lkm rootkit... not found
Searching for Umbreon lrk... not found
Searching for Kinsing.a backdoor rootkit... not found
Searching for RotaJakiro backdoor rootkit... not found
Searching for Syslogk LKM rootkit... not found
Searching for Kovid LKM rootkit... not tested
Searching for Tsunami DDoS Malware rootkit... not found
Searching for Linux BPF Door... not found
Searching for suspect PHP files... not found
Searching for zero-size shell history files in /root... not found
Searching for hardlinked shell history files in /root... not found
Checking `aliens'... finished
Checking `asp'... not infected
Checking `bindshell'... not found
Checking `lkm'... started
Searching for Adore LKM... not tested
Searching for sebek LKM (Adore based)... not tested
Searching for knark LKM rootkit... not found
Searching for for hidden processes with chkproc... not found
Searching for for hidden directories using chkdirs... not found
Checking `lkm'... finished
Checking `rexedcs'... not found
Checking `sniffer'... not found
Checking `w55808'... not found
Checking `wted'... not found
Checking `scalper'... not found
Checking `slapper'... not found
Checking `z2'... not found
Checking `chkutmp'... not tested
Checking `OSX_RSPLUG'... not tested
--- [ END: cat /var/log/chkrootkit/log.today ] ---
To create this file containing all output from today's run, do (as root)
# cp -a /var/log/chkrootkit/log.today /var/log/chkrootkit/log.expected
# (note that unedited output is in /var/log/chkrootkit/log.today.raw)
**** Files in log
total 72K
drwxr-xr-x 2 root root 4.0K Jan 28 08:48 .
drwxr-xr-x 4 root root 4.0K Jan 28 08:46 ..
-rw-r--r-- 1 root root 21K Jan 28 08:51 chkrootkit-daily.log
-rw-r--r-- 1 root root 20K Jan 28 08:51 log.today
-rw-r--r-- 1 root root 20K Jan 28 08:51 log.today.raw
*** Test of content of output follows...
**** Test for '^No file /var/log/chkrootkit/log\.expected$'
No file /var/log/chkrootkit/log.expected
OK
**** Test for '^This file should contain expected output from chkrootkit$'
This file should contain expected output from chkrootkit
OK
**** Test for '^$'
OK
**** Test for '^Today's run produced the following output:$'
Today's run produced the following output:
OK
**** Test for '^--- \[ BEGIN: cat /var/log/chkrootkit/log\.today \] ---$'
--- [ BEGIN: cat /var/log/chkrootkit/log.today ] ---
OK
**** Test for '^ROOTDIR is `/'$'
ROOTDIR is `/'
OK
**** Test for '^Checking `amd'\.\.\. not infected$'
Checking `amd'... not infected
OK
**** Test for '^Checking `basename'\.\.\. not infected$'
Checking `basename'... not infected
OK
**** Test for '^Checking `biff'\.\.\. not infected$'
Checking `biff'... not infected
OK
**** Test for '^Checking `chfn'\.\.\. not infected$'
Checking `chfn'... not infected
OK
**** Test for '^Checking `chsh'\.\.\. not infected$'
Checking `chsh'... not infected
OK
**** Test for '^Checking `cron'\.\.\. not infected$'
Checking `cron'... not infected
OK
**** Test for '^Checking `crontab'\.\.\. not infected$'
Checking `crontab'... not infected
OK
**** Test for '^Checking `date'\.\.\. not infected$'
Checking `date'... not infected
OK
**** Test for '^Checking `du'\.\.\. not infected$'
Checking `du'... not infected
OK
**** Test for '^Checking `dirname'\.\.\. not infected$'
Checking `dirname'... not infected
OK
**** Test for '^Checking `echo'\.\.\. not infected$'
Checking `echo'... not infected
OK
**** Test for '^Checking `egrep'\.\.\. not infected$'
Checking `egrep'... not infected
OK
**** Test for '^Checking `env'\.\.\. not infected$'
Checking `env'... not infected
OK
**** Test for '^Checking `find'\.\.\. not infected$'
Checking `find'... not infected
OK
**** Test for '^Checking `fingerd'\.\.\. not infected$'
Checking `fingerd'... not infected
OK
**** Test for '^Checking `gpm'\.\.\. not infected$'
Checking `gpm'... not infected
OK
**** Test for '^Checking `grep'\.\.\. not infected$'
Checking `grep'... not infected
OK
**** Test for '^Checking `hdparm'\.\.\. not infected$'
Checking `hdparm'... not infected
OK
**** Test for '^Checking `su'\.\.\. not infected$'
Checking `su'... not infected
OK
**** Test for '^Checking `ifconfig'\.\.\. not infected$'
Checking `ifconfig'... not infected
OK
**** Test for '^Checking `inetd'\.\.\. not infected$'
Checking `inetd'... not infected
OK
**** Test for '^Checking `inetdconf'\.\.\. not infected$'
Checking `inetdconf'... not infected
OK
**** Test for '^Checking `identd'\.\.\. not infected$'
Checking `identd'... not infected
OK
**** Test for '^Checking `init'\.\.\. not infected$'
Checking `init'... not infected
OK
**** Test for '^Checking `killall'\.\.\. not infected$'
Checking `killall'... not infected
OK
**** Test for '^Checking `ldsopreload'\.\.\. not infected$'
Checking `ldsopreload'... not infected
OK
**** Test for '^Checking `login'\.\.\. not infected$'
Checking `login'... not infected
OK
**** Test for '^Checking `ls'\.\.\. not infected$'
Checking `ls'... not infected
OK
**** Test for '^Checking `lsof'\.\.\. not infected$'
Checking `lsof'... not infected
OK
**** Test for '^Checking `mail'\.\.\. not infected$'
Checking `mail'... not infected
OK
**** Test for '^Checking `mingetty'\.\.\. not infected$'
Checking `mingetty'... not infected
OK
**** Test for '^Checking `netstat'\.\.\. not infected$'
Checking `netstat'... not infected
OK
**** Test for '^Checking `named'\.\.\. not infected$'
Checking `named'... not infected
OK
**** Test for '^Checking `passwd'\.\.\. not infected$'
Checking `passwd'... not infected
OK
**** Test for '^Checking `pidof'\.\.\. not infected$'
Checking `pidof'... not infected
OK
**** Test for '^Checking `pop2'\.\.\. not infected$'
Checking `pop2'... not infected
OK
**** Test for '^Checking `pop3'\.\.\. not infected$'
Checking `pop3'... not infected
OK
**** Test for '^Checking `ps'\.\.\. not infected$'
Checking `ps'... not infected
OK
**** Test for '^Checking `pstree'\.\.\. not infected$'
Checking `pstree'... not infected
OK
**** Test for '^Checking `rpcinfo'\.\.\. not infected$'
Checking `rpcinfo'... not infected
OK
**** Test for '^Checking `rlogind'\.\.\. not infected$'
Checking `rlogind'... not infected
OK
**** Test for '^Checking `rshd'\.\.\. not infected$'
Checking `rshd'... not infected
OK
**** Test for '^Checking `slogin'\.\.\. not infected$'
Checking `slogin'... not infected
OK
**** Test for '^Checking `sendmail'\.\.\. not infected$'
Checking `sendmail'... not infected
OK
**** Test for '^Checking `sshd'\.\.\. not infected$'
Checking `sshd'... not infected
OK
**** Test for '^Checking `syslogd'\.\.\. not infected$'
Checking `syslogd'... not infected
OK
**** Test for '^Checking `tar'\.\.\. not infected$'
Checking `tar'... not infected
OK
**** Test for '^Checking `tcpd'\.\.\. not infected$'
Checking `tcpd'... not infected
OK
**** Test for '^Checking `tcpdump'\.\.\. not infected$'
Checking `tcpdump'... not infected
OK
**** Test for '^Checking `top'\.\.\. not infected$'
Checking `top'... not infected
OK
**** Test for '^Checking `telnetd'\.\.\. not infected$'
Checking `telnetd'... not infected
OK
**** Test for '^Checking `timed'\.\.\. not infected$'
Checking `timed'... not infected
OK
**** Test for '^Checking `traceroute'\.\.\. not infected$'
Checking `traceroute'... not infected
OK
**** Test for '^Checking `vdir'\.\.\. not infected$'
Checking `vdir'... not infected
OK
**** Test for '^Checking `w'\.\.\. not infected$'
Checking `w'... not infected
OK
**** Test for '^Checking `write'\.\.\. not infected$'
Checking `write'... not infected
OK
**** Test for '^Checking `aliens'\.\.\. started$'
Checking `aliens'... started
OK
**** Test for '^Searching for suspicious files in /dev\.\.\. not found$'
Searching for suspicious files in /dev... not found
OK
**** Test for '^Searching for known suspicious directories\.\.\. not found$'
Searching for known suspicious directories... not found
OK
**** Test for '^Searching for known suspicious files\.\.\. not found$'
Searching for known suspicious files... not found
OK
**** Test for '^Searching for sniffer's logs\.\.\. not found$'
Searching for sniffer's logs... not found
OK
**** Test for '^Searching for HiDrootkit rootkit\.\.\. not found$'
Searching for HiDrootkit rootkit... not found
OK
**** Test for '^Searching for t0rn rootkit\.\.\. not found$'
Searching for t0rn rootkit... not found
OK
**** Test for '^Searching for t0rn v8 \(or variation\)\.\.\. not found$'
Searching for t0rn v8 (or variation)... not found
OK
**** Test for '^Searching for Lion rootkit\.\.\. not found$'
Searching for Lion rootkit... not found
OK
**** Test for '^Searching for RSHA rootkit\.\.\. not found$'
Searching for RSHA rootkit... not found
OK
**** Test for '^Searching for RH-Sharpe rootkit\.\.\. not found$'
Searching for RH-Sharpe rootkit... not found
OK
**** Test for '^Searching for Ambient \(ark\) rootkit\.\.\. not found$'
Searching for Ambient (ark) rootkit... not found
OK
**** Test for '^Searching for suspicious files and dirs\.\.\. WARNING$'
Searching for suspicious files and dirs... WARNING
OK
**** Test for '^WARNING: The following suspicious files and directories were found:$'
WARNING: The following suspicious files and directories were found:
OK
**** Test for '^(/usr)?/lib/\.1 \[Not from a Debian package\]$'
/usr/lib/.1 [Not from a Debian package]
OK
**** Test for '^(/usr)?/lib/\.aaa \[Not from a Debian package\]$'
/usr/lib/.aaa [Not from a Debian package]
OK
**** Test for '^(/usr)?/lib/\.1DIR \[Not from a Debian package\]$'
/usr/lib/.1DIR [Not from a Debian package]
OK
**** Test for '^(/usr)?/lib/\.\.\.DIR \[Not from a Debian package\]$'
/usr/lib/...DIR [Not from a Debian package]
OK
**** Test for '^(/usr)?/lib/\.bbb \[Not from a Debian package\]$'
/usr/lib/.bbb [Not from a Debian package]
OK
**** Test for '^(/usr)?/lib/\.DIR-aaa \[Not from a Debian package\]$'
/usr/lib/.DIR-aaa [Not from a Debian package]
OK
**** Test for '^(/usr)?/lib/\.\.\. \[Not from a Debian package\]$'
/usr/lib/... [Not from a Debian package]
OK
**** Test for '^$'
OK
**** Test for '^Searching for LPD Worm\.\.\. not found$'
Searching for LPD Worm... not found
OK
**** Test for '^Searching for Ramen Worm rootkit\.\.\. not found$'
Searching for Ramen Worm rootkit... not found
OK
**** Test for '^Searching for Maniac rootkit\.\.\. not found$'
Searching for Maniac rootkit... not found
OK
**** Test for '^Searching for RK17 rootkit\.\.\. not found$'
Searching for RK17 rootkit... not found
OK
**** Test for '^Searching for Ducoci rootkit\.\.\. not found$'
Searching for Ducoci rootkit... not found
OK
**** Test for '^Searching for Adore Worm\.\.\. not found$'
Searching for Adore Worm... not found
OK
**** Test for '^Searching for ShitC Worm\.\.\. not found$'
Searching for ShitC Worm... not found
OK
**** Test for '^Searching for Omega Worm\.\.\. not found$'
Searching for Omega Worm... not found
OK
**** Test for '^Searching for Sadmind/IIS Worm\.\.\. not found$'
Searching for Sadmind/IIS Worm... not found
OK
**** Test for '^Searching for MonKit\.\.\. not found$'
Searching for MonKit... not found
OK
**** Test for '^Searching for Showtee rootkit\.\.\. not found$'
Searching for Showtee rootkit... not found
OK
**** Test for '^Searching for OpticKit\.\.\. not found$'
Searching for OpticKit... not found
OK
**** Test for '^Searching for T\.R\.K\.\.\. not found$'
Searching for T.R.K... not found
OK
**** Test for '^Searching for Mithra rootkit\.\.\. not found$'
Searching for Mithra rootkit... not found
OK
**** Test for '^Searching for OBSD rootkit v1\.\.\. not tested$'
Searching for OBSD rootkit v1... not tested
OK
**** Test for '^Searching for LOC rootkit\.\.\. not found$'
Searching for LOC rootkit... not found
OK
**** Test for '^Searching for Romanian rootkit\.\.\. not found$'
Searching for Romanian rootkit... not found
OK
**** Test for '^Searching for HKRK rootkit\.\.\. not found$'
Searching for HKRK rootkit... not found
OK
**** Test for '^Searching for Suckit rootkit\.\.\. not found$'
Searching for Suckit rootkit... not found
OK
**** Test for '^Searching for Volc rootkit\.\.\. not found$'
Searching for Volc rootkit... not found
OK
**** Test for '^Searching for Gold2 rootkit\.\.\. not found$'
Searching for Gold2 rootkit... not found
OK
**** Test for '^Searching for TC2 rootkit\.\.\. not found$'
Searching for TC2 rootkit... not found
OK
**** Test for '^Searching for Anonoying rootkit\.\.\. not found$'
Searching for Anonoying rootkit... not found
OK
**** Test for '^Searching for ZK rootkit\.\.\. not found$'
Searching for ZK rootkit... not found
OK
**** Test for '^Searching for ShKit rootkit\.\.\. not found$'
Searching for ShKit rootkit... not found
OK
**** Test for '^Searching for AjaKit rootkit\.\.\. not found$'
Searching for AjaKit rootkit... not found
OK
**** Test for '^Searching for zaRwT rootkit\.\.\. not found$'
Searching for zaRwT rootkit... not found
OK
**** Test for '^Searching for Madalin rootkit\.\.\. not found$'
Searching for Madalin rootkit... not found
OK
**** Test for '^Searching for Fu rootkit\.\.\. not found$'
Searching for Fu rootkit... not found
OK
**** Test for '^Searching for Kenga3 rootkit\.\.\. not found$'
Searching for Kenga3 rootkit... not found
OK
**** Test for '^Searching for ESRK rootkit\.\.\. not found$'
Searching for ESRK rootkit... not found
OK
**** Test for '^Searching for rootedoor\.\.\. not found$'
Searching for rootedoor... not found
OK
**** Test for '^Searching for ENYELKM rootkit\.\.\. not found$'
Searching for ENYELKM rootkit... not found
OK
**** Test for '^Searching for common ssh-scanners\.\.\. not found$'
Searching for common ssh-scanners... not found
OK
**** Test for '^Searching for Linux/Ebury 1\.4 - Operation Windigo\.\.\. (not found|not tested)$'
Searching for Linux/Ebury 1.4 - Operation Windigo... not tested
OK
**** Test for '^Searching for Linux/Ebury 1\.6\.\.\. (not found|not tested)$'
Searching for Linux/Ebury 1.6... not tested
OK
**** Test for '^Searching for 64-bit Linux Rootkit\.\.\. not found$'
Searching for 64-bit Linux Rootkit... not found
OK
**** Test for '^Searching for 64-bit Linux Rootkit modules\.\.\. not found$'
Searching for 64-bit Linux Rootkit modules... not found
OK
**** Test for '^Searching for Mumblehard\.\.\. not found$'
Searching for Mumblehard... not found
OK
**** Test for '^Searching for Backdoor\.Linux\.Mokes\.a\.\.\. not found$'
Searching for Backdoor.Linux.Mokes.a... not found
OK
**** Test for '^Searching for Malicious TinyDNS\.\.\. not found$'
Searching for Malicious TinyDNS... not found
OK
**** Test for '^Searching for Linux\.Xor\.DDoS\.\.\. WARNING$'
Searching for Linux.Xor.DDoS... WARNING
OK
**** Test for '^WARNING: Possible Linux\.Xor\.DDoS installed:$'
WARNING: Possible Linux.Xor.DDoS installed:
OK
**** Test for '^/tmp/test-chkrootkit-false-positive \[Not from a Debian package\]$'
/tmp/test-chkrootkit-false-positive [Not from a Debian package]
OK
**** Test for '^/tmp/clean/.+$'
/tmp/clean/netstat [Not from a Debian package]
/tmp/clean/uname [Not from a Debian package]
/tmp/clean/dirname [Not from a Debian package]
/tmp/clean/xargs [Not from a Debian package]
/tmp/clean/grep [Not from a Debian package]
/tmp/clean/ss [Not from a Debian package]
/tmp/clean/ls [Not from a Debian package]
/tmp/clean/dpkg-query [Not from a Debian package]
/tmp/clean/head [Not from a Debian package]
/tmp/clean/id [Not from a Debian package]
/tmp/clean/awk [Not from a Debian package]
/tmp/clean/ps [Not from a Debian package]
/tmp/clean/echo [Not from a Debian package]
/tmp/clean/cut [Not from a Debian package]
/tmp/clean/strings [Not from a Debian package]
/tmp/clean/sed [Not from a Debian package]
/tmp/clean/find [Not from a Debian package]
OK
**** Test for '^Searching for Linux\.Proxy\.1\.0\.\.\. not found$'
Searching for Linux.Proxy.1.0... not found
OK
**** Test for '^Searching for CrossRAT\.\.\. not found$'
Searching for CrossRAT... not found
OK
**** Test for '^Searching for Hidden Cobra\.\.\. not found$'
Searching for Hidden Cobra... not found
OK
**** Test for '^Searching for Rocke Miner rootkit\.\.\. not found$'
Searching for Rocke Miner rootkit... not found
OK
**** Test for '^Searching for PWNLNX4 lkm rootkit\.\.\. not found$'
Searching for PWNLNX4 lkm rootkit... not found
OK
**** Test for '^Searching for PWNLNX6 lkm rootkit\.\.\. not found$'
Searching for PWNLNX6 lkm rootkit... not found
OK
**** Test for '^Searching for Umbreon lrk\.\.\. not found$'
Searching for Umbreon lrk... not found
OK
**** Test for '^Searching for Kinsing\.a backdoor rootkit\.\.\. not found$'
Searching for Kinsing.a backdoor rootkit... not found
OK
**** Test for '^Searching for RotaJakiro backdoor rootkit\.\.\. not found$'
Searching for RotaJakiro backdoor rootkit... not found
OK
**** Test for '^Searching for Syslogk LKM rootkit\.\.\. not found$'
Searching for Syslogk LKM rootkit... not found
OK
**** Test for '^Searching for Kovid LKM rootkit\.\.\. not tested$'
Searching for Kovid LKM rootkit... not tested
OK
**** Test for '^Searching for Tsunami DDoS Malware rootkit\.\.\. not found$'
Searching for Tsunami DDoS Malware rootkit... not found
OK
**** Test for '^Searching for Linux BPF Door\.\.\. not found$'
Searching for Linux BPF Door... not found
OK
**** Test for '^Searching for suspect PHP files\.\.\. not found$'
Searching for suspect PHP files... not found
OK
**** Test for '^Searching for zero-size shell history files in /root\.\.\. not found$'
Searching for zero-size shell history files in /root... not found
OK
**** Test for '^Searching for hardlinked shell history files in /root\.\.\. not found$'
Searching for hardlinked shell history files in /root... not found
OK
**** Test for '^Checking `aliens'\.\.\. finished$'
Checking `aliens'... finished
OK
**** Test for '^Checking `asp'\.\.\. not infected$'
Checking `asp'... not infected
OK
**** Test for '^Checking `bindshell'\.\.\. not found$'
Checking `bindshell'... not found
OK
**** Test for '^Checking `lkm'\.\.\. started$'
Checking `lkm'... started
OK
**** Test for '^Searching for Adore LKM\.\.\. not tested$'
Searching for Adore LKM... not tested
OK
**** Test for '^Searching for sebek LKM \(Adore based\)\.\.\. not tested$'
Searching for sebek LKM (Adore based)... not tested
OK
**** Test for '^Searching for knark LKM rootkit... not found$'
Searching for knark LKM rootkit... not found
OK
**** Test for '^Searching for for hidden processes with chkproc\.\.\. not found$'
Searching for for hidden processes with chkproc... not found
OK
**** Test for '^Searching for for hidden directories using chkdirs\.\.\.'
Searching for for hidden directories using chkdirs... not found
OK
**** Test for '^Checking `lkm'\.\.\. finished$'
Checking `lkm'... finished
OK
**** Test for '^Checking `rexedcs'\.\.\. not found$'
Checking `rexedcs'... not found
OK
**** Test for '^Checking `sniffer'\.\.\. not found$'
Checking `sniffer'... not found
OK
**** Test for '^Checking `w55808'\.\.\. not found$'
Checking `w55808'... not found
OK
**** Test for '^Checking `wted'\.\.\. not (tested|found)$'
Checking `wted'... not found
OK
**** Test for '^Checking `scalper'\.\.\. not found$'
Checking `scalper'... not found
OK
**** Test for '^Checking `slapper'\.\.\. not found$'
Checking `slapper'... not found
OK
**** Test for '^Checking `z2'\.\.\. not (tested|found)$'
Checking `z2'... not found
OK
**** Test for '^Checking `chkutmp'\.\.\.'
Checking `chkutmp'... not tested
OK
**** Test for '^Checking `OSX_RSPLUG'\.\.\. not tested$'
Checking `OSX_RSPLUG'... not tested
OK
**** Test for '^--- \[ END: cat /var/log/chkrootkit/log\.today \] ---$'
--- [ END: cat /var/log/chkrootkit/log.today ] ---
OK
**** Test for '^To create this file containing all output from today's run, do \(as root\)$'
To create this file containing all output from today's run, do (as root)
OK
**** Test for '^# cp -a /var/log/chkrootkit/log\.today /var/log/chkrootkit/log\.expected$'
# cp -a /var/log/chkrootkit/log.today /var/log/chkrootkit/log.expected
OK
**** Test for '^# \(note that unedited output is in /var/log/chkrootkit/log\.today\.raw\)$'
# (note that unedited output is in /var/log/chkrootkit/log.today.raw)
OK
** PASS: Testing: cron-with-diff-mode-02-full-rerun (chkrootkit-daily) done: PASS
** Testing: cron-with-diff-mode-03-full-after-update (chkrootkit-daily) ...
*** Output
**** Files in log
total 68K
drwxr-xr-x 2 root root 4.0K Jan 28 08:51 .
drwxr-xr-x 4 root root 4.0K Jan 28 08:46 ..
-rw-r--r-- 1 root root 0 Jan 28 08:51 chkrootkit-daily.log
-rw-r--r-- 1 root root 20K Jan 28 08:51 log.expected
-rw-r--r-- 1 root root 20K Jan 28 08:52 log.today
-rw-r--r-- 1 root root 20K Jan 28 08:52 log.today.raw
*** Test of content of output follows...
**** Expected is empty, so output should be empty
Output is indeed empty: PASS
** PASS: Testing: cron-with-diff-mode-03-full-after-update (chkrootkit-daily) done: PASS
** Testing: cron-with-diff-mode-04-full-no-ionice (chkrootkit-daily) ...
*** Output
**** Files in log
total 68K
drwxr-xr-x 2 root root 4.0K Jan 28 08:51 .
drwxr-xr-x 4 root root 4.0K Jan 28 08:46 ..
-rw-r--r-- 1 root root 0 Jan 28 08:52 chkrootkit-daily.log
-rw-r--r-- 1 root root 20K Jan 28 08:51 log.expected
-rw-r--r-- 1 root root 20K Jan 28 08:52 log.today
-rw-r--r-- 1 root root 20K Jan 28 08:52 log.today.raw
*** Test of content of output follows...
**** Expected is empty, so output should be empty
Output is indeed empty: PASS
** PASS: Testing: cron-with-diff-mode-04-full-no-ionice (chkrootkit-daily) done: PASS
** Testing: cron-with-diff-mode-05-full-filter-and-ignore (chkrootkit-daily) ...
*** Output
chkrootkit output was not as expected.
The difference is:
--- [ BEGIN: diff -u /var/log/chkrootkit/log.expected /var/log/chkrootkit/log.today ] ---
--- /var/log/chkrootkit/log.expected 2025-01-28 08:51:45.884000000 +0000
+++ /var/log/chkrootkit/log.today 2025-01-28 08:53:09.040000000 +0000
@@ -73,10 +73,9 @@
/usr/lib/.1 [Not from a Debian package]
/usr/lib/.DIR-aaa [Not from a Debian package]
/usr/lib/... [Not from a Debian package]
-/usr/lib/.bbb [Not from a Debian package]
+/usr/lib/.bCHANGED-IN-FILTER_
/usr/lib/...DIR [Not from a Debian package]
/usr/lib/.1DIR [Not from a Debian package]
-/usr/lib/.aaa [Not from a Debian package]
Searching for LPD Worm... not found
Searching for Ramen Worm rootkit... not found
--- [ END: diff -u /var/log/chkrootkit/log.expected /var/log/chkrootkit/log.today ] ---
To update the expected output, run (as root)
# cp -a -f /var/log/chkrootkit/log.today /var/log/chkrootkit/log.expected
# (note that unedited output is in /var/log/chkrootkit/log.today.raw)
**** Files in log
total 72K
drwxr-xr-x 2 root root 4.0K Jan 28 08:51 .
drwxr-xr-x 4 root root 4.0K Jan 28 08:46 ..
-rw-r--r-- 1 root root 1.1K Jan 28 08:53 chkrootkit-daily.log
-rw-r--r-- 1 root root 20K Jan 28 08:51 log.expected
-rw-r--r-- 1 root root 20K Jan 28 08:53 log.today
-rw-r--r-- 1 root root 20K Jan 28 08:53 log.today.raw
*** Test of content of output follows...
**** Test for '^chkrootkit output was not as expected\.$'
chkrootkit output was not as expected.
OK
**** Test for '^$'
OK
**** Test for '^The difference is:$'
The difference is:
OK
**** Test for '^--- \[ BEGIN: diff -u /var/log/chkrootkit/log\.expected /var/log/chkrootkit/log\.today \] ---$'
--- [ BEGIN: diff -u /var/log/chkrootkit/log.expected /var/log/chkrootkit/log.today ] ---
OK
**** Test for '^--- /var/log/chkrootkit/log\.expected'
--- /var/log/chkrootkit/log.expected 2025-01-28 08:51:45.884000000 +0000
OK
**** Test for '^\++ /var/log/chkrootkit/log\.today'
+++ /var/log/chkrootkit/log.today 2025-01-28 08:53:09.040000000 +0000
OK
**** Test for '^@@[@0-9, +-]+$'
@@ -73,10 +73,9 @@
OK
**** Test for '^[[:space:]]'
/usr/lib/.1 [Not from a Debian package]
/usr/lib/.DIR-aaa [Not from a Debian package]
/usr/lib/... [Not from a Debian package]
/usr/lib/...DIR [Not from a Debian package]
/usr/lib/.1DIR [Not from a Debian package]
Searching for LPD Worm... not found
Searching for Ramen Worm rootkit... not found
OK
**** Test for '^-(/usr)?/lib/\.aaa \[Not from a Debian package\]$'
-/usr/lib/.aaa [Not from a Debian package]
OK
**** Test for '^-(/usr)?/lib/\.bbb \[Not from a Debian package\]$'
-/usr/lib/.bbb [Not from a Debian package]
OK
**** Test for '^\+(/usr)?/lib/\.bCHANGED-IN-FILTER_$'
+/usr/lib/.bCHANGED-IN-FILTER_
OK
**** Test for '^--- \[ END: diff -u /var/log/chkrootkit/log\.expected /var/log/chkrootkit/log\.today \] ---$'
--- [ END: diff -u /var/log/chkrootkit/log.expected /var/log/chkrootkit/log.today ] ---
OK
**** Test for '^To update the expected output, run \(as root\)$'
To update the expected output, run (as root)
OK
**** Test for '^# cp -a -f /var/log/chkrootkit/log.today /var/log/chkrootkit/log\.expected$'
# cp -a -f /var/log/chkrootkit/log.today /var/log/chkrootkit/log.expected
OK
**** Test for '^# \(note that unedited output is in /var/log/chkrootkit/log\.today\.raw\)$'
# (note that unedited output is in /var/log/chkrootkit/log.today.raw)
OK
** PASS: Testing: cron-with-diff-mode-05-full-filter-and-ignore (chkrootkit-daily) done: PASS
* Testing: chkrootkit-daily (diff mode, quiet output, no MAILTO)
** Testing: cron-with-diff-mode-06-quiet (chkrootkit-daily) ...
*** Output
No file /var/log/chkrootkit/log.expected
This file should contain expected output from chkrootkit
Today's run produced the following output:
--- [ BEGIN: cat /var/log/chkrootkit/log.today ] ---
WARNING: The following suspicious files and directories were found:
/usr/lib/.1 [Not from a Debian package]
/usr/lib/.DIR-aaa [Not from a Debian package]
/usr/lib/... [Not from a Debian package]
/usr/lib/.bbb [Not from a Debian package]
/usr/lib/...DIR [Not from a Debian package]
/usr/lib/.1DIR [Not from a Debian package]
/usr/lib/.aaa [Not from a Debian package]
WARNING: Possible Linux.Xor.DDoS installed:
/tmp/autopkgtest.agxPFS/wrapper.sh [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/check_php [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/debian/rules [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/debian/tests/test-chkrootkit [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/debian/tests/find-debs-that-are-enhanced [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/debian/chkrootkit-daily [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/check_if_debian [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-w55808.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-chk_sendmail.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-chk_lsof.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-chk_pidof.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-z2.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-chk_inetdconf.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-chkutmp.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-chk_w.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-chk_pop2.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-chk_killall.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-chk_pstree.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-chk_tcpd.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-chk_slogin.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-slapper.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-helper-functions-for-reporting-results.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-chk_mail.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-chk_chsh.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-chk_inetd.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-chk_date.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-chk_tar.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-chk_basename.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-aliens.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-rexedcs.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-chk_ls.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-chk_crontab.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-OSX_RSPLUG.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-chk_echo.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-chk_named.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-bindshell.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-chk_vdir.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-chk_amd.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-chk_tcpdump.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-chk_timed.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-chk_top.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-chk_netstat.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-chk_identd.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-chk_hdparm.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-chk_mingetty.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-chk_traceroute.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-chk_rshd.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-lkm.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-chk_env.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-printn.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-chk_telnetd.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-chk_rpcinfo.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-chk_biff.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-scalper.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-asp.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-chk_find.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-chk_rlogind.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-lookfor-rootkit.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-chk_pop3.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-chk_login.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-chk_grep.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-sniffer.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-chk_gpm.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-chk_ldsopreload.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-chk_syslog.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-chk_egrep.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-chk_sshd.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-Debian-cd.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-chk_passwd.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-chk_fingerd.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-chk_ps.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-chk_cron.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-wted.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-chk_du.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-chk_init.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-chk_ifconfig.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-chk_write.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-chk_dirname.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-chk_su.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-top-level.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-chk_chfn.patch/chkrootkit [Not from a Debian package]
/tmp/test-chkrootkit-false-positive [Not from a Debian package]
/tmp/clean/netstat [Not from a Debian package]
/tmp/clean/uname [Not from a Debian package]
/tmp/clean/dirname [Not from a Debian package]
/tmp/clean/xargs [Not from a Debian package]
/tmp/clean/grep [Not from a Debian package]
/tmp/clean/ss [Not from a Debian package]
/tmp/clean/ls [Not from a Debian package]
/tmp/clean/dpkg-query [Not from a Debian package]
/tmp/clean/head [Not from a Debian package]
/tmp/clean/id [Not from a Debian package]
/tmp/clean/awk [Not from a Debian package]
/tmp/clean/ps [Not from a Debian package]
/tmp/clean/echo [Not from a Debian package]
/tmp/clean/cut [Not from a Debian package]
/tmp/clean/strings [Not from a Debian package]
/tmp/clean/sed [Not from a Debian package]
/tmp/clean/find [Not from a Debian package]
--- [ END: cat /var/log/chkrootkit/log.today ] ---
To create this file containing all output from today's run, do (as root)
# cp -a /var/log/chkrootkit/log.today /var/log/chkrootkit/log.expected
# (note that unedited output is in /var/log/chkrootkit/log.today.raw)
**** Files in log
total 44K
drwxr-xr-x 2 root root 4.0K Jan 28 08:53 .
drwxr-xr-x 4 root root 4.0K Jan 28 08:46 ..
-rw-r--r-- 1 root root 11K Jan 28 08:53 chkrootkit-daily.log
-rw-r--r-- 1 root root 9.7K Jan 28 08:53 log.today
-rw-r--r-- 1 root root 9.7K Jan 28 08:53 log.today.raw
*** Test of content of output follows...
**** Test for '^No file /var/log/chkrootkit/log\.expected$'
No file /var/log/chkrootkit/log.expected
OK
**** Test for '^This file should contain expected output from chkrootkit$'
This file should contain expected output from chkrootkit
OK
**** Test for '^$'
OK
**** Test for '^Today's run produced the following output:$'
Today's run produced the following output:
OK
**** Test for '^--- \[ BEGIN: cat /var/log/chkrootkit/log\.today \] ---$'
--- [ BEGIN: cat /var/log/chkrootkit/log.today ] ---
OK
**** Test for '^WARNING: The following suspicious files and directories were found:$'
WARNING: The following suspicious files and directories were found:
OK
**** Test for '^(/usr)?/lib/\.1 \[Not from a Debian package\]$'
/usr/lib/.1 [Not from a Debian package]
OK
**** Test for '^(/usr)?/lib/\.aaa \[Not from a Debian package\]$'
/usr/lib/.aaa [Not from a Debian package]
OK
**** Test for '^(/usr)?/lib/\.1DIR \[Not from a Debian package\]$'
/usr/lib/.1DIR [Not from a Debian package]
OK
**** Test for '^(/usr)?/lib/\.\.\.DIR \[Not from a Debian package\]$'
/usr/lib/...DIR [Not from a Debian package]
OK
**** Test for '^(/usr)?/lib/\.bbb \[Not from a Debian package\]$'
/usr/lib/.bbb [Not from a Debian package]
OK
**** Test for '^(/usr)?/lib/\.DIR-aaa \[Not from a Debian package\]$'
/usr/lib/.DIR-aaa [Not from a Debian package]
OK
**** Test for '^(/usr)?/lib/\.\.\. \[Not from a Debian package\]$'
/usr/lib/... [Not from a Debian package]
OK
**** Test for '^$'
OK
**** Test for '^WARNING: Possible Linux.Xor.DDoS installed:$'
WARNING: Possible Linux.Xor.DDoS installed:
OK
**** Test for '^/tmp/test-chkrootkit-false-positive \[Not from a Debian package\]$'
/tmp/test-chkrootkit-false-positive [Not from a Debian package]
OK
**** Test for '^/tmp/clean/.+$'
/tmp/clean/netstat [Not from a Debian package]
/tmp/clean/uname [Not from a Debian package]
/tmp/clean/dirname [Not from a Debian package]
/tmp/clean/xargs [Not from a Debian package]
/tmp/clean/grep [Not from a Debian package]
/tmp/clean/ss [Not from a Debian package]
/tmp/clean/ls [Not from a Debian package]
/tmp/clean/dpkg-query [Not from a Debian package]
/tmp/clean/head [Not from a Debian package]
/tmp/clean/id [Not from a Debian package]
/tmp/clean/awk [Not from a Debian package]
/tmp/clean/ps [Not from a Debian package]
/tmp/clean/echo [Not from a Debian package]
/tmp/clean/cut [Not from a Debian package]
/tmp/clean/strings [Not from a Debian package]
/tmp/clean/sed [Not from a Debian package]
/tmp/clean/find [Not from a Debian package]
OK
**** Test for '^--- \[ END: cat /var/log/chkrootkit/log\.today \] ---$'
--- [ END: cat /var/log/chkrootkit/log.today ] ---
OK
**** Test for '^To create this file containing all output from today's run, do \(as root\)$'
To create this file containing all output from today's run, do (as root)
OK
**** Test for '^# cp -a /var/log/chkrootkit/log\.today /var/log/chkrootkit/log\.expected$'
# cp -a /var/log/chkrootkit/log.today /var/log/chkrootkit/log.expected
OK
**** Test for '^# \(note that unedited output is in /var/log/chkrootkit/log\.today\.raw\)$'
# (note that unedited output is in /var/log/chkrootkit/log.today.raw)
OK
** PASS: Testing: cron-with-diff-mode-06-quiet (chkrootkit-daily) done: PASS
** Testing: cron-with-diff-mode-07-quiet-rerun (chkrootkit-daily) ...
*** Output
No file /var/log/chkrootkit/log.expected
This file should contain expected output from chkrootkit
Today's run produced the following output:
--- [ BEGIN: cat /var/log/chkrootkit/log.today ] ---
WARNING: The following suspicious files and directories were found:
/usr/lib/.1 [Not from a Debian package]
/usr/lib/.DIR-aaa [Not from a Debian package]
/usr/lib/... [Not from a Debian package]
/usr/lib/.bbb [Not from a Debian package]
/usr/lib/...DIR [Not from a Debian package]
/usr/lib/.1DIR [Not from a Debian package]
/usr/lib/.aaa [Not from a Debian package]
WARNING: Possible Linux.Xor.DDoS installed:
/tmp/autopkgtest.agxPFS/wrapper.sh [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/check_php [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/debian/rules [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/debian/tests/test-chkrootkit [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/debian/tests/find-debs-that-are-enhanced [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/debian/chkrootkit-daily [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/check_if_debian [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-w55808.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-chk_sendmail.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-chk_lsof.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-chk_pidof.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-z2.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-chk_inetdconf.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-chkutmp.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-chk_w.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-chk_pop2.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-chk_killall.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-chk_pstree.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-chk_tcpd.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-chk_slogin.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-slapper.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-helper-functions-for-reporting-results.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-chk_mail.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-chk_chsh.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-chk_inetd.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-chk_date.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-chk_tar.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-chk_basename.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-aliens.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-rexedcs.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-chk_ls.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-chk_crontab.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-OSX_RSPLUG.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-chk_echo.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-chk_named.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-bindshell.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-chk_vdir.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-chk_amd.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-chk_tcpdump.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-chk_timed.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-chk_top.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-chk_netstat.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-chk_identd.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-chk_hdparm.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-chk_mingetty.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-chk_traceroute.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-chk_rshd.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-lkm.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-chk_env.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-printn.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-chk_telnetd.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-chk_rpcinfo.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-chk_biff.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-scalper.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-asp.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-chk_find.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-chk_rlogind.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-lookfor-rootkit.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-chk_pop3.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-chk_login.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-chk_grep.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-sniffer.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-chk_gpm.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-chk_ldsopreload.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-chk_syslog.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-chk_egrep.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-chk_sshd.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-Debian-cd.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-chk_passwd.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-chk_fingerd.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-chk_ps.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-chk_cron.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-wted.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-chk_du.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-chk_init.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-chk_ifconfig.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-chk_write.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-chk_dirname.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-chk_su.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-top-level.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-chk_chfn.patch/chkrootkit [Not from a Debian package]
/tmp/test-chkrootkit-false-positive [Not from a Debian package]
/tmp/clean/netstat [Not from a Debian package]
/tmp/clean/uname [Not from a Debian package]
/tmp/clean/dirname [Not from a Debian package]
/tmp/clean/xargs [Not from a Debian package]
/tmp/clean/grep [Not from a Debian package]
/tmp/clean/ss [Not from a Debian package]
/tmp/clean/ls [Not from a Debian package]
/tmp/clean/dpkg-query [Not from a Debian package]
/tmp/clean/head [Not from a Debian package]
/tmp/clean/id [Not from a Debian package]
/tmp/clean/awk [Not from a Debian package]
/tmp/clean/ps [Not from a Debian package]
/tmp/clean/echo [Not from a Debian package]
/tmp/clean/cut [Not from a Debian package]
/tmp/clean/strings [Not from a Debian package]
/tmp/clean/sed [Not from a Debian package]
/tmp/clean/find [Not from a Debian package]
--- [ END: cat /var/log/chkrootkit/log.today ] ---
To create this file containing all output from today's run, do (as root)
# cp -a /var/log/chkrootkit/log.today /var/log/chkrootkit/log.expected
# (note that unedited output is in /var/log/chkrootkit/log.today.raw)
**** Files in log
total 44K
drwxr-xr-x 2 root root 4.0K Jan 28 08:53 .
drwxr-xr-x 4 root root 4.0K Jan 28 08:46 ..
-rw-r--r-- 1 root root 11K Jan 28 08:54 chkrootkit-daily.log
-rw-r--r-- 1 root root 9.7K Jan 28 08:54 log.today
-rw-r--r-- 1 root root 9.7K Jan 28 08:53 log.today.raw
*** Test of content of output follows...
**** Test for '^No file /var/log/chkrootkit/log\.expected$'
No file /var/log/chkrootkit/log.expected
OK
**** Test for '^This file should contain expected output from chkrootkit$'
This file should contain expected output from chkrootkit
OK
**** Test for '^$'
OK
**** Test for '^Today's run produced the following output:$'
Today's run produced the following output:
OK
**** Test for '^--- \[ BEGIN: cat /var/log/chkrootkit/log\.today \] ---$'
--- [ BEGIN: cat /var/log/chkrootkit/log.today ] ---
OK
**** Test for '^WARNING: The following suspicious files and directories were found:$'
WARNING: The following suspicious files and directories were found:
OK
**** Test for '^(/usr)?/lib/\.1 \[Not from a Debian package\]$'
/usr/lib/.1 [Not from a Debian package]
OK
**** Test for '^(/usr)?/lib/\.aaa \[Not from a Debian package\]$'
/usr/lib/.aaa [Not from a Debian package]
OK
**** Test for '^(/usr)?/lib/\.1DIR \[Not from a Debian package\]$'
/usr/lib/.1DIR [Not from a Debian package]
OK
**** Test for '^(/usr)?/lib/\.\.\.DIR \[Not from a Debian package\]$'
/usr/lib/...DIR [Not from a Debian package]
OK
**** Test for '^(/usr)?/lib/\.bbb \[Not from a Debian package\]$'
/usr/lib/.bbb [Not from a Debian package]
OK
**** Test for '^(/usr)?/lib/\.DIR-aaa \[Not from a Debian package\]$'
/usr/lib/.DIR-aaa [Not from a Debian package]
OK
**** Test for '^(/usr)?/lib/\.\.\. \[Not from a Debian package\]$'
/usr/lib/... [Not from a Debian package]
OK
**** Test for '^$'
OK
**** Test for '^WARNING: Possible Linux.Xor.DDoS installed:$'
WARNING: Possible Linux.Xor.DDoS installed:
OK
**** Test for '^/tmp/test-chkrootkit-false-positive \[Not from a Debian package\]$'
/tmp/test-chkrootkit-false-positive [Not from a Debian package]
OK
**** Test for '^/tmp/clean/.+$'
/tmp/clean/netstat [Not from a Debian package]
/tmp/clean/uname [Not from a Debian package]
/tmp/clean/dirname [Not from a Debian package]
/tmp/clean/xargs [Not from a Debian package]
/tmp/clean/grep [Not from a Debian package]
/tmp/clean/ss [Not from a Debian package]
/tmp/clean/ls [Not from a Debian package]
/tmp/clean/dpkg-query [Not from a Debian package]
/tmp/clean/head [Not from a Debian package]
/tmp/clean/id [Not from a Debian package]
/tmp/clean/awk [Not from a Debian package]
/tmp/clean/ps [Not from a Debian package]
/tmp/clean/echo [Not from a Debian package]
/tmp/clean/cut [Not from a Debian package]
/tmp/clean/strings [Not from a Debian package]
/tmp/clean/sed [Not from a Debian package]
/tmp/clean/find [Not from a Debian package]
OK
**** Test for '^--- \[ END: cat /var/log/chkrootkit/log\.today \] ---$'
--- [ END: cat /var/log/chkrootkit/log.today ] ---
OK
**** Test for '^To create this file containing all output from today's run, do \(as root\)$'
To create this file containing all output from today's run, do (as root)
OK
**** Test for '^# cp -a /var/log/chkrootkit/log\.today /var/log/chkrootkit/log\.expected$'
# cp -a /var/log/chkrootkit/log.today /var/log/chkrootkit/log.expected
OK
**** Test for '^# \(note that unedited output is in /var/log/chkrootkit/log\.today\.raw\)$'
# (note that unedited output is in /var/log/chkrootkit/log.today.raw)
OK
** PASS: Testing: cron-with-diff-mode-07-quiet-rerun (chkrootkit-daily) done: PASS
** Testing: cron-with-diff-mode-08-quiet-after-update (chkrootkit-daily) ...
*** Output
**** Files in log
total 44K
drwxr-xr-x 2 root root 4.0K Jan 28 08:54 .
drwxr-xr-x 4 root root 4.0K Jan 28 08:46 ..
-rw-r--r-- 1 root root 0 Jan 28 08:54 chkrootkit-daily.log
-rw-r--r-- 1 root root 9.7K Jan 28 08:54 log.expected
-rw-r--r-- 1 root root 9.7K Jan 28 08:54 log.today
-rw-r--r-- 1 root root 9.7K Jan 28 08:54 log.today.raw
*** Test of content of output follows...
**** Expected is empty, so output should be empty
Output is indeed empty: PASS
** PASS: Testing: cron-with-diff-mode-08-quiet-after-update (chkrootkit-daily) done: PASS
** Testing: cron-with-diff-mode-09-quiet-filter-and-ignore (chkrootkit-daily) ...
*** Output
chkrootkit output was not as expected.
The difference is:
--- [ BEGIN: diff -u /var/log/chkrootkit/log.expected /var/log/chkrootkit/log.today ] ---
--- /var/log/chkrootkit/log.expected 2025-01-28 08:54:04.184000000 +0000
+++ /var/log/chkrootkit/log.today 2025-01-28 08:54:59.264000000 +0000
@@ -1,11 +1,9 @@
WARNING: The following suspicious files and directories were found:
/usr/lib/.1 [Not from a Debian package]
-/usr/lib/.DIR-aaa [Not from a Debian package]
/usr/lib/... [Not from a Debian package]
-/usr/lib/.bbb [Not from a Debian package]
+/usr/lib/.bCHANGED-IN-FILTER_
/usr/lib/...DIR [Not from a Debian package]
/usr/lib/.1DIR [Not from a Debian package]
-/usr/lib/.aaa [Not from a Debian package]
WARNING: Possible Linux.Xor.DDoS installed:
/tmp/autopkgtest.agxPFS/wrapper.sh [Not from a Debian package]
--- [ END: diff -u /var/log/chkrootkit/log.expected /var/log/chkrootkit/log.today ] ---
To update the expected output, run (as root)
# cp -a -f /var/log/chkrootkit/log.today /var/log/chkrootkit/log.expected
# (note that unedited output is in /var/log/chkrootkit/log.today.raw)
**** Files in log
total 48K
drwxr-xr-x 2 root root 4.0K Jan 28 08:54 .
drwxr-xr-x 4 root root 4.0K Jan 28 08:46 ..
-rw-r--r-- 1 root root 1.1K Jan 28 08:54 chkrootkit-daily.log
-rw-r--r-- 1 root root 9.7K Jan 28 08:54 log.expected
-rw-r--r-- 1 root root 9.6K Jan 28 08:54 log.today
-rw-r--r-- 1 root root 9.7K Jan 28 08:54 log.today.raw
*** Test of content of output follows...
**** Test for '^chkrootkit output was not as expected\.$'
chkrootkit output was not as expected.
OK
**** Test for '^$'
OK
**** Test for '^The difference is:$'
The difference is:
OK
**** Test for '^--- \[ BEGIN: diff -u /var/log/chkrootkit/log\.expected /var/log/chkrootkit/log\.today \] ---'
--- [ BEGIN: diff -u /var/log/chkrootkit/log.expected /var/log/chkrootkit/log.today ] ---
OK
**** Test for '^--- /var/log/chkrootkit/log\.expected'
--- /var/log/chkrootkit/log.expected 2025-01-28 08:54:04.184000000 +0000
OK
**** Test for '^\++ /var/log/chkrootkit/log\.today'
+++ /var/log/chkrootkit/log.today 2025-01-28 08:54:59.264000000 +0000
OK
**** Test for '^@@[0-9, +-]+'
@@ -1,11 +1,9 @@
OK
**** Test for '^[[:space:]]'
WARNING: The following suspicious files and directories were found:
/usr/lib/.1 [Not from a Debian package]
/usr/lib/... [Not from a Debian package]
/usr/lib/...DIR [Not from a Debian package]
/usr/lib/.1DIR [Not from a Debian package]
WARNING: Possible Linux.Xor.DDoS installed:
/tmp/autopkgtest.agxPFS/wrapper.sh [Not from a Debian package]
OK
**** Test for '^-(/usr)?/lib/\.aaa \[Not from a Debian package\]$'
-/usr/lib/.aaa [Not from a Debian package]
OK
**** Test for '^-(/usr)?/lib/\.bbb \[Not from a Debian package\]$'
-/usr/lib/.bbb [Not from a Debian package]
OK
**** Test for '^-(/usr)?/lib/\.DIR-aaa \[Not from a Debian package\]$'
-/usr/lib/.DIR-aaa [Not from a Debian package]
OK
**** Test for '^\+(/usr)?/lib/\.bCHANGED-IN-FILTER_$'
+/usr/lib/.bCHANGED-IN-FILTER_
OK
**** Test for '^--- \[ END: diff -u /var/log/chkrootkit/log\.expected /var/log/chkrootkit/log\.today \] ---$'
--- [ END: diff -u /var/log/chkrootkit/log.expected /var/log/chkrootkit/log.today ] ---
OK
**** Test for '^$'
OK
**** Test for '^To update the expected output, run \(as root\)$'
To update the expected output, run (as root)
OK
**** Test for '^# cp -a -f /var/log/chkrootkit/log\.today /var/log/chkrootkit/log\.expected$'
# cp -a -f /var/log/chkrootkit/log.today /var/log/chkrootkit/log.expected
OK
**** Test for '^# \(note that unedited output is in /var/log/chkrootkit/log\.today\.raw\)$'
# (note that unedited output is in /var/log/chkrootkit/log.today.raw)
OK
** PASS: Testing: cron-with-diff-mode-09-quiet-filter-and-ignore (chkrootkit-daily) done: PASS
** Testing: cron-with-diff-mode-10-quiet-invalid-filter-is-ignored (chkrootkit-daily) ...
*** Output
Ignoring invalid $FILTER='sed s/this/is/invalid/sed/and/will/be/ignored/with/diff/mode'
chkrootkit output was not as expected.
The difference is:
--- [ BEGIN: diff -u /var/log/chkrootkit/log.expected /var/log/chkrootkit/log.today ] ---
--- /var/log/chkrootkit/log.expected 2025-01-28 08:54:04.184000000 +0000
+++ /var/log/chkrootkit/log.today 2025-01-28 08:55:26.932000000 +0000
@@ -1,11 +1,9 @@
WARNING: The following suspicious files and directories were found:
/usr/lib/.1 [Not from a Debian package]
-/usr/lib/.DIR-aaa [Not from a Debian package]
/usr/lib/... [Not from a Debian package]
/usr/lib/.bbb [Not from a Debian package]
/usr/lib/...DIR [Not from a Debian package]
/usr/lib/.1DIR [Not from a Debian package]
-/usr/lib/.aaa [Not from a Debian package]
WARNING: Possible Linux.Xor.DDoS installed:
/tmp/autopkgtest.agxPFS/wrapper.sh [Not from a Debian package]
--- [ END: diff -u /var/log/chkrootkit/log.expected /var/log/chkrootkit/log.today ] ---
To update the expected output, run (as root)
# cp -a -f /var/log/chkrootkit/log.today /var/log/chkrootkit/log.expected
# (note that unedited output is in /var/log/chkrootkit/log.today.raw)
**** Files in log
total 48K
drwxr-xr-x 2 root root 4.0K Jan 28 08:54 .
drwxr-xr-x 4 root root 4.0K Jan 28 08:46 ..
-rw-r--r-- 1 root root 1.1K Jan 28 08:55 chkrootkit-daily.log
-rw-r--r-- 1 root root 9.7K Jan 28 08:54 log.expected
-rw-r--r-- 1 root root 9.6K Jan 28 08:55 log.today
-rw-r--r-- 1 root root 9.7K Jan 28 08:55 log.today.raw
*** Test of content of output follows...
**** Test for '^Ignoring invalid \$FILTER='sed s/this/is/invalid/sed/and/will/be/ignored/with/diff/mode'$'
Ignoring invalid $FILTER='sed s/this/is/invalid/sed/and/will/be/ignored/with/diff/mode'
OK
**** Test for '^chkrootkit output was not as expected\.$'
chkrootkit output was not as expected.
OK
**** Test for '^$'
OK
**** Test for '^The difference is:$'
The difference is:
OK
**** Test for '^--- \[ BEGIN: diff -u /var/log/chkrootkit/log\.expected /var/log/chkrootkit/log\.today \] ---$'
--- [ BEGIN: diff -u /var/log/chkrootkit/log.expected /var/log/chkrootkit/log.today ] ---
OK
**** Test for '^--- /var/log/chkrootkit/log\.expected'
--- /var/log/chkrootkit/log.expected 2025-01-28 08:54:04.184000000 +0000
OK
**** Test for '^\++ /var/log/chkrootkit/log\.today'
+++ /var/log/chkrootkit/log.today 2025-01-28 08:55:26.932000000 +0000
OK
**** Test for '^@@[@0-9, +-]+'
@@ -1,11 +1,9 @@
OK
**** Test for '^[[:space:]]'
WARNING: The following suspicious files and directories were found:
/usr/lib/.1 [Not from a Debian package]
/usr/lib/... [Not from a Debian package]
/usr/lib/.bbb [Not from a Debian package]
/usr/lib/...DIR [Not from a Debian package]
/usr/lib/.1DIR [Not from a Debian package]
WARNING: Possible Linux.Xor.DDoS installed:
/tmp/autopkgtest.agxPFS/wrapper.sh [Not from a Debian package]
OK
**** Test for '^-(/usr)?/lib/\.aaa \[Not from a Debian package\]$'
-/usr/lib/.aaa [Not from a Debian package]
OK
**** Test for '^-(/usr)?/lib/\.DIR-aaa \[Not from a Debian package\]$'
-/usr/lib/.DIR-aaa [Not from a Debian package]
OK
**** Test for '^--- \[ END: diff -u /var/log/chkrootkit/log\.expected /var/log/chkrootkit/log\.today \] ---$'
--- [ END: diff -u /var/log/chkrootkit/log.expected /var/log/chkrootkit/log.today ] ---
OK
**** Test for '^$'
OK
**** Test for '^To update the expected output, run \(as root\)$'
To update the expected output, run (as root)
OK
**** Test for '^# cp -a -f /var/log/chkrootkit/log\.today /var/log/chkrootkit/log\.expected$'
# cp -a -f /var/log/chkrootkit/log.today /var/log/chkrootkit/log.expected
OK
**** Test for '^# \(note that unedited output is in /var/log/chkrootkit/log\.today\.raw\)$'
# (note that unedited output is in /var/log/chkrootkit/log.today.raw)
OK
** PASS: Testing: cron-with-diff-mode-10-quiet-invalid-filter-is-ignored (chkrootkit-daily) done: PASS
* test MAILTO
** Mocking out 'mail' command: /usr/sbin/mail
-rwxr-xr-x 1 root root 69 Jan 28 08:46 /usr/sbin/mail
/usr/sbin/mail:
#!/bin/sh
echo "mail called with $# args:"
for x in "$@"; do
echo "<$x>"
done
while read -r line; do
echo "> $line"
done
exit 0
mail called with 4 args:
<test>
<1>
<2>
<3>
> stdin
** Testing: chkrootkit-daily-mail-01 (chkrootkit-daily) ...
*** Output
mail called with 3 args:
<-s>
<[chkrootkit] alert for debusine-worker-amd64-hades-01>
<root>
> No file /var/log/chkrootkit/log.expected
> This file should contain expected output from chkrootkit
>
> Today's run produced the following output:
> --- [ BEGIN: cat /var/log/chkrootkit/log.today ] ---
> WARNING: The following suspicious files and directories were found:
> /usr/lib/.1 [Not from a Debian package]
> /usr/lib/.DIR-aaa [Not from a Debian package]
> /usr/lib/... [Not from a Debian package]
> /usr/lib/.bbb [Not from a Debian package]
> /usr/lib/...DIR [Not from a Debian package]
> /usr/lib/.1DIR [Not from a Debian package]
> /usr/lib/.aaa [Not from a Debian package]
>
> WARNING: Possible Linux.Xor.DDoS installed:
> /tmp/autopkgtest.agxPFS/wrapper.sh [Not from a Debian package]
> /tmp/autopkgtest.agxPFS/build.Eux/src/check_php [Not from a Debian package]
> /tmp/autopkgtest.agxPFS/build.Eux/src/chkrootkit [Not from a Debian package]
> /tmp/autopkgtest.agxPFS/build.Eux/src/debian/rules [Not from a Debian package]
> /tmp/autopkgtest.agxPFS/build.Eux/src/debian/tests/test-chkrootkit [Not from a Debian package]
> /tmp/autopkgtest.agxPFS/build.Eux/src/debian/tests/find-debs-that-are-enhanced [Not from a Debian package]
> /tmp/autopkgtest.agxPFS/build.Eux/src/debian/chkrootkit-daily [Not from a Debian package]
> /tmp/autopkgtest.agxPFS/build.Eux/src/check_if_debian [Not from a Debian package]
> /tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-w55808.patch/chkrootkit [Not from a Debian package]
> /tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-chk_sendmail.patch/chkrootkit [Not from a Debian package]
> /tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-chk_lsof.patch/chkrootkit [Not from a Debian package]
> /tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-chk_pidof.patch/chkrootkit [Not from a Debian package]
> /tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-z2.patch/chkrootkit [Not from a Debian package]
> /tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-chk_inetdconf.patch/chkrootkit [Not from a Debian package]
> /tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-chkutmp.patch/chkrootkit [Not from a Debian package]
> /tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-chk_w.patch/chkrootkit [Not from a Debian package]
> /tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-chk_pop2.patch/chkrootkit [Not from a Debian package]
> /tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-chk_killall.patch/chkrootkit [Not from a Debian package]
> /tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-chk_pstree.patch/chkrootkit [Not from a Debian package]
> /tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-chk_tcpd.patch/chkrootkit [Not from a Debian package]
> /tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-chk_slogin.patch/chkrootkit [Not from a Debian package]
> /tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-slapper.patch/chkrootkit [Not from a Debian package]
> /tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-helper-functions-for-reporting-results.patch/chkrootkit [Not from a Debian package]
> /tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-chk_mail.patch/chkrootkit [Not from a Debian package]
> /tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-chk_chsh.patch/chkrootkit [Not from a Debian package]
> /tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-chk_inetd.patch/chkrootkit [Not from a Debian package]
> /tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-chk_date.patch/chkrootkit [Not from a Debian package]
> /tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-chk_tar.patch/chkrootkit [Not from a Debian package]
> /tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-chk_basename.patch/chkrootkit [Not from a Debian package]
> /tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-aliens.patch/chkrootkit [Not from a Debian package]
> /tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-rexedcs.patch/chkrootkit [Not from a Debian package]
> /tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-chk_ls.patch/chkrootkit [Not from a Debian package]
> /tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-chk_crontab.patch/chkrootkit [Not from a Debian package]
> /tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-OSX_RSPLUG.patch/chkrootkit [Not from a Debian package]
> /tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-chk_echo.patch/chkrootkit [Not from a Debian package]
> /tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-chk_named.patch/chkrootkit [Not from a Debian package]
> /tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-bindshell.patch/chkrootkit [Not from a Debian package]
> /tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-chk_vdir.patch/chkrootkit [Not from a Debian package]
> /tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-chk_amd.patch/chkrootkit [Not from a Debian package]
> /tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-chk_tcpdump.patch/chkrootkit [Not from a Debian package]
> /tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-chk_timed.patch/chkrootkit [Not from a Debian package]
> /tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-chk_top.patch/chkrootkit [Not from a Debian package]
> /tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-chk_netstat.patch/chkrootkit [Not from a Debian package]
> /tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-chk_identd.patch/chkrootkit [Not from a Debian package]
> /tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-chk_hdparm.patch/chkrootkit [Not from a Debian package]
> /tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-chk_mingetty.patch/chkrootkit [Not from a Debian package]
> /tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-chk_traceroute.patch/chkrootkit [Not from a Debian package]
> /tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-chk_rshd.patch/chkrootkit [Not from a Debian package]
> /tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-lkm.patch/chkrootkit [Not from a Debian package]
> /tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-chk_env.patch/chkrootkit [Not from a Debian package]
> /tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-printn.patch/chkrootkit [Not from a Debian package]
> /tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-chk_telnetd.patch/chkrootkit [Not from a Debian package]
> /tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-chk_rpcinfo.patch/chkrootkit [Not from a Debian package]
> /tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-chk_biff.patch/chkrootkit [Not from a Debian package]
> /tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-scalper.patch/chkrootkit [Not from a Debian package]
> /tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-asp.patch/chkrootkit [Not from a Debian package]
> /tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-chk_find.patch/chkrootkit [Not from a Debian package]
> /tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-chk_rlogind.patch/chkrootkit [Not from a Debian package]
> /tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-lookfor-rootkit.patch/chkrootkit [Not from a Debian package]
> /tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-chk_pop3.patch/chkrootkit [Not from a Debian package]
> /tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-chk_login.patch/chkrootkit [Not from a Debian package]
> /tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-chk_grep.patch/chkrootkit [Not from a Debian package]
> /tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-sniffer.patch/chkrootkit [Not from a Debian package]
> /tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-chk_gpm.patch/chkrootkit [Not from a Debian package]
> /tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-chk_ldsopreload.patch/chkrootkit [Not from a Debian package]
> /tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-chk_syslog.patch/chkrootkit [Not from a Debian package]
> /tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-chk_egrep.patch/chkrootkit [Not from a Debian package]
> /tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-chk_sshd.patch/chkrootkit [Not from a Debian package]
> /tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-Debian-cd.patch/chkrootkit [Not from a Debian package]
> /tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-chk_passwd.patch/chkrootkit [Not from a Debian package]
> /tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-chk_fingerd.patch/chkrootkit [Not from a Debian package]
> /tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-chk_ps.patch/chkrootkit [Not from a Debian package]
> /tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-chk_cron.patch/chkrootkit [Not from a Debian package]
> /tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-wted.patch/chkrootkit [Not from a Debian package]
> /tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-chk_du.patch/chkrootkit [Not from a Debian package]
> /tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-chk_init.patch/chkrootkit [Not from a Debian package]
> /tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-chk_ifconfig.patch/chkrootkit [Not from a Debian package]
> /tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-chk_write.patch/chkrootkit [Not from a Debian package]
> /tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-chk_dirname.patch/chkrootkit [Not from a Debian package]
> /tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-chk_su.patch/chkrootkit [Not from a Debian package]
> /tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-top-level.patch/chkrootkit [Not from a Debian package]
> /tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-chk_chfn.patch/chkrootkit [Not from a Debian package]
> /tmp/test-chkrootkit-false-positive [Not from a Debian package]
> /tmp/clean/netstat [Not from a Debian package]
> /tmp/clean/uname [Not from a Debian package]
> /tmp/clean/dirname [Not from a Debian package]
> /tmp/clean/xargs [Not from a Debian package]
> /tmp/clean/grep [Not from a Debian package]
> /tmp/clean/ss [Not from a Debian package]
> /tmp/clean/ls [Not from a Debian package]
> /tmp/clean/dpkg-query [Not from a Debian package]
> /tmp/clean/head [Not from a Debian package]
> /tmp/clean/id [Not from a Debian package]
> /tmp/clean/awk [Not from a Debian package]
> /tmp/clean/ps [Not from a Debian package]
> /tmp/clean/echo [Not from a Debian package]
> /tmp/clean/cut [Not from a Debian package]
> /tmp/clean/strings [Not from a Debian package]
> /tmp/clean/sed [Not from a Debian package]
> /tmp/clean/find [Not from a Debian package]
>
> --- [ END: cat /var/log/chkrootkit/log.today ] ---
>
> To create this file containing all output from today's run, do (as root)
> # cp -a /var/log/chkrootkit/log.today /var/log/chkrootkit/log.expected
> # (note that unedited output is in /var/log/chkrootkit/log.today.raw)
**** Files in log
total 44K
drwxr-xr-x 2 root root 4.0K Jan 28 08:55 .
drwxr-xr-x 4 root root 4.0K Jan 28 08:46 ..
-rw-r--r-- 1 root root 11K Jan 28 08:55 chkrootkit-daily.log
-rw-r--r-- 1 root root 9.7K Jan 28 08:55 log.today
-rw-r--r-- 1 root root 9.7K Jan 28 08:55 log.today.raw
*** Test of content of output follows...
**** Test for '^mail called with 3 args:$'
mail called with 3 args:
OK
**** Test for '^<-s>$'
<-s>
OK
**** Test for '^<\[chkrootkit\] alert for'
<[chkrootkit] alert for debusine-worker-amd64-hades-01>
OK
**** Test for '^<root>$'
<root>
OK
**** Test for '^> No file /var/log/chkrootkit/log\.expected$'
> No file /var/log/chkrootkit/log.expected
OK
**** Test for '^> This file should contain expected output from chkrootkit$'
> This file should contain expected output from chkrootkit
OK
**** Test for '^> $'
>
>
>
>
OK
**** Test for '^> Today's run produced the following output:$'
> Today's run produced the following output:
OK
**** Test for '^> --- \[ BEGIN: cat /var/log/chkrootkit/log\.today \] ---$'
> --- [ BEGIN: cat /var/log/chkrootkit/log.today ] ---
OK
**** Test for '^> WARNING: The following suspicious files and directories were found:$'
> WARNING: The following suspicious files and directories were found:
OK
**** Test for '^> (/usr)?/lib/\.1 \[Not from a Debian package\]$'
> /usr/lib/.1 [Not from a Debian package]
OK
**** Test for '^> (/usr)?/lib/\.aaa \[Not from a Debian package\]$'
> /usr/lib/.aaa [Not from a Debian package]
OK
**** Test for '^> (/usr)?/lib/\.1DIR \[Not from a Debian package\]$'
> /usr/lib/.1DIR [Not from a Debian package]
OK
**** Test for '^> (/usr)?/lib/\.\.\.DIR \[Not from a Debian package\]$'
> /usr/lib/...DIR [Not from a Debian package]
OK
**** Test for '^> (/usr)?/lib/\.bbb \[Not from a Debian package\]$'
> /usr/lib/.bbb [Not from a Debian package]
OK
**** Test for '^> (/usr)?/lib/\.DIR-aaa \[Not from a Debian package\]$'
> /usr/lib/.DIR-aaa [Not from a Debian package]
OK
**** Test for '^> (/usr)?/lib/\.\.\. \[Not from a Debian package\]$'
> /usr/lib/... [Not from a Debian package]
OK
**** Test for '^> $'
>
>
>
>
OK
**** Test for '^> WARNING: Possible Linux\.Xor\.DDoS installed:$'
> WARNING: Possible Linux.Xor.DDoS installed:
OK
**** Test for '^> /tmp/test-chkrootkit-false-positive \[Not from a Debian package\]$'
> /tmp/test-chkrootkit-false-positive [Not from a Debian package]
OK
**** Test for '^> /tmp/clean/.+$'
> /tmp/clean/netstat [Not from a Debian package]
> /tmp/clean/uname [Not from a Debian package]
> /tmp/clean/dirname [Not from a Debian package]
> /tmp/clean/xargs [Not from a Debian package]
> /tmp/clean/grep [Not from a Debian package]
> /tmp/clean/ss [Not from a Debian package]
> /tmp/clean/ls [Not from a Debian package]
> /tmp/clean/dpkg-query [Not from a Debian package]
> /tmp/clean/head [Not from a Debian package]
> /tmp/clean/id [Not from a Debian package]
> /tmp/clean/awk [Not from a Debian package]
> /tmp/clean/ps [Not from a Debian package]
> /tmp/clean/echo [Not from a Debian package]
> /tmp/clean/cut [Not from a Debian package]
> /tmp/clean/strings [Not from a Debian package]
> /tmp/clean/sed [Not from a Debian package]
> /tmp/clean/find [Not from a Debian package]
OK
**** Test for '^> --- \[ END: cat /var/log/chkrootkit/log\.today \] ---$'
> --- [ END: cat /var/log/chkrootkit/log.today ] ---
OK
**** Test for '^> To create this file containing all output from today's run, do \(as root\)$'
> To create this file containing all output from today's run, do (as root)
OK
**** Test for '^> # cp -a /var/log/chkrootkit/log\.today /var/log/chkrootkit/log\.expected$'
> # cp -a /var/log/chkrootkit/log.today /var/log/chkrootkit/log.expected
OK
**** Test for '^> # \(note that unedited output is in /var/log/chkrootkit/log\.today\.raw\)$'
> # (note that unedited output is in /var/log/chkrootkit/log.today.raw)
OK
** PASS: Testing: chkrootkit-daily-mail-01 (chkrootkit-daily) done: PASS
** Testing: chkrootkit-daily-mail-02-rerun (chkrootkit-daily) ...
*** Output
mail called with 3 args:
<-s>
<[chkrootkit] alert for debusine-worker-amd64-hades-01>
<root>
> No file /var/log/chkrootkit/log.expected
> This file should contain expected output from chkrootkit
>
> Today's run produced the following output:
> --- [ BEGIN: cat /var/log/chkrootkit/log.today ] ---
> WARNING: The following suspicious files and directories were found:
> /usr/lib/.1 [Not from a Debian package]
> /usr/lib/.DIR-aaa [Not from a Debian package]
> /usr/lib/... [Not from a Debian package]
> /usr/lib/.bbb [Not from a Debian package]
> /usr/lib/...DIR [Not from a Debian package]
> /usr/lib/.1DIR [Not from a Debian package]
> /usr/lib/.aaa [Not from a Debian package]
>
> WARNING: Possible Linux.Xor.DDoS installed:
> /tmp/autopkgtest.agxPFS/wrapper.sh [Not from a Debian package]
> /tmp/autopkgtest.agxPFS/build.Eux/src/check_php [Not from a Debian package]
> /tmp/autopkgtest.agxPFS/build.Eux/src/chkrootkit [Not from a Debian package]
> /tmp/autopkgtest.agxPFS/build.Eux/src/debian/rules [Not from a Debian package]
> /tmp/autopkgtest.agxPFS/build.Eux/src/debian/tests/test-chkrootkit [Not from a Debian package]
> /tmp/autopkgtest.agxPFS/build.Eux/src/debian/tests/find-debs-that-are-enhanced [Not from a Debian package]
> /tmp/autopkgtest.agxPFS/build.Eux/src/debian/chkrootkit-daily [Not from a Debian package]
> /tmp/autopkgtest.agxPFS/build.Eux/src/check_if_debian [Not from a Debian package]
> /tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-w55808.patch/chkrootkit [Not from a Debian package]
> /tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-chk_sendmail.patch/chkrootkit [Not from a Debian package]
> /tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-chk_lsof.patch/chkrootkit [Not from a Debian package]
> /tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-chk_pidof.patch/chkrootkit [Not from a Debian package]
> /tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-z2.patch/chkrootkit [Not from a Debian package]
> /tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-chk_inetdconf.patch/chkrootkit [Not from a Debian package]
> /tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-chkutmp.patch/chkrootkit [Not from a Debian package]
> /tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-chk_w.patch/chkrootkit [Not from a Debian package]
> /tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-chk_pop2.patch/chkrootkit [Not from a Debian package]
> /tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-chk_killall.patch/chkrootkit [Not from a Debian package]
> /tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-chk_pstree.patch/chkrootkit [Not from a Debian package]
> /tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-chk_tcpd.patch/chkrootkit [Not from a Debian package]
> /tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-chk_slogin.patch/chkrootkit [Not from a Debian package]
> /tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-slapper.patch/chkrootkit [Not from a Debian package]
> /tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-helper-functions-for-reporting-results.patch/chkrootkit [Not from a Debian package]
> /tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-chk_mail.patch/chkrootkit [Not from a Debian package]
> /tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-chk_chsh.patch/chkrootkit [Not from a Debian package]
> /tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-chk_inetd.patch/chkrootkit [Not from a Debian package]
> /tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-chk_date.patch/chkrootkit [Not from a Debian package]
> /tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-chk_tar.patch/chkrootkit [Not from a Debian package]
> /tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-chk_basename.patch/chkrootkit [Not from a Debian package]
> /tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-aliens.patch/chkrootkit [Not from a Debian package]
> /tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-rexedcs.patch/chkrootkit [Not from a Debian package]
> /tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-chk_ls.patch/chkrootkit [Not from a Debian package]
> /tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-chk_crontab.patch/chkrootkit [Not from a Debian package]
> /tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-OSX_RSPLUG.patch/chkrootkit [Not from a Debian package]
> /tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-chk_echo.patch/chkrootkit [Not from a Debian package]
> /tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-chk_named.patch/chkrootkit [Not from a Debian package]
> /tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-bindshell.patch/chkrootkit [Not from a Debian package]
> /tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-chk_vdir.patch/chkrootkit [Not from a Debian package]
> /tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-chk_amd.patch/chkrootkit [Not from a Debian package]
> /tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-chk_tcpdump.patch/chkrootkit [Not from a Debian package]
> /tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-chk_timed.patch/chkrootkit [Not from a Debian package]
> /tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-chk_top.patch/chkrootkit [Not from a Debian package]
> /tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-chk_netstat.patch/chkrootkit [Not from a Debian package]
> /tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-chk_identd.patch/chkrootkit [Not from a Debian package]
> /tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-chk_hdparm.patch/chkrootkit [Not from a Debian package]
> /tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-chk_mingetty.patch/chkrootkit [Not from a Debian package]
> /tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-chk_traceroute.patch/chkrootkit [Not from a Debian package]
> /tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-chk_rshd.patch/chkrootkit [Not from a Debian package]
> /tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-lkm.patch/chkrootkit [Not from a Debian package]
> /tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-chk_env.patch/chkrootkit [Not from a Debian package]
> /tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-printn.patch/chkrootkit [Not from a Debian package]
> /tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-chk_telnetd.patch/chkrootkit [Not from a Debian package]
> /tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-chk_rpcinfo.patch/chkrootkit [Not from a Debian package]
> /tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-chk_biff.patch/chkrootkit [Not from a Debian package]
> /tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-scalper.patch/chkrootkit [Not from a Debian package]
> /tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-asp.patch/chkrootkit [Not from a Debian package]
> /tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-chk_find.patch/chkrootkit [Not from a Debian package]
> /tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-chk_rlogind.patch/chkrootkit [Not from a Debian package]
> /tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-lookfor-rootkit.patch/chkrootkit [Not from a Debian package]
> /tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-chk_pop3.patch/chkrootkit [Not from a Debian package]
> /tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-chk_login.patch/chkrootkit [Not from a Debian package]
> /tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-chk_grep.patch/chkrootkit [Not from a Debian package]
> /tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-sniffer.patch/chkrootkit [Not from a Debian package]
> /tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-chk_gpm.patch/chkrootkit [Not from a Debian package]
> /tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-chk_ldsopreload.patch/chkrootkit [Not from a Debian package]
> /tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-chk_syslog.patch/chkrootkit [Not from a Debian package]
> /tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-chk_egrep.patch/chkrootkit [Not from a Debian package]
> /tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-chk_sshd.patch/chkrootkit [Not from a Debian package]
> /tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-Debian-cd.patch/chkrootkit [Not from a Debian package]
> /tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-chk_passwd.patch/chkrootkit [Not from a Debian package]
> /tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-chk_fingerd.patch/chkrootkit [Not from a Debian package]
> /tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-chk_ps.patch/chkrootkit [Not from a Debian package]
> /tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-chk_cron.patch/chkrootkit [Not from a Debian package]
> /tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-wted.patch/chkrootkit [Not from a Debian package]
> /tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-chk_du.patch/chkrootkit [Not from a Debian package]
> /tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-chk_init.patch/chkrootkit [Not from a Debian package]
> /tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-chk_ifconfig.patch/chkrootkit [Not from a Debian package]
> /tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-chk_write.patch/chkrootkit [Not from a Debian package]
> /tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-chk_dirname.patch/chkrootkit [Not from a Debian package]
> /tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-chk_su.patch/chkrootkit [Not from a Debian package]
> /tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-top-level.patch/chkrootkit [Not from a Debian package]
> /tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-chk_chfn.patch/chkrootkit [Not from a Debian package]
> /tmp/test-chkrootkit-false-positive [Not from a Debian package]
> /tmp/clean/netstat [Not from a Debian package]
> /tmp/clean/uname [Not from a Debian package]
> /tmp/clean/dirname [Not from a Debian package]
> /tmp/clean/xargs [Not from a Debian package]
> /tmp/clean/grep [Not from a Debian package]
> /tmp/clean/ss [Not from a Debian package]
> /tmp/clean/ls [Not from a Debian package]
> /tmp/clean/dpkg-query [Not from a Debian package]
> /tmp/clean/head [Not from a Debian package]
> /tmp/clean/id [Not from a Debian package]
> /tmp/clean/awk [Not from a Debian package]
> /tmp/clean/ps [Not from a Debian package]
> /tmp/clean/echo [Not from a Debian package]
> /tmp/clean/cut [Not from a Debian package]
> /tmp/clean/strings [Not from a Debian package]
> /tmp/clean/sed [Not from a Debian package]
> /tmp/clean/find [Not from a Debian package]
>
> --- [ END: cat /var/log/chkrootkit/log.today ] ---
>
> To create this file containing all output from today's run, do (as root)
> # cp -a /var/log/chkrootkit/log.today /var/log/chkrootkit/log.expected
> # (note that unedited output is in /var/log/chkrootkit/log.today.raw)
**** Files in log
total 44K
drwxr-xr-x 2 root root 4.0K Jan 28 08:55 .
drwxr-xr-x 4 root root 4.0K Jan 28 08:46 ..
-rw-r--r-- 1 root root 11K Jan 28 08:56 chkrootkit-daily.log
-rw-r--r-- 1 root root 9.7K Jan 28 08:56 log.today
-rw-r--r-- 1 root root 9.7K Jan 28 08:55 log.today.raw
*** Test of content of output follows...
**** Test for '^mail called with 3 args:$'
mail called with 3 args:
OK
**** Test for '^<-s>$'
<-s>
OK
**** Test for '^<\[chkrootkit\] alert for'
<[chkrootkit] alert for debusine-worker-amd64-hades-01>
OK
**** Test for '^<root>$'
<root>
OK
**** Test for '^> No file /var/log/chkrootkit/log\.expected$'
> No file /var/log/chkrootkit/log.expected
OK
**** Test for '^> This file should contain expected output from chkrootkit$'
> This file should contain expected output from chkrootkit
OK
**** Test for '^> $'
>
>
>
>
OK
**** Test for '^> Today's run produced the following output:$'
> Today's run produced the following output:
OK
**** Test for '^> --- \[ BEGIN: cat /var/log/chkrootkit/log\.today \] ---$'
> --- [ BEGIN: cat /var/log/chkrootkit/log.today ] ---
OK
**** Test for '^> WARNING: The following suspicious files and directories were found:$'
> WARNING: The following suspicious files and directories were found:
OK
**** Test for '^> (/usr)?/lib/\.1 \[Not from a Debian package\]$'
> /usr/lib/.1 [Not from a Debian package]
OK
**** Test for '^> (/usr)?/lib/\.aaa \[Not from a Debian package\]$'
> /usr/lib/.aaa [Not from a Debian package]
OK
**** Test for '^> (/usr)?/lib/\.1DIR \[Not from a Debian package\]$'
> /usr/lib/.1DIR [Not from a Debian package]
OK
**** Test for '^> (/usr)?/lib/\.\.\.DIR \[Not from a Debian package\]$'
> /usr/lib/...DIR [Not from a Debian package]
OK
**** Test for '^> (/usr)?/lib/\.bbb \[Not from a Debian package\]$'
> /usr/lib/.bbb [Not from a Debian package]
OK
**** Test for '^> (/usr)?/lib/\.DIR-aaa \[Not from a Debian package\]$'
> /usr/lib/.DIR-aaa [Not from a Debian package]
OK
**** Test for '^> (/usr)?/lib/\.\.\. \[Not from a Debian package\]$'
> /usr/lib/... [Not from a Debian package]
OK
**** Test for '^> $'
>
>
>
>
OK
**** Test for '^> WARNING: Possible Linux\.Xor\.DDoS installed:$'
> WARNING: Possible Linux.Xor.DDoS installed:
OK
**** Test for '^> /tmp/test-chkrootkit-false-positive \[Not from a Debian package\]$'
> /tmp/test-chkrootkit-false-positive [Not from a Debian package]
OK
**** Test for '^> /tmp/clean/.+$'
> /tmp/clean/netstat [Not from a Debian package]
> /tmp/clean/uname [Not from a Debian package]
> /tmp/clean/dirname [Not from a Debian package]
> /tmp/clean/xargs [Not from a Debian package]
> /tmp/clean/grep [Not from a Debian package]
> /tmp/clean/ss [Not from a Debian package]
> /tmp/clean/ls [Not from a Debian package]
> /tmp/clean/dpkg-query [Not from a Debian package]
> /tmp/clean/head [Not from a Debian package]
> /tmp/clean/id [Not from a Debian package]
> /tmp/clean/awk [Not from a Debian package]
> /tmp/clean/ps [Not from a Debian package]
> /tmp/clean/echo [Not from a Debian package]
> /tmp/clean/cut [Not from a Debian package]
> /tmp/clean/strings [Not from a Debian package]
> /tmp/clean/sed [Not from a Debian package]
> /tmp/clean/find [Not from a Debian package]
OK
**** Test for '^> --- \[ END: cat /var/log/chkrootkit/log\.today \] ---$'
> --- [ END: cat /var/log/chkrootkit/log.today ] ---
OK
**** Test for '^> To create this file containing all output from today's run, do \(as root\)$'
> To create this file containing all output from today's run, do (as root)
OK
**** Test for '^> # cp -a /var/log/chkrootkit/log\.today /var/log/chkrootkit/log\.expected$'
> # cp -a /var/log/chkrootkit/log.today /var/log/chkrootkit/log.expected
OK
**** Test for '^> # \(note that unedited output is in /var/log/chkrootkit/log\.today\.raw\)$'
> # (note that unedited output is in /var/log/chkrootkit/log.today.raw)
OK
** PASS: Testing: chkrootkit-daily-mail-02-rerun (chkrootkit-daily) done: PASS
** Testing: chkrootkit-daily-mail-03-no-diff-means-no-mail (chkrootkit-daily) ...
*** Output
**** Files in log
total 44K
drwxr-xr-x 2 root root 4.0K Jan 28 08:56 .
drwxr-xr-x 4 root root 4.0K Jan 28 08:46 ..
-rw-r--r-- 1 root root 0 Jan 28 08:56 chkrootkit-daily.log
-rw-r--r-- 1 root root 9.7K Jan 28 08:56 log.expected
-rw-r--r-- 1 root root 9.7K Jan 28 08:56 log.today
-rw-r--r-- 1 root root 9.7K Jan 28 08:56 log.today.raw
*** Test of content of output follows...
**** Expected is empty, so output should be empty
Output is indeed empty: PASS
** PASS: Testing: chkrootkit-daily-mail-03-no-diff-means-no-mail (chkrootkit-daily) done: PASS
* Ensuring the sniffer test finds a dhcpd on the 'chkrootkit' interface
1: lo: <LOOPBACK> mtu 65536 qdisc noop state DOWN group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
2: test@chkrootkit: <BROADCAST,MULTICAST> mtu 1500 qdisc noop state DOWN group default qlen 1000
link/ether 5a:75:0b:15:1e:10 brd ff:ff:ff:ff:ff:ff
3: chkrootkit@test: <NO-CARRIER,BROADCAST,MULTICAST,UP,M-DOWN> mtu 1500 qdisc noqueue state LOWERLAYERDOWN group default qlen 1000
link/ether f2:b4:7f:94:b3:5e brd ff:ff:ff:ff:ff:ff
inet 192.0.2.1/32 scope global chkrootkit
valid_lft forever preferred_lft forever
Preparing to start a new dhcpd:
subnet 192.0.2.0 netmask 255.255.255.0 {
range 192.0.2.1 192.0.2.2;
}
Starting dhcpd
(started)
bringing up 'lo'
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host proto kernel_lo
valid_lft forever preferred_lft forever
2: test@chkrootkit: <BROADCAST,MULTICAST> mtu 1500 qdisc noop state DOWN group default qlen 1000
link/ether 5a:75:0b:15:1e:10 brd ff:ff:ff:ff:ff:ff
3: chkrootkit@test: <NO-CARRIER,BROADCAST,MULTICAST,UP,M-DOWN> mtu 1500 qdisc noqueue state LOWERLAYERDOWN group default qlen 1000
link/ether f2:b4:7f:94:b3:5e brd ff:ff:ff:ff:ff:ff
inet 192.0.2.1/32 scope global chkrootkit
valid_lft forever preferred_lft forever
* Testing: filtering of sniffer (-s)
** Testing: chkrootkit-sniffer-01-full (chkrootkit sniffer) ...
*** Output
ROOTDIR is `/'
Checking `sniffer'... WARNING
WARNING: Output from ifpromisc:
lo: not promisc and no packet sniffer sockets
chkrootkit: PACKET SNIFFER(/usr/sbin/dhcpd[41705])
**** Files in log
total 44K
drwxr-xr-x 2 root root 4.0K Jan 28 08:56 .
drwxr-xr-x 4 root root 4.0K Jan 28 08:46 ..
-rw-r--r-- 1 root root 0 Jan 28 08:56 chkrootkit-daily.log
-rw-r--r-- 1 root root 9.7K Jan 28 08:56 log.expected
-rw-r--r-- 1 root root 9.7K Jan 28 08:56 log.today
-rw-r--r-- 1 root root 9.7K Jan 28 08:56 log.today.raw
*** Test of content of output follows...
**** Test for '^ROOTDIR is `/'$'
ROOTDIR is `/'
OK
**** Test for '^Checking `sniffer'\.\.\. WARNING$'
Checking `sniffer'... WARNING
OK
**** Test for '^$'
OK
**** Test for 'WARNING: Output from ifpromisc:$'
WARNING: Output from ifpromisc:
OK
**** Test for '^lo: not promisc and no packet sniffer sockets$'
lo: not promisc and no packet sniffer sockets
OK
** PASS: Testing: chkrootkit-sniffer-01-full (chkrootkit sniffer) done: PASS
*** Unexpected (unmatched) lines follow (for info):
chkrootkit: PACKET SNIFFER(/usr/sbin/dhcpd[41705])
** Testing: chkrootkit-sniffer-02-full-with-s (chkrootkit -s (PACKET SNIFFER|not promisc) sniffer) ...
*** Output
ROOTDIR is `/'
Checking `sniffer'... not found
**** Files in log
total 44K
drwxr-xr-x 2 root root 4.0K Jan 28 08:56 .
drwxr-xr-x 4 root root 4.0K Jan 28 08:46 ..
-rw-r--r-- 1 root root 0 Jan 28 08:56 chkrootkit-daily.log
-rw-r--r-- 1 root root 9.7K Jan 28 08:56 log.expected
-rw-r--r-- 1 root root 9.7K Jan 28 08:56 log.today
-rw-r--r-- 1 root root 9.7K Jan 28 08:56 log.today.raw
*** Test of content of output follows...
**** Test for '^ROOTDIR is `/'$'
ROOTDIR is `/'
OK
**** Test for '^Checking `sniffer'\.\.\. not found$'
Checking `sniffer'... not found
OK
** PASS: Testing: chkrootkit-sniffer-02-full-with-s (chkrootkit -s (PACKET SNIFFER|not promisc) sniffer) done: PASS
** Testing: chkrootkit-sniffer-03-quiet-with-s (chkrootkit -q -s PACKET SNIFFER sniffer) ...
*** Output
**** Files in log
total 44K
drwxr-xr-x 2 root root 4.0K Jan 28 08:56 .
drwxr-xr-x 4 root root 4.0K Jan 28 08:46 ..
-rw-r--r-- 1 root root 0 Jan 28 08:56 chkrootkit-daily.log
-rw-r--r-- 1 root root 9.7K Jan 28 08:56 log.expected
-rw-r--r-- 1 root root 9.7K Jan 28 08:56 log.today
-rw-r--r-- 1 root root 9.7K Jan 28 08:56 log.today.raw
*** Test of content of output follows...
**** Expected is empty, so output should be empty
Output is indeed empty: PASS
** PASS: Testing: chkrootkit-sniffer-03-quiet-with-s (chkrootkit -q -s PACKET SNIFFER sniffer) done: PASS
* Test chkrootkit tests report infected files
** setting up false positive 'fake rootkits' for every test
Ensuring amd shows as INFECTED
mv /usr/sbin/amd /usr/sbin/amd.to_replace
/usr/sbin/amd
Ensuring basename shows as INFECTED
mv /usr/bin/basename /usr/bin/basename.to_replace
/usr/bin/basename
Ensuring biff shows as INFECTED
mv /usr/sbin/biff /usr/sbin/biff.to_replace
/usr/sbin/biff
Ensuring chfn shows as INFECTED
mv /usr/bin/chfn /usr/bin/chfn.to_replace
/usr/bin/chfn
Ensuring chsh shows as INFECTED
mv /usr/bin/chsh /usr/bin/chsh.to_replace
/usr/bin/chsh
Ensuring cron shows as INFECTED
mv /usr/sbin/cron /usr/sbin/cron.to_replace
/usr/sbin/cron
Ensuring date shows as INFECTED
mv /usr/bin/date /usr/bin/date.to_replace
/usr/bin/date
Ensuring du shows as INFECTED
mv /usr/bin/du /usr/bin/du.to_replace
/usr/bin/du
Ensuring dirname shows as INFECTED
mv /usr/bin/dirname /usr/bin/dirname.to_replace
/usr/bin/dirname
Ensuring echo shows as INFECTED
mv /usr/bin/echo /usr/bin/echo.to_replace
/usr/bin/echo
Ensuring egrep shows as INFECTED
mv /usr/bin/egrep /usr/bin/egrep.to_replace
/usr/bin/egrep
Ensuring env shows as INFECTED
mv /usr/bin/env /usr/bin/env.to_replace
/usr/bin/env
Ensuring find shows as INFECTED
mv /usr/bin/find /usr/bin/find.to_replace
/usr/bin/find
Ensuring fingerd shows as INFECTED
mv /usr/sbin/fingerd /usr/sbin/fingerd.to_replace
/usr/sbin/fingerd
Ensuring gpm shows as INFECTED
mv /usr/sbin/gpm /usr/sbin/gpm.to_replace
/usr/sbin/gpm
Ensuring grep shows as INFECTED
mv /usr/bin/grep /usr/bin/grep.to_replace
/usr/bin/grep
Ensuring hdparm shows as INFECTED
mv /usr/sbin/hdparm /usr/sbin/hdparm.to_replace
/usr/sbin/hdparm
Ensuring su shows as INFECTED
mv /usr/bin/su /usr/bin/su.to_replace
/usr/bin/su
Ensuring ifconfig shows as INFECTED
mv /usr/sbin/ifconfig /usr/sbin/ifconfig.to_replace
/usr/sbin/ifconfig
Ensuring inetd shows as INFECTED
mv /usr/sbin/inetd /usr/sbin/inetd.to_replace
/usr/sbin/inetd
Ensuring in.identd shows as INFECTED
mv /usr/sbin/in.identd /usr/sbin/in.identd.to_replace
/usr/sbin/in.identd
Ensuring init shows as INFECTED
mv /usr/sbin/init /usr/sbin/init.to_replace
/usr/sbin/init
Ensuring killall shows as INFECTED
mv /usr/sbin/killall /usr/sbin/killall.to_replace
/usr/sbin/killall
Ensuring login shows as INFECTED
mv /usr/bin/login /usr/bin/login.to_replace
/usr/bin/login
Ensuring ls shows as INFECTED
mv /usr/bin/ls /usr/bin/ls.to_replace
/usr/bin/ls
Ensuring lsof shows as INFECTED
mv /usr/sbin/lsof /usr/sbin/lsof.to_replace
/usr/sbin/lsof
Ensuring mail shows as INFECTED
mv /usr/sbin/mail /usr/sbin/mail.to_replace
/usr/sbin/mail
Ensuring mingetty shows as INFECTED
mv /usr/sbin/mingetty /usr/sbin/mingetty.to_replace
/usr/sbin/mingetty
Ensuring netstat shows as INFECTED
mv /usr/bin/netstat /usr/bin/netstat.to_replace
/usr/bin/netstat
Ensuring named shows as INFECTED
mv /usr/sbin/named /usr/sbin/named.to_replace
/usr/sbin/named
Ensuring passwd shows as INFECTED
mv /usr/bin/passwd /usr/bin/passwd.to_replace
/usr/bin/passwd
Ensuring pidof shows as INFECTED
mv /usr/bin/pidof /usr/bin/pidof.to_replace
/usr/sbin/killall5
Ensuring in.pop2d shows as INFECTED
mv /usr/sbin/in.pop2d /usr/sbin/in.pop2d.to_replace
/usr/sbin/in.pop2d
Ensuring in.pop3d shows as INFECTED
mv /usr/sbin/in.pop3d /usr/sbin/in.pop3d.to_replace
/usr/sbin/in.pop3d
Ensuring ps shows as INFECTED
mv /usr/bin/ps /usr/bin/ps.to_replace
/usr/bin/ps
Ensuring pstree shows as INFECTED
mv /usr/sbin/pstree /usr/sbin/pstree.to_replace
/usr/sbin/pstree
Ensuring rpcinfo shows as INFECTED
mv /usr/sbin/rpcinfo /usr/sbin/rpcinfo.to_replace
/usr/sbin/rpcinfo
Ensuring in.rlogind shows as INFECTED
making new: /usr/sbin/in.rlogind
/usr/sbin/in.rlogind
Ensuring slogin shows as INFECTED
mv /usr/sbin/slogin /usr/sbin/slogin.to_replace
/usr/sbin/slogin
Ensuring sendmail shows as INFECTED
mv /usr/sbin/sendmail /usr/sbin/sendmail.to_replace
/usr/sbin/sendmail
Ensuring sshd shows as INFECTED
mv /usr/sbin/sshd /usr/sbin/sshd.to_replace
/usr/sbin/sshd
Ensuring syslogd shows as INFECTED
mv /usr/sbin/syslogd /usr/sbin/syslogd.to_replace
/usr/sbin/syslogd
Ensuring tar shows as INFECTED
mv /usr/bin/tar /usr/bin/tar.to_replace
/usr/bin/tar
Ensuring tcpd shows as INFECTED
mv /usr/sbin/tcpd /usr/sbin/tcpd.to_replace
/usr/sbin/tcpd
Ensuring top shows as INFECTED
mv /usr/bin/top /usr/bin/top.to_replace
/usr/bin/top
Ensuring telnetd shows as INFECTED
mv /usr/sbin/telnetd /usr/sbin/telnetd.to_replace
/usr/sbin/telnetd
Ensuring timed shows as INFECTED
mv /usr/sbin/timed /usr/sbin/timed.to_replace
/usr/sbin/timed
Ensuring traceroute shows as INFECTED
mv /usr/sbin/traceroute /usr/sbin/traceroute.to_replace
/usr/sbin/traceroute
Ensuring vdir shows as INFECTED
mv /usr/bin/vdir /usr/bin/vdir.to_replace
/usr/bin/vdir
Ensuring w shows as INFECTED
mv /usr/bin/w /usr/bin/w.to_replace
/usr/bin/w
Ensuring write shows as INFECTED
mv /usr/sbin/write /usr/sbin/write.to_replace
/usr/sbin/write
Ensuring asp shows as INFECTED
making new: /usr/sbin/asp
/usr/sbin/asp
Ensuring crontab shows as INFECTED
mv /usr/sbin/crontab /usr/sbin/crontab.to_replace
/usr/sbin/crontab
Ensuring epic shows as INFECTED
making new: /usr/sbin/epic
/usr/sbin/epic
for chk_crontab: mocking: crontab at /usr/sbin/crontab
modifying tar so chk-tar finds an issue
-rwsr-sr-x 1 root root 249 Jan 28 08:56 /usr/bin/tar
To delete: /usr/sbin/in.rlogind /usr/sbin/asp /usr/sbin/epic
To replace (with .pre-rootkit): /usr/sbin/amd /usr/bin/basename /usr/sbin/biff /usr/bin/chfn /usr/bin/chsh /usr/sbin/cron /usr/bin/date /usr/bin/du /usr/bin/dirname /usr/bin/echo /usr/bin/egrep /usr/bin/env /usr/bin/find /usr/sbin/fingerd /usr/sbin/gpm /usr/bin/grep /usr/sbin/hdparm /usr/bin/su /usr/sbin/ifconfig /usr/sbin/inetd /usr/sbin/in.identd /usr/sbin/init /usr/sbin/killall /usr/bin/login /usr/bin/ls /usr/sbin/lsof /usr/sbin/mail /usr/sbin/mingetty /usr/bin/netstat /usr/sbin/named /usr/bin/passwd /usr/sbin/killall5 /usr/sbin/in.pop2d /usr/sbin/in.pop3d /usr/bin/ps /usr/sbin/pstree /usr/sbin/rpcinfo /usr/sbin/slogin /usr/sbin/sendmail /usr/sbin/sshd /usr/sbin/syslogd /usr/bin/tar /usr/sbin/tcpd /usr/bin/top /usr/sbin/telnetd /usr/sbin/timed /usr/sbin/traceroute /usr/bin/vdir /usr/bin/w /usr/sbin/write /usr/sbin/crontab
modifying netstat for chk_netstat and bindshell
modifying ls so syslogk and kovid are detected
modifying grep so a Linux BPF Door is detected
mk: /usr/bin/atm in dir: /usr/bin
mk: /tmp/tcp.log in dir: /tmp
mk: /var/lib/games/.k/foo in dir: /var/lib/games/.k
mk: /usr/src/.poop/foo in dir: /usr/src/.poop
mk: /dev/.golf/foo in dir: /dev/.golf
mk: /dev/tux/foo in dir: /dev/tux
mk: /usr/include/. ./foo in dir: /usr/include/. .
mk: /usr/lib/tcl5.3/foo in dir: /usr/lib/tcl5.3
mk: /etc/ttyhash in dir: /etc
mk: /usr/local/lib/libproc.a in dir: /usr/local/lib
mk: /bin/mjy in dir: /bin
mk: /usr/bin/n3tstat in dir: /usr/bin
mk: /bin/lps in dir: /bin
mk: /usr/lib/.ark? in dir: /usr/lib
mk: /usr/lib/number.cgi in dir: /usr/lib
mk: /www/httpd/cgi-bin/last.cgi in dir: /www/httpd/cgi-bin
mk: /usr/bin/red.tar in dir: /usr/bin
mk: /bin/dy in dir: /bin
mk: /dev/chr in dir: /dev
mk: /dev/cucl in dir: /dev
mk: /usr/include/chk.h in dir: /usr/include
mk: /usr/bin/xsf in dir: /usr/bin
mk: /usr/lib/locale/uboot in dir: /usr/lib/locale
mk: /tmp/xp in dir: /tmp
mk: /usr/bin/volc in dir: /usr/bin
mk: /usr/include/proc.h in dir: /usr/include
mk: /etc/rc.d/init.d/network in dir: /etc/rc.d/init.d
mk: /usr/bin/ishit in dir: /usr/bin
mk: /usr/sbin/initcheck in dir: /usr/sbin
mk: /usr/sbin/mech in dir: /usr/sbin
mk: /etc/sysconfig/console/load.zk in dir: /etc/sysconfig/console
mk: /etc/ld.so.hash in dir: /etc
mk: /bin/imout in dir: /bin
mk: /usr/include/icekey.h in dir: /usr/include
mk: /sbin/xc in dir: /sbin
mk: /sbin/rootedoor in dir: /sbin
mk: /etc/.enyelkmOCULTAR.ko/foo in dir: /etc/.enyelkmOCULTAR.ko
mk: /var/tmp/vuln.txt in dir: /var/tmp
mk: /usr/local/hide/foo in dir: /usr/local/hide
mk: /lib/modules/module_init.ko in dir: /lib/modules
mk: /tmp/ss0-0 in dir: /tmp
mk: /usr/var/mediamgrs.jar in dir: /usr/var
mk: /tmp/.ICE-unix/engine.so in dir: /tmp/.ICE-unix
mk: /etc/xig in dir: /etc
mk: /var/tmp/.1/x in dir: /var/tmp/.1
mk: /var/run/.tmp/y in dir: /var/run/.tmp
mk: /tmp/suterusu/pwnlnx6 in dir: /tmp/suterusu
mk: /usr/share/libc.so.69 in dir: /usr/share
mk: /tmp/kdevtmpfsi in dir: /tmp
mk: /bin/systemd-daemon in dir: /bin
mk: /syslogk in dir: /
mk: /root/.whatever.history in dir: /root
mk: /root/.whatever.history.hardlink in dir: /root
mk: /tmp/name.php in dir: /tmp
mk: /bin/.ps in dir: /bin
mk: /usr/bin/mailrc in dir: /usr/bin
mk: /www/httpd/cgi-bin/bogus.cgi in dir: /www/httpd/cgi-bin
mk: /bin/frgy in dir: /bin
mk: /dev/cuc in dir: /dev
mk: /usr/lib/libpikapp.a in dir: /usr/lib
mk: /var/spool/cron/crontabs/foo in dir: /var/spool/cron/crontabs
mk: /etc/rc.local in dir: /etc
mk: /sbin/ssh in dir: /sbin
mk: /dev/bad-file in dir: /dev
mk: /etc/passwd in dir: /etc
mk: /etc/inetd.conf in dir: /etc
mk: /lib/x86_64-linux-gnu/libkeyutils.so.1 in dir: /lib/x86_64-linux-gnu
mk: /home/ ./tinyDNS in dir: /home/ .
mk: /tmp/by-content in dir: /tmp
mk: /bin/in.rexedcs in dir: /bin
mk: /tmp/.uua in dir: /tmp
mk: /tmp/.bugtraq.c in dir: /tmp
mk: /tmp/.../r in dir: /tmp/...
mk: /bin/cls in dir: /bin
mk: /tmp/sp ace/aaa' exit 1; " in dir: /tmp/sp ace
To move back to .pre-rootkit: /etc/passwd /etc/inetd.conf
To rm: /usr/bin/atm /tmp/tcp.log /var/lib/games/.k/foo /usr/src/.poop/foo /dev/.golf/foo /dev/tux/foo /usr/include/. ./foo /usr/lib/tcl5.3/foo /etc/ttyhash /usr/local/lib/libproc.a /bin/mjy /usr/bin/n3tstat /bin/lps /usr/lib/.ark? /usr/lib/number.cgi /www/httpd/cgi-bin/last.cgi /usr/bin/red.tar /bin/dy /dev/chr /dev/cucl /usr/include/chk.h /usr/bin/xsf /usr/lib/locale/uboot /tmp/xp /usr/bin/volc /usr/include/proc.h /etc/rc.d/init.d/network /usr/bin/ishit /usr/sbin/initcheck /usr/sbin/mech /etc/sysconfig/console/load.zk /etc/ld.so.hash /bin/imout /usr/include/icekey.h /sbin/xc /sbin/rootedoor /etc/.enyelkmOCULTAR.ko/foo /var/tmp/vuln.txt /usr/local/hide/foo /lib/modules/module_init.ko /tmp/ss0-0 /usr/var/mediamgrs.jar /tmp/.ICE-unix/engine.so /etc/xig /var/tmp/.1/x /var/run/.tmp/y /tmp/suterusu/pwnlnx6 /usr/share/libc.so.69 /tmp/kdevtmpfsi /bin/systemd-daemon /syslogk /root/.whatever.history /root/.whatever.history.hardlink /tmp/name.php /bin/.ps /usr/bin/mailrc /www/httpd/cgi-bin/bogus.cgi /bin/frgy /dev/cuc /usr/lib/libpikapp.a /var/spool/cron/crontabs/foo /etc/rc.local /sbin/ssh /dev/bad-file /lib/x86_64-linux-gnu/libkeyutils.so.1 /home/ ./tinyDNS /tmp/by-content /bin/in.rexedcs /tmp/.uua /tmp/.bugtraq.c /tmp/.../r /bin/cls /tmp/sp ace/aaa' exit 1; "
for chk_ldsopreload
for chk_rshd
susp dev
for chk_inetdconf
/etc/shells
# /etc/shells: valid login shells
/bin/sh
/usr/bin/sh
/bin/bash
/usr/bin/bash
/bin/rbash
/usr/bin/rbash
/usr/bin/dash
asp
stream tcp nowait /bin/sh
asp
dont know how to fake some lkms (cant make a file in /proc): not tested: sniffer, z2, chkutmp. OSX_RSPLUG never runs under linux. chk_ldsopreload seems to be broken
** Testing: all-tests-can-find-something-01 (chkrootkit -p /tmp/clean) ...
*** Output
ROOTDIR is `/'
Checking `amd'... INFECTED
Checking `basename'... INFECTED
Checking `biff'... INFECTED
Checking `chfn'... INFECTED
Checking `chsh'... INFECTED
Checking `cron'... INFECTED
Checking `crontab'... WARNING
WARNING: crontab for nobody found, possible Lupper.Worm.
Checking for Lupper.Worm... INFECTED
Checking `date'... INFECTED
Checking `du'... INFECTED
Checking `dirname'... INFECTED
Checking `echo'... INFECTED
Checking `egrep'... INFECTED
Checking `env'... INFECTED
Checking `find'... INFECTED
Checking `fingerd'... INFECTED
Checking `gpm'... INFECTED
Checking `grep'... INFECTED
Checking `hdparm'... INFECTED
Checking `su'... INFECTED
Checking `ifconfig'... INFECTED
Checking `inetd'... INFECTED
Checking `inetdconf'... INFECTED
Checking `identd'... INFECTED
Checking `init'... INFECTED
Checking `killall'... INFECTED
Checking `ldsopreload'... not infected
Checking `login'... INFECTED
Checking `ls'... INFECTED
Checking `lsof'... INFECTED
Checking `mail'... INFECTED
Checking `mingetty'... INFECTED
Checking `netstat'... INFECTED
Checking `named'... INFECTED
Checking `passwd'... INFECTED
Checking `pidof'... INFECTED
Checking `pop2'... INFECTED
Checking `pop3'... INFECTED
Checking `ps'... INFECTED
Checking `pstree'... INFECTED
Checking `rpcinfo'... INFECTED
Checking `rlogind'... INFECTED
Checking `rshd'... INFECTED
Checking `slogin'... INFECTED
Checking `sendmail'... INFECTED
Checking `sshd'... INFECTED but disabled
Checking `syslogd'... INFECTED
Checking `tar'... INFECTED
Checking `tcpd'... INFECTED
Checking `tcpdump'... INFECTED
Checking `top'... INFECTED
Checking `telnetd'... INFECTED
Checking `timed'... INFECTED
Checking `traceroute'... INFECTED
Checking `vdir'... INFECTED
Checking `w'... INFECTED
Checking `write'... INFECTED
Checking `aliens'... started
Searching for suspicious files in /dev... WARNING
WARNING: The following suspicious files were found in /dev:
/dev/bad-file
Searching for known suspicious directories... WARNING
WARNING: Suspect directory /var/run/.tmp/ [Not from a Debian package] found. Looking for sniffer logs:
/var/run/.tmp/ [Not from a Debian package]
/var/run/.tmp/y [Not from a Debian package]
Searching for known suspicious files... WARNING
WARNING: The following known suspicious files were found:
/usr/bin/atm [Not from a Debian package]
/etc/ld.so.hash [Not from a Debian package]
Searching for sniffer's logs... WARNING
WARNING: The following potential sniffer's logs were found:
/tmp/tcp.log [Not from a Debian package]
Searching for HiDrootkit rootkit... WARNING
WARNING: Possible HiDrootkit rootkit installed:
/var/lib/games/.k/ [Not from a Debian package]
Searching for t0rn rootkit... WARNING
WARNING: Possible t0rn rootkit installed:
/etc/ttyhash [Not from a Debian package]
Searching for t0rn v8 (or variation)... WARNING
WARNING: Possible t0rn v8 (or variation) rootkit installed:
/usr/local/lib/libproc.a [Not from a Debian package]
Searching for Lion rootkit... WARNING
WARNING: Possible Lion rootkit installed:
/bin/mjy [Not from a Debian package]
Searching for RSHA rootkit... WARNING
WARNING: Possible RSHA rootkit installed:
/usr/bin/n3tstat [Not from a Debian package]
Searching for RH-Sharpe rootkit... WARNING
WARNING: Possible RH-Sharpe rootkit installed:
/bin/lps [Not from a Debian package]
Searching for Ambient (ark) rootkit... WARNING
WARNING: Possible Ambient's rootkit (ark) installed:
/usr/lib/.ark? [Not from a Debian package]
Searching for suspicious files and dirs... WARNING
WARNING: The following suspicious files and directories were found:
/usr/lib/.1 [Not from a Debian package]
/usr/lib/.DIR-aaa [Not from a Debian package]
/usr/lib/... [Not from a Debian package]
/usr/lib/.bbb [Not from a Debian package]
/usr/lib/...DIR [Not from a Debian package]
/usr/lib/.1DIR [Not from a Debian package]
/usr/lib/.aaa [Not from a Debian package]
/usr/lib/.ark? [Not from a Debian package]
Searching for LPD Worm... WARNING
WARNING: Possible LPD worm installed (based on files found)
Searching for Ramen Worm rootkit... WARNING
WARNING: Possible Ramen Worm rootkit installed:
/usr/src/.poop/ [Not from a Debian package]
Searching for Maniac rootkit... WARNING
WARNING: Possible Maniac rootkit installed:
/usr/bin/mailrc [Not from a Debian package]
Searching for RK17 rootkit... WARNING
WARNING: Possible RK17 rootkit installed:
/www/httpd/cgi-bin/bogus.cgi [Not from a Debian package]
/usr/lib/number.cgi [Not from a Debian package]
Searching for Ducoci rootkit... WARNING
WARNING: Possible Ducoci rootkit installed:
/www/httpd/cgi-bin/last.cgi [Not from a Debian package]
Searching for Adore Worm... WARNING
WARNING: Possible Adore Worm installed:
/usr/bin/red.tar [Not from a Debian package]
Searching for ShitC Worm... WARNING
WARNING: Possible ShitC Worm installed:
/usr/bin/frgy [Not from a Debian package]
/usr/bin/dy [Not from a Debian package]
Searching for Omega Worm... WARNING
WARNING: Possible Omega Worm installed:
/dev/chr [Not from a Debian package]
Searching for Sadmind/IIS Worm... WARNING
WARNING: Possible Sadmin/IIS Worm installed:
/dev/cuc [Not from a Debian package]
Searching for MonKit... WARNING
WARNING: Possible MonKit installed:
/usr/lib/libpikapp.a [Not from a Debian package]
Searching for Showtee rootkit... WARNING
WARNING: Possible Showtee rootkit installed:
/usr/include/proc.h [Not from a Debian package]
/usr/include/chk.h [Not from a Debian package]
Searching for OpticKit... WARNING
WARNING: Possible OpticKit installed:
/usr/bin/xsf [Not from a Debian package]
Searching for T.R.K... WARNING
WARNING: Possible T.R.K installed:
/usr/bin/xsf [Not from a Debian package]
Searching for Mithra rootkit... WARNING
WARNING: Possible Mithra installed:
/usr/lib/locale/uboot [Not from a Debian package]
Searching for OBSD rootkit v1... not tested
Searching for LOC rootkit... WARNING
WARNING: Possible LOC rootkit installed:
/tmp/xp [Not from a Debian package]
/usr/sbin/epic [Not from a Debian package]
Searching for Romanian rootkit... WARNING
WARNING: Possible Romanian rootkit installed:
/usr/include/proc.h [Not from a Debian package]
Searching for HKRK rootkit... WARNING
WARNING: Possible HKRK rootkit installed in /etc/rc.d/init.d/network [Not from a Debian package]
Searching for Suckit rootkit... WARNING
WARNING: Possible Suckit:
/dev/.golf/
Searching for Volc rootkit... WARNING
WARNING: Possible Volc rootkit installed:
/usr/bin/volc [Not from a Debian package]
Searching for Gold2 rootkit... WARNING
WARNING: Possible Gold2 rootkit installed:
/usr/bin/ishit [Not from a Debian package]
Searching for TC2 rootkit... WARNING
WARNING: Possible TC2 rootkit installed:
/usr/sbin/initcheck [Not from a Debian package]
Searching for Anonoying rootkit... WARNING
WARNING: Possible Anonoying rootkit installed:
/usr/sbin/mech [Not from a Debian package]
Searching for ZK rootkit... WARNING
WARNING: Possible ZK rootkit installed:
/etc/sysconfig/console/load.zk [Not from a Debian package]
Searching for ShKit rootkit... WARNING
WARNING: Possible ShKit rootkit installed:
/etc/ld.so.hash [Not from a Debian package]
Searching for AjaKit rootkit... WARNING
WARNING: Possible AjaKit rootkit installed:
/dev/tux/ [Not from a Debian package]
Searching for zaRwT rootkit... WARNING
WARNING: Possible zaRwT rootkit installed:
/bin/imout [Not from a Debian package]
Searching for Madalin rootkit... WARNING
WARNING: Possible Madalin rootkit installed:
/usr/include/icekey.h [Not from a Debian package]
Searching for Fu rootkit... WARNING
WARNING: Possible Fu rootkit installed:
/sbin/xc [Not from a Debian package]
Searching for Kenga3 rootkit... WARNING
WARNING: Possible Kenga3 rootkit installed:
/usr/include/. ./ [Not from a Debian package]
/usr/include/. ./foo [Not from a Debian package]
Searching for ESRK rootkit... WARNING
WARNING: Possible ESRK rootkit installed:
/usr/lib/tcl5.3/ [Not from a Debian package]
Searching for rootedoor... WARNING
WARNING: Possible rootedoor installed:
/usr/sbin/rootedoor [Not from a Debian package]
/sbin/rootedoor [Not from a Debian package]
/sbin/rootedoor [Not from a Debian package]
/usr/sbin/rootedoor [Not from a Debian package]
Searching for ENYELKM rootkit... WARNING
WARNING: Possible ENYELKM rootkit installed:
/etc/.enyelkmOCULTAR.ko/ [Not from a Debian package]
Searching for common ssh-scanners... WARNING
WARNING: Possible ssh-scanner installed:
/var/tmp/vuln.txt [Not from a Debian package]
Searching for Linux/Ebury 1.4 - Operation Windigo... WARNING
WARNING: /usr/sbin/ssh may be INFECTED by Linux/Ebury 1.4
Searching for Linux/Ebury 1.6... WARNING
WARNING: Possible Linux/Ebury 1.6 - Operation Windigo installed in /lib/x86_64-linux-gnu/libkeyutils.so.1 [Not from a Debian package]
Searching for 64-bit Linux Rootkit... WARNING
WARNING: Possible 64-bit Linux Rootkit:
/usr/local/hide/ [Not from a Debian package]
/usr/local/hide/foo [Not from a Debian package]
/etc/rc.local [Not from a Debian package]
Searching for 64-bit Linux Rootkit modules... WARNING
WARNING: Possible 64-bit rootkit modules installed:
/lib/modules/module_init.ko [Not from a Debian package]
Searching for Mumblehard... WARNING
WARNING: Possible Mumblehard backdoor installed:
/var/spool/cron/crontabs/foo [Not from a Debian package]
Searching for Backdoor.Linux.Mokes.a... WARNING
WARNING: Possible Backdoor.Linux.Mokes.a installed:
/tmp/ss0-0 [Not from a Debian package]
Searching for Malicious TinyDNS... WARNING
WARNING: Possible Malicious TinyDNS installed:
/home/ ./ [Not from a Debian package]
/home/ ./tinyDNS [Not from a Debian package]
Searching for Linux.Xor.DDoS... WARNING
WARNING: Possible Linux.Xor.DDoS installed:
/tmp/autopkgtest.agxPFS/wrapper.sh [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/check_php [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/debian/rules [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/debian/tests/test-chkrootkit [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/debian/tests/find-debs-that-are-enhanced [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/debian/chkrootkit-daily [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/check_if_debian [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-w55808.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-chk_sendmail.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-chk_lsof.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-chk_pidof.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-z2.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-chk_inetdconf.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-chkutmp.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-chk_w.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-chk_pop2.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-chk_killall.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-chk_pstree.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-chk_tcpd.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-chk_slogin.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-slapper.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-helper-functions-for-reporting-results.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-chk_mail.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-chk_chsh.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-chk_inetd.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-chk_date.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-chk_tar.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-chk_basename.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-aliens.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-rexedcs.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-chk_ls.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-chk_crontab.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-OSX_RSPLUG.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-chk_echo.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-chk_named.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-bindshell.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-chk_vdir.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-chk_amd.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-chk_tcpdump.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-chk_timed.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-chk_top.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-chk_netstat.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-chk_identd.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-chk_hdparm.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-chk_mingetty.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-chk_traceroute.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-chk_rshd.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-lkm.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-chk_env.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-printn.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-chk_telnetd.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-chk_rpcinfo.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-chk_biff.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-scalper.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-asp.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-chk_find.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-chk_rlogind.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-lookfor-rootkit.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-chk_pop3.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-chk_login.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-chk_grep.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-sniffer.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-chk_gpm.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-chk_ldsopreload.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-chk_syslog.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-chk_egrep.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-chk_sshd.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-Debian-cd.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-chk_passwd.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-chk_fingerd.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-chk_ps.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-chk_cron.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-wted.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-chk_du.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-chk_init.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-chk_ifconfig.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-chk_write.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-chk_dirname.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-chk_su.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-top-level.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-chk_chfn.patch/chkrootkit [Not from a Debian package]
/tmp/test-chkrootkit-false-positive [Not from a Debian package]
/tmp/clean/netstat [Not from a Debian package]
/tmp/clean/grep.orig [Not from a Debian package]
/tmp/clean/uname [Not from a Debian package]
/tmp/clean/dirname [Not from a Debian package]
/tmp/clean/xargs [Not from a Debian package]
/tmp/clean/grep [Not from a Debian package]
/tmp/clean/ls.orig [Not from a Debian package]
/tmp/clean/ss [Not from a Debian package]
/tmp/clean/ls [Not from a Debian package]
/tmp/clean/dpkg-query [Not from a Debian package]
/tmp/clean/head [Not from a Debian package]
/tmp/clean/id [Not from a Debian package]
/tmp/clean/awk [Not from a Debian package]
/tmp/clean/ps [Not from a Debian package]
/tmp/clean/echo [Not from a Debian package]
/tmp/clean/cut [Not from a Debian package]
/tmp/clean/strings [Not from a Debian package]
/tmp/clean/sed [Not from a Debian package]
/tmp/clean/find [Not from a Debian package]
Searching for Linux.Proxy.1.0... WARNING
WARNING: INFECTED: Possible Malicious Linux.Proxy.10 installed in /etc/passwd
Searching for CrossRAT... WARNING
WARNING: Possible Malicious CrossRAT installed:
/usr/var/mediamgrs.jar [Not from a Debian package]
Searching for Hidden Cobra... WARNING
WARNING: Possible Malicious Hidden Cobra installed:
/tmp/.ICE-unix/engine.so [Not from a Debian package]
Searching for Rocke Miner rootkit... WARNING
WARNING: Possible Rocke Miner rootkit installed:
/etc/xig [Not from a Debian package]
Searching for PWNLNX4 lkm rootkit... WARNING
WARNING: Possible PWNLNX4 lkm rootkit installed:
/var/tmp/.1/ [Not from a Debian package]
Searching for PWNLNX6 lkm rootkit... WARNING
WARNING: Possible PWNLNX6 lkm rootkit installed:
/tmp/suterusu/ [Not from a Debian package]
Searching for Umbreon lrk... WARNING
WARNING: Possible Malicious UMBREON LRK installed:
/usr/share/libc.so.69 [Not from a Debian package]
Searching for Kinsing.a backdoor rootkit... WARNING
WARNING: Possible Kinsing.a backdoor rootkit installed:
/tmp/kdevtmpfsi [Not from a Debian package]
Searching for RotaJakiro backdoor rootkit... WARNING
WARNING: Possible RotaJakiro backdoor rootkit installed:
/bin/systemd-daemon [Not from a Debian package]
Searching for Syslogk LKM rootkit... WARNING
WARNING: Possible Malicious Syslogk LKM rootkit installed: /proc/syslogk
Searching for Kovid LKM rootkit... WARNING
WARNING: INFECTED: Possible Malicious Kovid LKM rootkit installed: /proc/kovid
Searching for Tsunami DDoS Malware rootkit... WARNING
WARNING: Possible Tsunami DDoS Malware rootkit installed:
/bin/cls [Not from a Debian package]
Searching for Linux BPF Door... WARNING
WARNING: Possible Linux BPFDoor Malware installed:
/proc/xx/stack
Searching for suspect PHP files... WARNING
WARNING: The following suspicious PHP files were found:
/tmp/name.php
/tmp/by-content
/tmp/sp ace/aaa' exit 1; "
Searching for zero-size shell history files in /root... WARNING
WARNING: Zero-size history files:
/root/.whatever.history [Not from a Debian package]
Searching for hardlinked shell history files in /root... WARNING
WARNING: shell history files hardlinked to another file:
/root/.whatever.history [Not from a Debian package]
Checking `aliens'... finished
Checking `asp'... WARNING
WARNING: Possible Ramen Worm installed in /etc/inetd.conf
Checking `bindshell'... WARNING
WARNING: Potential bindshell installed: infected ports: 600 31337
Checking `lkm'... started
Searching for Adore LKM... not tested
Searching for sebek LKM (Adore based)... not tested
Searching for knark LKM rootkit... not found
Searching for for hidden processes with chkproc... not found
Searching for for hidden directories using chkdirs... not found
Checking `lkm'... finished
Checking `rexedcs'... INFECTED: /usr/bin/in.rexedcs
Checking `sniffer'... WARNING
WARNING: Output from ifpromisc:
lo: not promisc and no packet sniffer sockets
chkrootkit: PACKET SNIFFER(/usr/sbin/dhcpd[41705])
Checking `w55808'... WARNING
WARNING: Possible 55808 Worm installed
Checking `wted'... not found
Checking `scalper'... WARNING
WARNING: Possible Scalper Worm installed
Checking `slapper'... WARNING
WARNING: Possible Slapper Worm installed:
/tmp/.bugtraq.c [Not from a Debian package]
Checking `z2'... not found
Checking `chkutmp'... not tested
Checking `OSX_RSPLUG'... not tested
**** Files in log
total 44K
drwxr-xr-x 2 root root 4.0K Jan 28 08:56 .
drwxr-xr-x 4 root root 4.0K Jan 28 08:46 ..
-rw-r--r-- 1 root root 0 Jan 28 08:56 chkrootkit-daily.log
-rw-r--r-- 1 root root 9.7K Jan 28 08:56 log.expected
-rw-r--r-- 1 root root 9.7K Jan 28 08:56 log.today
-rw-r--r-- 1 root root 9.7K Jan 28 08:56 log.today.raw
*** Test of content of output follows...
**** Test for '^ROOTDIR is `/'$'
ROOTDIR is `/'
OK
**** Test for '^Checking `amd'\.\.\. INFECTED$'
Checking `amd'... INFECTED
OK
**** Test for '^Checking `basename'\.\.\. INFECTED$'
Checking `basename'... INFECTED
OK
**** Test for '^Checking `biff'\.\.\. INFECTED$'
Checking `biff'... INFECTED
OK
**** Test for '^Checking `chfn'\.\.\. INFECTED$'
Checking `chfn'... INFECTED
OK
**** Test for '^Checking `chsh'\.\.\. INFECTED$'
Checking `chsh'... INFECTED
OK
**** Test for '^Checking `cron'\.\.\. INFECTED$'
Checking `cron'... INFECTED
OK
**** Test for '^Checking `crontab'\.\.\. WARNING$'
Checking `crontab'... WARNING
OK
**** Test for '^$'
OK
**** Test for '^WARNING: crontab for nobody found, possible Lupper\.Worm\.$'
WARNING: crontab for nobody found, possible Lupper.Worm.
OK
**** Test for '^Checking for Lupper\.Worm\.\.\. INFECTED$'
Checking for Lupper.Worm... INFECTED
OK
**** Test for '^Checking `date'\.\.\. INFECTED$'
Checking `date'... INFECTED
OK
**** Test for '^Checking `du'\.\.\. INFECTED$'
Checking `du'... INFECTED
OK
**** Test for '^Checking `dirname'\.\.\. INFECTED$'
Checking `dirname'... INFECTED
OK
**** Test for '^Checking `echo'\.\.\. INFECTED$'
Checking `echo'... INFECTED
OK
**** Test for '^Checking `egrep'\.\.\. INFECTED$'
Checking `egrep'... INFECTED
OK
**** Test for '^Checking `env'\.\.\. INFECTED$'
Checking `env'... INFECTED
OK
**** Test for '^Checking `find'\.\.\. INFECTED$'
Checking `find'... INFECTED
OK
**** Test for '^Checking `fingerd'\.\.\. INFECTED$'
Checking `fingerd'... INFECTED
OK
**** Test for '^Checking `gpm'\.\.\. INFECTED$'
Checking `gpm'... INFECTED
OK
**** Test for '^Checking `grep'\.\.\. INFECTED$'
Checking `grep'... INFECTED
OK
**** Test for '^Checking `hdparm'\.\.\. INFECTED$'
Checking `hdparm'... INFECTED
OK
**** Test for '^Checking `su'\.\.\. INFECTED$'
Checking `su'... INFECTED
OK
**** Test for '^Checking `ifconfig'\.\.\. INFECTED$'
Checking `ifconfig'... INFECTED
OK
**** Test for '^Checking `inetd'\.\.\. INFECTED$'
Checking `inetd'... INFECTED
OK
**** Test for '^Checking `inetdconf'\.\.\. INFECTED$'
Checking `inetdconf'... INFECTED
OK
**** Test for '^Checking `identd'\.\.\. INFECTED$'
Checking `identd'... INFECTED
OK
**** Test for '^Checking `init'\.\.\. INFECTED$'
Checking `init'... INFECTED
OK
**** Test for '^Checking `killall'\.\.\. INFECTED$'
Checking `killall'... INFECTED
OK
**** Test for '^Checking `ldsopreload'\.\.\. not infected$'
Checking `ldsopreload'... not infected
OK
**** Test for '^Checking `login'\.\.\. INFECTED$'
Checking `login'... INFECTED
OK
**** Test for '^Checking `ls'\.\.\. INFECTED$'
Checking `ls'... INFECTED
OK
**** Test for '^Checking `lsof'\.\.\. INFECTED$'
Checking `lsof'... INFECTED
OK
**** Test for '^Checking `mail'\.\.\. INFECTED$'
Checking `mail'... INFECTED
OK
**** Test for '^Checking `mingetty'\.\.\. INFECTED$'
Checking `mingetty'... INFECTED
OK
**** Test for '^Checking `netstat'\.\.\. INFECTED$'
Checking `netstat'... INFECTED
OK
**** Test for '^Checking `named'\.\.\. INFECTED$'
Checking `named'... INFECTED
OK
**** Test for '^Checking `passwd'\.\.\. INFECTED$'
Checking `passwd'... INFECTED
OK
**** Test for '^Checking `pidof'\.\.\. INFECTED$'
Checking `pidof'... INFECTED
OK
**** Test for '^Checking `pop2'\.\.\. INFECTED$'
Checking `pop2'... INFECTED
OK
**** Test for '^Checking `pop3'\.\.\. INFECTED$'
Checking `pop3'... INFECTED
OK
**** Test for '^Checking `ps'\.\.\. INFECTED$'
Checking `ps'... INFECTED
OK
**** Test for '^Checking `pstree'\.\.\. INFECTED$'
Checking `pstree'... INFECTED
OK
**** Test for '^Checking `rpcinfo'\.\.\. INFECTED$'
Checking `rpcinfo'... INFECTED
OK
**** Test for '^Checking `rlogind'\.\.\. INFECTED$'
Checking `rlogind'... INFECTED
OK
**** Test for '^Checking `rshd'\.\.\. INFECTED$'
Checking `rshd'... INFECTED
OK
**** Test for '^Checking `slogin'\.\.\. INFECTED$'
Checking `slogin'... INFECTED
OK
**** Test for '^Checking `sendmail'\.\.\. INFECTED$'
Checking `sendmail'... INFECTED
OK
**** Test for '^Checking `sshd'\.\.\. INFECTED but disabled$'
Checking `sshd'... INFECTED but disabled
OK
**** Test for '^Checking `syslogd'\.\.\. INFECTED$'
Checking `syslogd'... INFECTED
OK
**** Test for '^Checking `tar'\.\.\. INFECTED$'
Checking `tar'... INFECTED
OK
**** Test for '^Checking `tcpd'\.\.\. INFECTED$'
Checking `tcpd'... INFECTED
OK
**** Test for '^Checking `tcpdump'\.\.\. INFECTED$'
Checking `tcpdump'... INFECTED
OK
**** Test for '^Checking `top'\.\.\. INFECTED$'
Checking `top'... INFECTED
OK
**** Test for '^Checking `telnetd'\.\.\. INFECTED$'
Checking `telnetd'... INFECTED
OK
**** Test for '^Checking `timed'\.\.\. INFECTED$'
Checking `timed'... INFECTED
OK
**** Test for '^Checking `traceroute'\.\.\. INFECTED$'
Checking `traceroute'... INFECTED
OK
**** Test for '^Checking `vdir'\.\.\. INFECTED$'
Checking `vdir'... INFECTED
OK
**** Test for '^Checking `w'\.\.\. INFECTED$'
Checking `w'... INFECTED
OK
**** Test for '^Checking `write'\.\.\. INFECTED$'
Checking `write'... INFECTED
OK
**** Test for '^Checking `aliens'\.\.\. started$'
Checking `aliens'... started
OK
**** Test for '^Searching for suspicious files in /dev\.\.\. WARNING$'
Searching for suspicious files in /dev... WARNING
OK
**** Test for '^WARNING: The following suspicious files were found in /dev:$'
WARNING: The following suspicious files were found in /dev:
OK
**** Test for '^/dev/bad-file$'
/dev/bad-file
OK
**** Test for '^Searching for known suspicious directories\.\.\. WARNING$'
Searching for known suspicious directories... WARNING
OK
**** Test for '^WARNING: Suspect directory /var/run/\.tmp/ \[Not from a Debian package\] found\. Looking for sniffer logs:$'
WARNING: Suspect directory /var/run/.tmp/ [Not from a Debian package] found. Looking for sniffer logs:
OK
**** Test for '^/var/run/\.tmp/ \[Not from a Debian package\]$'
/var/run/.tmp/ [Not from a Debian package]
OK
**** Test for '^/var/run/\.tmp/y \[Not from a Debian package\]$'
/var/run/.tmp/y [Not from a Debian package]
OK
**** Test for '^Searching for known suspicious files\.\.\. WARNING$'
Searching for known suspicious files... WARNING
OK
**** Test for '^WARNING: The following known suspicious files were found:$'
WARNING: The following known suspicious files were found:
OK
**** Test for '^/usr/bin/atm \[Not from a Debian package\]$'
/usr/bin/atm [Not from a Debian package]
OK
**** Test for '^/etc/ld\.so\.hash \[Not from a Debian package\]$'
/etc/ld.so.hash [Not from a Debian package]
/etc/ld.so.hash [Not from a Debian package]
OK
**** Test for '^Searching for sniffer's logs\.\.\. WARNING$'
Searching for sniffer's logs... WARNING
OK
**** Test for '^WARNING: The following potential sniffer's logs were found:$'
WARNING: The following potential sniffer's logs were found:
OK
**** Test for '^/tmp/tcp\.log \[Not from a Debian package\]$'
/tmp/tcp.log [Not from a Debian package]
OK
**** Test for '^Searching for HiDrootkit rootkit\.\.\. WARNING$'
Searching for HiDrootkit rootkit... WARNING
OK
**** Test for '^WARNING: Possible HiDrootkit rootkit installed:$'
WARNING: Possible HiDrootkit rootkit installed:
OK
**** Test for '^/var/lib/games/\.k/ \[Not from a Debian package\]$'
/var/lib/games/.k/ [Not from a Debian package]
OK
**** Test for '^Searching for t0rn rootkit\.\.\. WARNING$'
Searching for t0rn rootkit... WARNING
OK
**** Test for '^WARNING: Possible t0rn rootkit installed:$'
WARNING: Possible t0rn rootkit installed:
OK
**** Test for '^/etc/ttyhash \[Not from a Debian package\]$'
/etc/ttyhash [Not from a Debian package]
OK
**** Test for '^Searching for t0rn v8 \(or variation\)\.\.\. WARNING$'
Searching for t0rn v8 (or variation)... WARNING
OK
**** Test for '^WARNING: Possible t0rn v8 \(or variation\) rootkit installed:$'
WARNING: Possible t0rn v8 (or variation) rootkit installed:
OK
**** Test for '^/usr/local/lib/libproc\.a \[Not from a Debian package\]$'
/usr/local/lib/libproc.a [Not from a Debian package]
OK
**** Test for '^Searching for Lion rootkit\.\.\. WARNING$'
Searching for Lion rootkit... WARNING
OK
**** Test for '^WARNING: Possible Lion rootkit installed:$'
WARNING: Possible Lion rootkit installed:
OK
**** Test for '^/bin/mjy \[Not from a Debian package\]$'
/bin/mjy [Not from a Debian package]
OK
**** Test for '^Searching for RSHA rootkit\.\.\. WARNING$'
Searching for RSHA rootkit... WARNING
OK
**** Test for '^WARNING: Possible RSHA rootkit installed:$'
WARNING: Possible RSHA rootkit installed:
OK
**** Test for '^/usr/bin/n3tstat \[Not from a Debian package\]$'
/usr/bin/n3tstat [Not from a Debian package]
OK
**** Test for '^Searching for RH-Sharpe rootkit\.\.\. WARNING$'
Searching for RH-Sharpe rootkit... WARNING
OK
**** Test for '^WARNING: Possible RH-Sharpe rootkit installed:$'
WARNING: Possible RH-Sharpe rootkit installed:
OK
**** Test for '^/bin/lps \[Not from a Debian package\]$'
/bin/lps [Not from a Debian package]
OK
**** Test for '^Searching for Ambient \(ark\) rootkit\.\.\. WARNING$'
Searching for Ambient (ark) rootkit... WARNING
OK
**** Test for '^WARNING: Possible Ambient's rootkit \(ark\) installed:$'
WARNING: Possible Ambient's rootkit (ark) installed:
OK
**** Test for '^/usr/lib/\.ark\? \[Not from a Debian package\]$'
/usr/lib/.ark? [Not from a Debian package]
/usr/lib/.ark? [Not from a Debian package]
OK
**** Test for '^Searching for suspicious files and dirs\.\.\. WARNING$'
Searching for suspicious files and dirs... WARNING
OK
**** Test for '^WARNING: The following suspicious files and directories were found:$'
WARNING: The following suspicious files and directories were found:
OK
**** Test for '^(/usr)?/lib/\.1 \[Not from a Debian package\]$'
/usr/lib/.1 [Not from a Debian package]
OK
**** Test for '^(/usr)?/lib/\.aaa \[Not from a Debian package\]$'
/usr/lib/.aaa [Not from a Debian package]
OK
**** Test for '^(/usr)?/lib/\.1DIR \[Not from a Debian package\]$'
/usr/lib/.1DIR [Not from a Debian package]
OK
**** Test for '^(/usr)?/lib/\.ark\? \[Not from a Debian package\]$'
/usr/lib/.ark? [Not from a Debian package]
/usr/lib/.ark? [Not from a Debian package]
OK
**** Test for '^(/usr)?/lib/\.\.\.DIR \[Not from a Debian package\]$'
/usr/lib/...DIR [Not from a Debian package]
OK
**** Test for '^(/usr)?/lib/\.bbb \[Not from a Debian package\]$'
/usr/lib/.bbb [Not from a Debian package]
OK
**** Test for '^(/usr)?/lib/\.DIR-aaa \[Not from a Debian package\]$'
/usr/lib/.DIR-aaa [Not from a Debian package]
OK
**** Test for '^(/usr)?/lib/\.\.\. \[Not from a Debian package\]$'
/usr/lib/... [Not from a Debian package]
OK
**** Test for '^Searching for LPD Worm\.\.\. WARNING$'
Searching for LPD Worm... WARNING
OK
**** Test for '^WARNING: Possible LPD worm installed \(based on files found\)$'
WARNING: Possible LPD worm installed (based on files found)
OK
**** Test for '^Searching for Ramen Worm rootkit\.\.\. WARNING$'
Searching for Ramen Worm rootkit... WARNING
OK
**** Test for '^WARNING: Possible Ramen Worm rootkit installed:$'
WARNING: Possible Ramen Worm rootkit installed:
OK
**** Test for '^/usr/src/\.poop/ \[Not from a Debian package\]$'
/usr/src/.poop/ [Not from a Debian package]
OK
**** Test for '^Searching for Maniac rootkit\.\.\. WARNING$'
Searching for Maniac rootkit... WARNING
OK
**** Test for '^WARNING: Possible Maniac rootkit installed:$'
WARNING: Possible Maniac rootkit installed:
OK
**** Test for '^/usr/bin/mailrc \[Not from a Debian package\]$'
/usr/bin/mailrc [Not from a Debian package]
OK
**** Test for '^Searching for RK17 rootkit\.\.\. WARNING$'
Searching for RK17 rootkit... WARNING
OK
**** Test for '^WARNING: Possible RK17 rootkit installed:$'
WARNING: Possible RK17 rootkit installed:
OK
**** Test for '^/www/httpd/cgi-bin/bogus\.cgi \[Not from a Debian package\]$'
/www/httpd/cgi-bin/bogus.cgi [Not from a Debian package]
OK
**** Test for '^/usr/lib/number\.cgi \[Not from a Debian package\]$'
/usr/lib/number.cgi [Not from a Debian package]
OK
**** Test for '^Searching for Ducoci rootkit\.\.\. WARNING$'
Searching for Ducoci rootkit... WARNING
OK
**** Test for '^WARNING: Possible Ducoci rootkit installed:$'
WARNING: Possible Ducoci rootkit installed:
OK
**** Test for '^/www/httpd/cgi-bin/last\.cgi \[Not from a Debian package\]$'
/www/httpd/cgi-bin/last.cgi [Not from a Debian package]
OK
**** Test for '^Searching for Adore Worm\.\.\. WARNING$'
Searching for Adore Worm... WARNING
OK
**** Test for '^WARNING: Possible Adore Worm installed:$'
WARNING: Possible Adore Worm installed:
OK
**** Test for '^/usr/bin/red\.tar \[Not from a Debian package\]$'
/usr/bin/red.tar [Not from a Debian package]
OK
**** Test for '^Searching for ShitC Worm\.\.\. WARNING$'
Searching for ShitC Worm... WARNING
OK
**** Test for '^WARNING: Possible ShitC Worm installed:$'
WARNING: Possible ShitC Worm installed:
OK
**** Test for '^(/usr)?/bin/dy \[Not from a Debian package\]$'
/usr/bin/dy [Not from a Debian package]
OK
**** Test for '^(/usr)?/bin/frgy \[Not from a Debian package\]$'
/usr/bin/frgy [Not from a Debian package]
OK
**** Test for '^Searching for Omega Worm\.\.\. WARNING$'
Searching for Omega Worm... WARNING
OK
**** Test for '^WARNING: Possible Omega Worm installed:$'
WARNING: Possible Omega Worm installed:
OK
**** Test for '^/dev/chr \[Not from a Debian package\]$'
/dev/chr [Not from a Debian package]
OK
**** Test for '^Searching for Sadmind/IIS Worm\.\.\. WARNING$'
Searching for Sadmind/IIS Worm... WARNING
OK
**** Test for '^WARNING: Possible Sadmin/IIS Worm installed:$'
WARNING: Possible Sadmin/IIS Worm installed:
OK
**** Test for '^/dev/cuc \[Not from a Debian package\]$'
/dev/cuc [Not from a Debian package]
OK
**** Test for '^Searching for MonKit\.\.\. WARNING$'
Searching for MonKit... WARNING
OK
**** Test for '^WARNING: Possible MonKit installed:$'
WARNING: Possible MonKit installed:
OK
**** Test for '^/usr/lib/libpikapp\.a \[Not from a Debian package\]$'
/usr/lib/libpikapp.a [Not from a Debian package]
OK
**** Test for '^Searching for Showtee rootkit\.\.\. WARNING$'
Searching for Showtee rootkit... WARNING
OK
**** Test for '^WARNING: Possible Showtee rootkit installed:$'
WARNING: Possible Showtee rootkit installed:
OK
**** Test for '^/usr/include/proc\.h \[Not from a Debian package\]$'
/usr/include/proc.h [Not from a Debian package]
/usr/include/proc.h [Not from a Debian package]
OK
**** Test for '^/usr/include/chk\.h \[Not from a Debian package\]$'
/usr/include/chk.h [Not from a Debian package]
OK
**** Test for '^Searching for OpticKit\.\.\. WARNING$'
Searching for OpticKit... WARNING
OK
**** Test for '^WARNING: Possible OpticKit installed:$'
WARNING: Possible OpticKit installed:
OK
**** Test for '^/usr/bin/xsf \[Not from a Debian package\]$'
/usr/bin/xsf [Not from a Debian package]
/usr/bin/xsf [Not from a Debian package]
OK
**** Test for '^Searching for T\.R\.K\.\.\. WARNING$'
Searching for T.R.K... WARNING
OK
**** Test for '^WARNING: Possible T\.R\.K installed:$'
WARNING: Possible T.R.K installed:
OK
**** Test for '^/usr/bin/xsf \[Not from a Debian package\]$'
/usr/bin/xsf [Not from a Debian package]
/usr/bin/xsf [Not from a Debian package]
OK
**** Test for '^Searching for Mithra rootkit\.\.\. WARNING$'
Searching for Mithra rootkit... WARNING
OK
**** Test for '^WARNING: Possible Mithra installed:$'
WARNING: Possible Mithra installed:
OK
**** Test for '^/usr/lib/locale/uboot \[Not from a Debian package\]$'
/usr/lib/locale/uboot [Not from a Debian package]
OK
**** Test for '^Searching for OBSD rootkit v1\.\.\. not tested$'
Searching for OBSD rootkit v1... not tested
OK
**** Test for '^Searching for LOC rootkit\.\.\. WARNING$'
Searching for LOC rootkit... WARNING
OK
**** Test for '^WARNING: Possible LOC rootkit installed:$'
WARNING: Possible LOC rootkit installed:
OK
**** Test for '^/tmp/xp \[Not from a Debian package\]$'
/tmp/xp [Not from a Debian package]
OK
**** Test for '^/usr/sbin/epic \[Not from a Debian package\]$'
/usr/sbin/epic [Not from a Debian package]
OK
**** Test for '^Searching for Romanian rootkit\.\.\. WARNING$'
Searching for Romanian rootkit... WARNING
OK
**** Test for '^WARNING: Possible Romanian rootkit installed:$'
WARNING: Possible Romanian rootkit installed:
OK
**** Test for '^/usr/include/proc\.h \[Not from a Debian package\]$'
/usr/include/proc.h [Not from a Debian package]
/usr/include/proc.h [Not from a Debian package]
OK
**** Test for '^Searching for HKRK rootkit\.\.\. WARNING$'
Searching for HKRK rootkit... WARNING
OK
**** Test for '^WARNING: Possible HKRK rootkit installed in /etc/rc.d/init.d/network \[Not from a Debian package\]$'
WARNING: Possible HKRK rootkit installed in /etc/rc.d/init.d/network [Not from a Debian package]
OK
**** Test for '^Searching for Suckit rootkit\.\.\. WARNING$'
Searching for Suckit rootkit... WARNING
OK
**** Test for '^WARNING: Possible Suckit:$'
WARNING: Possible Suckit:
OK
**** Test for '^/dev/\.golf/$'
/dev/.golf/
OK
**** Test for '^Searching for Volc rootkit\.\.\. WARNING$'
Searching for Volc rootkit... WARNING
OK
**** Test for '^WARNING: Possible Volc rootkit installed:$'
WARNING: Possible Volc rootkit installed:
OK
**** Test for '^/usr/bin/volc \[Not from a Debian package\]$'
/usr/bin/volc [Not from a Debian package]
OK
**** Test for '^Searching for Gold2 rootkit\.\.\. WARNING$'
Searching for Gold2 rootkit... WARNING
OK
**** Test for '^WARNING: Possible Gold2 rootkit installed:$'
WARNING: Possible Gold2 rootkit installed:
OK
**** Test for '^/usr/bin/ishit \[Not from a Debian package\]$'
/usr/bin/ishit [Not from a Debian package]
OK
**** Test for '^Searching for TC2 rootkit\.\.\. WARNING$'
Searching for TC2 rootkit... WARNING
OK
**** Test for '^WARNING: Possible TC2 rootkit installed:$'
WARNING: Possible TC2 rootkit installed:
OK
**** Test for '^/usr/sbin/initcheck \[Not from a Debian package\]$'
/usr/sbin/initcheck [Not from a Debian package]
OK
**** Test for '^Searching for Anonoying rootkit\.\.\. WARNING$'
Searching for Anonoying rootkit... WARNING
OK
**** Test for '^WARNING: Possible Anonoying rootkit installed:$'
WARNING: Possible Anonoying rootkit installed:
OK
**** Test for '^/usr/sbin/mech \[Not from a Debian package\]$'
/usr/sbin/mech [Not from a Debian package]
OK
**** Test for '^Searching for ZK rootkit\.\.\. WARNING$'
Searching for ZK rootkit... WARNING
OK
**** Test for '^WARNING: Possible ZK rootkit installed:$'
WARNING: Possible ZK rootkit installed:
OK
**** Test for '^/etc/sysconfig/console/load\.zk \[Not from a Debian package\]$'
/etc/sysconfig/console/load.zk [Not from a Debian package]
OK
**** Test for '^Searching for ShKit rootkit\.\.\. WARNING$'
Searching for ShKit rootkit... WARNING
OK
**** Test for '^WARNING: Possible ShKit rootkit installed:$'
WARNING: Possible ShKit rootkit installed:
OK
**** Test for '^/etc/ld\.so\.hash \[Not from a Debian package\]$'
/etc/ld.so.hash [Not from a Debian package]
/etc/ld.so.hash [Not from a Debian package]
OK
**** Test for '^Searching for AjaKit rootkit\.\.\. WARNING$'
Searching for AjaKit rootkit... WARNING
OK
**** Test for '^WARNING: Possible AjaKit rootkit installed:$'
WARNING: Possible AjaKit rootkit installed:
OK
**** Test for '^/dev/tux/ \[Not from a Debian package\]$'
/dev/tux/ [Not from a Debian package]
OK
**** Test for '^Searching for zaRwT rootkit\.\.\. WARNING$'
Searching for zaRwT rootkit... WARNING
OK
**** Test for '^WARNING: Possible zaRwT rootkit installed:$'
WARNING: Possible zaRwT rootkit installed:
OK
**** Test for '^/bin/imout \[Not from a Debian package\]$'
/bin/imout [Not from a Debian package]
OK
**** Test for '^Searching for Madalin rootkit\.\.\. WARNING$'
Searching for Madalin rootkit... WARNING
OK
**** Test for '^WARNING: Possible Madalin rootkit installed:$'
WARNING: Possible Madalin rootkit installed:
OK
**** Test for '^/usr/include/icekey\.h \[Not from a Debian package\]$'
/usr/include/icekey.h [Not from a Debian package]
OK
**** Test for '^Searching for Fu rootkit\.\.\. WARNING$'
Searching for Fu rootkit... WARNING
OK
**** Test for '^WARNING: Possible Fu rootkit installed:$'
WARNING: Possible Fu rootkit installed:
OK
**** Test for '^/sbin/xc \[Not from a Debian package\]$'
/sbin/xc [Not from a Debian package]
OK
**** Test for '^Searching for Kenga3 rootkit\.\.\. WARNING$'
Searching for Kenga3 rootkit... WARNING
OK
**** Test for '^WARNING: Possible Kenga3 rootkit installed:$'
WARNING: Possible Kenga3 rootkit installed:
OK
**** Test for '^/usr/include/\. \./ \[Not from a Debian package\]$'
/usr/include/. ./ [Not from a Debian package]
OK
**** Test for '^/usr/include/\. \./foo \[Not from a Debian package\]$'
/usr/include/. ./foo [Not from a Debian package]
OK
**** Test for '^Searching for ESRK rootkit\.\.\. WARNING$'
Searching for ESRK rootkit... WARNING
OK
**** Test for '^WARNING: Possible ESRK rootkit installed:$'
WARNING: Possible ESRK rootkit installed:
OK
**** Test for '^/usr/lib/tcl5\.3/ \[Not from a Debian package\]$'
/usr/lib/tcl5.3/ [Not from a Debian package]
OK
**** Test for '^Searching for rootedoor\.\.\. WARNING$'
Searching for rootedoor... WARNING
OK
**** Test for '^WARNING: Possible rootedoor installed:$'
WARNING: Possible rootedoor installed:
OK
**** Test for '^/usr/sbin/rootedoor \[Not from a Debian package\]$'
/usr/sbin/rootedoor [Not from a Debian package]
/usr/sbin/rootedoor [Not from a Debian package]
OK
**** Test for '^/sbin/rootedoor \[Not from a Debian package\]$'
/sbin/rootedoor [Not from a Debian package]
/sbin/rootedoor [Not from a Debian package]
OK
**** Test for '^Searching for ENYELKM rootkit\.\.\. WARNING$'
Searching for ENYELKM rootkit... WARNING
OK
**** Test for '^WARNING: Possible ENYELKM rootkit installed:$'
WARNING: Possible ENYELKM rootkit installed:
OK
**** Test for '^/etc/\.enyelkmOCULTAR\.ko/ \[Not from a Debian package\]$'
/etc/.enyelkmOCULTAR.ko/ [Not from a Debian package]
OK
**** Test for '^Searching for common ssh-scanners\.\.\. WARNING$'
Searching for common ssh-scanners... WARNING
OK
**** Test for '^WARNING: Possible ssh-scanner installed:$'
WARNING: Possible ssh-scanner installed:
OK
**** Test for '^/var/tmp/vuln\.txt \[Not from a Debian package\]$'
/var/tmp/vuln.txt [Not from a Debian package]
OK
**** Test for '^Searching for Linux/Ebury 1\.4 - Operation Windigo\.\.\. WARNING$'
Searching for Linux/Ebury 1.4 - Operation Windigo... WARNING
OK
**** Test for '^WARNING: /usr/sbin/ssh may be INFECTED by Linux/Ebury 1\.4$'
WARNING: /usr/sbin/ssh may be INFECTED by Linux/Ebury 1.4
OK
**** Test for '^Searching for Linux/Ebury 1\.6\.\.\. WARNING$'
Searching for Linux/Ebury 1.6... WARNING
OK
**** Test for '^WARNING: Possible Linux/Ebury 1\.6 - Operation Windigo installed in /lib/x86_64-linux-gnu/libkeyutils\.so\.1 \[.+\]$'
WARNING: Possible Linux/Ebury 1.6 - Operation Windigo installed in /lib/x86_64-linux-gnu/libkeyutils.so.1 [Not from a Debian package]
OK
**** Test for '^Searching for 64-bit Linux Rootkit\.\.\. WARNING$'
Searching for 64-bit Linux Rootkit... WARNING
OK
**** Test for '^WARNING: Possible 64-bit Linux Rootkit:$'
WARNING: Possible 64-bit Linux Rootkit:
OK
**** Test for '^/usr/local/hide/ \[Not from a Debian package\]$'
/usr/local/hide/ [Not from a Debian package]
OK
**** Test for '^/usr/local/hide/foo \[Not from a Debian package\]$'
/usr/local/hide/foo [Not from a Debian package]
OK
**** Test for '^/etc/rc\.local \[Not from a Debian package\]$'
/etc/rc.local [Not from a Debian package]
OK
**** Test for '^Searching for 64-bit Linux Rootkit modules\.\.\. WARNING$'
Searching for 64-bit Linux Rootkit modules... WARNING
OK
**** Test for '^WARNING: Possible 64-bit rootkit modules installed:$'
WARNING: Possible 64-bit rootkit modules installed:
OK
**** Test for '^/lib/modules/module_init\.ko \[Not from a Debian package\]$'
/lib/modules/module_init.ko [Not from a Debian package]
OK
**** Test for '^Searching for Mumblehard\.\.\. WARNING$'
Searching for Mumblehard... WARNING
OK
**** Test for '^WARNING: Possible Mumblehard backdoor installed:$'
WARNING: Possible Mumblehard backdoor installed:
OK
**** Test for '^/var/spool/cron/crontabs/foo \[Not from a Debian package\]$'
/var/spool/cron/crontabs/foo [Not from a Debian package]
OK
**** Test for '^Searching for Backdoor\.Linux\.Mokes\.a\.\.\. WARNING$'
Searching for Backdoor.Linux.Mokes.a... WARNING
OK
**** Test for '^WARNING: Possible Backdoor\.Linux\.Mokes\.a installed:$'
WARNING: Possible Backdoor.Linux.Mokes.a installed:
OK
**** Test for '^/tmp/ss0-0 \[Not from a Debian package\]$'
/tmp/ss0-0 [Not from a Debian package]
OK
**** Test for '^Searching for Malicious TinyDNS\.\.\. WARNING$'
Searching for Malicious TinyDNS... WARNING
OK
**** Test for '^WARNING: Possible Malicious TinyDNS installed:$'
WARNING: Possible Malicious TinyDNS installed:
OK
**** Test for '^/home/ \./ \[Not from a Debian package\]$'
/home/ ./ [Not from a Debian package]
OK
**** Test for '^/home/ \./tinyDNS \[Not from a Debian package\]$'
/home/ ./tinyDNS [Not from a Debian package]
OK
**** Test for '^Searching for Linux\.Xor\.DDoS\.\.\. WARNING$'
Searching for Linux.Xor.DDoS... WARNING
OK
**** Test for '^WARNING: Possible Linux\.Xor\.DDoS installed:$'
WARNING: Possible Linux.Xor.DDoS installed:
OK
**** Test for '^/tmp/clean/strings \[Not from a Debian package\]$'
/tmp/clean/strings [Not from a Debian package]
OK
**** Test for '^/tmp/clean/uname \[Not from a Debian package\]$'
/tmp/clean/uname [Not from a Debian package]
OK
**** Test for '^/tmp/clean/head \[Not from a Debian package\]$'
/tmp/clean/head [Not from a Debian package]
OK
**** Test for '^/tmp/clean/find \[Not from a Debian package\]$'
/tmp/clean/find [Not from a Debian package]
OK
**** Test for '^/tmp/clean/echo \[Not from a Debian package\]$'
/tmp/clean/echo [Not from a Debian package]
OK
**** Test for '^/tmp/clean/netstat \[Not from a Debian package\]$'
/tmp/clean/netstat [Not from a Debian package]
OK
**** Test for '^/tmp/clean/ls \[Not from a Debian package\]$'
/tmp/clean/ls [Not from a Debian package]
OK
**** Test for '^/tmp/clean/ls\.orig \[Not from a Debian package\]$'
/tmp/clean/ls.orig [Not from a Debian package]
OK
**** Test for '^/tmp/clean/ps \[Not from a Debian package\]$'
/tmp/clean/ps [Not from a Debian package]
OK
**** Test for '^/tmp/clean/awk \[Not from a Debian package\]$'
/tmp/clean/awk [Not from a Debian package]
OK
**** Test for '^/tmp/clean/grep \[Not from a Debian package\]$'
/tmp/clean/grep [Not from a Debian package]
OK
**** Test for '^/tmp/clean/grep\.orig \[Not from a Debian package\]$'
/tmp/clean/grep.orig [Not from a Debian package]
OK
**** Test for '^/tmp/clean/dirname \[Not from a Debian package\]$'
/tmp/clean/dirname [Not from a Debian package]
OK
**** Test for '^/tmp/clean/ss \[Not from a Debian package\]$'
/tmp/clean/ss [Not from a Debian package]
OK
**** Test for '^/tmp/clean/sed \[Not from a Debian package\]$'
/tmp/clean/sed [Not from a Debian package]
OK
**** Test for '^/tmp/clean/cut \[Not from a Debian package\]$'
/tmp/clean/cut [Not from a Debian package]
OK
**** Test for '^/tmp/clean/id \[Not from a Debian package\]$'
/tmp/clean/id [Not from a Debian package]
OK
**** Test for '^/tmp/clean/xargs \[Not from a Debian package\]$'
/tmp/clean/xargs [Not from a Debian package]
OK
**** Test for '^/tmp/clean/dpkg-query \[Not from a Debian package\]$'
/tmp/clean/dpkg-query [Not from a Debian package]
OK
**** Test for '^/tmp/test-chkrootkit-false-positive \[Not from a Debian package\]$'
/tmp/test-chkrootkit-false-positive [Not from a Debian package]
OK
**** Test for '^Searching for Linux\.Proxy\.1\.0\.\.\. WARNING$'
Searching for Linux.Proxy.1.0... WARNING
OK
**** Test for '^WARNING: INFECTED: Possible Malicious Linux\.Proxy\.10 installed in /etc/passwd$'
WARNING: INFECTED: Possible Malicious Linux.Proxy.10 installed in /etc/passwd
OK
**** Test for '^Searching for CrossRAT\.\.\. WARNING$'
Searching for CrossRAT... WARNING
OK
**** Test for '^WARNING: Possible Malicious CrossRAT installed:$'
WARNING: Possible Malicious CrossRAT installed:
OK
**** Test for '^/usr/var/mediamgrs\.jar \[Not from a Debian package\]$'
/usr/var/mediamgrs.jar [Not from a Debian package]
OK
**** Test for '^Searching for Hidden Cobra\.\.\. WARNING$'
Searching for Hidden Cobra... WARNING
OK
**** Test for '^WARNING: Possible Malicious Hidden Cobra installed:$'
WARNING: Possible Malicious Hidden Cobra installed:
OK
**** Test for '^/tmp/\.ICE-unix/engine\.so \[Not from a Debian package\]$'
/tmp/.ICE-unix/engine.so [Not from a Debian package]
OK
**** Test for '^Searching for Rocke Miner rootkit\.\.\. WARNING$'
Searching for Rocke Miner rootkit... WARNING
OK
**** Test for '^WARNING: Possible Rocke Miner rootkit installed:$'
WARNING: Possible Rocke Miner rootkit installed:
OK
**** Test for '^/etc/xig \[Not from a Debian package\]$'
/etc/xig [Not from a Debian package]
OK
**** Test for '^Searching for PWNLNX4 lkm rootkit\.\.\. WARNING$'
Searching for PWNLNX4 lkm rootkit... WARNING
OK
**** Test for '^WARNING: Possible PWNLNX4 lkm rootkit installed:$'
WARNING: Possible PWNLNX4 lkm rootkit installed:
OK
**** Test for '^/var/tmp/\.1/ \[Not from a Debian package\]$'
/var/tmp/.1/ [Not from a Debian package]
OK
**** Test for '^Searching for PWNLNX6 lkm rootkit\.\.\. WARNING$'
Searching for PWNLNX6 lkm rootkit... WARNING
OK
**** Test for '^WARNING: Possible PWNLNX6 lkm rootkit installed:$'
WARNING: Possible PWNLNX6 lkm rootkit installed:
OK
**** Test for '^/tmp/suterusu/ \[Not from a Debian package\]$'
/tmp/suterusu/ [Not from a Debian package]
OK
**** Test for '^Searching for Umbreon lrk\.\.\. WARNING$'
Searching for Umbreon lrk... WARNING
OK
**** Test for '^WARNING: Possible Malicious UMBREON LRK installed:$'
WARNING: Possible Malicious UMBREON LRK installed:
OK
**** Test for '^/usr/share/libc\.so\.69 \[Not from a Debian package\]$'
/usr/share/libc.so.69 [Not from a Debian package]
OK
**** Test for '^Searching for Kinsing\.a backdoor rootkit\.\.\. WARNING$'
Searching for Kinsing.a backdoor rootkit... WARNING
OK
**** Test for '^WARNING: Possible Kinsing\.a backdoor rootkit installed:$'
WARNING: Possible Kinsing.a backdoor rootkit installed:
OK
**** Test for '^/tmp/kdevtmpfsi \[Not from a Debian package\]$'
/tmp/kdevtmpfsi [Not from a Debian package]
OK
**** Test for '^Searching for RotaJakiro backdoor rootkit\.\.\. WARNING$'
Searching for RotaJakiro backdoor rootkit... WARNING
OK
**** Test for '^WARNING: Possible RotaJakiro backdoor rootkit installed:$'
WARNING: Possible RotaJakiro backdoor rootkit installed:
OK
**** Test for '^/bin/systemd-daemon \[Not from a Debian package\]$'
/bin/systemd-daemon [Not from a Debian package]
OK
**** Test for '^Searching for Syslogk LKM rootkit\.\.\. WARNING$'
Searching for Syslogk LKM rootkit... WARNING
OK
**** Test for '^WARNING: Possible Malicious Syslogk LKM rootkit installed: /proc/syslogk$'
WARNING: Possible Malicious Syslogk LKM rootkit installed: /proc/syslogk
OK
**** Test for '^Searching for Kovid LKM rootkit\.\.\. WARNING$'
Searching for Kovid LKM rootkit... WARNING
OK
**** Test for '^WARNING: INFECTED: Possible Malicious Kovid LKM rootkit installed: /proc/kovid$'
WARNING: INFECTED: Possible Malicious Kovid LKM rootkit installed: /proc/kovid
OK
**** Test for '^Searching for Tsunami DDoS Malware rootkit\.\.\. WARNING$'
Searching for Tsunami DDoS Malware rootkit... WARNING
OK
**** Test for '^WARNING: Possible Tsunami DDoS Malware rootkit installed:$'
WARNING: Possible Tsunami DDoS Malware rootkit installed:
OK
**** Test for '^/bin/cls \[Not from a Debian package\]$'
/bin/cls [Not from a Debian package]
OK
**** Test for '^Searching for Linux BPF Door\.\.\. WARNING$'
Searching for Linux BPF Door... WARNING
OK
**** Test for '^WARNING: Possible Linux BPFDoor Malware installed:$'
WARNING: Possible Linux BPFDoor Malware installed:
OK
**** Test for '^/proc/xx/stack$'
/proc/xx/stack
OK
**** Test for '^Searching for suspect PHP files\.\.\. WARNING$'
Searching for suspect PHP files... WARNING
OK
**** Test for '^WARNING: The following suspicious PHP files were found:$'
WARNING: The following suspicious PHP files were found:
OK
**** Test for '^/tmp/name\.php$'
/tmp/name.php
OK
**** Test for '^/tmp/sp ace/aaa' exit 1; "$'
/tmp/sp ace/aaa' exit 1; "
OK
**** Test for '^/tmp/by-content$'
/tmp/by-content
OK
**** Test for '^Searching for zero-size shell history files in /root\.\.\. WARNING$'
Searching for zero-size shell history files in /root... WARNING
OK
**** Test for '^WARNING: Zero-size history files:$'
WARNING: Zero-size history files:
OK
**** Test for '^/root/\.whatever\.history \[Not from a Debian package\]$'
/root/.whatever.history [Not from a Debian package]
/root/.whatever.history [Not from a Debian package]
OK
**** Test for '^Searching for hardlinked shell history files in /root\.\.\. WARNING$'
Searching for hardlinked shell history files in /root... WARNING
OK
**** Test for '^WARNING: shell history files hardlinked to another file:$'
WARNING: shell history files hardlinked to another file:
OK
**** Test for '^/root/\.whatever\.history \[Not from a Debian package\]$'
/root/.whatever.history [Not from a Debian package]
/root/.whatever.history [Not from a Debian package]
OK
**** Test for '^Checking `aliens'\.\.\. finished$'
Checking `aliens'... finished
OK
**** Test for '^Checking `asp'\.\.\. WARNING$'
Checking `asp'... WARNING
OK
**** Test for '^WARNING: Possible Ramen Worm installed in /etc/inetd\.conf$'
WARNING: Possible Ramen Worm installed in /etc/inetd.conf
OK
**** Test for '^Checking `bindshell'\.\.\. WARNING$'
Checking `bindshell'... WARNING
OK
**** Test for '^WARNING: Potential bindshell installed: infected ports: 600 31337$'
WARNING: Potential bindshell installed: infected ports: 600 31337
OK
**** Test for '^Checking `lkm'\.\.\. started$'
Checking `lkm'... started
OK
**** Test for '^Searching for Adore LKM\.\.\. not tested$'
Searching for Adore LKM... not tested
OK
**** Test for '^Searching for sebek LKM \(Adore based\)\.\.\. not tested$'
Searching for sebek LKM (Adore based)... not tested
OK
**** Test for '^Searching for knark LKM rootkit\.\.\. not found$'
Searching for knark LKM rootkit... not found
OK
**** Test for '^Searching for for hidden processes with chkproc\.\.\. not found$'
Searching for for hidden processes with chkproc... not found
OK
**** Test for '^Searching for for hidden directories using chkdirs\.\.\.'
Searching for for hidden directories using chkdirs... not found
OK
**** Test for '^Checking `lkm'\.\.\. finished$'
Checking `lkm'... finished
OK
**** Test for '^Checking `rexedcs'\.\.\. INFECTED: /usr/bin/in\.rexedcs$'
Checking `rexedcs'... INFECTED: /usr/bin/in.rexedcs
OK
**** Test for '^Checking `sniffer'\.\.\. WARNING$'
Checking `sniffer'... WARNING
OK
**** Test for '^WARNING: Output from ifpromisc:$'
WARNING: Output from ifpromisc:
OK
**** Test for '^lo: not promisc and no packet sniffer sockets$'
lo: not promisc and no packet sniffer sockets
OK
**** Test for '^Checking `w55808'\.\.\. WARNING$'
Checking `w55808'... WARNING
OK
**** Test for '^WARNING: Possible 55808 Worm installed$'
WARNING: Possible 55808 Worm installed
OK
**** Test for '^Checking `wted'\.\.\. not (tested|found)$'
Checking `wted'... not found
OK
**** Test for '^Checking `scalper'\.\.\. WARNING$'
Checking `scalper'... WARNING
OK
**** Test for '^WARNING: Possible Scalper Worm installed$'
WARNING: Possible Scalper Worm installed
OK
**** Test for '^Checking `slapper'\.\.\. WARNING$'
Checking `slapper'... WARNING
OK
**** Test for '^WARNING: Possible Slapper Worm installed:$'
WARNING: Possible Slapper Worm installed:
OK
**** Test for '^/tmp/\.bugtraq\.c \[Not from a Debian package\]$'
/tmp/.bugtraq.c [Not from a Debian package]
OK
**** Test for '^Checking `z2'\.\.\. not (tested|found)$'
Checking `z2'... not found
OK
**** Test for '^Checking `chkutmp'\.\.\.'
Checking `chkutmp'... not tested
OK
**** Test for '^Checking `OSX_RSPLUG'\.\.\. not tested$'
Checking `OSX_RSPLUG'... not tested
OK
** PASS: Testing: all-tests-can-find-something-01 (chkrootkit -p /tmp/clean) done: PASS
*** Unexpected (unmatched) lines follow (for info):
chkrootkit: PACKET SNIFFER(/usr/sbin/dhcpd[41705])
** Testing: all-tests-can-find-something-02-quiet (chkrootkit -p /tmp/clean -q) ...
*** Output
Checking `amd'... INFECTED
Checking `basename'... INFECTED
Checking `biff'... INFECTED
Checking `chfn'... INFECTED
Checking `chsh'... INFECTED
Checking `cron'... INFECTED
WARNING: crontab for nobody found, possible Lupper.Worm.
Checking for Lupper.Worm... INFECTED
Checking `crontab'... INFECTED
Checking `date'... INFECTED
Checking `du'... INFECTED
Checking `dirname'... INFECTED
Checking `echo'... INFECTED
Checking `egrep'... INFECTED
Checking `env'... INFECTED
Checking `find'... INFECTED
Checking `fingerd'... INFECTED
Checking `gpm'... INFECTED
Checking `grep'... INFECTED
Checking `hdparm'... INFECTED
Checking `su'... INFECTED
Checking `ifconfig'... INFECTED
Checking `inetd'... INFECTED
Checking `inetdconf'... INFECTED
Checking `identd'... INFECTED
Checking `init'... INFECTED
Checking `killall'... INFECTED
Checking `login'... INFECTED
Checking `ls'... INFECTED
Checking `lsof'... INFECTED
Checking `mail'... INFECTED
Checking `mingetty'... INFECTED
Checking `netstat'... INFECTED
Checking `named'... INFECTED
Checking `passwd'... INFECTED
Checking `pidof'... INFECTED
Checking `pop2'... INFECTED
Checking `pop3'... INFECTED
Checking `ps'... INFECTED
Checking `pstree'... INFECTED
Checking `rpcinfo'... INFECTED
Checking `rlogind'... INFECTED
Checking `rshd'... INFECTED
Checking `slogin'... INFECTED
Checking `sendmail'... INFECTED
Checking `syslogd'... INFECTED
Checking `tar'... INFECTED
Checking `tcpd'... INFECTED
Checking `tcpdump'... INFECTED
Checking `top'... INFECTED
Checking `telnetd'... INFECTED
Checking `timed'... INFECTED
Checking `traceroute'... INFECTED
Checking `vdir'... INFECTED
Checking `w'... INFECTED
Checking `write'... INFECTED
WARNING: The following suspicious files were found in /dev:
/dev/bad-file
WARNING: Suspect directory /var/run/.tmp/ [Not from a Debian package] found. Looking for sniffer logs:
/var/run/.tmp/ [Not from a Debian package]
/var/run/.tmp/y [Not from a Debian package]
WARNING: The following known suspicious files were found:
/usr/bin/atm [Not from a Debian package]
/etc/ld.so.hash [Not from a Debian package]
WARNING: The following potential sniffer's logs were found:
/tmp/tcp.log [Not from a Debian package]
WARNING: Possible HiDrootkit rootkit installed:
/var/lib/games/.k/ [Not from a Debian package]
WARNING: Possible t0rn rootkit installed:
/etc/ttyhash [Not from a Debian package]
WARNING: Possible t0rn v8 (or variation) rootkit installed:
/usr/local/lib/libproc.a [Not from a Debian package]
WARNING: Possible Lion rootkit installed:
/bin/mjy [Not from a Debian package]
WARNING: Possible RSHA rootkit installed:
/usr/bin/n3tstat [Not from a Debian package]
WARNING: Possible RH-Sharpe rootkit installed:
/bin/lps [Not from a Debian package]
WARNING: Possible Ambient's rootkit (ark) installed:
/usr/lib/.ark? [Not from a Debian package]
WARNING: The following suspicious files and directories were found:
/usr/lib/.1 [Not from a Debian package]
/usr/lib/.DIR-aaa [Not from a Debian package]
/usr/lib/... [Not from a Debian package]
/usr/lib/.bbb [Not from a Debian package]
/usr/lib/...DIR [Not from a Debian package]
/usr/lib/.1DIR [Not from a Debian package]
/usr/lib/.aaa [Not from a Debian package]
/usr/lib/.ark? [Not from a Debian package]
WARNING: Possible LPD worm installed (based on files found)
WARNING: Possible Ramen Worm rootkit installed:
/usr/src/.poop/ [Not from a Debian package]
WARNING: Possible Maniac rootkit installed:
/usr/bin/mailrc [Not from a Debian package]
WARNING: Possible RK17 rootkit installed:
/www/httpd/cgi-bin/bogus.cgi [Not from a Debian package]
/usr/lib/number.cgi [Not from a Debian package]
WARNING: Possible Ducoci rootkit installed:
/www/httpd/cgi-bin/last.cgi [Not from a Debian package]
WARNING: Possible Adore Worm installed:
/usr/bin/red.tar [Not from a Debian package]
WARNING: Possible ShitC Worm installed:
/usr/bin/frgy [Not from a Debian package]
/usr/bin/dy [Not from a Debian package]
WARNING: Possible Omega Worm installed:
/dev/chr [Not from a Debian package]
WARNING: Possible Sadmin/IIS Worm installed:
/dev/cuc [Not from a Debian package]
WARNING: Possible MonKit installed:
/usr/lib/libpikapp.a [Not from a Debian package]
WARNING: Possible Showtee rootkit installed:
/usr/include/proc.h [Not from a Debian package]
/usr/include/chk.h [Not from a Debian package]
WARNING: Possible OpticKit installed:
/usr/bin/xsf [Not from a Debian package]
WARNING: Possible T.R.K installed:
/usr/bin/xsf [Not from a Debian package]
WARNING: Possible Mithra installed:
/usr/lib/locale/uboot [Not from a Debian package]
WARNING: Possible LOC rootkit installed:
/tmp/xp [Not from a Debian package]
/usr/sbin/epic [Not from a Debian package]
WARNING: Possible Romanian rootkit installed:
/usr/include/proc.h [Not from a Debian package]
WARNING: Possible HKRK rootkit installed in /etc/rc.d/init.d/network [Not from a Debian package]
WARNING: Possible Suckit:
/dev/.golf/
WARNING: Possible Volc rootkit installed:
/usr/bin/volc [Not from a Debian package]
WARNING: Possible Gold2 rootkit installed:
/usr/bin/ishit [Not from a Debian package]
WARNING: Possible TC2 rootkit installed:
/usr/sbin/initcheck [Not from a Debian package]
WARNING: Possible Anonoying rootkit installed:
/usr/sbin/mech [Not from a Debian package]
WARNING: Possible ZK rootkit installed:
/etc/sysconfig/console/load.zk [Not from a Debian package]
WARNING: Possible ShKit rootkit installed:
/etc/ld.so.hash [Not from a Debian package]
WARNING: Possible AjaKit rootkit installed:
/dev/tux/ [Not from a Debian package]
WARNING: Possible zaRwT rootkit installed:
/bin/imout [Not from a Debian package]
WARNING: Possible Madalin rootkit installed:
/usr/include/icekey.h [Not from a Debian package]
WARNING: Possible Fu rootkit installed:
/sbin/xc [Not from a Debian package]
WARNING: Possible Kenga3 rootkit installed:
/usr/include/. ./ [Not from a Debian package]
/usr/include/. ./foo [Not from a Debian package]
WARNING: Possible ESRK rootkit installed:
/usr/lib/tcl5.3/ [Not from a Debian package]
WARNING: Possible rootedoor installed:
/usr/sbin/rootedoor [Not from a Debian package]
/sbin/rootedoor [Not from a Debian package]
/sbin/rootedoor [Not from a Debian package]
/usr/sbin/rootedoor [Not from a Debian package]
WARNING: Possible ENYELKM rootkit installed:
/etc/.enyelkmOCULTAR.ko/ [Not from a Debian package]
WARNING: Possible ssh-scanner installed:
/var/tmp/vuln.txt [Not from a Debian package]
WARNING: /usr/sbin/ssh may be INFECTED by Linux/Ebury 1.4
WARNING: Possible Linux/Ebury 1.6 - Operation Windigo installed in /lib/x86_64-linux-gnu/libkeyutils.so.1 [Not from a Debian package]
WARNING: Possible 64-bit Linux Rootkit:
/usr/local/hide/ [Not from a Debian package]
/usr/local/hide/foo [Not from a Debian package]
/etc/rc.local [Not from a Debian package]
WARNING: Possible 64-bit rootkit modules installed:
/lib/modules/module_init.ko [Not from a Debian package]
WARNING: Possible Mumblehard backdoor installed:
/var/spool/cron/crontabs/foo [Not from a Debian package]
WARNING: Possible Backdoor.Linux.Mokes.a installed:
/tmp/ss0-0 [Not from a Debian package]
WARNING: Possible Malicious TinyDNS installed:
/home/ ./ [Not from a Debian package]
/home/ ./tinyDNS [Not from a Debian package]
WARNING: Possible Linux.Xor.DDoS installed:
/tmp/autopkgtest.agxPFS/wrapper.sh [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/check_php [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/debian/rules [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/debian/tests/test-chkrootkit [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/debian/tests/find-debs-that-are-enhanced [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/debian/chkrootkit-daily [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/check_if_debian [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-w55808.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-chk_sendmail.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-chk_lsof.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-chk_pidof.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-z2.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-chk_inetdconf.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-chkutmp.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-chk_w.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-chk_pop2.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-chk_killall.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-chk_pstree.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-chk_tcpd.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-chk_slogin.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-slapper.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-helper-functions-for-reporting-results.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-chk_mail.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-chk_chsh.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-chk_inetd.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-chk_date.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-chk_tar.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-chk_basename.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-aliens.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-rexedcs.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-chk_ls.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-chk_crontab.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-OSX_RSPLUG.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-chk_echo.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-chk_named.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-bindshell.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-chk_vdir.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-chk_amd.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-chk_tcpdump.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-chk_timed.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-chk_top.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-chk_netstat.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-chk_identd.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-chk_hdparm.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-chk_mingetty.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-chk_traceroute.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-chk_rshd.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-lkm.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-chk_env.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-printn.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-chk_telnetd.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-chk_rpcinfo.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-chk_biff.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-scalper.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-asp.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-chk_find.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-chk_rlogind.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-lookfor-rootkit.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-chk_pop3.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-chk_login.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-chk_grep.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-sniffer.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-chk_gpm.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-chk_ldsopreload.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-chk_syslog.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-chk_egrep.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-chk_sshd.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-Debian-cd.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-chk_passwd.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-chk_fingerd.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-chk_ps.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-chk_cron.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-wted.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-chk_du.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-chk_init.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-chk_ifconfig.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-chk_write.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-chk_dirname.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-chk_su.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-top-level.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-chk_chfn.patch/chkrootkit [Not from a Debian package]
/tmp/test-chkrootkit-false-positive [Not from a Debian package]
/tmp/clean/netstat [Not from a Debian package]
/tmp/clean/grep.orig [Not from a Debian package]
/tmp/clean/uname [Not from a Debian package]
/tmp/clean/dirname [Not from a Debian package]
/tmp/clean/xargs [Not from a Debian package]
/tmp/clean/grep [Not from a Debian package]
/tmp/clean/ls.orig [Not from a Debian package]
/tmp/clean/ss [Not from a Debian package]
/tmp/clean/ls [Not from a Debian package]
/tmp/clean/dpkg-query [Not from a Debian package]
/tmp/clean/head [Not from a Debian package]
/tmp/clean/id [Not from a Debian package]
/tmp/clean/awk [Not from a Debian package]
/tmp/clean/ps [Not from a Debian package]
/tmp/clean/echo [Not from a Debian package]
/tmp/clean/cut [Not from a Debian package]
/tmp/clean/strings [Not from a Debian package]
/tmp/clean/sed [Not from a Debian package]
/tmp/clean/find [Not from a Debian package]
WARNING: INFECTED: Possible Malicious Linux.Proxy.10 installed in /etc/passwd
WARNING: Possible Malicious CrossRAT installed:
/usr/var/mediamgrs.jar [Not from a Debian package]
WARNING: Possible Malicious Hidden Cobra installed:
/tmp/.ICE-unix/engine.so [Not from a Debian package]
WARNING: Possible Rocke Miner rootkit installed:
/etc/xig [Not from a Debian package]
WARNING: Possible PWNLNX4 lkm rootkit installed:
/var/tmp/.1/ [Not from a Debian package]
WARNING: Possible PWNLNX6 lkm rootkit installed:
/tmp/suterusu/ [Not from a Debian package]
WARNING: Possible Malicious UMBREON LRK installed:
/usr/share/libc.so.69 [Not from a Debian package]
WARNING: Possible Kinsing.a backdoor rootkit installed:
/tmp/kdevtmpfsi [Not from a Debian package]
WARNING: Possible RotaJakiro backdoor rootkit installed:
/bin/systemd-daemon [Not from a Debian package]
WARNING: Possible Malicious Syslogk LKM rootkit installed: /proc/syslogk
WARNING: INFECTED: Possible Malicious Kovid LKM rootkit installed: /proc/kovid
WARNING: Possible Tsunami DDoS Malware rootkit installed:
/bin/cls [Not from a Debian package]
WARNING: Possible Linux BPFDoor Malware installed:
/proc/xx/stack
WARNING: The following suspicious PHP files were found:
/tmp/name.php
/tmp/by-content
/tmp/sp ace/aaa' exit 1; "
WARNING: Zero-size history files:
/root/.whatever.history [Not from a Debian package]
WARNING: shell history files hardlinked to another file:
/root/.whatever.history [Not from a Debian package]
WARNING: Possible Ramen Worm installed in /etc/inetd.conf
WARNING: Potential bindshell installed: infected ports: 600 31337
INFECTED: /usr/bin/in.rexedcs
WARNING: Output from ifpromisc:
chkrootkit: PACKET SNIFFER(/usr/sbin/dhcpd[41705])
WARNING: Possible 55808 Worm installed
WARNING: Possible Scalper Worm installed
WARNING: Possible Slapper Worm installed:
/tmp/.bugtraq.c [Not from a Debian package]
**** Files in log
total 44K
drwxr-xr-x 2 root root 4.0K Jan 28 08:56 .
drwxr-xr-x 4 root root 4.0K Jan 28 08:46 ..
-rw-r--r-- 1 root root 0 Jan 28 08:56 chkrootkit-daily.log
-rw-r--r-- 1 root root 9.7K Jan 28 08:56 log.expected
-rw-r--r-- 1 root root 9.7K Jan 28 08:56 log.today
-rw-r--r-- 1 root root 9.7K Jan 28 08:56 log.today.raw
*** Test of content of output follows...
**** Test for '^Checking `amd'\.\.\. INFECTED$'
Checking `amd'... INFECTED
OK
**** Test for '^Checking `basename'\.\.\. INFECTED$'
Checking `basename'... INFECTED
OK
**** Test for '^Checking `biff'\.\.\. INFECTED$'
Checking `biff'... INFECTED
OK
**** Test for '^Checking `chfn'\.\.\. INFECTED$'
Checking `chfn'... INFECTED
OK
**** Test for '^Checking `chsh'\.\.\. INFECTED$'
Checking `chsh'... INFECTED
OK
**** Test for '^Checking `cron'\.\.\. INFECTED$'
Checking `cron'... INFECTED
OK
**** Test for '^Checking for Lupper\.Worm\.\.\. INFECTED$'
Checking for Lupper.Worm... INFECTED
OK
**** Test for '^WARNING: crontab for nobody found, possible Lupper\.Worm\.$'
WARNING: crontab for nobody found, possible Lupper.Worm.
OK
**** Test for '^Checking `crontab'\.\.\. INFECTED$'
Checking `crontab'... INFECTED
OK
**** Test for '^Checking `date'\.\.\. INFECTED$'
Checking `date'... INFECTED
OK
**** Test for '^Checking `du'\.\.\. INFECTED$'
Checking `du'... INFECTED
OK
**** Test for '^Checking `dirname'\.\.\. INFECTED$'
Checking `dirname'... INFECTED
OK
**** Test for '^Checking `echo'\.\.\. INFECTED$'
Checking `echo'... INFECTED
OK
**** Test for '^Checking `egrep'\.\.\. INFECTED$'
Checking `egrep'... INFECTED
OK
**** Test for '^Checking `env'\.\.\. INFECTED$'
Checking `env'... INFECTED
OK
**** Test for '^Checking `find'\.\.\. INFECTED$'
Checking `find'... INFECTED
OK
**** Test for '^Checking `fingerd'\.\.\. INFECTED$'
Checking `fingerd'... INFECTED
OK
**** Test for '^Checking `gpm'\.\.\. INFECTED$'
Checking `gpm'... INFECTED
OK
**** Test for '^Checking `grep'\.\.\. INFECTED$'
Checking `grep'... INFECTED
OK
**** Test for '^Checking `hdparm'\.\.\. INFECTED$'
Checking `hdparm'... INFECTED
OK
**** Test for '^Checking `su'\.\.\. INFECTED$'
Checking `su'... INFECTED
OK
**** Test for '^Checking `ifconfig'\.\.\. INFECTED$'
Checking `ifconfig'... INFECTED
OK
**** Test for '^Checking `inetd'\.\.\. INFECTED$'
Checking `inetd'... INFECTED
OK
**** Test for '^Checking `inetdconf'\.\.\. INFECTED$'
Checking `inetdconf'... INFECTED
OK
**** Test for '^Checking `identd'\.\.\. INFECTED$'
Checking `identd'... INFECTED
OK
**** Test for '^Checking `init'\.\.\. INFECTED$'
Checking `init'... INFECTED
OK
**** Test for '^Checking `killall'\.\.\. INFECTED$'
Checking `killall'... INFECTED
OK
**** Test for '^Checking `login'\.\.\. INFECTED$'
Checking `login'... INFECTED
OK
**** Test for '^Checking `ls'\.\.\. INFECTED$'
Checking `ls'... INFECTED
OK
**** Test for '^Checking `lsof'\.\.\. INFECTED$'
Checking `lsof'... INFECTED
OK
**** Test for '^Checking `mail'\.\.\. INFECTED$'
Checking `mail'... INFECTED
OK
**** Test for '^Checking `mingetty'\.\.\. INFECTED$'
Checking `mingetty'... INFECTED
OK
**** Test for '^Checking `netstat'\.\.\. INFECTED$'
Checking `netstat'... INFECTED
OK
**** Test for '^Checking `named'\.\.\. INFECTED$'
Checking `named'... INFECTED
OK
**** Test for '^Checking `passwd'\.\.\. INFECTED$'
Checking `passwd'... INFECTED
OK
**** Test for '^Checking `pidof'\.\.\. INFECTED$'
Checking `pidof'... INFECTED
OK
**** Test for '^Checking `pop2'\.\.\. INFECTED$'
Checking `pop2'... INFECTED
OK
**** Test for '^Checking `pop3'\.\.\. INFECTED$'
Checking `pop3'... INFECTED
OK
**** Test for '^Checking `ps'\.\.\. INFECTED$'
Checking `ps'... INFECTED
OK
**** Test for '^Checking `pstree'\.\.\. INFECTED$'
Checking `pstree'... INFECTED
OK
**** Test for '^Checking `rpcinfo'\.\.\. INFECTED$'
Checking `rpcinfo'... INFECTED
OK
**** Test for '^Checking `rlogind'\.\.\. INFECTED$'
Checking `rlogind'... INFECTED
OK
**** Test for '^Checking `rshd'\.\.\. INFECTED$'
Checking `rshd'... INFECTED
OK
**** Test for '^Checking `slogin'\.\.\. INFECTED$'
Checking `slogin'... INFECTED
OK
**** Test for '^Checking `sendmail'\.\.\. INFECTED$'
Checking `sendmail'... INFECTED
OK
**** Test for '^Checking `syslogd'\.\.\. INFECTED$'
Checking `syslogd'... INFECTED
OK
**** Test for '^Checking `tar'\.\.\. INFECTED$'
Checking `tar'... INFECTED
OK
**** Test for '^Checking `tcpd'\.\.\. INFECTED$'
Checking `tcpd'... INFECTED
OK
**** Test for '^Checking `tcpdump'\.\.\. INFECTED$'
Checking `tcpdump'... INFECTED
OK
**** Test for '^Checking `top'\.\.\. INFECTED$'
Checking `top'... INFECTED
OK
**** Test for '^Checking `telnetd'\.\.\. INFECTED$'
Checking `telnetd'... INFECTED
OK
**** Test for '^Checking `timed'\.\.\. INFECTED$'
Checking `timed'... INFECTED
OK
**** Test for '^Checking `traceroute'\.\.\. INFECTED$'
Checking `traceroute'... INFECTED
OK
**** Test for '^Checking `vdir'\.\.\. INFECTED$'
Checking `vdir'... INFECTED
OK
**** Test for '^Checking `w'\.\.\. INFECTED$'
Checking `w'... INFECTED
OK
**** Test for '^Checking `write'\.\.\. INFECTED$'
Checking `write'... INFECTED
OK
**** Test for '^WARNING: The following suspicious files were found in /dev:$'
WARNING: The following suspicious files were found in /dev:
OK
**** Test for '^/dev/bad-file$'
/dev/bad-file
OK
**** Test for '^$'
OK
**** Test for '^WARNING: Suspect directory /var/run/\.tmp/ \[Not from a Debian package\] found\. Looking for sniffer logs:$'
WARNING: Suspect directory /var/run/.tmp/ [Not from a Debian package] found. Looking for sniffer logs:
OK
**** Test for '^/var/run/\.tmp/ \[Not from a Debian package\]$'
/var/run/.tmp/ [Not from a Debian package]
OK
**** Test for '^/var/run/\.tmp/y \[Not from a Debian package\]$'
/var/run/.tmp/y [Not from a Debian package]
OK
**** Test for '^WARNING: The following known suspicious files were found:$'
WARNING: The following known suspicious files were found:
OK
**** Test for '^/usr/bin/atm \[Not from a Debian package\]$'
/usr/bin/atm [Not from a Debian package]
OK
**** Test for '^/etc/ld\.so\.hash \[Not from a Debian package\]$'
/etc/ld.so.hash [Not from a Debian package]
/etc/ld.so.hash [Not from a Debian package]
OK
**** Test for '^WARNING: The following potential sniffer's logs were found:$'
WARNING: The following potential sniffer's logs were found:
OK
**** Test for '^/tmp/tcp\.log \[Not from a Debian package\]$'
/tmp/tcp.log [Not from a Debian package]
OK
**** Test for '^WARNING: Possible HiDrootkit rootkit installed:$'
WARNING: Possible HiDrootkit rootkit installed:
OK
**** Test for '^/var/lib/games/\.k/ \[Not from a Debian package\]$'
/var/lib/games/.k/ [Not from a Debian package]
OK
**** Test for '^WARNING: Possible t0rn rootkit installed:$'
WARNING: Possible t0rn rootkit installed:
OK
**** Test for '^/etc/ttyhash \[Not from a Debian package\]$'
/etc/ttyhash [Not from a Debian package]
OK
**** Test for '^WARNING: Possible t0rn v8 \(or variation\) rootkit installed:$'
WARNING: Possible t0rn v8 (or variation) rootkit installed:
OK
**** Test for '^/usr/local/lib/libproc\.a \[Not from a Debian package\]$'
/usr/local/lib/libproc.a [Not from a Debian package]
OK
**** Test for '^WARNING: Possible Lion rootkit installed:$'
WARNING: Possible Lion rootkit installed:
OK
**** Test for '^/bin/mjy \[Not from a Debian package\]$'
/bin/mjy [Not from a Debian package]
OK
**** Test for '^WARNING: Possible RSHA rootkit installed:$'
WARNING: Possible RSHA rootkit installed:
OK
**** Test for '^/usr/bin/n3tstat \[Not from a Debian package\]$'
/usr/bin/n3tstat [Not from a Debian package]
OK
**** Test for '^WARNING: Possible RH-Sharpe rootkit installed:$'
WARNING: Possible RH-Sharpe rootkit installed:
OK
**** Test for '^/bin/lps \[Not from a Debian package\]$'
/bin/lps [Not from a Debian package]
OK
**** Test for '^WARNING: Possible Ambient's rootkit \(ark\) installed:$'
WARNING: Possible Ambient's rootkit (ark) installed:
OK
**** Test for '^/usr/lib/\.ark\? \[Not from a Debian package\]$'
/usr/lib/.ark? [Not from a Debian package]
/usr/lib/.ark? [Not from a Debian package]
OK
**** Test for '^WARNING: The following suspicious files and directories were found:$'
WARNING: The following suspicious files and directories were found:
OK
**** Test for '^(/usr)?/lib/\.1 \[Not from a Debian package\]$'
/usr/lib/.1 [Not from a Debian package]
OK
**** Test for '^(/usr)?/lib/\.aaa \[Not from a Debian package\]$'
/usr/lib/.aaa [Not from a Debian package]
OK
**** Test for '^(/usr)?/lib/\.1DIR \[Not from a Debian package\]$'
/usr/lib/.1DIR [Not from a Debian package]
OK
**** Test for '^(/usr)?/lib/\.ark\? \[Not from a Debian package\]$'
/usr/lib/.ark? [Not from a Debian package]
/usr/lib/.ark? [Not from a Debian package]
OK
**** Test for '^(/usr)?/lib/\.\.\.DIR \[Not from a Debian package\]$'
/usr/lib/...DIR [Not from a Debian package]
OK
**** Test for '^(/usr)?/lib/\.bbb \[Not from a Debian package\]$'
/usr/lib/.bbb [Not from a Debian package]
OK
**** Test for '^(/usr)?/lib/\.DIR-aaa \[Not from a Debian package\]$'
/usr/lib/.DIR-aaa [Not from a Debian package]
OK
**** Test for '^(/usr)?/lib/\.\.\. \[Not from a Debian package\]$'
/usr/lib/... [Not from a Debian package]
OK
**** Test for '^WARNING: Possible LPD worm installed \(based on files found\)$'
WARNING: Possible LPD worm installed (based on files found)
OK
**** Test for '^WARNING: Possible Ramen Worm rootkit installed:$'
WARNING: Possible Ramen Worm rootkit installed:
OK
**** Test for '^/usr/src/\.poop/ \[Not from a Debian package\]$'
/usr/src/.poop/ [Not from a Debian package]
OK
**** Test for '^WARNING: Possible Maniac rootkit installed:$'
WARNING: Possible Maniac rootkit installed:
OK
**** Test for '^/usr/bin/mailrc \[Not from a Debian package\]$'
/usr/bin/mailrc [Not from a Debian package]
OK
**** Test for '^WARNING: Possible RK17 rootkit installed:$'
WARNING: Possible RK17 rootkit installed:
OK
**** Test for '^/www/httpd/cgi-bin/bogus\.cgi \[Not from a Debian package\]$'
/www/httpd/cgi-bin/bogus.cgi [Not from a Debian package]
OK
**** Test for '^/usr/lib/number\.cgi \[Not from a Debian package\]$'
/usr/lib/number.cgi [Not from a Debian package]
OK
**** Test for '^WARNING: Possible Ducoci rootkit installed:$'
WARNING: Possible Ducoci rootkit installed:
OK
**** Test for '^/www/httpd/cgi-bin/last\.cgi \[Not from a Debian package\]$'
/www/httpd/cgi-bin/last.cgi [Not from a Debian package]
OK
**** Test for '^WARNING: Possible Adore Worm installed:$'
WARNING: Possible Adore Worm installed:
OK
**** Test for '^/usr/bin/red\.tar \[Not from a Debian package\]$'
/usr/bin/red.tar [Not from a Debian package]
OK
**** Test for '^WARNING: Possible ShitC Worm installed:$'
WARNING: Possible ShitC Worm installed:
OK
**** Test for '^(/usr)?/bin/dy \[Not from a Debian package\]$'
/usr/bin/dy [Not from a Debian package]
OK
**** Test for '^(/usr)?/bin/frgy \[Not from a Debian package\]$'
/usr/bin/frgy [Not from a Debian package]
OK
**** Test for '^WARNING: Possible Omega Worm installed:$'
WARNING: Possible Omega Worm installed:
OK
**** Test for '^/dev/chr \[Not from a Debian package\]$'
/dev/chr [Not from a Debian package]
OK
**** Test for '^WARNING: Possible Sadmin/IIS Worm installed:$'
WARNING: Possible Sadmin/IIS Worm installed:
OK
**** Test for '^/dev/cuc \[Not from a Debian package\]$'
/dev/cuc [Not from a Debian package]
OK
**** Test for '^WARNING: Possible MonKit installed:$'
WARNING: Possible MonKit installed:
OK
**** Test for '^/usr/lib/libpikapp\.a \[Not from a Debian package\]$'
/usr/lib/libpikapp.a [Not from a Debian package]
OK
**** Test for '^WARNING: Possible Showtee rootkit installed:$'
WARNING: Possible Showtee rootkit installed:
OK
**** Test for '^/usr/include/proc\.h \[Not from a Debian package\]$'
/usr/include/proc.h [Not from a Debian package]
/usr/include/proc.h [Not from a Debian package]
OK
**** Test for '^/usr/include/chk\.h \[Not from a Debian package\]$'
/usr/include/chk.h [Not from a Debian package]
OK
**** Test for '^WARNING: Possible OpticKit installed:$'
WARNING: Possible OpticKit installed:
OK
**** Test for '^/usr/bin/xsf \[Not from a Debian package\]$'
/usr/bin/xsf [Not from a Debian package]
/usr/bin/xsf [Not from a Debian package]
OK
**** Test for '^WARNING: Possible T\.R\.K installed:$'
WARNING: Possible T.R.K installed:
OK
**** Test for '^/usr/bin/xsf \[Not from a Debian package\]$'
/usr/bin/xsf [Not from a Debian package]
/usr/bin/xsf [Not from a Debian package]
OK
**** Test for '^WARNING: Possible Mithra installed:$'
WARNING: Possible Mithra installed:
OK
**** Test for '^/usr/lib/locale/uboot \[Not from a Debian package\]$'
/usr/lib/locale/uboot [Not from a Debian package]
OK
**** Test for '^WARNING: Possible LOC rootkit installed:$'
WARNING: Possible LOC rootkit installed:
OK
**** Test for '^/tmp/xp \[Not from a Debian package\]$'
/tmp/xp [Not from a Debian package]
OK
**** Test for '^/usr/sbin/epic \[Not from a Debian package\]$'
/usr/sbin/epic [Not from a Debian package]
OK
**** Test for '^WARNING: Possible Romanian rootkit installed:$'
WARNING: Possible Romanian rootkit installed:
OK
**** Test for '^/usr/include/proc\.h \[Not from a Debian package\]$'
/usr/include/proc.h [Not from a Debian package]
/usr/include/proc.h [Not from a Debian package]
OK
**** Test for '^WARNING: Possible HKRK rootkit installed in /etc/rc\.d/init\.d/network \[Not from a Debian package\]$'
WARNING: Possible HKRK rootkit installed in /etc/rc.d/init.d/network [Not from a Debian package]
OK
**** Test for '^WARNING: Possible Suckit:$'
WARNING: Possible Suckit:
OK
**** Test for '^/dev/\.golf/$'
/dev/.golf/
OK
**** Test for '^WARNING: Possible Volc rootkit installed:$'
WARNING: Possible Volc rootkit installed:
OK
**** Test for '^/usr/bin/volc \[Not from a Debian package\]$'
/usr/bin/volc [Not from a Debian package]
OK
**** Test for '^WARNING: Possible Gold2 rootkit installed:$'
WARNING: Possible Gold2 rootkit installed:
OK
**** Test for '^/usr/bin/ishit \[Not from a Debian package\]$'
/usr/bin/ishit [Not from a Debian package]
OK
**** Test for '^WARNING: Possible TC2 rootkit installed:$'
WARNING: Possible TC2 rootkit installed:
OK
**** Test for '^/usr/sbin/initcheck \[Not from a Debian package\]$'
/usr/sbin/initcheck [Not from a Debian package]
OK
**** Test for '^WARNING: Possible Anonoying rootkit installed:$'
WARNING: Possible Anonoying rootkit installed:
OK
**** Test for '^/usr/sbin/mech \[Not from a Debian package\]$'
/usr/sbin/mech [Not from a Debian package]
OK
**** Test for '^WARNING: Possible ZK rootkit installed:$'
WARNING: Possible ZK rootkit installed:
OK
**** Test for '^/etc/sysconfig/console/load\.zk \[Not from a Debian package\]$'
/etc/sysconfig/console/load.zk [Not from a Debian package]
OK
**** Test for '^WARNING: Possible ShKit rootkit installed:$'
WARNING: Possible ShKit rootkit installed:
OK
**** Test for '^/etc/ld\.so\.hash \[Not from a Debian package\]$'
/etc/ld.so.hash [Not from a Debian package]
/etc/ld.so.hash [Not from a Debian package]
OK
**** Test for '^WARNING: Possible AjaKit rootkit installed:$'
WARNING: Possible AjaKit rootkit installed:
OK
**** Test for '^/dev/tux/ \[Not from a Debian package\]$'
/dev/tux/ [Not from a Debian package]
OK
**** Test for '^WARNING: Possible zaRwT rootkit installed:$'
WARNING: Possible zaRwT rootkit installed:
OK
**** Test for '^/bin/imout \[Not from a Debian package\]$'
/bin/imout [Not from a Debian package]
OK
**** Test for '^WARNING: Possible Madalin rootkit installed:$'
WARNING: Possible Madalin rootkit installed:
OK
**** Test for '^/usr/include/icekey\.h \[Not from a Debian package\]$'
/usr/include/icekey.h [Not from a Debian package]
OK
**** Test for '^WARNING: Possible Fu rootkit installed:$'
WARNING: Possible Fu rootkit installed:
OK
**** Test for '^/sbin/xc \[Not from a Debian package\]$'
/sbin/xc [Not from a Debian package]
OK
**** Test for '^WARNING: Possible Kenga3 rootkit installed:$'
WARNING: Possible Kenga3 rootkit installed:
OK
**** Test for '^/usr/include/\. \./ \[Not from a Debian package\]$'
/usr/include/. ./ [Not from a Debian package]
OK
**** Test for '^/usr/include/\. \./foo \[Not from a Debian package\]$'
/usr/include/. ./foo [Not from a Debian package]
OK
**** Test for '^WARNING: Possible ESRK rootkit installed:$'
WARNING: Possible ESRK rootkit installed:
OK
**** Test for '^/usr/lib/tcl5\.3/ \[Not from a Debian package\]$'
/usr/lib/tcl5.3/ [Not from a Debian package]
OK
**** Test for '^WARNING: Possible rootedoor installed:$'
WARNING: Possible rootedoor installed:
OK
**** Test for '^/usr/sbin/rootedoor \[Not from a Debian package\]$'
/usr/sbin/rootedoor [Not from a Debian package]
/usr/sbin/rootedoor [Not from a Debian package]
OK
**** Test for '^/sbin/rootedoor \[Not from a Debian package\]$'
/sbin/rootedoor [Not from a Debian package]
/sbin/rootedoor [Not from a Debian package]
OK
**** Test for '^WARNING: Possible ENYELKM rootkit installed:$'
WARNING: Possible ENYELKM rootkit installed:
OK
**** Test for '^/etc/\.enyelkmOCULTAR\.ko/ \[Not from a Debian package\]$'
/etc/.enyelkmOCULTAR.ko/ [Not from a Debian package]
OK
**** Test for '^WARNING: Possible ssh-scanner installed:$'
WARNING: Possible ssh-scanner installed:
OK
**** Test for '^/var/tmp/vuln\.txt \[Not from a Debian package\]$'
/var/tmp/vuln.txt [Not from a Debian package]
OK
**** Test for '^WARNING: /usr/sbin/ssh may be INFECTED by Linux/Ebury 1\.4$'
WARNING: /usr/sbin/ssh may be INFECTED by Linux/Ebury 1.4
OK
**** Test for '^WARNING: Possible Linux/Ebury 1\.6 - Operation Windigo installed in /lib/x86_64-linux-gnu/libkeyutils\.so\.1 \[.+\]$'
WARNING: Possible Linux/Ebury 1.6 - Operation Windigo installed in /lib/x86_64-linux-gnu/libkeyutils.so.1 [Not from a Debian package]
OK
**** Test for '^WARNING: Possible 64-bit Linux Rootkit:'
WARNING: Possible 64-bit Linux Rootkit:
OK
**** Test for '^/usr/local/hide/ \[Not from a Debian package\]$'
/usr/local/hide/ [Not from a Debian package]
OK
**** Test for '^/usr/local/hide/foo \[Not from a Debian package\]$'
/usr/local/hide/foo [Not from a Debian package]
OK
**** Test for '^/etc/rc\.local \[Not from a Debian package\]$'
/etc/rc.local [Not from a Debian package]
OK
**** Test for '^WARNING: Possible 64-bit rootkit modules installed:$'
WARNING: Possible 64-bit rootkit modules installed:
OK
**** Test for '^/lib/modules/module_init\.ko \[Not from a Debian package\]$'
/lib/modules/module_init.ko [Not from a Debian package]
OK
**** Test for '^WARNING: Possible Mumblehard backdoor installed:$'
WARNING: Possible Mumblehard backdoor installed:
OK
**** Test for '^/var/spool/cron/crontabs/foo \[Not from a Debian package\]$'
/var/spool/cron/crontabs/foo [Not from a Debian package]
OK
**** Test for '^WARNING: Possible Backdoor\.Linux\.Mokes\.a installed:$'
WARNING: Possible Backdoor.Linux.Mokes.a installed:
OK
**** Test for '^/tmp/ss0-0 \[Not from a Debian package\]$'
/tmp/ss0-0 [Not from a Debian package]
OK
**** Test for '^WARNING: Possible Malicious TinyDNS installed:$'
WARNING: Possible Malicious TinyDNS installed:
OK
**** Test for '^/home/ \./ \[Not from a Debian package\]$'
/home/ ./ [Not from a Debian package]
OK
**** Test for '^/home/ \./tinyDNS \[Not from a Debian package\]$'
/home/ ./tinyDNS [Not from a Debian package]
OK
**** Test for '^WARNING: Possible Linux\.Xor\.DDoS installed:$'
WARNING: Possible Linux.Xor.DDoS installed:
OK
**** Test for '^/tmp/clean/strings \[Not from a Debian package\]$'
/tmp/clean/strings [Not from a Debian package]
OK
**** Test for '^/tmp/clean/uname \[Not from a Debian package\]$'
/tmp/clean/uname [Not from a Debian package]
OK
**** Test for '^/tmp/clean/head \[Not from a Debian package\]$'
/tmp/clean/head [Not from a Debian package]
OK
**** Test for '^/tmp/clean/find \[Not from a Debian package\]$'
/tmp/clean/find [Not from a Debian package]
OK
**** Test for '^/tmp/clean/echo \[Not from a Debian package\]$'
/tmp/clean/echo [Not from a Debian package]
OK
**** Test for '^/tmp/clean/netstat \[Not from a Debian package\]$'
/tmp/clean/netstat [Not from a Debian package]
OK
**** Test for '^/tmp/clean/ls \[Not from a Debian package\]$'
/tmp/clean/ls [Not from a Debian package]
OK
**** Test for '^/tmp/clean/ls\.orig \[Not from a Debian package\]$'
/tmp/clean/ls.orig [Not from a Debian package]
OK
**** Test for '^/tmp/clean/ps \[Not from a Debian package\]$'
/tmp/clean/ps [Not from a Debian package]
OK
**** Test for '^/tmp/clean/awk \[Not from a Debian package\]$'
/tmp/clean/awk [Not from a Debian package]
OK
**** Test for '^/tmp/clean/grep \[Not from a Debian package\]$'
/tmp/clean/grep [Not from a Debian package]
OK
**** Test for '^/tmp/clean/grep\.orig \[Not from a Debian package\]$'
/tmp/clean/grep.orig [Not from a Debian package]
OK
**** Test for '^/tmp/clean/dirname \[Not from a Debian package\]$'
/tmp/clean/dirname [Not from a Debian package]
OK
**** Test for '^/tmp/clean/ss \[Not from a Debian package\]$'
/tmp/clean/ss [Not from a Debian package]
OK
**** Test for '^/tmp/clean/sed \[Not from a Debian package\]$'
/tmp/clean/sed [Not from a Debian package]
OK
**** Test for '^/tmp/clean/cut \[Not from a Debian package\]$'
/tmp/clean/cut [Not from a Debian package]
OK
**** Test for '^/tmp/clean/id \[Not from a Debian package\]$'
/tmp/clean/id [Not from a Debian package]
OK
**** Test for '^/tmp/clean/xargs \[Not from a Debian package\]$'
/tmp/clean/xargs [Not from a Debian package]
OK
**** Test for '^/tmp/clean/dpkg-query \[Not from a Debian package\]$'
/tmp/clean/dpkg-query [Not from a Debian package]
OK
**** Test for '^/tmp/test-chkrootkit-false-positive \[Not from a Debian package\]$'
/tmp/test-chkrootkit-false-positive [Not from a Debian package]
OK
**** Test for '^WARNING: INFECTED: Possible Malicious Linux\.Proxy\.10 installed in /etc/passwd$'
WARNING: INFECTED: Possible Malicious Linux.Proxy.10 installed in /etc/passwd
OK
**** Test for '^WARNING: Possible Malicious CrossRAT installed:$'
WARNING: Possible Malicious CrossRAT installed:
OK
**** Test for '^/usr/var/mediamgrs\.jar \[Not from a Debian package\]$'
/usr/var/mediamgrs.jar [Not from a Debian package]
OK
**** Test for '^WARNING: Possible Malicious Hidden Cobra installed:$'
WARNING: Possible Malicious Hidden Cobra installed:
OK
**** Test for '^/tmp/\.ICE-unix/engine\.so \[Not from a Debian package\]$'
/tmp/.ICE-unix/engine.so [Not from a Debian package]
OK
**** Test for '^WARNING: Possible Rocke Miner rootkit installed:$'
WARNING: Possible Rocke Miner rootkit installed:
OK
**** Test for '^/etc/xig \[Not from a Debian package\]$'
/etc/xig [Not from a Debian package]
OK
**** Test for '^WARNING: Possible PWNLNX4 lkm rootkit installed:$'
WARNING: Possible PWNLNX4 lkm rootkit installed:
OK
**** Test for '^/var/tmp/\.1/ \[Not from a Debian package\]$'
/var/tmp/.1/ [Not from a Debian package]
OK
**** Test for '^WARNING: Possible PWNLNX6 lkm rootkit installed:$'
WARNING: Possible PWNLNX6 lkm rootkit installed:
OK
**** Test for '^/tmp/suterusu/ \[Not from a Debian package\]$'
/tmp/suterusu/ [Not from a Debian package]
OK
**** Test for '^WARNING: Possible Malicious UMBREON LRK installed:$'
WARNING: Possible Malicious UMBREON LRK installed:
OK
**** Test for '^/usr/share/libc\.so\.69 \[Not from a Debian package\]$'
/usr/share/libc.so.69 [Not from a Debian package]
OK
**** Test for '^WARNING: Possible Kinsing\.a backdoor rootkit installed:$'
WARNING: Possible Kinsing.a backdoor rootkit installed:
OK
**** Test for '^/tmp/kdevtmpfsi \[Not from a Debian package\]$'
/tmp/kdevtmpfsi [Not from a Debian package]
OK
**** Test for '^WARNING: Possible RotaJakiro backdoor rootkit installed:$'
WARNING: Possible RotaJakiro backdoor rootkit installed:
OK
**** Test for '^/bin/systemd-daemon \[Not from a Debian package\]$'
/bin/systemd-daemon [Not from a Debian package]
OK
**** Test for '^WARNING: Possible Malicious Syslogk LKM rootkit installed: /proc/syslogk$'
WARNING: Possible Malicious Syslogk LKM rootkit installed: /proc/syslogk
OK
**** Test for '^WARNING: INFECTED: Possible Malicious Kovid LKM rootkit installed: /proc/kovid$'
WARNING: INFECTED: Possible Malicious Kovid LKM rootkit installed: /proc/kovid
OK
**** Test for 'WARNING: Possible Tsunami DDoS Malware rootkit installed:$'
WARNING: Possible Tsunami DDoS Malware rootkit installed:
OK
**** Test for '^/bin/cls \[Not from a Debian package\]$'
/bin/cls [Not from a Debian package]
OK
**** Test for '^WARNING: Possible Linux BPFDoor Malware installed:$'
WARNING: Possible Linux BPFDoor Malware installed:
OK
**** Test for '^/proc/xx/stack$'
/proc/xx/stack
OK
**** Test for '^WARNING: The following suspicious PHP files were found:$'
WARNING: The following suspicious PHP files were found:
OK
**** Test for '^/tmp/name\.php$'
/tmp/name.php
OK
**** Test for '^/tmp/sp ace/aaa' exit 1; "$'
/tmp/sp ace/aaa' exit 1; "
OK
**** Test for '^/tmp/by-content$'
/tmp/by-content
OK
**** Test for '^WARNING: Zero-size history files:$'
WARNING: Zero-size history files:
OK
**** Test for '^/root/\.whatever\.history \[Not from a Debian package\]$'
/root/.whatever.history [Not from a Debian package]
/root/.whatever.history [Not from a Debian package]
OK
**** Test for '^WARNING: shell history files hardlinked to another file:$'
WARNING: shell history files hardlinked to another file:
OK
**** Test for '^/root/\.whatever\.history \[Not from a Debian package\]$'
/root/.whatever.history [Not from a Debian package]
/root/.whatever.history [Not from a Debian package]
OK
**** Test for '^WARNING: Possible Ramen Worm installed in /etc/inetd\.conf$'
WARNING: Possible Ramen Worm installed in /etc/inetd.conf
OK
**** Test for '^WARNING: Potential bindshell installed: infected ports: 600 31337$'
WARNING: Potential bindshell installed: infected ports: 600 31337
OK
**** Test for '^INFECTED: /usr/bin/in\.rexedcs$'
INFECTED: /usr/bin/in.rexedcs
OK
**** Test for '^WARNING: Output from ifpromisc:$'
WARNING: Output from ifpromisc:
OK
**** Test for '^WARNING: Possible 55808 Worm installed$'
WARNING: Possible 55808 Worm installed
OK
**** Test for '^WARNING: Possible Scalper Worm installed$'
WARNING: Possible Scalper Worm installed
OK
**** Test for '^WARNING: Possible Slapper Worm installed:$'
WARNING: Possible Slapper Worm installed:
OK
**** Test for '^/tmp/\.bugtraq\.c \[Not from a Debian package\]$'
/tmp/.bugtraq.c [Not from a Debian package]
OK
** PASS: Testing: all-tests-can-find-something-02-quiet (chkrootkit -p /tmp/clean -q) done: PASS
*** Unexpected (unmatched) lines follow (for info):
chkrootkit: PACKET SNIFFER(/usr/sbin/dhcpd[41705])
** Testing: exclude-results-with-minus-e-option (chkrootkit -p /tmp/clean -e /usr/* aliens) ...
*** Output
ROOTDIR is `/'
Checking `aliens'... started
Searching for suspicious files in /dev... WARNING
WARNING: The following suspicious files were found in /dev:
/dev/bad-file
Searching for known suspicious directories... WARNING
WARNING: Suspect directory /var/run/.tmp/ [Not from a Debian package] found. Looking for sniffer logs:
/var/run/.tmp/ [Not from a Debian package]
/var/run/.tmp/y [Not from a Debian package]
Searching for known suspicious files... WARNING
WARNING: The following known suspicious files were found:
/etc/ld.so.hash [Not from a Debian package]
Searching for sniffer's logs... WARNING
WARNING: The following potential sniffer's logs were found:
/tmp/tcp.log [Not from a Debian package]
Searching for HiDrootkit rootkit... WARNING
WARNING: Possible HiDrootkit rootkit installed:
/var/lib/games/.k/ [Not from a Debian package]
Searching for t0rn rootkit... WARNING
WARNING: Possible t0rn rootkit installed:
/etc/ttyhash [Not from a Debian package]
Searching for t0rn v8 (or variation)... not found
Searching for Lion rootkit... WARNING
WARNING: Possible Lion rootkit installed:
/bin/mjy [Not from a Debian package]
Searching for RSHA rootkit... not found
Searching for RH-Sharpe rootkit... WARNING
WARNING: Possible RH-Sharpe rootkit installed:
/bin/lps [Not from a Debian package]
Searching for Ambient (ark) rootkit... not found
Searching for suspicious files and dirs... not found
Searching for LPD Worm... WARNING
WARNING: Possible LPD worm installed (based on files found)
Searching for Ramen Worm rootkit... not found
Searching for Maniac rootkit... not found
Searching for RK17 rootkit... WARNING
WARNING: Possible RK17 rootkit installed:
/www/httpd/cgi-bin/bogus.cgi [Not from a Debian package]
Searching for Ducoci rootkit... WARNING
WARNING: Possible Ducoci rootkit installed:
/www/httpd/cgi-bin/last.cgi [Not from a Debian package]
Searching for Adore Worm... not found
Searching for ShitC Worm... not found
Searching for Omega Worm... WARNING
WARNING: Possible Omega Worm installed:
/dev/chr [Not from a Debian package]
Searching for Sadmind/IIS Worm... WARNING
WARNING: Possible Sadmin/IIS Worm installed:
/dev/cuc [Not from a Debian package]
Searching for MonKit... not found
Searching for Showtee rootkit... not found
Searching for OpticKit... not found
Searching for T.R.K... not found
Searching for Mithra rootkit... not found
Searching for OBSD rootkit v1... not tested
Searching for LOC rootkit... WARNING
WARNING: Possible LOC rootkit installed:
/tmp/xp [Not from a Debian package]
Searching for Romanian rootkit... not found
Searching for HKRK rootkit... WARNING
WARNING: Possible HKRK rootkit installed in /etc/rc.d/init.d/network [Not from a Debian package]
Searching for Suckit rootkit... WARNING
WARNING: Possible Suckit:
/dev/.golf/
Searching for Volc rootkit... not found
Searching for Gold2 rootkit... not found
Searching for TC2 rootkit... not found
Searching for Anonoying rootkit... not found
Searching for ZK rootkit... WARNING
WARNING: Possible ZK rootkit installed:
/etc/sysconfig/console/load.zk [Not from a Debian package]
Searching for ShKit rootkit... WARNING
WARNING: Possible ShKit rootkit installed:
/etc/ld.so.hash [Not from a Debian package]
Searching for AjaKit rootkit... WARNING
WARNING: Possible AjaKit rootkit installed:
/dev/tux/ [Not from a Debian package]
Searching for zaRwT rootkit... WARNING
WARNING: Possible zaRwT rootkit installed:
/bin/imout [Not from a Debian package]
Searching for Madalin rootkit... not found
Searching for Fu rootkit... WARNING
WARNING: Possible Fu rootkit installed:
/sbin/xc [Not from a Debian package]
Searching for Kenga3 rootkit... not found
Searching for ESRK rootkit... not found
Searching for rootedoor... WARNING
WARNING: Possible rootedoor installed:
/sbin/rootedoor [Not from a Debian package]
/sbin/rootedoor [Not from a Debian package]
Searching for ENYELKM rootkit... WARNING
WARNING: Possible ENYELKM rootkit installed:
/etc/.enyelkmOCULTAR.ko/ [Not from a Debian package]
Searching for common ssh-scanners... WARNING
WARNING: Possible ssh-scanner installed:
/var/tmp/vuln.txt [Not from a Debian package]
Searching for Linux/Ebury 1.4 - Operation Windigo... WARNING
WARNING: /usr/sbin/ssh may be INFECTED by Linux/Ebury 1.4
Searching for Linux/Ebury 1.6... WARNING
WARNING: Possible Linux/Ebury 1.6 - Operation Windigo installed in /lib/x86_64-linux-gnu/libkeyutils.so.1 [Not from a Debian package]
Searching for 64-bit Linux Rootkit... WARNING
WARNING: Possible 64-bit Linux Rootkit:
/etc/rc.local [Not from a Debian package]
Searching for 64-bit Linux Rootkit modules... WARNING
WARNING: Possible 64-bit rootkit modules installed:
/lib/modules/module_init.ko [Not from a Debian package]
Searching for Mumblehard... WARNING
WARNING: Possible Mumblehard backdoor installed:
/var/spool/cron/crontabs/foo [Not from a Debian package]
Searching for Backdoor.Linux.Mokes.a... WARNING
WARNING: Possible Backdoor.Linux.Mokes.a installed:
/tmp/ss0-0 [Not from a Debian package]
Searching for Malicious TinyDNS... WARNING
WARNING: Possible Malicious TinyDNS installed:
/home/ ./ [Not from a Debian package]
/home/ ./tinyDNS [Not from a Debian package]
Searching for Linux.Xor.DDoS... WARNING
WARNING: Possible Linux.Xor.DDoS installed:
/tmp/autopkgtest.agxPFS/wrapper.sh [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/check_php [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/debian/rules [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/debian/tests/test-chkrootkit [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/debian/tests/find-debs-that-are-enhanced [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/debian/chkrootkit-daily [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/check_if_debian [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-w55808.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-chk_sendmail.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-chk_lsof.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-chk_pidof.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-z2.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-chk_inetdconf.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-chkutmp.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-chk_w.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-chk_pop2.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-chk_killall.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-chk_pstree.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-chk_tcpd.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-chk_slogin.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-slapper.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-helper-functions-for-reporting-results.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-chk_mail.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-chk_chsh.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-chk_inetd.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-chk_date.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-chk_tar.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-chk_basename.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-aliens.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-rexedcs.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-chk_ls.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-chk_crontab.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-OSX_RSPLUG.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-chk_echo.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-chk_named.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-bindshell.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-chk_vdir.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-chk_amd.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-chk_tcpdump.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-chk_timed.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-chk_top.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-chk_netstat.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-chk_identd.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-chk_hdparm.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-chk_mingetty.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-chk_traceroute.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-chk_rshd.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-lkm.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-chk_env.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-printn.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-chk_telnetd.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-chk_rpcinfo.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-chk_biff.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-scalper.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-asp.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-chk_find.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-chk_rlogind.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-lookfor-rootkit.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-chk_pop3.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-chk_login.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-chk_grep.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-sniffer.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-chk_gpm.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-chk_ldsopreload.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-chk_syslog.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-chk_egrep.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-chk_sshd.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-Debian-cd.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-chk_passwd.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-chk_fingerd.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-chk_ps.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-chk_cron.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-wted.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-chk_du.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-chk_init.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-chk_ifconfig.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-chk_write.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-chk_dirname.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-chk_su.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-top-level.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-chk_chfn.patch/chkrootkit [Not from a Debian package]
/tmp/test-chkrootkit-false-positive [Not from a Debian package]
/tmp/clean/netstat [Not from a Debian package]
/tmp/clean/grep.orig [Not from a Debian package]
/tmp/clean/uname [Not from a Debian package]
/tmp/clean/dirname [Not from a Debian package]
/tmp/clean/xargs [Not from a Debian package]
/tmp/clean/grep [Not from a Debian package]
/tmp/clean/ls.orig [Not from a Debian package]
/tmp/clean/ss [Not from a Debian package]
/tmp/clean/ls [Not from a Debian package]
/tmp/clean/dpkg-query [Not from a Debian package]
/tmp/clean/head [Not from a Debian package]
/tmp/clean/id [Not from a Debian package]
/tmp/clean/awk [Not from a Debian package]
/tmp/clean/ps [Not from a Debian package]
/tmp/clean/echo [Not from a Debian package]
/tmp/clean/cut [Not from a Debian package]
/tmp/clean/strings [Not from a Debian package]
/tmp/clean/sed [Not from a Debian package]
/tmp/clean/find [Not from a Debian package]
Searching for Linux.Proxy.1.0... WARNING
WARNING: INFECTED: Possible Malicious Linux.Proxy.10 installed in /etc/passwd
Searching for CrossRAT... not found
Searching for Hidden Cobra... WARNING
WARNING: Possible Malicious Hidden Cobra installed:
/tmp/.ICE-unix/engine.so [Not from a Debian package]
Searching for Rocke Miner rootkit... WARNING
WARNING: Possible Rocke Miner rootkit installed:
/etc/xig [Not from a Debian package]
Searching for PWNLNX4 lkm rootkit... WARNING
WARNING: Possible PWNLNX4 lkm rootkit installed:
/var/tmp/.1/ [Not from a Debian package]
Searching for PWNLNX6 lkm rootkit... WARNING
WARNING: Possible PWNLNX6 lkm rootkit installed:
/tmp/suterusu/ [Not from a Debian package]
Searching for Umbreon lrk... not found
Searching for Kinsing.a backdoor rootkit... WARNING
WARNING: Possible Kinsing.a backdoor rootkit installed:
/tmp/kdevtmpfsi [Not from a Debian package]
Searching for RotaJakiro backdoor rootkit... WARNING
WARNING: Possible RotaJakiro backdoor rootkit installed:
/bin/systemd-daemon [Not from a Debian package]
Searching for Syslogk LKM rootkit... WARNING
WARNING: Possible Malicious Syslogk LKM rootkit installed: /proc/syslogk
Searching for Kovid LKM rootkit... WARNING
WARNING: INFECTED: Possible Malicious Kovid LKM rootkit installed: /proc/kovid
Searching for Tsunami DDoS Malware rootkit... WARNING
WARNING: Possible Tsunami DDoS Malware rootkit installed:
/bin/cls [Not from a Debian package]
Searching for Linux BPF Door... WARNING
WARNING: Possible Linux BPFDoor Malware installed:
/proc/xx/stack
Searching for suspect PHP files... WARNING
WARNING: The following suspicious PHP files were found:
/tmp/name.php
/tmp/by-content
/tmp/sp ace/aaa' exit 1; "
Searching for zero-size shell history files in /root... WARNING
WARNING: Zero-size history files:
/root/.whatever.history [Not from a Debian package]
Searching for hardlinked shell history files in /root... WARNING
WARNING: shell history files hardlinked to another file:
/root/.whatever.history [Not from a Debian package]
Checking `aliens'... finished
**** Files in log
total 44K
drwxr-xr-x 2 root root 4.0K Jan 28 08:56 .
drwxr-xr-x 4 root root 4.0K Jan 28 08:46 ..
-rw-r--r-- 1 root root 0 Jan 28 08:56 chkrootkit-daily.log
-rw-r--r-- 1 root root 9.7K Jan 28 08:56 log.expected
-rw-r--r-- 1 root root 9.7K Jan 28 08:56 log.today
-rw-r--r-- 1 root root 9.7K Jan 28 08:56 log.today.raw
*** Test of content of output follows...
**** Test for '^ROOTDIR is `/'$'
ROOTDIR is `/'
OK
**** Test for '^Checking `aliens'\.\.\. started$'
Checking `aliens'... started
OK
**** Test for '^Searching for suspicious files in /dev\.\.\. WARNING$'
Searching for suspicious files in /dev... WARNING
OK
**** Test for '^$'
OK
**** Test for '^WARNING: The following suspicious files were found in /dev:$'
WARNING: The following suspicious files were found in /dev:
OK
**** Test for '^/dev/bad-file$'
/dev/bad-file
OK
**** Test for '^Searching for known suspicious directories\.\.\. WARNING$'
Searching for known suspicious directories... WARNING
OK
**** Test for '^WARNING: Suspect directory /var/run/\.tmp/ \[Not from a Debian package\] found\. Looking for sniffer logs:$'
WARNING: Suspect directory /var/run/.tmp/ [Not from a Debian package] found. Looking for sniffer logs:
OK
**** Test for '^/var/run/\.tmp/ \[Not from a Debian package\]$'
/var/run/.tmp/ [Not from a Debian package]
OK
**** Test for '^/var/run/\.tmp/y \[Not from a Debian package\]$'
/var/run/.tmp/y [Not from a Debian package]
OK
**** Test for '^Searching for known suspicious files\.\.\. WARNING$'
Searching for known suspicious files... WARNING
OK
**** Test for '^WARNING: The following known suspicious files were found:$'
WARNING: The following known suspicious files were found:
OK
**** Test for '^/etc/ld\.so\.hash \[Not from a Debian package\]$'
/etc/ld.so.hash [Not from a Debian package]
/etc/ld.so.hash [Not from a Debian package]
OK
**** Test for '^Searching for sniffer's logs\.\.\. WARNING$'
Searching for sniffer's logs... WARNING
OK
**** Test for '^WARNING: The following potential sniffer's logs were found:$'
WARNING: The following potential sniffer's logs were found:
OK
**** Test for '^/tmp/tcp\.log \[Not from a Debian package\]$'
/tmp/tcp.log [Not from a Debian package]
OK
**** Test for '^Searching for HiDrootkit rootkit\.\.\. WARNING$'
Searching for HiDrootkit rootkit... WARNING
OK
**** Test for '^WARNING: Possible HiDrootkit rootkit installed:$'
WARNING: Possible HiDrootkit rootkit installed:
OK
**** Test for '^/var/lib/games/\.k/ \[Not from a Debian package\]$'
/var/lib/games/.k/ [Not from a Debian package]
OK
**** Test for '^Searching for t0rn rootkit\.\.\. WARNING$'
Searching for t0rn rootkit... WARNING
OK
**** Test for '^WARNING: Possible t0rn rootkit installed:$'
WARNING: Possible t0rn rootkit installed:
OK
**** Test for '^/etc/ttyhash \[Not from a Debian package\]$'
/etc/ttyhash [Not from a Debian package]
OK
**** Test for '^Searching for t0rn v8 \(or variation\)\.\.\. not found$'
Searching for t0rn v8 (or variation)... not found
OK
**** Test for '^Searching for Lion rootkit\.\.\. WARNING$'
Searching for Lion rootkit... WARNING
OK
**** Test for '^WARNING: Possible Lion rootkit installed:$'
WARNING: Possible Lion rootkit installed:
OK
**** Test for '^/bin/mjy \[Not from a Debian package\]$'
/bin/mjy [Not from a Debian package]
OK
**** Test for '^Searching for RSHA rootkit\.\.\. not found$'
Searching for RSHA rootkit... not found
OK
**** Test for '^Searching for RH-Sharpe rootkit\.\.\. WARNING$'
Searching for RH-Sharpe rootkit... WARNING
OK
**** Test for '^WARNING: Possible RH-Sharpe rootkit installed:$'
WARNING: Possible RH-Sharpe rootkit installed:
OK
**** Test for '^/bin/lps \[Not from a Debian package\]$'
/bin/lps [Not from a Debian package]
OK
**** Test for '^Searching for Ambient \(ark\) rootkit\.\.\. not found$'
Searching for Ambient (ark) rootkit... not found
OK
**** Test for '^Searching for suspicious files and dirs\.\.\. not found$'
Searching for suspicious files and dirs... not found
OK
**** Test for '^Searching for LPD Worm\.\.\. WARNING$'
Searching for LPD Worm... WARNING
OK
**** Test for '^WARNING: Possible LPD worm installed \(based on files found\)$'
WARNING: Possible LPD worm installed (based on files found)
OK
**** Test for '^Searching for Ramen Worm rootkit\.\.\. not found$'
Searching for Ramen Worm rootkit... not found
OK
**** Test for '^Searching for Maniac rootkit\.\.\. not found$'
Searching for Maniac rootkit... not found
OK
**** Test for '^Searching for RK17 rootkit\.\.\. WARNING$'
Searching for RK17 rootkit... WARNING
OK
**** Test for '^WARNING: Possible RK17 rootkit installed:$'
WARNING: Possible RK17 rootkit installed:
OK
**** Test for '^/www/httpd/cgi-bin/bogus\.cgi \[Not from a Debian package\]$'
/www/httpd/cgi-bin/bogus.cgi [Not from a Debian package]
OK
**** Test for '^Searching for Ducoci rootkit\.\.\. WARNING$'
Searching for Ducoci rootkit... WARNING
OK
**** Test for '^WARNING: Possible Ducoci rootkit installed:$'
WARNING: Possible Ducoci rootkit installed:
OK
**** Test for '^/www/httpd/cgi-bin/last\.cgi \[Not from a Debian package\]$'
/www/httpd/cgi-bin/last.cgi [Not from a Debian package]
OK
**** Test for '^Searching for Adore Worm\.\.\. not found$'
Searching for Adore Worm... not found
OK
**** Test for '^Searching for ShitC Worm\.\.\. not found$'
Searching for ShitC Worm... not found
OK
**** Test for '^Searching for Omega Worm\.\.\. WARNING$'
Searching for Omega Worm... WARNING
OK
**** Test for '^WARNING: Possible Omega Worm installed:$'
WARNING: Possible Omega Worm installed:
OK
**** Test for '^/dev/chr \[Not from a Debian package\]$'
/dev/chr [Not from a Debian package]
OK
**** Test for '^Searching for Sadmind/IIS Worm\.\.\. WARNING$'
Searching for Sadmind/IIS Worm... WARNING
OK
**** Test for '^WARNING: Possible Sadmin/IIS Worm installed:$'
WARNING: Possible Sadmin/IIS Worm installed:
OK
**** Test for '^/dev/cuc \[Not from a Debian package\]$'
/dev/cuc [Not from a Debian package]
OK
**** Test for '^Searching for MonKit\.\.\. not found$'
Searching for MonKit... not found
OK
**** Test for '^Searching for Showtee rootkit\.\.\. not found$'
Searching for Showtee rootkit... not found
OK
**** Test for '^Searching for OpticKit\.\.\. not found$'
Searching for OpticKit... not found
OK
**** Test for '^Searching for T\.R\.K\.\.\. not found$'
Searching for T.R.K... not found
OK
**** Test for '^Searching for Mithra rootkit\.\.\. not found$'
Searching for Mithra rootkit... not found
OK
**** Test for '^Searching for OBSD rootkit v1\.\.\. not tested$'
Searching for OBSD rootkit v1... not tested
OK
**** Test for '^Searching for LOC rootkit\.\.\. WARNING$'
Searching for LOC rootkit... WARNING
OK
**** Test for '^WARNING: Possible LOC rootkit installed:$'
WARNING: Possible LOC rootkit installed:
OK
**** Test for '^/tmp/xp \[Not from a Debian package\]$'
/tmp/xp [Not from a Debian package]
OK
**** Test for '^Searching for Romanian rootkit\.\.\. not found$'
Searching for Romanian rootkit... not found
OK
**** Test for '^Searching for HKRK rootkit\.\.\. WARNING$'
Searching for HKRK rootkit... WARNING
OK
**** Test for '^WARNING: Possible HKRK rootkit installed in /etc/rc\.d/init\.d/network \[Not from a Debian package\]$'
WARNING: Possible HKRK rootkit installed in /etc/rc.d/init.d/network [Not from a Debian package]
OK
**** Test for '^Searching for Suckit rootkit\.\.\. WARNING$'
Searching for Suckit rootkit... WARNING
OK
**** Test for '^WARNING: Possible Suckit:$'
WARNING: Possible Suckit:
OK
**** Test for '^/dev/\.golf/$'
/dev/.golf/
OK
**** Test for '^Searching for Volc rootkit\.\.\. not found$'
Searching for Volc rootkit... not found
OK
**** Test for '^Searching for Gold2 rootkit\.\.\. not found$'
Searching for Gold2 rootkit... not found
OK
**** Test for '^Searching for TC2 rootkit\.\.\. not found$'
Searching for TC2 rootkit... not found
OK
**** Test for '^Searching for Anonoying rootkit\.\.\. not found$'
Searching for Anonoying rootkit... not found
OK
**** Test for '^Searching for ZK rootkit\.\.\. WARNING$'
Searching for ZK rootkit... WARNING
OK
**** Test for '^WARNING: Possible ZK rootkit installed:$'
WARNING: Possible ZK rootkit installed:
OK
**** Test for '^/etc/sysconfig/console/load\.zk \[Not from a Debian package\]$'
/etc/sysconfig/console/load.zk [Not from a Debian package]
OK
**** Test for '^Searching for ShKit rootkit\.\.\. WARNING$'
Searching for ShKit rootkit... WARNING
OK
**** Test for '^WARNING: Possible ShKit rootkit installed:$'
WARNING: Possible ShKit rootkit installed:
OK
**** Test for '^/etc/ld\.so\.hash \[Not from a Debian package\]$'
/etc/ld.so.hash [Not from a Debian package]
/etc/ld.so.hash [Not from a Debian package]
OK
**** Test for '^Searching for AjaKit rootkit\.\.\. WARNING$'
Searching for AjaKit rootkit... WARNING
OK
**** Test for '^WARNING: Possible AjaKit rootkit installed:$'
WARNING: Possible AjaKit rootkit installed:
OK
**** Test for '^/dev/tux/ \[Not from a Debian package\]$'
/dev/tux/ [Not from a Debian package]
OK
**** Test for '^Searching for zaRwT rootkit\.\.\. WARNING$'
Searching for zaRwT rootkit... WARNING
OK
**** Test for '^WARNING: Possible zaRwT rootkit installed:$'
WARNING: Possible zaRwT rootkit installed:
OK
**** Test for '^/bin/imout \[Not from a Debian package\]$'
/bin/imout [Not from a Debian package]
OK
**** Test for '^Searching for Madalin rootkit\.\.\. not found$'
Searching for Madalin rootkit... not found
OK
**** Test for '^Searching for Fu rootkit\.\.\. WARNING$'
Searching for Fu rootkit... WARNING
OK
**** Test for '^WARNING: Possible Fu rootkit installed:$'
WARNING: Possible Fu rootkit installed:
OK
**** Test for '^/sbin/xc \[Not from a Debian package\]$'
/sbin/xc [Not from a Debian package]
OK
**** Test for '^Searching for Kenga3 rootkit\.\.\. not found$'
Searching for Kenga3 rootkit... not found
OK
**** Test for '^Searching for ESRK rootkit\.\.\. not found$'
Searching for ESRK rootkit... not found
OK
**** Test for '^Searching for rootedoor\.\.\. WARNING$'
Searching for rootedoor... WARNING
OK
**** Test for '^WARNING: Possible rootedoor installed:$'
WARNING: Possible rootedoor installed:
OK
**** Test for '^/sbin/rootedoor \[Not from a Debian package\]$'
/sbin/rootedoor [Not from a Debian package]
/sbin/rootedoor [Not from a Debian package]
OK
**** Test for '^Searching for ENYELKM rootkit\.\.\. WARNING$'
Searching for ENYELKM rootkit... WARNING
OK
**** Test for '^WARNING: Possible ENYELKM rootkit installed:$'
WARNING: Possible ENYELKM rootkit installed:
OK
**** Test for '^/etc/\.enyelkmOCULTAR\.ko/ \[Not from a Debian package\]$'
/etc/.enyelkmOCULTAR.ko/ [Not from a Debian package]
OK
**** Test for '^Searching for common ssh-scanners\.\.\. WARNING$'
Searching for common ssh-scanners... WARNING
OK
**** Test for '^WARNING: Possible ssh-scanner installed:$'
WARNING: Possible ssh-scanner installed:
OK
**** Test for '^/var/tmp/vuln\.txt \[Not from a Debian package\]$'
/var/tmp/vuln.txt [Not from a Debian package]
OK
**** Test for '^Searching for Linux/Ebury 1\.4 - Operation Windigo\.\.\. WARNING$'
Searching for Linux/Ebury 1.4 - Operation Windigo... WARNING
OK
**** Test for '^WARNING: /usr/sbin/ssh may be INFECTED by Linux/Ebury 1\.4$'
WARNING: /usr/sbin/ssh may be INFECTED by Linux/Ebury 1.4
OK
**** Test for '^Searching for Linux/Ebury 1\.6\.\.\. WARNING$'
Searching for Linux/Ebury 1.6... WARNING
OK
**** Test for '^WARNING: Possible Linux/Ebury 1\.6 - Operation Windigo installed in /lib/x86_64-linux-gnu/libkeyutils\.so\.1 \[.+\]$'
WARNING: Possible Linux/Ebury 1.6 - Operation Windigo installed in /lib/x86_64-linux-gnu/libkeyutils.so.1 [Not from a Debian package]
OK
**** Test for '^Searching for 64-bit Linux Rootkit\.\.\. WARNING$'
Searching for 64-bit Linux Rootkit... WARNING
OK
**** Test for '^WARNING: Possible 64-bit Linux Rootkit:'
WARNING: Possible 64-bit Linux Rootkit:
OK
**** Test for '^/etc/rc\.local \[Not from a Debian package\]$'
/etc/rc.local [Not from a Debian package]
OK
**** Test for '^Searching for 64-bit Linux Rootkit modules\.\.\. WARNING$'
Searching for 64-bit Linux Rootkit modules... WARNING
OK
**** Test for '^WARNING: Possible 64-bit rootkit modules installed:$'
WARNING: Possible 64-bit rootkit modules installed:
OK
**** Test for '^/lib/modules/module_init\.ko \[Not from a Debian package\]$'
/lib/modules/module_init.ko [Not from a Debian package]
OK
**** Test for '^Searching for Mumblehard\.\.\. WARNING$'
Searching for Mumblehard... WARNING
OK
**** Test for '^WARNING: Possible Mumblehard backdoor installed:$'
WARNING: Possible Mumblehard backdoor installed:
OK
**** Test for '^/var/spool/cron/crontabs/foo \[Not from a Debian package\]$'
/var/spool/cron/crontabs/foo [Not from a Debian package]
OK
**** Test for '^Searching for Backdoor\.Linux\.Mokes\.a\.\.\. WARNING$'
Searching for Backdoor.Linux.Mokes.a... WARNING
OK
**** Test for '^WARNING: Possible Backdoor\.Linux\.Mokes\.a installed:$'
WARNING: Possible Backdoor.Linux.Mokes.a installed:
OK
**** Test for '^/tmp/ss0-0 \[Not from a Debian package\]$'
/tmp/ss0-0 [Not from a Debian package]
OK
**** Test for '^Searching for Malicious TinyDNS\.\.\. WARNING$'
Searching for Malicious TinyDNS... WARNING
OK
**** Test for '^WARNING: Possible Malicious TinyDNS installed:$'
WARNING: Possible Malicious TinyDNS installed:
OK
**** Test for '^/home/ \./ \[Not from a Debian package\]$'
/home/ ./ [Not from a Debian package]
OK
**** Test for '^/home/ \./tinyDNS \[Not from a Debian package\]$'
/home/ ./tinyDNS [Not from a Debian package]
OK
**** Test for '^Searching for Linux\.Xor\.DDoS\.\.\. WARNING$'
Searching for Linux.Xor.DDoS... WARNING
OK
**** Test for '^WARNING: Possible Linux\.Xor\.DDoS installed:$'
WARNING: Possible Linux.Xor.DDoS installed:
OK
**** Test for '^/tmp/clean/strings \[Not from a Debian package\]$'
/tmp/clean/strings [Not from a Debian package]
OK
**** Test for '^/tmp/clean/uname \[Not from a Debian package\]$'
/tmp/clean/uname [Not from a Debian package]
OK
**** Test for '^/tmp/clean/head \[Not from a Debian package\]$'
/tmp/clean/head [Not from a Debian package]
OK
**** Test for '^/tmp/clean/find \[Not from a Debian package\]$'
/tmp/clean/find [Not from a Debian package]
OK
**** Test for '^/tmp/clean/echo \[Not from a Debian package\]$'
/tmp/clean/echo [Not from a Debian package]
OK
**** Test for '^/tmp/clean/netstat \[Not from a Debian package\]$'
/tmp/clean/netstat [Not from a Debian package]
OK
**** Test for '^/tmp/clean/ls \[Not from a Debian package\]$'
/tmp/clean/ls [Not from a Debian package]
OK
**** Test for '^/tmp/clean/ls\.orig \[Not from a Debian package\]$'
/tmp/clean/ls.orig [Not from a Debian package]
OK
**** Test for '^/tmp/clean/ps \[Not from a Debian package\]$'
/tmp/clean/ps [Not from a Debian package]
OK
**** Test for '^/tmp/clean/awk \[Not from a Debian package\]$'
/tmp/clean/awk [Not from a Debian package]
OK
**** Test for '^/tmp/clean/grep \[Not from a Debian package\]$'
/tmp/clean/grep [Not from a Debian package]
OK
**** Test for '^/tmp/clean/grep\.orig \[Not from a Debian package\]$'
/tmp/clean/grep.orig [Not from a Debian package]
OK
**** Test for '^/tmp/clean/dirname \[Not from a Debian package\]$'
/tmp/clean/dirname [Not from a Debian package]
OK
**** Test for '^/tmp/clean/ss \[Not from a Debian package\]$'
/tmp/clean/ss [Not from a Debian package]
OK
**** Test for '^/tmp/clean/sed \[Not from a Debian package\]$'
/tmp/clean/sed [Not from a Debian package]
OK
**** Test for '^/tmp/clean/cut \[Not from a Debian package\]$'
/tmp/clean/cut [Not from a Debian package]
OK
**** Test for '^/tmp/clean/id \[Not from a Debian package\]$'
/tmp/clean/id [Not from a Debian package]
OK
**** Test for '^/tmp/clean/xargs \[Not from a Debian package\]$'
/tmp/clean/xargs [Not from a Debian package]
OK
**** Test for '^/tmp/clean/dpkg-query \[Not from a Debian package\]$'
/tmp/clean/dpkg-query [Not from a Debian package]
OK
**** Test for '^/tmp/test-chkrootkit-false-positive \[Not from a Debian package\]$'
/tmp/test-chkrootkit-false-positive [Not from a Debian package]
OK
**** Test for '^Searching for Linux\.Proxy\.1\.0\.\.\. WARNING$'
Searching for Linux.Proxy.1.0... WARNING
OK
**** Test for '^WARNING: INFECTED: Possible Malicious Linux\.Proxy\.10 installed in /etc/passwd$'
WARNING: INFECTED: Possible Malicious Linux.Proxy.10 installed in /etc/passwd
OK
**** Test for '^Searching for CrossRAT\.\.\. not found$'
Searching for CrossRAT... not found
OK
**** Test for '^Searching for Hidden Cobra\.\.\. WARNING$'
Searching for Hidden Cobra... WARNING
OK
**** Test for '^WARNING: Possible Malicious Hidden Cobra installed:$'
WARNING: Possible Malicious Hidden Cobra installed:
OK
**** Test for '^/tmp/\.ICE-unix/engine\.so \[Not from a Debian package\]$'
/tmp/.ICE-unix/engine.so [Not from a Debian package]
OK
**** Test for '^Searching for Rocke Miner rootkit\.\.\. WARNING$'
Searching for Rocke Miner rootkit... WARNING
OK
**** Test for '^WARNING: Possible Rocke Miner rootkit installed:$'
WARNING: Possible Rocke Miner rootkit installed:
OK
**** Test for '^/etc/xig \[Not from a Debian package\]$'
/etc/xig [Not from a Debian package]
OK
**** Test for '^Searching for PWNLNX4 lkm rootkit\.\.\. WARNING$'
Searching for PWNLNX4 lkm rootkit... WARNING
OK
**** Test for '^WARNING: Possible PWNLNX4 lkm rootkit installed:$'
WARNING: Possible PWNLNX4 lkm rootkit installed:
OK
**** Test for '^/var/tmp/\.1/ \[Not from a Debian package\]$'
/var/tmp/.1/ [Not from a Debian package]
OK
**** Test for '^Searching for PWNLNX6 lkm rootkit\.\.\. WARNING$'
Searching for PWNLNX6 lkm rootkit... WARNING
OK
**** Test for '^WARNING: Possible PWNLNX6 lkm rootkit installed:$'
WARNING: Possible PWNLNX6 lkm rootkit installed:
OK
**** Test for '^/tmp/suterusu/ \[Not from a Debian package\]$'
/tmp/suterusu/ [Not from a Debian package]
OK
**** Test for '^Searching for Umbreon lrk\.\.\. not found$'
Searching for Umbreon lrk... not found
OK
**** Test for '^Searching for Kinsing\.a backdoor rootkit\.\.\. WARNING$'
Searching for Kinsing.a backdoor rootkit... WARNING
OK
**** Test for '^WARNING: Possible Kinsing\.a backdoor rootkit installed:$'
WARNING: Possible Kinsing.a backdoor rootkit installed:
OK
**** Test for '^/tmp/kdevtmpfsi \[Not from a Debian package\]$'
/tmp/kdevtmpfsi [Not from a Debian package]
OK
**** Test for '^Searching for RotaJakiro backdoor rootkit\.\.\. WARNING$'
Searching for RotaJakiro backdoor rootkit... WARNING
OK
**** Test for '^WARNING: Possible RotaJakiro backdoor rootkit installed:$'
WARNING: Possible RotaJakiro backdoor rootkit installed:
OK
**** Test for '^/bin/systemd-daemon \[Not from a Debian package\]$'
/bin/systemd-daemon [Not from a Debian package]
OK
**** Test for '^Searching for Syslogk LKM rootkit\.\.\. WARNING$'
Searching for Syslogk LKM rootkit... WARNING
OK
**** Test for '^WARNING: Possible Malicious Syslogk LKM rootkit installed: /proc/syslogk$'
WARNING: Possible Malicious Syslogk LKM rootkit installed: /proc/syslogk
OK
**** Test for '^Searching for Kovid LKM rootkit\.\.\. WARNING$'
Searching for Kovid LKM rootkit... WARNING
OK
**** Test for '^WARNING: INFECTED: Possible Malicious Kovid LKM rootkit installed: /proc/kovid$'
WARNING: INFECTED: Possible Malicious Kovid LKM rootkit installed: /proc/kovid
OK
**** Test for '^Searching for Tsunami DDoS Malware rootkit\.\.\. WARNING$'
Searching for Tsunami DDoS Malware rootkit... WARNING
OK
**** Test for '^WARNING: Possible Tsunami DDoS Malware rootkit installed:$'
WARNING: Possible Tsunami DDoS Malware rootkit installed:
OK
**** Test for '^/bin/cls \[Not from a Debian package\]$'
/bin/cls [Not from a Debian package]
OK
**** Test for '^Searching for Linux BPF Door\.\.\. WARNING$'
Searching for Linux BPF Door... WARNING
OK
**** Test for '^WARNING: Possible Linux BPFDoor Malware installed:$'
WARNING: Possible Linux BPFDoor Malware installed:
OK
**** Test for '^/proc/xx/stack$'
/proc/xx/stack
OK
**** Test for '^Searching for suspect PHP files\.\.\. WARNING$'
Searching for suspect PHP files... WARNING
OK
**** Test for '^WARNING: The following suspicious PHP files were found:$'
WARNING: The following suspicious PHP files were found:
OK
**** Test for '^/tmp/name\.php$'
/tmp/name.php
OK
**** Test for '^/tmp/sp ace/aaa' exit 1; "$'
/tmp/sp ace/aaa' exit 1; "
OK
**** Test for '^/tmp/by-content$'
/tmp/by-content
OK
**** Test for '^Searching for zero-size shell history files in /root\.\.\. WARNING$'
Searching for zero-size shell history files in /root... WARNING
OK
**** Test for '^WARNING: Zero-size history files:$'
WARNING: Zero-size history files:
OK
**** Test for '^/root/\.whatever\.history \[Not from a Debian package\]$'
/root/.whatever.history [Not from a Debian package]
/root/.whatever.history [Not from a Debian package]
OK
**** Test for '^Searching for hardlinked shell history files in /root\.\.\. WARNING$'
Searching for hardlinked shell history files in /root... WARNING
OK
**** Test for '^WARNING: shell history files hardlinked to another file:$'
WARNING: shell history files hardlinked to another file:
OK
**** Test for '^/root/\.whatever\.history \[Not from a Debian package\]$'
/root/.whatever.history [Not from a Debian package]
/root/.whatever.history [Not from a Debian package]
OK
**** Test for '^Checking `aliens'\.\.\. finished$'
Checking `aliens'... finished
OK
** PASS: Testing: exclude-results-with-minus-e-option (chkrootkit -p /tmp/clean -e /usr/* aliens) done: PASS
* Testing the -r option
Symlink ROOT_DIR created: /tmp/CHKROOTKIT_ROOT
lrwxrwxrwx 1 root root 1 Jan 28 08:58 /tmp/CHKROOTKIT_ROOT -> /
** Testing: setting-rootdir (chkrootkit -p /tmp/clean -r /tmp/CHKROOTKIT_ROOT) ...
*** Output
ROOTDIR is `/tmp/CHKROOTKIT_ROOT/'
Checking `amd'... INFECTED
Checking `basename'... INFECTED
Checking `biff'... INFECTED
Checking `chfn'... INFECTED
Checking `chsh'... INFECTED
Checking `cron'... INFECTED
Checking `crontab'... WARNING
WARNING: crontab for nobody found, possible Lupper.Worm.
Checking for Lupper.Worm... INFECTED
Checking `date'... INFECTED
Checking `du'... INFECTED
Checking `dirname'... INFECTED
Checking `echo'... INFECTED
Checking `egrep'... INFECTED
Checking `env'... INFECTED
Checking `find'... INFECTED
Checking `fingerd'... INFECTED
Checking `gpm'... INFECTED
Checking `grep'... INFECTED
Checking `hdparm'... INFECTED
Checking `su'... INFECTED
Checking `ifconfig'... INFECTED
Checking `inetd'... INFECTED
Checking `inetdconf'... INFECTED
Checking `identd'... INFECTED
Checking `init'... INFECTED
Checking `killall'... INFECTED
Checking `ldsopreload'... not infected
Checking `login'... INFECTED
Checking `ls'... INFECTED
Checking `lsof'... INFECTED
Checking `mail'... INFECTED
Checking `mingetty'... INFECTED
Checking `netstat'... INFECTED
Checking `named'... INFECTED
Checking `passwd'... INFECTED
Checking `pidof'... INFECTED
Checking `pop2'... INFECTED
Checking `pop3'... INFECTED
Checking `ps'... INFECTED
Checking `pstree'... INFECTED
Checking `rpcinfo'... INFECTED
Checking `rlogind'... INFECTED
Checking `rshd'... INFECTED
Checking `slogin'... INFECTED
Checking `sendmail'... INFECTED
Checking `sshd'... INFECTED but disabled
Checking `syslogd'... INFECTED
Checking `tar'... INFECTED
Checking `tcpd'... INFECTED
Checking `tcpdump'... INFECTED
Checking `top'... INFECTED
Checking `telnetd'... INFECTED
Checking `timed'... INFECTED
Checking `traceroute'... INFECTED
Checking `vdir'... INFECTED
Checking `w'... INFECTED
Checking `write'... INFECTED
Checking `aliens'... started
Searching for suspicious files in /tmp/CHKROOTKIT_ROOT/dev... WARNING
WARNING: The following suspicious files were found in /tmp/CHKROOTKIT_ROOT/dev:
/tmp/CHKROOTKIT_ROOT/dev/bad-file
Searching for known suspicious directories... WARNING
WARNING: Suspect directory /tmp/CHKROOTKIT_ROOT/var/run/.tmp/ found. Looking for sniffer logs:
/tmp/CHKROOTKIT_ROOT/var/run/.tmp/
/tmp/CHKROOTKIT_ROOT/var/run/.tmp/y
Searching for known suspicious files... WARNING
WARNING: The following known suspicious files were found:
/tmp/CHKROOTKIT_ROOT/usr/bin/atm
/tmp/CHKROOTKIT_ROOT/etc/ld.so.hash
Searching for sniffer's logs... WARNING
WARNING: The following potential sniffer's logs were found:
/tmp/CHKROOTKIT_ROOT/tmp/tcp.log
Searching for HiDrootkit rootkit... WARNING
WARNING: Possible HiDrootkit rootkit installed:
/tmp/CHKROOTKIT_ROOT/var/lib/games/.k/
Searching for t0rn rootkit... WARNING
WARNING: Possible t0rn rootkit installed:
/tmp/CHKROOTKIT_ROOT/etc/ttyhash
Searching for t0rn v8 (or variation)... WARNING
WARNING: Possible t0rn v8 (or variation) rootkit installed:
/tmp/CHKROOTKIT_ROOT/usr/local/lib/libproc.a
Searching for Lion rootkit... WARNING
WARNING: Possible Lion rootkit installed:
/tmp/CHKROOTKIT_ROOT/bin/mjy
Searching for RSHA rootkit... WARNING
WARNING: Possible RSHA rootkit installed:
/tmp/CHKROOTKIT_ROOT/usr/bin/n3tstat
Searching for RH-Sharpe rootkit... WARNING
WARNING: Possible RH-Sharpe rootkit installed:
/tmp/CHKROOTKIT_ROOT/bin/lps
Searching for Ambient (ark) rootkit... WARNING
WARNING: Possible Ambient's rootkit (ark) installed:
/tmp/CHKROOTKIT_ROOT/usr/lib/.ark?
Searching for suspicious files and dirs... WARNING
WARNING: The following suspicious files and directories were found:
/tmp/CHKROOTKIT_ROOT/usr/lib/.1
/tmp/CHKROOTKIT_ROOT/usr/lib/.DIR-aaa
/tmp/CHKROOTKIT_ROOT/usr/lib/...
/tmp/CHKROOTKIT_ROOT/usr/lib/.bbb
/tmp/CHKROOTKIT_ROOT/usr/lib/...DIR
/tmp/CHKROOTKIT_ROOT/usr/lib/.1DIR
/tmp/CHKROOTKIT_ROOT/usr/lib/.aaa
/tmp/CHKROOTKIT_ROOT/usr/lib/.ark?
Searching for LPD Worm... WARNING
WARNING: Possible LPD worm installed (based on files found)
Searching for Ramen Worm rootkit... WARNING
WARNING: Possible Ramen Worm rootkit installed:
/tmp/CHKROOTKIT_ROOT/usr/src/.poop/
Searching for Maniac rootkit... WARNING
WARNING: Possible Maniac rootkit installed:
/tmp/CHKROOTKIT_ROOT/usr/bin/mailrc
Searching for RK17 rootkit... WARNING
WARNING: Possible RK17 rootkit installed:
/tmp/CHKROOTKIT_ROOT/www/httpd/cgi-bin/bogus.cgi
/tmp/CHKROOTKIT_ROOT/usr/lib/number.cgi
Searching for Ducoci rootkit... WARNING
WARNING: Possible Ducoci rootkit installed:
/tmp/CHKROOTKIT_ROOT/www/httpd/cgi-bin/last.cgi
Searching for Adore Worm... WARNING
WARNING: Possible Adore Worm installed:
/tmp/CHKROOTKIT_ROOT/usr/bin/red.tar
Searching for ShitC Worm... WARNING
WARNING: Possible ShitC Worm installed:
/tmp/CHKROOTKIT_ROOT/usr/bin/frgy
/tmp/CHKROOTKIT_ROOT/usr/bin/dy
Searching for Omega Worm... WARNING
WARNING: Possible Omega Worm installed:
/tmp/CHKROOTKIT_ROOT/dev/chr
Searching for Sadmind/IIS Worm... WARNING
WARNING: Possible Sadmin/IIS Worm installed:
/tmp/CHKROOTKIT_ROOT/dev/cuc
Searching for MonKit... WARNING
WARNING: Possible MonKit installed:
/tmp/CHKROOTKIT_ROOT/usr/lib/libpikapp.a
Searching for Showtee rootkit... WARNING
WARNING: Possible Showtee rootkit installed:
/tmp/CHKROOTKIT_ROOT/usr/include/proc.h
/tmp/CHKROOTKIT_ROOT/usr/include/chk.h
Searching for OpticKit... WARNING
WARNING: Possible OpticKit installed:
/tmp/CHKROOTKIT_ROOT/usr/bin/xsf
Searching for T.R.K... WARNING
WARNING: Possible T.R.K installed:
/tmp/CHKROOTKIT_ROOT/usr/bin/xsf
Searching for Mithra rootkit... WARNING
WARNING: Possible Mithra installed:
/tmp/CHKROOTKIT_ROOT/usr/lib/locale/uboot
Searching for OBSD rootkit v1... not tested
Searching for LOC rootkit... WARNING
WARNING: Possible LOC rootkit installed:
/tmp/CHKROOTKIT_ROOT/tmp/xp
/tmp/CHKROOTKIT_ROOT/usr/sbin/epic
Searching for Romanian rootkit... WARNING
WARNING: Possible Romanian rootkit installed:
/tmp/CHKROOTKIT_ROOT/usr/include/proc.h
Searching for HKRK rootkit... WARNING
WARNING: Possible HKRK rootkit installed in /tmp/CHKROOTKIT_ROOT/etc/rc.d/init.d/network
Searching for Suckit rootkit... WARNING
WARNING: Possible Suckit:
/tmp/CHKROOTKIT_ROOT/dev/.golf/
Searching for Volc rootkit... WARNING
WARNING: Possible Volc rootkit installed:
/tmp/CHKROOTKIT_ROOT/usr/bin/volc
Searching for Gold2 rootkit... WARNING
WARNING: Possible Gold2 rootkit installed:
/tmp/CHKROOTKIT_ROOT/usr/bin/ishit
Searching for TC2 rootkit... WARNING
WARNING: Possible TC2 rootkit installed:
/tmp/CHKROOTKIT_ROOT/usr/sbin/initcheck
Searching for Anonoying rootkit... WARNING
WARNING: Possible Anonoying rootkit installed:
/tmp/CHKROOTKIT_ROOT/usr/sbin/mech
Searching for ZK rootkit... WARNING
WARNING: Possible ZK rootkit installed:
/tmp/CHKROOTKIT_ROOT/etc/sysconfig/console/load.zk
Searching for ShKit rootkit... WARNING
WARNING: Possible ShKit rootkit installed:
/tmp/CHKROOTKIT_ROOT/etc/ld.so.hash
Searching for AjaKit rootkit... WARNING
WARNING: Possible AjaKit rootkit installed:
/tmp/CHKROOTKIT_ROOT/dev/tux/
Searching for zaRwT rootkit... WARNING
WARNING: Possible zaRwT rootkit installed:
/tmp/CHKROOTKIT_ROOT/bin/imout
Searching for Madalin rootkit... WARNING
WARNING: Possible Madalin rootkit installed:
/tmp/CHKROOTKIT_ROOT/usr/include/icekey.h
Searching for Fu rootkit... WARNING
WARNING: Possible Fu rootkit installed:
/tmp/CHKROOTKIT_ROOT/sbin/xc
Searching for Kenga3 rootkit... WARNING
WARNING: Possible Kenga3 rootkit installed:
/tmp/CHKROOTKIT_ROOT/usr/include/. ./
/tmp/CHKROOTKIT_ROOT/usr/include/. ./foo
Searching for ESRK rootkit... WARNING
WARNING: Possible ESRK rootkit installed:
/tmp/CHKROOTKIT_ROOT/usr/lib/tcl5.3/
Searching for rootedoor... WARNING
WARNING: Possible rootedoor installed:
/tmp/CHKROOTKIT_ROOT/usr/sbin/rootedoor
/tmp/CHKROOTKIT_ROOT/sbin/rootedoor
/tmp/CHKROOTKIT_ROOT/sbin/rootedoor
/tmp/CHKROOTKIT_ROOT/usr/sbin/rootedoor
Searching for ENYELKM rootkit... WARNING
WARNING: Possible ENYELKM rootkit installed:
/tmp/CHKROOTKIT_ROOT/etc/.enyelkmOCULTAR.ko/
Searching for common ssh-scanners... WARNING
WARNING: Possible ssh-scanner installed:
/tmp/CHKROOTKIT_ROOT/var/tmp/vuln.txt
Searching for Linux/Ebury 1.4 - Operation Windigo... WARNING
WARNING: /tmp/CHKROOTKIT_ROOT/usr/sbin/ssh may be INFECTED by Linux/Ebury 1.4
Searching for Linux/Ebury 1.6... WARNING
WARNING: Possible Linux/Ebury 1.6 - Operation Windigo installed in /tmp/CHKROOTKIT_ROOT/lib/x86_64-linux-gnu/libkeyutils.so.1
Searching for 64-bit Linux Rootkit... WARNING
WARNING: Possible 64-bit Linux Rootkit:
/tmp/CHKROOTKIT_ROOT/usr/local/hide/
/tmp/CHKROOTKIT_ROOT/usr/local/hide/foo
/tmp/CHKROOTKIT_ROOT/etc/rc.local
Searching for 64-bit Linux Rootkit modules... WARNING
WARNING: Possible 64-bit rootkit modules installed:
/tmp/CHKROOTKIT_ROOT/lib/modules/module_init.ko
Searching for Mumblehard... WARNING
WARNING: Possible Mumblehard backdoor installed:
/tmp/CHKROOTKIT_ROOT/var/spool/cron/crontabs/foo
Searching for Backdoor.Linux.Mokes.a... WARNING
WARNING: Possible Backdoor.Linux.Mokes.a installed:
/tmp/CHKROOTKIT_ROOT/tmp/ss0-0
Searching for Malicious TinyDNS... WARNING
WARNING: Possible Malicious TinyDNS installed:
/tmp/CHKROOTKIT_ROOT/home/ ./
/tmp/CHKROOTKIT_ROOT/home/ ./tinyDNS
Searching for Linux.Xor.DDoS... WARNING
WARNING: Possible Linux.Xor.DDoS installed:
/tmp/CHKROOTKIT_ROOT/tmp/autopkgtest.agxPFS/wrapper.sh
/tmp/CHKROOTKIT_ROOT/tmp/autopkgtest.agxPFS/build.Eux/src/check_php
/tmp/CHKROOTKIT_ROOT/tmp/autopkgtest.agxPFS/build.Eux/src/chkrootkit
/tmp/CHKROOTKIT_ROOT/tmp/autopkgtest.agxPFS/build.Eux/src/debian/rules
/tmp/CHKROOTKIT_ROOT/tmp/autopkgtest.agxPFS/build.Eux/src/debian/tests/test-chkrootkit
/tmp/CHKROOTKIT_ROOT/tmp/autopkgtest.agxPFS/build.Eux/src/debian/tests/find-debs-that-are-enhanced
/tmp/CHKROOTKIT_ROOT/tmp/autopkgtest.agxPFS/build.Eux/src/debian/chkrootkit-daily
/tmp/CHKROOTKIT_ROOT/tmp/autopkgtest.agxPFS/build.Eux/src/check_if_debian
/tmp/CHKROOTKIT_ROOT/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-w55808.patch/chkrootkit
/tmp/CHKROOTKIT_ROOT/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-chk_sendmail.patch/chkrootkit
/tmp/CHKROOTKIT_ROOT/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-chk_lsof.patch/chkrootkit
/tmp/CHKROOTKIT_ROOT/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-chk_pidof.patch/chkrootkit
/tmp/CHKROOTKIT_ROOT/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-z2.patch/chkrootkit
/tmp/CHKROOTKIT_ROOT/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-chk_inetdconf.patch/chkrootkit
/tmp/CHKROOTKIT_ROOT/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-chkutmp.patch/chkrootkit
/tmp/CHKROOTKIT_ROOT/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-chk_w.patch/chkrootkit
/tmp/CHKROOTKIT_ROOT/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-chk_pop2.patch/chkrootkit
/tmp/CHKROOTKIT_ROOT/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-chk_killall.patch/chkrootkit
/tmp/CHKROOTKIT_ROOT/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-chk_pstree.patch/chkrootkit
/tmp/CHKROOTKIT_ROOT/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-chk_tcpd.patch/chkrootkit
/tmp/CHKROOTKIT_ROOT/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-chk_slogin.patch/chkrootkit
/tmp/CHKROOTKIT_ROOT/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-slapper.patch/chkrootkit
/tmp/CHKROOTKIT_ROOT/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-helper-functions-for-reporting-results.patch/chkrootkit
/tmp/CHKROOTKIT_ROOT/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-chk_mail.patch/chkrootkit
/tmp/CHKROOTKIT_ROOT/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-chk_chsh.patch/chkrootkit
/tmp/CHKROOTKIT_ROOT/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-chk_inetd.patch/chkrootkit
/tmp/CHKROOTKIT_ROOT/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-chk_date.patch/chkrootkit
/tmp/CHKROOTKIT_ROOT/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-chk_tar.patch/chkrootkit
/tmp/CHKROOTKIT_ROOT/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-chk_basename.patch/chkrootkit
/tmp/CHKROOTKIT_ROOT/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-aliens.patch/chkrootkit
/tmp/CHKROOTKIT_ROOT/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-rexedcs.patch/chkrootkit
/tmp/CHKROOTKIT_ROOT/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-chk_ls.patch/chkrootkit
/tmp/CHKROOTKIT_ROOT/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-chk_crontab.patch/chkrootkit
/tmp/CHKROOTKIT_ROOT/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-OSX_RSPLUG.patch/chkrootkit
/tmp/CHKROOTKIT_ROOT/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-chk_echo.patch/chkrootkit
/tmp/CHKROOTKIT_ROOT/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-chk_named.patch/chkrootkit
/tmp/CHKROOTKIT_ROOT/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-bindshell.patch/chkrootkit
/tmp/CHKROOTKIT_ROOT/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-chk_vdir.patch/chkrootkit
/tmp/CHKROOTKIT_ROOT/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-chk_amd.patch/chkrootkit
/tmp/CHKROOTKIT_ROOT/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-chk_tcpdump.patch/chkrootkit
/tmp/CHKROOTKIT_ROOT/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-chk_timed.patch/chkrootkit
/tmp/CHKROOTKIT_ROOT/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-chk_top.patch/chkrootkit
/tmp/CHKROOTKIT_ROOT/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-chk_netstat.patch/chkrootkit
/tmp/CHKROOTKIT_ROOT/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-chk_identd.patch/chkrootkit
/tmp/CHKROOTKIT_ROOT/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-chk_hdparm.patch/chkrootkit
/tmp/CHKROOTKIT_ROOT/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-chk_mingetty.patch/chkrootkit
/tmp/CHKROOTKIT_ROOT/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-chk_traceroute.patch/chkrootkit
/tmp/CHKROOTKIT_ROOT/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-chk_rshd.patch/chkrootkit
/tmp/CHKROOTKIT_ROOT/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-lkm.patch/chkrootkit
/tmp/CHKROOTKIT_ROOT/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-chk_env.patch/chkrootkit
/tmp/CHKROOTKIT_ROOT/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-printn.patch/chkrootkit
/tmp/CHKROOTKIT_ROOT/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-chk_telnetd.patch/chkrootkit
/tmp/CHKROOTKIT_ROOT/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-chk_rpcinfo.patch/chkrootkit
/tmp/CHKROOTKIT_ROOT/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-chk_biff.patch/chkrootkit
/tmp/CHKROOTKIT_ROOT/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-scalper.patch/chkrootkit
/tmp/CHKROOTKIT_ROOT/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-asp.patch/chkrootkit
/tmp/CHKROOTKIT_ROOT/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-chk_find.patch/chkrootkit
/tmp/CHKROOTKIT_ROOT/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-chk_rlogind.patch/chkrootkit
/tmp/CHKROOTKIT_ROOT/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-lookfor-rootkit.patch/chkrootkit
/tmp/CHKROOTKIT_ROOT/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-chk_pop3.patch/chkrootkit
/tmp/CHKROOTKIT_ROOT/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-chk_login.patch/chkrootkit
/tmp/CHKROOTKIT_ROOT/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-chk_grep.patch/chkrootkit
/tmp/CHKROOTKIT_ROOT/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-sniffer.patch/chkrootkit
/tmp/CHKROOTKIT_ROOT/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-chk_gpm.patch/chkrootkit
/tmp/CHKROOTKIT_ROOT/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-chk_ldsopreload.patch/chkrootkit
/tmp/CHKROOTKIT_ROOT/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-chk_syslog.patch/chkrootkit
/tmp/CHKROOTKIT_ROOT/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-chk_egrep.patch/chkrootkit
/tmp/CHKROOTKIT_ROOT/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-chk_sshd.patch/chkrootkit
/tmp/CHKROOTKIT_ROOT/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-Debian-cd.patch/chkrootkit
/tmp/CHKROOTKIT_ROOT/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-chk_passwd.patch/chkrootkit
/tmp/CHKROOTKIT_ROOT/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-chk_fingerd.patch/chkrootkit
/tmp/CHKROOTKIT_ROOT/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-chk_ps.patch/chkrootkit
/tmp/CHKROOTKIT_ROOT/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-chk_cron.patch/chkrootkit
/tmp/CHKROOTKIT_ROOT/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-wted.patch/chkrootkit
/tmp/CHKROOTKIT_ROOT/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-chk_du.patch/chkrootkit
/tmp/CHKROOTKIT_ROOT/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-chk_init.patch/chkrootkit
/tmp/CHKROOTKIT_ROOT/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-chk_ifconfig.patch/chkrootkit
/tmp/CHKROOTKIT_ROOT/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-chk_write.patch/chkrootkit
/tmp/CHKROOTKIT_ROOT/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-chk_dirname.patch/chkrootkit
/tmp/CHKROOTKIT_ROOT/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-chk_su.patch/chkrootkit
/tmp/CHKROOTKIT_ROOT/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-top-level.patch/chkrootkit
/tmp/CHKROOTKIT_ROOT/tmp/autopkgtest.agxPFS/build.Eux/src/.pc/chkrootkit-chk_chfn.patch/chkrootkit
/tmp/CHKROOTKIT_ROOT/tmp/test-chkrootkit-false-positive
/tmp/CHKROOTKIT_ROOT/tmp/clean/netstat
/tmp/CHKROOTKIT_ROOT/tmp/clean/grep.orig
/tmp/CHKROOTKIT_ROOT/tmp/clean/uname
/tmp/CHKROOTKIT_ROOT/tmp/clean/dirname
/tmp/CHKROOTKIT_ROOT/tmp/clean/xargs
/tmp/CHKROOTKIT_ROOT/tmp/clean/grep
/tmp/CHKROOTKIT_ROOT/tmp/clean/ls.orig
/tmp/CHKROOTKIT_ROOT/tmp/clean/ss
/tmp/CHKROOTKIT_ROOT/tmp/clean/ls
/tmp/CHKROOTKIT_ROOT/tmp/clean/dpkg-query
/tmp/CHKROOTKIT_ROOT/tmp/clean/head
/tmp/CHKROOTKIT_ROOT/tmp/clean/id
/tmp/CHKROOTKIT_ROOT/tmp/clean/awk
/tmp/CHKROOTKIT_ROOT/tmp/clean/ps
/tmp/CHKROOTKIT_ROOT/tmp/clean/echo
/tmp/CHKROOTKIT_ROOT/tmp/clean/cut
/tmp/CHKROOTKIT_ROOT/tmp/clean/strings
/tmp/CHKROOTKIT_ROOT/tmp/clean/sed
/tmp/CHKROOTKIT_ROOT/tmp/clean/find
Searching for Linux.Proxy.1.0... WARNING
WARNING: INFECTED: Possible Malicious Linux.Proxy.10 installed in /etc/passwd
Searching for CrossRAT... WARNING
WARNING: Possible Malicious CrossRAT installed:
/tmp/CHKROOTKIT_ROOT/usr/var/mediamgrs.jar
Searching for Hidden Cobra... WARNING
WARNING: Possible Malicious Hidden Cobra installed:
/tmp/CHKROOTKIT_ROOT/tmp/.ICE-unix/engine.so
Searching for Rocke Miner rootkit... WARNING
WARNING: Possible Rocke Miner rootkit installed:
/tmp/CHKROOTKIT_ROOT/etc/xig
Searching for PWNLNX4 lkm rootkit... WARNING
WARNING: Possible PWNLNX4 lkm rootkit installed:
/tmp/CHKROOTKIT_ROOT/var/tmp/.1/
Searching for PWNLNX6 lkm rootkit... WARNING
WARNING: Possible PWNLNX6 lkm rootkit installed:
/tmp/CHKROOTKIT_ROOT/tmp/suterusu/
Searching for Umbreon lrk... WARNING
WARNING: Possible Malicious UMBREON LRK installed:
/tmp/CHKROOTKIT_ROOT/usr/share/libc.so.69
Searching for Kinsing.a backdoor rootkit... WARNING
WARNING: Possible Kinsing.a backdoor rootkit installed:
/tmp/CHKROOTKIT_ROOT/tmp/kdevtmpfsi
Searching for RotaJakiro backdoor rootkit... WARNING
WARNING: Possible RotaJakiro backdoor rootkit installed:
/tmp/CHKROOTKIT_ROOT/bin/systemd-daemon
Searching for Syslogk LKM rootkit... not tested
Searching for Kovid LKM rootkit... WARNING
WARNING: INFECTED: Possible Malicious Kovid LKM rootkit installed: /tmp/CHKROOTKIT_ROOT/proc/kovid
Searching for Tsunami DDoS Malware rootkit... WARNING
WARNING: Possible Tsunami DDoS Malware rootkit installed:
/tmp/CHKROOTKIT_ROOT/bin/cls
Searching for Linux BPF Door... WARNING
WARNING: Possible Linux BPFDoor Malware installed:
/proc/xx/stack
Searching for suspect PHP files... WARNING
WARNING: The following suspicious PHP files were found:
/tmp/CHKROOTKIT_ROOT/tmp/name.php
/tmp/CHKROOTKIT_ROOT/tmp/by-content
/tmp/CHKROOTKIT_ROOT/tmp/sp ace/aaa' exit 1; "
Searching for zero-size shell history files in /tmp/CHKROOTKIT_ROOT/root... WARNING
WARNING: Zero-size history files:
/tmp/CHKROOTKIT_ROOT/root/.whatever.history
Searching for hardlinked shell history files in /tmp/CHKROOTKIT_ROOT/root... WARNING
WARNING: shell history files hardlinked to another file:
/tmp/CHKROOTKIT_ROOT/root/.whatever.history
Checking `aliens'... finished
Checking `asp'... WARNING
WARNING: Possible Ramen Worm installed in /tmp/CHKROOTKIT_ROOT/etc/inetd.conf
Checking `bindshell'... not tested
Checking `lkm'... started
Searching for Adore LKM... not tested
Searching for sebek LKM (Adore based)... not tested
Searching for knark LKM rootkit... not found
Searching for for hidden processes with chkproc... not tested
Searching for for hidden directories using chkdirs... not found
Checking `lkm'... finished
Checking `rexedcs'... INFECTED: /tmp/CHKROOTKIT_ROOT/usr/bin/in.rexedcs
Checking `sniffer'... not tested
Checking `w55808'... WARNING
WARNING: Possible 55808 Worm installed
Checking `wted'... not found
Checking `scalper'... WARNING
WARNING: Possible Scalper Worm installed
Checking `slapper'... WARNING
WARNING: Possible Slapper Worm installed:
/tmp/CHKROOTKIT_ROOT/tmp/.bugtraq.c
Checking `z2'... not found
Checking `chkutmp'... not tested
Checking `OSX_RSPLUG'... not tested
**** Files in log
total 44K
drwxr-xr-x 2 root root 4.0K Jan 28 08:56 .
drwxr-xr-x 4 root root 4.0K Jan 28 08:46 ..
-rw-r--r-- 1 root root 0 Jan 28 08:56 chkrootkit-daily.log
-rw-r--r-- 1 root root 9.7K Jan 28 08:56 log.expected
-rw-r--r-- 1 root root 9.7K Jan 28 08:56 log.today
-rw-r--r-- 1 root root 9.7K Jan 28 08:56 log.today.raw
*** Test of content of output follows...
**** Test for '^ROOTDIR is `/[^ ]+/CHKROOTKIT_ROOT/'$'
ROOTDIR is `/tmp/CHKROOTKIT_ROOT/'
OK
**** Test for '^Checking `amd'\.\.\. INFECTED$'
Checking `amd'... INFECTED
OK
**** Test for '^Checking `basename'\.\.\. INFECTED$'
Checking `basename'... INFECTED
OK
**** Test for '^Checking `biff'\.\.\. INFECTED$'
Checking `biff'... INFECTED
OK
**** Test for '^Checking `chfn'\.\.\. INFECTED$'
Checking `chfn'... INFECTED
OK
**** Test for '^Checking `chsh'\.\.\. INFECTED$'
Checking `chsh'... INFECTED
OK
**** Test for '^Checking `cron'\.\.\. INFECTED$'
Checking `cron'... INFECTED
OK
**** Test for '^Checking `crontab'\.\.\. WARNING$'
Checking `crontab'... WARNING
OK
**** Test for '^$'
OK
**** Test for '^WARNING: crontab for nobody found, possible Lupper\.Worm\.$'
WARNING: crontab for nobody found, possible Lupper.Worm.
OK
**** Test for '^Checking for Lupper\.Worm\.\.\. INFECTED$'
Checking for Lupper.Worm... INFECTED
OK
**** Test for '^Checking `date'\.\.\. INFECTED$'
Checking `date'... INFECTED
OK
**** Test for '^Checking `du'\.\.\. INFECTED$'
Checking `du'... INFECTED
OK
**** Test for '^Checking `dirname'\.\.\. INFECTED$'
Checking `dirname'... INFECTED
OK
**** Test for '^Checking `echo'\.\.\. INFECTED$'
Checking `echo'... INFECTED
OK
**** Test for '^Checking `egrep'\.\.\. INFECTED$'
Checking `egrep'... INFECTED
OK
**** Test for '^Checking `env'\.\.\. INFECTED$'
Checking `env'... INFECTED
OK
**** Test for '^Checking `find'\.\.\. INFECTED$'
Checking `find'... INFECTED
OK
**** Test for '^Checking `fingerd'\.\.\. INFECTED$'
Checking `fingerd'... INFECTED
OK
**** Test for '^Checking `gpm'\.\.\. INFECTED$'
Checking `gpm'... INFECTED
OK
**** Test for '^Checking `grep'\.\.\. INFECTED$'
Checking `grep'... INFECTED
OK
**** Test for '^Checking `hdparm'\.\.\. INFECTED$'
Checking `hdparm'... INFECTED
OK
**** Test for '^Checking `su'\.\.\. INFECTED$'
Checking `su'... INFECTED
OK
**** Test for '^Checking `ifconfig'\.\.\. INFECTED$'
Checking `ifconfig'... INFECTED
OK
**** Test for '^Checking `inetd'\.\.\. INFECTED$'
Checking `inetd'... INFECTED
OK
**** Test for '^Checking `inetdconf'\.\.\. INFECTED$'
Checking `inetdconf'... INFECTED
OK
**** Test for '^Checking `identd'\.\.\. INFECTED$'
Checking `identd'... INFECTED
OK
**** Test for '^Checking `init'\.\.\. INFECTED$'
Checking `init'... INFECTED
OK
**** Test for '^Checking `killall'\.\.\. INFECTED$'
Checking `killall'... INFECTED
OK
**** Test for '^Checking `ldsopreload'\.\.\. not infected$'
Checking `ldsopreload'... not infected
OK
**** Test for '^Checking `login'\.\.\. INFECTED$'
Checking `login'... INFECTED
OK
**** Test for '^Checking `ls'\.\.\. INFECTED$'
Checking `ls'... INFECTED
OK
**** Test for '^Checking `lsof'\.\.\. INFECTED$'
Checking `lsof'... INFECTED
OK
**** Test for '^Checking `mail'\.\.\. INFECTED$'
Checking `mail'... INFECTED
OK
**** Test for '^Checking `mingetty'\.\.\. INFECTED$'
Checking `mingetty'... INFECTED
OK
**** Test for '^Checking `netstat'\.\.\. INFECTED$'
Checking `netstat'... INFECTED
OK
**** Test for '^Checking `named'\.\.\. INFECTED$'
Checking `named'... INFECTED
OK
**** Test for '^Checking `passwd'\.\.\. INFECTED$'
Checking `passwd'... INFECTED
OK
**** Test for '^Checking `pidof'\.\.\. INFECTED$'
Checking `pidof'... INFECTED
OK
**** Test for '^Checking `pop2'\.\.\. INFECTED$'
Checking `pop2'... INFECTED
OK
**** Test for '^Checking `pop3'\.\.\. INFECTED$'
Checking `pop3'... INFECTED
OK
**** Test for '^Checking `ps'\.\.\. INFECTED$'
Checking `ps'... INFECTED
OK
**** Test for '^Checking `pstree'\.\.\. INFECTED$'
Checking `pstree'... INFECTED
OK
**** Test for '^Checking `rpcinfo'\.\.\. INFECTED$'
Checking `rpcinfo'... INFECTED
OK
**** Test for '^Checking `rlogind'\.\.\. INFECTED$'
Checking `rlogind'... INFECTED
OK
**** Test for '^Checking `rshd'\.\.\. INFECTED$'
Checking `rshd'... INFECTED
OK
**** Test for '^Checking `slogin'\.\.\. INFECTED$'
Checking `slogin'... INFECTED
OK
**** Test for '^Checking `sendmail'\.\.\. INFECTED$'
Checking `sendmail'... INFECTED
OK
**** Test for '^Checking `sshd'\.\.\. INFECTED but disabled$'
Checking `sshd'... INFECTED but disabled
OK
**** Test for '^Checking `syslogd'\.\.\. INFECTED$'
Checking `syslogd'... INFECTED
OK
**** Test for '^Checking `tar'\.\.\. INFECTED$'
Checking `tar'... INFECTED
OK
**** Test for '^Checking `tcpd'\.\.\. INFECTED$'
Checking `tcpd'... INFECTED
OK
**** Test for '^Checking `tcpdump'\.\.\. INFECTED$'
Checking `tcpdump'... INFECTED
OK
**** Test for '^Checking `top'\.\.\. INFECTED$'
Checking `top'... INFECTED
OK
**** Test for '^Checking `telnetd'\.\.\. INFECTED$'
Checking `telnetd'... INFECTED
OK
**** Test for '^Checking `timed'\.\.\. INFECTED$'
Checking `timed'... INFECTED
OK
**** Test for '^Checking `traceroute'\.\.\. INFECTED$'
Checking `traceroute'... INFECTED
OK
**** Test for '^Checking `vdir'\.\.\. INFECTED$'
Checking `vdir'... INFECTED
OK
**** Test for '^Checking `w'\.\.\. INFECTED$'
Checking `w'... INFECTED
OK
**** Test for '^Checking `write'\.\.\. INFECTED$'
Checking `write'... INFECTED
OK
**** Test for '^Checking `aliens'\.\.\. started$'
Checking `aliens'... started
OK
**** Test for '^Searching for suspicious files in /[^ ]+/CHKROOTKIT_ROOT/dev\.\.\. +WARNING$'
Searching for suspicious files in /tmp/CHKROOTKIT_ROOT/dev... WARNING
OK
**** Test for '^WARNING: The following suspicious files were found in /[^ ]+/CHKROOTKIT_ROOT/dev:$'
WARNING: The following suspicious files were found in /tmp/CHKROOTKIT_ROOT/dev:
OK
**** Test for '^/[^ ]+/CHKROOTKIT_ROOT/dev/bad-file$'
/tmp/CHKROOTKIT_ROOT/dev/bad-file
OK
**** Test for '^Searching for known suspicious directories\.\.\. WARNING$'
Searching for known suspicious directories... WARNING
OK
**** Test for '^WARNING: Suspect directory /[^ ]+/CHKROOTKIT_ROOT/var/run/\.tmp/ found\. Looking for sniffer logs:$'
WARNING: Suspect directory /tmp/CHKROOTKIT_ROOT/var/run/.tmp/ found. Looking for sniffer logs:
OK
**** Test for '^/[^ ]+/CHKROOTKIT_ROOT/var/run/\.tmp/$'
/tmp/CHKROOTKIT_ROOT/var/run/.tmp/
OK
**** Test for '^/[^ ]+/CHKROOTKIT_ROOT/var/run/\.tmp/y$'
/tmp/CHKROOTKIT_ROOT/var/run/.tmp/y
OK
**** Test for '^Searching for known suspicious files\.\.\. WARNING$'
Searching for known suspicious files... WARNING
OK
**** Test for '^WARNING: The following known suspicious files were found:$'
WARNING: The following known suspicious files were found:
OK
**** Test for '^/[^ ]+/CHKROOTKIT_ROOT/usr/bin/atm$'
/tmp/CHKROOTKIT_ROOT/usr/bin/atm
OK
**** Test for '^/[^ ]+/CHKROOTKIT_ROOT/etc/ld\.so\.hash$'
/tmp/CHKROOTKIT_ROOT/etc/ld.so.hash
/tmp/CHKROOTKIT_ROOT/etc/ld.so.hash
OK
**** Test for '^Searching for sniffer's logs\.\.\. WARNING$'
Searching for sniffer's logs... WARNING
OK
**** Test for '^WARNING: The following potential sniffer's logs were found:$'
WARNING: The following potential sniffer's logs were found:
OK
**** Test for '^/[^ ]+/CHKROOTKIT_ROOT/tmp/tcp\.log$'
/tmp/CHKROOTKIT_ROOT/tmp/tcp.log
OK
**** Test for '^Searching for HiDrootkit rootkit\.\.\. WARNING$'
Searching for HiDrootkit rootkit... WARNING
OK
**** Test for '^WARNING: Possible HiDrootkit rootkit installed:$'
WARNING: Possible HiDrootkit rootkit installed:
OK
**** Test for '^/[^ ]+/CHKROOTKIT_ROOT/var/lib/games/\.k/$'
/tmp/CHKROOTKIT_ROOT/var/lib/games/.k/
OK
**** Test for '^Searching for t0rn rootkit\.\.\. WARNING$'
Searching for t0rn rootkit... WARNING
OK
**** Test for '^WARNING: Possible t0rn rootkit installed:$'
WARNING: Possible t0rn rootkit installed:
OK
**** Test for '^/[^ ]+/CHKROOTKIT_ROOT/etc/ttyhash$'
/tmp/CHKROOTKIT_ROOT/etc/ttyhash
OK
**** Test for '^Searching for t0rn v8 \(or variation\)\.\.\. WARNING$'
Searching for t0rn v8 (or variation)... WARNING
OK
**** Test for '^WARNING: Possible t0rn v8 \(or variation\) rootkit installed:$'
WARNING: Possible t0rn v8 (or variation) rootkit installed:
OK
**** Test for '^/[^ ]+/CHKROOTKIT_ROOT/usr/local/lib/libproc\.a$'
/tmp/CHKROOTKIT_ROOT/usr/local/lib/libproc.a
OK
**** Test for '^Searching for Lion rootkit\.\.\. WARNING$'
Searching for Lion rootkit... WARNING
OK
**** Test for '^WARNING: Possible Lion rootkit installed:$'
WARNING: Possible Lion rootkit installed:
OK
**** Test for '^/[^ ]+/CHKROOTKIT_ROOT/bin/mjy$'
/tmp/CHKROOTKIT_ROOT/bin/mjy
OK
**** Test for '^Searching for RSHA rootkit\.\.\. WARNING$'
Searching for RSHA rootkit... WARNING
OK
**** Test for '^WARNING: Possible RSHA rootkit installed:$'
WARNING: Possible RSHA rootkit installed:
OK
**** Test for '^/[^ ]+/CHKROOTKIT_ROOT/usr/bin/n3tstat$'
/tmp/CHKROOTKIT_ROOT/usr/bin/n3tstat
OK
**** Test for '^Searching for RH-Sharpe rootkit\.\.\. WARNING$'
Searching for RH-Sharpe rootkit... WARNING
OK
**** Test for '^WARNING: Possible RH-Sharpe rootkit installed:$'
WARNING: Possible RH-Sharpe rootkit installed:
OK
**** Test for '^/[^ ]+/CHKROOTKIT_ROOT/bin/lps$'
/tmp/CHKROOTKIT_ROOT/bin/lps
OK
**** Test for '^Searching for Ambient \(ark\) rootkit\.\.\. WARNING$'
Searching for Ambient (ark) rootkit... WARNING
OK
**** Test for '^WARNING: Possible Ambient's rootkit \(ark\) installed:$'
WARNING: Possible Ambient's rootkit (ark) installed:
OK
**** Test for '^/[^ ]+/CHKROOTKIT_ROOT/usr/lib/\.ark\?$'
/tmp/CHKROOTKIT_ROOT/usr/lib/.ark?
/tmp/CHKROOTKIT_ROOT/usr/lib/.ark?
OK
**** Test for '^Searching for suspicious files and dirs\.\.\. WARNING$'
Searching for suspicious files and dirs... WARNING
OK
**** Test for '^WARNING: The following suspicious files and directories were found:$'
WARNING: The following suspicious files and directories were found:
OK
**** Test for '^/[^ ]+/CHKROOTKIT_ROOT/(usr/)?lib/\.1$'
/tmp/CHKROOTKIT_ROOT/usr/lib/.1
OK
**** Test for '^/[^ ]+/CHKROOTKIT_ROOT/(usr/)?lib/\.aaa$'
/tmp/CHKROOTKIT_ROOT/usr/lib/.aaa
OK
**** Test for '^/[^ ]+/CHKROOTKIT_ROOT/(usr/)?lib/\.1DIR$'
/tmp/CHKROOTKIT_ROOT/usr/lib/.1DIR
OK
**** Test for '^/[^ ]+/CHKROOTKIT_ROOT/(usr/)?lib/\.ark\?$'
/tmp/CHKROOTKIT_ROOT/usr/lib/.ark?
/tmp/CHKROOTKIT_ROOT/usr/lib/.ark?
OK
**** Test for '^/[^ ]+/CHKROOTKIT_ROOT/(usr/)?lib/\.\.\.DIR$'
/tmp/CHKROOTKIT_ROOT/usr/lib/...DIR
OK
**** Test for '^/[^ ]+/CHKROOTKIT_ROOT/(usr/)?lib/\.bbb$'
/tmp/CHKROOTKIT_ROOT/usr/lib/.bbb
OK
**** Test for '^/[^ ]+/CHKROOTKIT_ROOT/(usr/)?lib/\.DIR-aaa$'
/tmp/CHKROOTKIT_ROOT/usr/lib/.DIR-aaa
OK
**** Test for '^/[^ ]+/CHKROOTKIT_ROOT/(usr/)?lib/\.\.\.$'
/tmp/CHKROOTKIT_ROOT/usr/lib/...
OK
**** Test for '^Searching for LPD Worm\.\.\. WARNING$'
Searching for LPD Worm... WARNING
OK
**** Test for '^WARNING: Possible LPD worm installed \(based on files found\)$'
WARNING: Possible LPD worm installed (based on files found)
OK
**** Test for '^Searching for Ramen Worm rootkit\.\.\. WARNING$'
Searching for Ramen Worm rootkit... WARNING
OK
**** Test for '^WARNING: Possible Ramen Worm rootkit installed:$'
WARNING: Possible Ramen Worm rootkit installed:
OK
**** Test for '^/[^ ]+/CHKROOTKIT_ROOT/usr/src/\.poop/$'
/tmp/CHKROOTKIT_ROOT/usr/src/.poop/
OK
**** Test for '^Searching for Maniac rootkit\.\.\. WARNING$'
Searching for Maniac rootkit... WARNING
OK
**** Test for '^WARNING: Possible Maniac rootkit installed:$'
WARNING: Possible Maniac rootkit installed:
OK
**** Test for '^/[^ ]+/CHKROOTKIT_ROOT/usr/bin/mailrc$'
/tmp/CHKROOTKIT_ROOT/usr/bin/mailrc
OK
**** Test for '^Searching for RK17 rootkit\.\.\. WARNING$'
Searching for RK17 rootkit... WARNING
OK
**** Test for '^WARNING: Possible RK17 rootkit installed:$'
WARNING: Possible RK17 rootkit installed:
OK
**** Test for '^/[^ ]+/CHKROOTKIT_ROOT/www/httpd/cgi-bin/bogus\.cgi$'
/tmp/CHKROOTKIT_ROOT/www/httpd/cgi-bin/bogus.cgi
OK
**** Test for '^/[^ ]+/CHKROOTKIT_ROOT/usr/lib/number\.cgi$'
/tmp/CHKROOTKIT_ROOT/usr/lib/number.cgi
OK
**** Test for '^Searching for Ducoci rootkit\.\.\. WARNING$'
Searching for Ducoci rootkit... WARNING
OK
**** Test for '^WARNING: Possible Ducoci rootkit installed:$'
WARNING: Possible Ducoci rootkit installed:
OK
**** Test for '^/[^ ]+/CHKROOTKIT_ROOT/www/httpd/cgi-bin/last\.cgi$'
/tmp/CHKROOTKIT_ROOT/www/httpd/cgi-bin/last.cgi
OK
**** Test for '^Searching for Adore Worm\.\.\. WARNING$'
Searching for Adore Worm... WARNING
OK
**** Test for '^WARNING: Possible Adore Worm installed:$'
WARNING: Possible Adore Worm installed:
OK
**** Test for '^/[^ ]+/CHKROOTKIT_ROOT/usr/bin/red\.tar$'
/tmp/CHKROOTKIT_ROOT/usr/bin/red.tar
OK
**** Test for '^Searching for ShitC Worm\.\.\. WARNING$'
Searching for ShitC Worm... WARNING
OK
**** Test for '^WARNING: Possible ShitC Worm installed:$'
WARNING: Possible ShitC Worm installed:
OK
**** Test for '^/[^ ]+/CHKROOTKIT_ROOT/(usr/)?bin/dy$'
/tmp/CHKROOTKIT_ROOT/usr/bin/dy
OK
**** Test for '^/[^ ]+/CHKROOTKIT_ROOT/(usr/)?bin/frgy$'
/tmp/CHKROOTKIT_ROOT/usr/bin/frgy
OK
**** Test for '^Searching for Omega Worm\.\.\. WARNING$'
Searching for Omega Worm... WARNING
OK
**** Test for '^WARNING: Possible Omega Worm installed:$'
WARNING: Possible Omega Worm installed:
OK
**** Test for '^/[^ ]+/CHKROOTKIT_ROOT/dev/chr$'
/tmp/CHKROOTKIT_ROOT/dev/chr
OK
**** Test for '^Searching for Sadmind/IIS Worm\.\.\. WARNING$'
Searching for Sadmind/IIS Worm... WARNING
OK
**** Test for '^WARNING: Possible Sadmin/IIS Worm installed:$'
WARNING: Possible Sadmin/IIS Worm installed:
OK
**** Test for '^/[^ ]+/CHKROOTKIT_ROOT/dev/cuc$'
/tmp/CHKROOTKIT_ROOT/dev/cuc
OK
**** Test for '^Searching for MonKit\.\.\. WARNING$'
Searching for MonKit... WARNING
OK
**** Test for '^WARNING: Possible MonKit installed:$'
WARNING: Possible MonKit installed:
OK
**** Test for '^/[^ ]+/CHKROOTKIT_ROOT/usr/lib/libpikapp\.a$'
/tmp/CHKROOTKIT_ROOT/usr/lib/libpikapp.a
OK
**** Test for '^Searching for Showtee rootkit\.\.\. WARNING$'
Searching for Showtee rootkit... WARNING
OK
**** Test for '^WARNING: Possible Showtee rootkit installed:$'
WARNING: Possible Showtee rootkit installed:
OK
**** Test for '^/[^ ]+/CHKROOTKIT_ROOT/usr/include/proc\.h$'
/tmp/CHKROOTKIT_ROOT/usr/include/proc.h
/tmp/CHKROOTKIT_ROOT/usr/include/proc.h
OK
**** Test for '^/[^ ]+/CHKROOTKIT_ROOT/usr/include/chk\.h$'
/tmp/CHKROOTKIT_ROOT/usr/include/chk.h
OK
**** Test for '^Searching for OpticKit\.\.\. WARNING$'
Searching for OpticKit... WARNING
OK
**** Test for '^WARNING: Possible OpticKit installed:$'
WARNING: Possible OpticKit installed:
OK
**** Test for '^/[^ ]+/CHKROOTKIT_ROOT/usr/bin/xsf$'
/tmp/CHKROOTKIT_ROOT/usr/bin/xsf
/tmp/CHKROOTKIT_ROOT/usr/bin/xsf
OK
**** Test for '^Searching for T\.R\.K\.\.\. WARNING$'
Searching for T.R.K... WARNING
OK
**** Test for '^WARNING: Possible T\.R\.K installed:$'
WARNING: Possible T.R.K installed:
OK
**** Test for '^/[^ ]+/CHKROOTKIT_ROOT/usr/bin/xsf$'
/tmp/CHKROOTKIT_ROOT/usr/bin/xsf
/tmp/CHKROOTKIT_ROOT/usr/bin/xsf
OK
**** Test for '^Searching for Mithra rootkit\.\.\. WARNING$'
Searching for Mithra rootkit... WARNING
OK
**** Test for '^WARNING: Possible Mithra installed:$'
WARNING: Possible Mithra installed:
OK
**** Test for '^/[^ ]+/CHKROOTKIT_ROOT/usr/lib/locale/uboot$'
/tmp/CHKROOTKIT_ROOT/usr/lib/locale/uboot
OK
**** Test for '^Searching for OBSD rootkit v1\.\.\. not tested$'
Searching for OBSD rootkit v1... not tested
OK
**** Test for '^Searching for LOC rootkit\.\.\. WARNING$'
Searching for LOC rootkit... WARNING
OK
**** Test for '^WARNING: Possible LOC rootkit installed:$'
WARNING: Possible LOC rootkit installed:
OK
**** Test for '^/[^ ]+/CHKROOTKIT_ROOT/tmp/xp$'
/tmp/CHKROOTKIT_ROOT/tmp/xp
OK
**** Test for '^/[^ ]+/CHKROOTKIT_ROOT/usr/sbin/epic$'
/tmp/CHKROOTKIT_ROOT/usr/sbin/epic
OK
**** Test for '^Searching for Romanian rootkit\.\.\. WARNING$'
Searching for Romanian rootkit... WARNING
OK
**** Test for '^WARNING: Possible Romanian rootkit installed:$'
WARNING: Possible Romanian rootkit installed:
OK
**** Test for '^/[^ ]+/CHKROOTKIT_ROOT/usr/include/proc\.h$'
/tmp/CHKROOTKIT_ROOT/usr/include/proc.h
/tmp/CHKROOTKIT_ROOT/usr/include/proc.h
OK
**** Test for '^Searching for HKRK rootkit\.\.\. WARNING$'
Searching for HKRK rootkit... WARNING
OK
**** Test for '^WARNING: Possible HKRK rootkit installed in /[^ ]+/CHKROOTKIT_ROOT/etc/rc\.d/init\.d/network$'
WARNING: Possible HKRK rootkit installed in /tmp/CHKROOTKIT_ROOT/etc/rc.d/init.d/network
OK
**** Test for '^Searching for Suckit rootkit\.\.\. WARNING$'
Searching for Suckit rootkit... WARNING
OK
**** Test for '^WARNING: Possible Suckit:$'
WARNING: Possible Suckit:
OK
**** Test for '^/[^ ]+/CHKROOTKIT_ROOT/dev/\.golf/$'
/tmp/CHKROOTKIT_ROOT/dev/.golf/
OK
**** Test for '^Searching for Volc rootkit\.\.\. WARNING$'
Searching for Volc rootkit... WARNING
OK
**** Test for '^WARNING: Possible Volc rootkit installed:$'
WARNING: Possible Volc rootkit installed:
OK
**** Test for '^/[^ ]+/CHKROOTKIT_ROOT/usr/bin/volc$'
/tmp/CHKROOTKIT_ROOT/usr/bin/volc
OK
**** Test for '^Searching for Gold2 rootkit\.\.\. WARNING$'
Searching for Gold2 rootkit... WARNING
OK
**** Test for '^WARNING: Possible Gold2 rootkit installed:$'
WARNING: Possible Gold2 rootkit installed:
OK
**** Test for '^/[^ ]+/CHKROOTKIT_ROOT/usr/bin/ishit$'
/tmp/CHKROOTKIT_ROOT/usr/bin/ishit
OK
**** Test for '^Searching for TC2 rootkit\.\.\. WARNING$'
Searching for TC2 rootkit... WARNING
OK
**** Test for '^WARNING: Possible TC2 rootkit installed:$'
WARNING: Possible TC2 rootkit installed:
OK
**** Test for '^/[^ ]+/CHKROOTKIT_ROOT/usr/sbin/initcheck$'
/tmp/CHKROOTKIT_ROOT/usr/sbin/initcheck
OK
**** Test for '^Searching for Anonoying rootkit\.\.\. WARNING$'
Searching for Anonoying rootkit... WARNING
OK
**** Test for '^WARNING: Possible Anonoying rootkit installed:$'
WARNING: Possible Anonoying rootkit installed:
OK
**** Test for '^/[^ ]+/CHKROOTKIT_ROOT/usr/sbin/mech$'
/tmp/CHKROOTKIT_ROOT/usr/sbin/mech
OK
**** Test for '^Searching for ZK rootkit\.\.\. WARNING$'
Searching for ZK rootkit... WARNING
OK
**** Test for '^WARNING: Possible ZK rootkit installed:$'
WARNING: Possible ZK rootkit installed:
OK
**** Test for '^/[^ ]+/CHKROOTKIT_ROOT/etc/sysconfig/console/load\.zk$'
/tmp/CHKROOTKIT_ROOT/etc/sysconfig/console/load.zk
OK
**** Test for '^Searching for ShKit rootkit\.\.\. WARNING$'
Searching for ShKit rootkit... WARNING
OK
**** Test for '^WARNING: Possible ShKit rootkit installed:$'
WARNING: Possible ShKit rootkit installed:
OK
**** Test for '^/[^ ]+/CHKROOTKIT_ROOT/etc/ld\.so\.hash$'
/tmp/CHKROOTKIT_ROOT/etc/ld.so.hash
/tmp/CHKROOTKIT_ROOT/etc/ld.so.hash
OK
**** Test for '^Searching for AjaKit rootkit\.\.\. WARNING$'
Searching for AjaKit rootkit... WARNING
OK
**** Test for '^WARNING: Possible AjaKit rootkit installed:$'
WARNING: Possible AjaKit rootkit installed:
OK
**** Test for '^/[^ ]+/CHKROOTKIT_ROOT/dev/tux/$'
/tmp/CHKROOTKIT_ROOT/dev/tux/
OK
**** Test for '^Searching for zaRwT rootkit\.\.\. WARNING$'
Searching for zaRwT rootkit... WARNING
OK
**** Test for '^WARNING: Possible zaRwT rootkit installed:$'
WARNING: Possible zaRwT rootkit installed:
OK
**** Test for '^/[^ ]+/CHKROOTKIT_ROOT/bin/imout$'
/tmp/CHKROOTKIT_ROOT/bin/imout
OK
**** Test for '^Searching for Madalin rootkit\.\.\. WARNING$'
Searching for Madalin rootkit... WARNING
OK
**** Test for '^WARNING: Possible Madalin rootkit installed:$'
WARNING: Possible Madalin rootkit installed:
OK
**** Test for '^/[^ ]+/CHKROOTKIT_ROOT/usr/include/icekey\.h$'
/tmp/CHKROOTKIT_ROOT/usr/include/icekey.h
OK
**** Test for '^Searching for Fu rootkit\.\.\. WARNING$'
Searching for Fu rootkit... WARNING
OK
**** Test for '^WARNING: Possible Fu rootkit installed:$'
WARNING: Possible Fu rootkit installed:
OK
**** Test for '^/[^ ]+/CHKROOTKIT_ROOT/sbin/xc$'
/tmp/CHKROOTKIT_ROOT/sbin/xc
OK
**** Test for '^Searching for Kenga3 rootkit\.\.\. WARNING$'
Searching for Kenga3 rootkit... WARNING
OK
**** Test for '^WARNING: Possible Kenga3 rootkit installed:$'
WARNING: Possible Kenga3 rootkit installed:
OK
**** Test for '^/[^ ]+/CHKROOTKIT_ROOT/usr/include/\. \./$'
/tmp/CHKROOTKIT_ROOT/usr/include/. ./
OK
**** Test for '^/[^ ]+/CHKROOTKIT_ROOT/usr/include/\. \./foo$'
/tmp/CHKROOTKIT_ROOT/usr/include/. ./foo
OK
**** Test for '^Searching for ESRK rootkit\.\.\. WARNING$'
Searching for ESRK rootkit... WARNING
OK
**** Test for '^WARNING: Possible ESRK rootkit installed:$'
WARNING: Possible ESRK rootkit installed:
OK
**** Test for '^/[^ ]+/CHKROOTKIT_ROOT/usr/lib/tcl5\.3/$'
/tmp/CHKROOTKIT_ROOT/usr/lib/tcl5.3/
OK
**** Test for '^Searching for rootedoor\.\.\. WARNING$'
Searching for rootedoor... WARNING
OK
**** Test for '^WARNING: Possible rootedoor installed:$'
WARNING: Possible rootedoor installed:
OK
**** Test for '^/[^ ]+/CHKROOTKIT_ROOT/usr/sbin/rootedoor$'
/tmp/CHKROOTKIT_ROOT/usr/sbin/rootedoor
/tmp/CHKROOTKIT_ROOT/usr/sbin/rootedoor
OK
**** Test for '^/[^ ]+/CHKROOTKIT_ROOT/sbin/rootedoor$'
/tmp/CHKROOTKIT_ROOT/sbin/rootedoor
/tmp/CHKROOTKIT_ROOT/sbin/rootedoor
OK
**** Test for '^Searching for ENYELKM rootkit\.\.\. WARNING$'
Searching for ENYELKM rootkit... WARNING
OK
**** Test for '^WARNING: Possible ENYELKM rootkit installed:$'
WARNING: Possible ENYELKM rootkit installed:
OK
**** Test for '^/[^ ]+/CHKROOTKIT_ROOT/etc/\.enyelkmOCULTAR\.ko/$'
/tmp/CHKROOTKIT_ROOT/etc/.enyelkmOCULTAR.ko/
OK
**** Test for '^Searching for common ssh-scanners\.\.\. WARNING$'
Searching for common ssh-scanners... WARNING
OK
**** Test for '^WARNING: Possible ssh-scanner installed:$'
WARNING: Possible ssh-scanner installed:
OK
**** Test for '^/[^ ]+/CHKROOTKIT_ROOT/var/tmp/vuln\.txt$'
/tmp/CHKROOTKIT_ROOT/var/tmp/vuln.txt
OK
**** Test for '^Searching for Linux/Ebury 1\.4 - Operation Windigo\.\.\. WARNING$'
Searching for Linux/Ebury 1.4 - Operation Windigo... WARNING
OK
**** Test for '^WARNING: /[^ ]+/CHKROOTKIT_ROOT/usr/sbin/ssh may be INFECTED by Linux/Ebury 1\.4$'
WARNING: /tmp/CHKROOTKIT_ROOT/usr/sbin/ssh may be INFECTED by Linux/Ebury 1.4
OK
**** Test for '^Searching for Linux/Ebury 1\.6\.\.\. WARNING$'
Searching for Linux/Ebury 1.6... WARNING
OK
**** Test for '^WARNING: Possible Linux/Ebury 1\.6 - Operation Windigo installed in /[^ ]+/CHKROOTKIT_ROOT/lib/x86_64-linux-gnu/libkeyutils\.so\.1$'
WARNING: Possible Linux/Ebury 1.6 - Operation Windigo installed in /tmp/CHKROOTKIT_ROOT/lib/x86_64-linux-gnu/libkeyutils.so.1
OK
**** Test for '^Searching for 64-bit Linux Rootkit\.\.\. WARNING$'
Searching for 64-bit Linux Rootkit... WARNING
OK
**** Test for '^WARNING: Possible 64-bit Linux Rootkit:'
WARNING: Possible 64-bit Linux Rootkit:
OK
**** Test for '^/[^ ]+/CHKROOTKIT_ROOT/usr/local/hide/$'
/tmp/CHKROOTKIT_ROOT/usr/local/hide/
OK
**** Test for '^/[^ ]+/CHKROOTKIT_ROOT/usr/local/hide/foo$'
/tmp/CHKROOTKIT_ROOT/usr/local/hide/foo
OK
**** Test for '^/[^ ]+/CHKROOTKIT_ROOT/etc/rc\.local$'
/tmp/CHKROOTKIT_ROOT/etc/rc.local
OK
**** Test for '^Searching for 64-bit Linux Rootkit modules\.\.\. WARNING$'
Searching for 64-bit Linux Rootkit modules... WARNING
OK
**** Test for '^WARNING: Possible 64-bit rootkit modules installed:$'
WARNING: Possible 64-bit rootkit modules installed:
OK
**** Test for '^/[^ ]+/CHKROOTKIT_ROOT/lib/modules/module_init\.ko$'
/tmp/CHKROOTKIT_ROOT/lib/modules/module_init.ko
OK
**** Test for '^Searching for Mumblehard\.\.\. WARNING$'
Searching for Mumblehard... WARNING
OK
**** Test for '^WARNING: Possible Mumblehard backdoor installed:$'
WARNING: Possible Mumblehard backdoor installed:
OK
**** Test for '^/[^ ]+/CHKROOTKIT_ROOT/var/spool/cron/crontabs/foo$'
/tmp/CHKROOTKIT_ROOT/var/spool/cron/crontabs/foo
OK
**** Test for '^Searching for Backdoor\.Linux\.Mokes\.a\.\.\. WARNING$'
Searching for Backdoor.Linux.Mokes.a... WARNING
OK
**** Test for '^WARNING: Possible Backdoor\.Linux\.Mokes\.a installed:$'
WARNING: Possible Backdoor.Linux.Mokes.a installed:
OK
**** Test for '^/[^ ]+/CHKROOTKIT_ROOT/tmp/ss0-0$'
/tmp/CHKROOTKIT_ROOT/tmp/ss0-0
OK
**** Test for '^Searching for Malicious TinyDNS\.\.\. WARNING$'
Searching for Malicious TinyDNS... WARNING
OK
**** Test for '^WARNING: Possible Malicious TinyDNS installed:$'
WARNING: Possible Malicious TinyDNS installed:
OK
**** Test for '^/[^ ]+/CHKROOTKIT_ROOT/home/ \./$'
/tmp/CHKROOTKIT_ROOT/home/ ./
OK
**** Test for '^/[^ ]+/CHKROOTKIT_ROOT/home/ \./tinyDNS$'
/tmp/CHKROOTKIT_ROOT/home/ ./tinyDNS
OK
**** Test for '^Searching for Linux\.Xor\.DDoS\.\.\. WARNING$'
Searching for Linux.Xor.DDoS... WARNING
OK
**** Test for '^WARNING: Possible Linux\.Xor\.DDoS installed:$'
WARNING: Possible Linux.Xor.DDoS installed:
OK
**** Test for '^/[^ ]+/CHKROOTKIT_ROOT/tmp/clean/strings$'
/tmp/CHKROOTKIT_ROOT/tmp/clean/strings
OK
**** Test for '^/[^ ]+/CHKROOTKIT_ROOT/tmp/clean/uname$'
/tmp/CHKROOTKIT_ROOT/tmp/clean/uname
OK
**** Test for '^/[^ ]+/CHKROOTKIT_ROOT/tmp/clean/head$'
/tmp/CHKROOTKIT_ROOT/tmp/clean/head
OK
**** Test for '^/[^ ]+/CHKROOTKIT_ROOT/tmp/clean/find$'
/tmp/CHKROOTKIT_ROOT/tmp/clean/find
OK
**** Test for '^/[^ ]+/CHKROOTKIT_ROOT/tmp/clean/echo$'
/tmp/CHKROOTKIT_ROOT/tmp/clean/echo
OK
**** Test for '^/[^ ]+/CHKROOTKIT_ROOT/tmp/clean/netstat$'
/tmp/CHKROOTKIT_ROOT/tmp/clean/netstat
OK
**** Test for '^/[^ ]+/CHKROOTKIT_ROOT/tmp/clean/ls$'
/tmp/CHKROOTKIT_ROOT/tmp/clean/ls
OK
**** Test for '^/[^ ]+/CHKROOTKIT_ROOT/tmp/clean/ls\.orig$'
/tmp/CHKROOTKIT_ROOT/tmp/clean/ls.orig
OK
**** Test for '^/[^ ]+/CHKROOTKIT_ROOT/tmp/clean/ps$'
/tmp/CHKROOTKIT_ROOT/tmp/clean/ps
OK
**** Test for '^/[^ ]+/CHKROOTKIT_ROOT/tmp/clean/awk$'
/tmp/CHKROOTKIT_ROOT/tmp/clean/awk
OK
**** Test for '^/[^ ]+/CHKROOTKIT_ROOT/tmp/clean/grep$'
/tmp/CHKROOTKIT_ROOT/tmp/clean/grep
OK
**** Test for '^/[^ ]+/CHKROOTKIT_ROOT/tmp/clean/grep\.orig$'
/tmp/CHKROOTKIT_ROOT/tmp/clean/grep.orig
OK
**** Test for '^/[^ ]+/CHKROOTKIT_ROOT/tmp/clean/dirname$'
/tmp/CHKROOTKIT_ROOT/tmp/clean/dirname
OK
**** Test for '^/[^ ]+/CHKROOTKIT_ROOT/tmp/clean/ss$'
/tmp/CHKROOTKIT_ROOT/tmp/clean/ss
OK
**** Test for '^/[^ ]+/CHKROOTKIT_ROOT/tmp/clean/sed$'
/tmp/CHKROOTKIT_ROOT/tmp/clean/sed
OK
**** Test for '^/[^ ]+/CHKROOTKIT_ROOT/tmp/clean/cut$'
/tmp/CHKROOTKIT_ROOT/tmp/clean/cut
OK
**** Test for '^/[^ ]+/CHKROOTKIT_ROOT/tmp/clean/id$'
/tmp/CHKROOTKIT_ROOT/tmp/clean/id
OK
**** Test for '^/[^ ]+/CHKROOTKIT_ROOT/tmp/clean/xargs$'
/tmp/CHKROOTKIT_ROOT/tmp/clean/xargs
OK
**** Test for '^/[^ ]+/CHKROOTKIT_ROOT/tmp/clean/dpkg-query$'
/tmp/CHKROOTKIT_ROOT/tmp/clean/dpkg-query
OK
**** Test for '^/[^ ]+/CHKROOTKIT_ROOT/tmp/test-chkrootkit-false-positive$'
/tmp/CHKROOTKIT_ROOT/tmp/test-chkrootkit-false-positive
OK
**** Test for '^Searching for Linux\.Proxy\.1\.0\.\.\. WARNING$'
Searching for Linux.Proxy.1.0... WARNING
OK
**** Test for '^WARNING: INFECTED: Possible Malicious Linux\.Proxy\.10 installed in /etc/passwd$'
WARNING: INFECTED: Possible Malicious Linux.Proxy.10 installed in /etc/passwd
OK
**** Test for '^Searching for CrossRAT\.\.\. WARNING$'
Searching for CrossRAT... WARNING
OK
**** Test for '^WARNING: Possible Malicious CrossRAT installed:$'
WARNING: Possible Malicious CrossRAT installed:
OK
**** Test for '^/[^ ]+/CHKROOTKIT_ROOT/usr/var/mediamgrs\.jar$'
/tmp/CHKROOTKIT_ROOT/usr/var/mediamgrs.jar
OK
**** Test for '^Searching for Hidden Cobra\.\.\. WARNING$'
Searching for Hidden Cobra... WARNING
OK
**** Test for '^WARNING: Possible Malicious Hidden Cobra installed:$'
WARNING: Possible Malicious Hidden Cobra installed:
OK
**** Test for '^/[^ ]+/CHKROOTKIT_ROOT/tmp/\.ICE-unix/engine\.so$'
/tmp/CHKROOTKIT_ROOT/tmp/.ICE-unix/engine.so
OK
**** Test for '^Searching for Rocke Miner rootkit\.\.\. WARNING$'
Searching for Rocke Miner rootkit... WARNING
OK
**** Test for '^WARNING: Possible Rocke Miner rootkit installed:$'
WARNING: Possible Rocke Miner rootkit installed:
OK
**** Test for '^/[^ ]+/CHKROOTKIT_ROOT/etc/xig$'
/tmp/CHKROOTKIT_ROOT/etc/xig
OK
**** Test for '^Searching for PWNLNX4 lkm rootkit\.\.\. WARNING$'
Searching for PWNLNX4 lkm rootkit... WARNING
OK
**** Test for '^WARNING: Possible PWNLNX4 lkm rootkit installed:$'
WARNING: Possible PWNLNX4 lkm rootkit installed:
OK
**** Test for '^/[^ ]+/CHKROOTKIT_ROOT/var/tmp/\.1/$'
/tmp/CHKROOTKIT_ROOT/var/tmp/.1/
OK
**** Test for '^Searching for PWNLNX6 lkm rootkit\.\.\. WARNING$'
Searching for PWNLNX6 lkm rootkit... WARNING
OK
**** Test for '^WARNING: Possible PWNLNX6 lkm rootkit installed:$'
WARNING: Possible PWNLNX6 lkm rootkit installed:
OK
**** Test for '^/[^ ]+/CHKROOTKIT_ROOT/tmp/suterusu/$'
/tmp/CHKROOTKIT_ROOT/tmp/suterusu/
OK
**** Test for '^Searching for Umbreon lrk\.\.\. WARNING$'
Searching for Umbreon lrk... WARNING
OK
**** Test for '^WARNING: Possible Malicious UMBREON LRK installed:$'
WARNING: Possible Malicious UMBREON LRK installed:
OK
**** Test for '^/[^ ]+/CHKROOTKIT_ROOT/usr/share/libc\.so\.69$'
/tmp/CHKROOTKIT_ROOT/usr/share/libc.so.69
OK
**** Test for '^Searching for Kinsing\.a backdoor rootkit\.\.\. WARNING$'
Searching for Kinsing.a backdoor rootkit... WARNING
OK
**** Test for '^WARNING: Possible Kinsing\.a backdoor rootkit installed:$'
WARNING: Possible Kinsing.a backdoor rootkit installed:
OK
**** Test for '^/[^ ]+/CHKROOTKIT_ROOT/tmp/kdevtmpfsi$'
/tmp/CHKROOTKIT_ROOT/tmp/kdevtmpfsi
OK
**** Test for '^Searching for RotaJakiro backdoor rootkit\.\.\. WARNING$'
Searching for RotaJakiro backdoor rootkit... WARNING
OK
**** Test for '^WARNING: Possible RotaJakiro backdoor rootkit installed:$'
WARNING: Possible RotaJakiro backdoor rootkit installed:
OK
**** Test for '^/[^ ]+/CHKROOTKIT_ROOT/bin/systemd-daemon$'
/tmp/CHKROOTKIT_ROOT/bin/systemd-daemon
OK
**** Test for '^Searching for Syslogk LKM rootkit\.\.\. not tested$'
Searching for Syslogk LKM rootkit... not tested
OK
**** Test for '^Searching for Kovid LKM rootkit\.\.\. WARNING$'
Searching for Kovid LKM rootkit... WARNING
OK
**** Test for '^WARNING: INFECTED: Possible Malicious Kovid LKM rootkit installed: /[^ ]+/CHKROOTKIT_ROOT/proc/kovid$'
WARNING: INFECTED: Possible Malicious Kovid LKM rootkit installed: /tmp/CHKROOTKIT_ROOT/proc/kovid
OK
**** Test for '^Searching for Tsunami DDoS Malware rootkit\.\.\. WARNING$'
Searching for Tsunami DDoS Malware rootkit... WARNING
OK
**** Test for '^WARNING: Possible Tsunami DDoS Malware rootkit installed:$'
WARNING: Possible Tsunami DDoS Malware rootkit installed:
OK
**** Test for '^/[^ ]+/CHKROOTKIT_ROOT/bin/cls$'
/tmp/CHKROOTKIT_ROOT/bin/cls
OK
**** Test for '^Searching for Linux BPF Door\.\.\. WARNING$'
Searching for Linux BPF Door... WARNING
OK
**** Test for '^WARNING: Possible Linux BPFDoor Malware installed:$'
WARNING: Possible Linux BPFDoor Malware installed:
OK
**** Test for '^/proc/xx/stack$'
/proc/xx/stack
OK
**** Test for '^Searching for suspect PHP files\.\.\. WARNING$'
Searching for suspect PHP files... WARNING
OK
**** Test for '^WARNING: The following suspicious PHP files were found:$'
WARNING: The following suspicious PHP files were found:
OK
**** Test for '^/[^ ]+/CHKROOTKIT_ROOT/tmp/name\.php$'
/tmp/CHKROOTKIT_ROOT/tmp/name.php
OK
**** Test for '^/[^ ]+/CHKROOTKIT_ROOT/tmp/sp ace/aaa' exit 1; "'
/tmp/CHKROOTKIT_ROOT/tmp/sp ace/aaa' exit 1; "
OK
**** Test for '^/[^ ]+/CHKROOTKIT_ROOT/tmp/by-content$'
/tmp/CHKROOTKIT_ROOT/tmp/by-content
OK
**** Test for '^Searching for zero-size shell history files in /[^ ]+/CHKROOTKIT_ROOT/root\.\.\. WARNING$'
Searching for zero-size shell history files in /tmp/CHKROOTKIT_ROOT/root... WARNING
OK
**** Test for '^WARNING: Zero-size history files:$'
WARNING: Zero-size history files:
OK
**** Test for '^/[^ ]+/CHKROOTKIT_ROOT/root/\.whatever\.history$'
/tmp/CHKROOTKIT_ROOT/root/.whatever.history
/tmp/CHKROOTKIT_ROOT/root/.whatever.history
OK
**** Test for '^Searching for hardlinked shell history files in /[^ ]+/CHKROOTKIT_ROOT/root\.\.\. WARNING$'
Searching for hardlinked shell history files in /tmp/CHKROOTKIT_ROOT/root... WARNING
OK
**** Test for '^WARNING: shell history files hardlinked to another file:$'
WARNING: shell history files hardlinked to another file:
OK
**** Test for '^/[^ ]+/CHKROOTKIT_ROOT/root/\.whatever\.history$'
/tmp/CHKROOTKIT_ROOT/root/.whatever.history
/tmp/CHKROOTKIT_ROOT/root/.whatever.history
OK
**** Test for '^Checking `aliens'\.\.\. finished$'
Checking `aliens'... finished
OK
**** Test for '^Checking `asp'\.\.\. WARNING$'
Checking `asp'... WARNING
OK
**** Test for '^WARNING: Possible Ramen Worm installed in /[^ ]+/CHKROOTKIT_ROOT/etc/inetd\.conf$'
WARNING: Possible Ramen Worm installed in /tmp/CHKROOTKIT_ROOT/etc/inetd.conf
OK
**** Test for '^Checking `bindshell'\.\.\. not tested$'
Checking `bindshell'... not tested
OK
**** Test for '^Checking `lkm'\.\.\. started$'
Checking `lkm'... started
OK
**** Test for '^Searching for Adore LKM\.\.\. not tested$'
Searching for Adore LKM... not tested
OK
**** Test for '^Searching for sebek LKM \(Adore based\)\.\.\. not tested$'
Searching for sebek LKM (Adore based)... not tested
OK
**** Test for '^Searching for knark LKM rootkit\.\.\. not found$'
Searching for knark LKM rootkit... not found
OK
**** Test for '^Searching for for hidden processes with chkproc\.\.\. not tested$'
Searching for for hidden processes with chkproc... not tested
OK
**** Test for '^Searching for for hidden directories using chkdirs\.\.\.'
Searching for for hidden directories using chkdirs... not found
OK
**** Test for '^Checking `lkm'\.\.\. finished$'
Checking `lkm'... finished
OK
**** Test for '^Checking `rexedcs'\.\.\. INFECTED: /[^ ]+/CHKROOTKIT_ROOT/usr/bin/in\.rexedcs$'
Checking `rexedcs'... INFECTED: /tmp/CHKROOTKIT_ROOT/usr/bin/in.rexedcs
OK
**** Test for '^Checking `sniffer'\.\.\. not tested$'
Checking `sniffer'... not tested
OK
**** Test for '^Checking `w55808'\.\.\. WARNING$'
Checking `w55808'... WARNING
OK
**** Test for '^WARNING: Possible 55808 Worm installed$'
WARNING: Possible 55808 Worm installed
OK
**** Test for '^Checking `wted'\.\.\. not (tested|found)$'
Checking `wted'... not found
OK
**** Test for '^Checking `scalper'\.\.\. WARNING$'
Checking `scalper'... WARNING
OK
**** Test for '^WARNING: Possible Scalper Worm installed$'
WARNING: Possible Scalper Worm installed
OK
**** Test for '^Checking `slapper'\.\.\. WARNING$'
Checking `slapper'... WARNING
OK
**** Test for '^WARNING: Possible Slapper Worm installed:$'
WARNING: Possible Slapper Worm installed:
OK
**** Test for '^/[^ ]+/CHKROOTKIT_ROOT/tmp/\.bugtraq\.c$'
/tmp/CHKROOTKIT_ROOT/tmp/.bugtraq.c
OK
**** Test for '^Checking `z2'\.\.\. not (tested|found)$'
Checking `z2'... not found
OK
**** Test for '^Checking `chkutmp'\.\.\. not tested$'
Checking `chkutmp'... not tested
OK
**** Test for '^Checking `OSX_RSPLUG'\.\.\. not tested$'
Checking `OSX_RSPLUG'... not tested
OK
** PASS: Testing: setting-rootdir (chkrootkit -p /tmp/clean -r /tmp/CHKROOTKIT_ROOT) done: PASS
* Resetting
Removing symlink: /tmp/CHKROOTKIT_ROOT
replace /etc/passwd with /etc/passwd.pre-rootkit
/etc/passwd
/etc/passwd-
replace /etc/inetd.conf with /etc/inetd.conf.pre-rootkit
/etc/inetd.conf
kill: /usr/bin/atm
/tmp/clean/ls.orig: cannot access '/usr/bin/atm*': No such file or directory
kill: /tmp/tcp.log
/tmp/clean/ls.orig: cannot access '/tmp/tcp.log*': No such file or directory
kill: /var/lib/games/.k/foo
/tmp/clean/ls.orig: cannot access '/var/lib/games/.k/foo*': No such file or directory
kill: /usr/src/.poop/foo
/tmp/clean/ls.orig: cannot access '/usr/src/.poop/foo*': No such file or directory
kill: /dev/.golf/foo
/tmp/clean/ls.orig: cannot access '/dev/.golf/foo*': No such file or directory
kill: /dev/tux/foo
/tmp/clean/ls.orig: cannot access '/dev/tux/foo*': No such file or directory
kill: /usr/include/. ./foo
/tmp/clean/ls.orig: cannot access '/usr/include/. ./foo*': No such file or directory
kill: /usr/lib/tcl5.3/foo
/tmp/clean/ls.orig: cannot access '/usr/lib/tcl5.3/foo*': No such file or directory
kill: /etc/ttyhash
/tmp/clean/ls.orig: cannot access '/etc/ttyhash*': No such file or directory
kill: /usr/local/lib/libproc.a
/usr/local/lib/libproc.a*
kill: /bin/mjy
/tmp/clean/ls.orig: cannot access '/bin/mjy*': No such file or directory
kill: /usr/bin/n3tstat
/tmp/clean/ls.orig: cannot access '/usr/bin/n3tstat*': No such file or directory
kill: /bin/lps
/tmp/clean/ls.orig: cannot access '/bin/lps*': No such file or directory
kill: /usr/lib/.ark?
/tmp/clean/ls.orig: cannot access '/usr/lib/.ark?*': No such file or directory
kill: /usr/lib/number.cgi
/tmp/clean/ls.orig: cannot access '/usr/lib/number.cgi*': No such file or directory
kill: /www/httpd/cgi-bin/last.cgi
/tmp/clean/ls.orig: cannot access '/www/httpd/cgi-bin/last.cgi*': No such file or directory
kill: /usr/bin/red.tar
/tmp/clean/ls.orig: cannot access '/usr/bin/red.tar*': No such file or directory
kill: /bin/dy
/tmp/clean/ls.orig: cannot access '/bin/dy*': No such file or directory
kill: /dev/chr
/tmp/clean/ls.orig: cannot access '/dev/chr*': No such file or directory
kill: /dev/cucl
/tmp/clean/ls.orig: cannot access '/dev/cucl*': No such file or directory
kill: /usr/include/chk.h
/tmp/clean/ls.orig: cannot access '/usr/include/chk.h*': No such file or directory
kill: /usr/bin/xsf
/tmp/clean/ls.orig: cannot access '/usr/bin/xsf*': No such file or directory
kill: /usr/lib/locale/uboot
/tmp/clean/ls.orig: cannot access '/usr/lib/locale/uboot*': No such file or directory
kill: /tmp/xp
/tmp/clean/ls.orig: cannot access '/tmp/xp*': No such file or directory
kill: /usr/bin/volc
/tmp/clean/ls.orig: cannot access '/usr/bin/volc*': No such file or directory
kill: /usr/include/proc.h
/usr/include/proc.h*
kill: /etc/rc.d/init.d/network
/tmp/clean/ls.orig: cannot access '/etc/rc.d/init.d/network*': No such file or directory
kill: /usr/bin/ishit
/tmp/clean/ls.orig: cannot access '/usr/bin/ishit*': No such file or directory
kill: /usr/sbin/initcheck
/tmp/clean/ls.orig: cannot access '/usr/sbin/initcheck*': No such file or directory
kill: /usr/sbin/mech
/tmp/clean/ls.orig: cannot access '/usr/sbin/mech*': No such file or directory
kill: /etc/sysconfig/console/load.zk
/tmp/clean/ls.orig: cannot access '/etc/sysconfig/console/load.zk*': No such file or directory
kill: /etc/ld.so.hash
/tmp/clean/ls.orig: cannot access '/etc/ld.so.hash*': No such file or directory
kill: /bin/imout
/tmp/clean/ls.orig: cannot access '/bin/imout*': No such file or directory
kill: /usr/include/icekey.h
/tmp/clean/ls.orig: cannot access '/usr/include/icekey.h*': No such file or directory
kill: /sbin/xc
/tmp/clean/ls.orig: cannot access '/sbin/xc*': No such file or directory
kill: /sbin/rootedoor
/tmp/clean/ls.orig: cannot access '/sbin/rootedoor*': No such file or directory
kill: /etc/.enyelkmOCULTAR.ko/foo
/tmp/clean/ls.orig: cannot access '/etc/.enyelkmOCULTAR.ko/foo*': No such file or directory
kill: /var/tmp/vuln.txt
/tmp/clean/ls.orig: cannot access '/var/tmp/vuln.txt*': No such file or directory
kill: /usr/local/hide/foo
/tmp/clean/ls.orig: cannot access '/usr/local/hide/foo*': No such file or directory
kill: /lib/modules/module_init.ko
/tmp/clean/ls.orig: cannot access '/lib/modules/module_init.ko*': No such file or directory
kill: /tmp/ss0-0
/tmp/clean/ls.orig: cannot access '/tmp/ss0-0*': No such file or directory
kill: /usr/var/mediamgrs.jar
/tmp/clean/ls.orig: cannot access '/usr/var/mediamgrs.jar*': No such file or directory
kill: /tmp/.ICE-unix/engine.so
/tmp/clean/ls.orig: cannot access '/tmp/.ICE-unix/engine.so*': No such file or directory
kill: /etc/xig
/tmp/clean/ls.orig: cannot access '/etc/xig*': No such file or directory
kill: /var/tmp/.1/x
/tmp/clean/ls.orig: cannot access '/var/tmp/.1/x*': No such file or directory
kill: /var/run/.tmp/y
/tmp/clean/ls.orig: cannot access '/var/run/.tmp/y*': No such file or directory
kill: /tmp/suterusu/pwnlnx6
/tmp/clean/ls.orig: cannot access '/tmp/suterusu/pwnlnx6*': No such file or directory
kill: /usr/share/libc.so.69
/tmp/clean/ls.orig: cannot access '/usr/share/libc.so.69*': No such file or directory
kill: /tmp/kdevtmpfsi
/tmp/clean/ls.orig: cannot access '/tmp/kdevtmpfsi*': No such file or directory
kill: /bin/systemd-daemon
/tmp/clean/ls.orig: cannot access '/bin/systemd-daemon*': No such file or directory
kill: /syslogk
/tmp/clean/ls.orig: cannot access '/syslogk*': No such file or directory
kill: /root/.whatever.history
/root/.whatever.history.hardlink
kill: /root/.whatever.history.hardlink
/tmp/clean/ls.orig: cannot access '/root/.whatever.history.hardlink*': No such file or directory
kill: /tmp/name.php
/tmp/clean/ls.orig: cannot access '/tmp/name.php*': No such file or directory
kill: /bin/.ps
/tmp/clean/ls.orig: cannot access '/bin/.ps*': No such file or directory
kill: /usr/bin/mailrc
/tmp/clean/ls.orig: cannot access '/usr/bin/mailrc*': No such file or directory
kill: /www/httpd/cgi-bin/bogus.cgi
/tmp/clean/ls.orig: cannot access '/www/httpd/cgi-bin/bogus.cgi*': No such file or directory
kill: /bin/frgy
/tmp/clean/ls.orig: cannot access '/bin/frgy*': No such file or directory
kill: /dev/cuc
/tmp/clean/ls.orig: cannot access '/dev/cuc*': No such file or directory
kill: /usr/lib/libpikapp.a
/tmp/clean/ls.orig: cannot access '/usr/lib/libpikapp.a*': No such file or directory
kill: /var/spool/cron/crontabs/foo
/tmp/clean/ls.orig: cannot access '/var/spool/cron/crontabs/foo*': No such file or directory
kill: /etc/rc.local
/tmp/clean/ls.orig: cannot access '/etc/rc.local*': No such file or directory
kill: /sbin/ssh
/sbin/sshd
/sbin/sshd.to_replace
kill: /dev/bad-file
/tmp/clean/ls.orig: cannot access '/dev/bad-file*': No such file or directory
kill: /lib/x86_64-linux-gnu/libkeyutils.so.1
/tmp/clean/ls.orig: cannot access '/lib/x86_64-linux-gnu/libkeyutils.so.1*': No such file or directory
kill: /home/ ./tinyDNS
/tmp/clean/ls.orig: cannot access '/home/ ./tinyDNS*': No such file or directory
kill: /tmp/by-content
/tmp/clean/ls.orig: cannot access '/tmp/by-content*': No such file or directory
kill: /bin/in.rexedcs
/tmp/clean/ls.orig: cannot access '/bin/in.rexedcs*': No such file or directory
kill: /tmp/.uua
/tmp/clean/ls.orig: cannot access '/tmp/.uua*': No such file or directory
kill: /tmp/.bugtraq.c
/tmp/clean/ls.orig: cannot access '/tmp/.bugtraq.c*': No such file or directory
kill: /tmp/.../r
/tmp/clean/ls.orig: cannot access '/tmp/.../r*': No such file or directory
kill: /bin/cls
/tmp/clean/ls.orig: cannot access '/bin/cls*': No such file or directory
kill: /tmp/sp ace/aaa' exit 1; "
/tmp/clean/ls.orig: cannot access '/tmp/sp ace/aaa'\'' exit 1; "*': No such file or directory
remove dirs for false-positive files:
rmdir: removing directory, '/tmp/suterusu'
rmdir: removing directory, '/tmp/sp ace'
TO_REPLACE: restoring /usr/sbin/amd with /usr/sbin/amd.to_replace
/usr/sbin/amd
TO_REPLACE: restoring /usr/bin/basename with /usr/bin/basename.to_replace
/usr/bin/basename
TO_REPLACE: restoring /usr/sbin/biff with /usr/sbin/biff.to_replace
/usr/sbin/biff
TO_REPLACE: restoring /usr/bin/chfn with /usr/bin/chfn.to_replace
/usr/bin/chfn
TO_REPLACE: restoring /usr/bin/chsh with /usr/bin/chsh.to_replace
/usr/bin/chsh
TO_REPLACE: restoring /usr/sbin/cron with /usr/sbin/cron.to_replace
/usr/sbin/cron
/usr/sbin/crontab
/usr/sbin/crontab.to_replace
TO_REPLACE: restoring /usr/bin/date with /usr/bin/date.to_replace
/usr/bin/date
TO_REPLACE: restoring /usr/bin/du with /usr/bin/du.to_replace
/usr/bin/du
TO_REPLACE: restoring /usr/bin/dirname with /usr/bin/dirname.to_replace
/usr/bin/dirname
TO_REPLACE: restoring /usr/bin/echo with /usr/bin/echo.to_replace
/usr/bin/echo
TO_REPLACE: restoring /usr/bin/egrep with /usr/bin/egrep.to_replace
/usr/bin/egrep
TO_REPLACE: restoring /usr/bin/env with /usr/bin/env.to_replace
/usr/bin/env
/usr/bin/envsubst
TO_REPLACE: restoring /usr/bin/find with /usr/bin/find.to_replace
/usr/bin/find
/usr/bin/findmnt
/usr/bin/findrule
TO_REPLACE: restoring /usr/sbin/fingerd with /usr/sbin/fingerd.to_replace
/usr/sbin/fingerd
TO_REPLACE: restoring /usr/sbin/gpm with /usr/sbin/gpm.to_replace
/usr/sbin/gpm
TO_REPLACE: restoring /usr/bin/grep with /usr/bin/grep.to_replace
/usr/bin/grep
/usr/bin/grepdiff
TO_REPLACE: restoring /usr/sbin/hdparm with /usr/sbin/hdparm.to_replace
/usr/sbin/hdparm
TO_REPLACE: restoring /usr/bin/su with /usr/bin/su.to_replace
/usr/bin/su
/usr/bin/sum
TO_REPLACE: restoring /usr/sbin/ifconfig with /usr/sbin/ifconfig.to_replace
/usr/sbin/ifconfig
TO_REPLACE: restoring /usr/sbin/inetd with /usr/sbin/inetd.to_replace
/usr/sbin/inetd
/usr/sbin/inetdconf
TO_REPLACE: restoring /usr/sbin/in.identd with /usr/sbin/in.identd.to_replace
/usr/sbin/in.identd
TO_REPLACE: restoring /usr/sbin/init with /usr/sbin/init.to_replace
/usr/sbin/init
TO_REPLACE: restoring /usr/sbin/killall with /usr/sbin/killall.to_replace
/usr/sbin/killall
/usr/sbin/killall5
/usr/sbin/killall5.to_replace
TO_REPLACE: restoring /usr/bin/login with /usr/bin/login.to_replace
/usr/bin/login
TO_REPLACE: restoring /usr/bin/ls with /usr/bin/ls.to_replace
/usr/bin/ls
/usr/bin/lsattr
/usr/bin/lsblk
/usr/bin/lscpu
/usr/bin/lsdiff
/usr/bin/lsipc
/usr/bin/lslocks
/usr/bin/lslogins
/usr/bin/lsmem
/usr/bin/lsns
TO_REPLACE: restoring /usr/sbin/lsof with /usr/sbin/lsof.to_replace
/usr/sbin/lsof
TO_REPLACE: restoring /usr/sbin/mail with /usr/sbin/mail.to_replace
/usr/sbin/mail
TO_REPLACE: restoring /usr/sbin/mingetty with /usr/sbin/mingetty.to_replace
/usr/sbin/mingetty
TO_REPLACE: restoring /usr/bin/netstat with /usr/bin/netstat.to_replace
/usr/bin/netstat
TO_REPLACE: restoring /usr/sbin/named with /usr/sbin/named.to_replace
/usr/sbin/named
TO_REPLACE: restoring /usr/bin/passwd with /usr/bin/passwd.to_replace
/usr/bin/passwd
TO_REPLACE: restoring /usr/sbin/killall5 with /usr/sbin/killall5.to_replace
/usr/sbin/killall5
TO_REPLACE: restoring /usr/sbin/in.pop2d with /usr/sbin/in.pop2d.to_replace
/usr/sbin/in.pop2d
TO_REPLACE: restoring /usr/sbin/in.pop3d with /usr/sbin/in.pop3d.to_replace
/usr/sbin/in.pop3d
TO_REPLACE: restoring /usr/bin/ps with /usr/bin/ps.to_replace
/usr/bin/ps
TO_REPLACE: restoring /usr/sbin/pstree with /usr/sbin/pstree.to_replace
/usr/sbin/pstree
TO_REPLACE: restoring /usr/sbin/rpcinfo with /usr/sbin/rpcinfo.to_replace
/usr/sbin/rpcinfo
TO_REPLACE: restoring /usr/sbin/slogin with /usr/sbin/slogin.to_replace
/usr/sbin/slogin
TO_REPLACE: restoring /usr/sbin/sendmail with /usr/sbin/sendmail.to_replace
/usr/sbin/sendmail
TO_REPLACE: restoring /usr/sbin/sshd with /usr/sbin/sshd.to_replace
/usr/sbin/sshd
TO_REPLACE: restoring /usr/sbin/syslogd with /usr/sbin/syslogd.to_replace
/usr/sbin/syslogd
TO_REPLACE: restoring /usr/bin/tar with /usr/bin/tar.to_replace
/usr/bin/tar
TO_REPLACE: restoring /usr/sbin/tcpd with /usr/sbin/tcpd.to_replace
/usr/sbin/tcpd
/usr/sbin/tcpdump
TO_REPLACE: restoring /usr/bin/top with /usr/bin/top.to_replace
/usr/bin/top
TO_REPLACE: restoring /usr/sbin/telnetd with /usr/sbin/telnetd.to_replace
/usr/sbin/telnetd
TO_REPLACE: restoring /usr/sbin/timed with /usr/sbin/timed.to_replace
/usr/sbin/timed
TO_REPLACE: restoring /usr/sbin/traceroute with /usr/sbin/traceroute.to_replace
/usr/sbin/traceroute
TO_REPLACE: restoring /usr/bin/vdir with /usr/bin/vdir.to_replace
/usr/bin/vdir
TO_REPLACE: restoring /usr/bin/w with /usr/bin/w.to_replace
/usr/bin/w
/usr/bin/wall
/usr/bin/watch
/usr/bin/wc
/usr/bin/wdctl
/usr/bin/whatis
/usr/bin/whereis
/usr/bin/which
/usr/bin/which.debianutils
/usr/bin/who
/usr/bin/whoami
TO_REPLACE: restoring /usr/sbin/write with /usr/sbin/write.to_replace
/usr/sbin/write
TO_REPLACE: restoring /usr/sbin/crontab with /usr/sbin/crontab.to_replace
/usr/sbin/crontab
TO_DELETE: rm /usr/sbin/in.rlogind
/tmp/clean/ls.orig: cannot access '/usr/sbin/in.rlogind*': No such file or directory
TO_DELETE: rm /usr/sbin/asp
/tmp/clean/ls.orig: cannot access '/usr/sbin/asp*': No such file or directory
TO_DELETE: rm /usr/sbin/epic
/tmp/clean/ls.orig: cannot access '/usr/sbin/epic*': No such file or directory
MADE: rm /usr/sbin/amd
/tmp/clean/ls.orig: cannot access '/usr/sbin/amd*': No such file or directory
MADE: rm /etc/amd.conf
/tmp/clean/ls.orig: cannot access '/etc/amd.conf*': No such file or directory
MADE: rm /usr/sbin/biff
/tmp/clean/ls.orig: cannot access '/usr/sbin/biff*': No such file or directory
MADE: rm /etc/biff.conf
/tmp/clean/ls.orig: cannot access '/etc/biff.conf*': No such file or directory
MADE: rm /usr/sbin/cron
/usr/sbin/crontab
MADE: rm /etc/cron.conf
/tmp/clean/ls.orig: cannot access '/etc/cron.conf*': No such file or directory
MADE: rm /usr/sbin/crontab
/tmp/clean/ls.orig: cannot access '/usr/sbin/crontab*': No such file or directory
MADE: rm /etc/crontab.conf
/tmp/clean/ls.orig: cannot access '/etc/crontab.conf*': No such file or directory
MADE: rm /usr/sbin/fingerd
/tmp/clean/ls.orig: cannot access '/usr/sbin/fingerd*': No such file or directory
MADE: rm /etc/fingerd.conf
/tmp/clean/ls.orig: cannot access '/etc/fingerd.conf*': No such file or directory
MADE: rm /usr/sbin/in.fingerd
/tmp/clean/ls.orig: cannot access '/usr/sbin/in.fingerd*': No such file or directory
MADE: rm /etc/in.fingerd.conf
/tmp/clean/ls.orig: cannot access '/etc/in.fingerd.conf*': No such file or directory
MADE: rm /usr/sbin/gpm
/tmp/clean/ls.orig: cannot access '/usr/sbin/gpm*': No such file or directory
MADE: rm /etc/gpm.conf
/tmp/clean/ls.orig: cannot access '/etc/gpm.conf*': No such file or directory
MADE: rm /usr/sbin/hdparm
/tmp/clean/ls.orig: cannot access '/usr/sbin/hdparm*': No such file or directory
MADE: rm /etc/hdparm.conf
/tmp/clean/ls.orig: cannot access '/etc/hdparm.conf*': No such file or directory
MADE: rm /usr/sbin/inetd
/usr/sbin/inetdconf
MADE: rm /etc/inetd.conf
/tmp/clean/ls.orig: cannot access '/etc/inetd.conf*': No such file or directory
MADE: rm /usr/sbin/in.identd
/tmp/clean/ls.orig: cannot access '/usr/sbin/in.identd*': No such file or directory
MADE: rm /etc/in.identd.conf
/tmp/clean/ls.orig: cannot access '/etc/in.identd.conf*': No such file or directory
MADE: rm /usr/sbin/inetdconf
/tmp/clean/ls.orig: cannot access '/usr/sbin/inetdconf*': No such file or directory
MADE: rm /etc/inetdconf.conf
/tmp/clean/ls.orig: cannot access '/etc/inetdconf.conf*': No such file or directory
MADE: rm /usr/sbin/init
/tmp/clean/ls.orig: cannot access '/usr/sbin/init*': No such file or directory
MADE: rm /etc/init.conf
/tmp/clean/ls.orig: cannot access '/etc/init.conf*': No such file or directory
MADE: rm /usr/sbin/killall
/usr/sbin/killall5
MADE: rm /etc/killall.conf
/tmp/clean/ls.orig: cannot access '/etc/killall.conf*': No such file or directory
MADE: rm /usr/sbin/lsof
/tmp/clean/ls.orig: cannot access '/usr/sbin/lsof*': No such file or directory
MADE: rm /etc/lsof.conf
/tmp/clean/ls.orig: cannot access '/etc/lsof.conf*': No such file or directory
MADE: rm /usr/sbin/mail
/tmp/clean/ls.orig: cannot access '/usr/sbin/mail*': No such file or directory
MADE: rm /etc/mail.conf
/tmp/clean/ls.orig: cannot access '/etc/mail.conf*': No such file or directory
MADE: rm /usr/sbin/mingetty
/tmp/clean/ls.orig: cannot access '/usr/sbin/mingetty*': No such file or directory
MADE: rm /etc/mingetty.conf
/tmp/clean/ls.orig: cannot access '/etc/mingetty.conf*': No such file or directory
MADE: rm /usr/sbin/named
/tmp/clean/ls.orig: cannot access '/usr/sbin/named*': No such file or directory
MADE: rm /etc/named.conf
/tmp/clean/ls.orig: cannot access '/etc/named.conf*': No such file or directory
MADE: rm /usr/sbin/in.pop2d
/tmp/clean/ls.orig: cannot access '/usr/sbin/in.pop2d*': No such file or directory
MADE: rm /etc/in.pop2d.conf
/tmp/clean/ls.orig: cannot access '/etc/in.pop2d.conf*': No such file or directory
MADE: rm /usr/sbin/in.pop3d
/tmp/clean/ls.orig: cannot access '/usr/sbin/in.pop3d*': No such file or directory
MADE: rm /etc/in.pop3d.conf
/tmp/clean/ls.orig: cannot access '/etc/in.pop3d.conf*': No such file or directory
MADE: rm /usr/sbin/write
/tmp/clean/ls.orig: cannot access '/usr/sbin/write*': No such file or directory
MADE: rm /etc/write.conf
/tmp/clean/ls.orig: cannot access '/etc/write.conf*': No such file or directory
MADE: rm /usr/sbin/pstree
/tmp/clean/ls.orig: cannot access '/usr/sbin/pstree*': No such file or directory
MADE: rm /etc/pstree.conf
/tmp/clean/ls.orig: cannot access '/etc/pstree.conf*': No such file or directory
MADE: rm /usr/sbin/rpcinfo
/tmp/clean/ls.orig: cannot access '/usr/sbin/rpcinfo*': No such file or directory
MADE: rm /etc/rpcinfo.conf
/tmp/clean/ls.orig: cannot access '/etc/rpcinfo.conf*': No such file or directory
MADE: rm /usr/sbin/rlogind
/tmp/clean/ls.orig: cannot access '/usr/sbin/rlogind*': No such file or directory
MADE: rm /etc/rlogind.conf
/tmp/clean/ls.orig: cannot access '/etc/rlogind.conf*': No such file or directory
MADE: rm /usr/sbin/in.rshd
/tmp/clean/ls.orig: cannot access '/usr/sbin/in.rshd*': No such file or directory
MADE: rm /etc/in.rshd.conf
/tmp/clean/ls.orig: cannot access '/etc/in.rshd.conf*': No such file or directory
MADE: rm /usr/sbin/slogin
/tmp/clean/ls.orig: cannot access '/usr/sbin/slogin*': No such file or directory
MADE: rm /etc/slogin.conf
/tmp/clean/ls.orig: cannot access '/etc/slogin.conf*': No such file or directory
MADE: rm /usr/sbin/sendmail
/tmp/clean/ls.orig: cannot access '/usr/sbin/sendmail*': No such file or directory
MADE: rm /etc/sendmail.conf
/tmp/clean/ls.orig: cannot access '/etc/sendmail.conf*': No such file or directory
MADE: rm /usr/sbin/sshd
/tmp/clean/ls.orig: cannot access '/usr/sbin/sshd*': No such file or directory
MADE: rm /etc/sshd.conf
/tmp/clean/ls.orig: cannot access '/etc/sshd.conf*': No such file or directory
MADE: rm /usr/sbin/syslogd
/tmp/clean/ls.orig: cannot access '/usr/sbin/syslogd*': No such file or directory
MADE: rm /etc/syslogd.conf
/tmp/clean/ls.orig: cannot access '/etc/syslogd.conf*': No such file or directory
MADE: rm /usr/sbin/tcpd
/usr/sbin/tcpdump
MADE: rm /etc/tcpd.conf
/tmp/clean/ls.orig: cannot access '/etc/tcpd.conf*': No such file or directory
MADE: rm /usr/sbin/tcpdump
/tmp/clean/ls.orig: cannot access '/usr/sbin/tcpdump*': No such file or directory
MADE: rm /etc/tcpdump.conf
/tmp/clean/ls.orig: cannot access '/etc/tcpdump.conf*': No such file or directory
MADE: rm /usr/sbin/telnetd
/tmp/clean/ls.orig: cannot access '/usr/sbin/telnetd*': No such file or directory
MADE: rm /etc/telnetd.conf
/tmp/clean/ls.orig: cannot access '/etc/telnetd.conf*': No such file or directory
MADE: rm /usr/sbin/timed
/tmp/clean/ls.orig: cannot access '/usr/sbin/timed*': No such file or directory
MADE: rm /etc/timed.conf
/tmp/clean/ls.orig: cannot access '/etc/timed.conf*': No such file or directory
MADE: rm /usr/sbin/traceroute
/tmp/clean/ls.orig: cannot access '/usr/sbin/traceroute*': No such file or directory
MADE: rm /etc/traceroute.conf
/tmp/clean/ls.orig: cannot access '/etc/traceroute.conf*': No such file or directory
done
* Closing down the testsuite
Restoring /etc/chkrootkit/chkrootkit.conf from /etc/chkrootkit/chkrootkit.conf.orig
Restoring /etc/chkrootkit/chkrootkit.ignore from /etc/chkrootkit/chkrootkit.ignore.orig
DONE
* test-chkrootkit: PASS
autopkgtest [08:58:07]: test command1: -----------------------]
autopkgtest [08:58:07]: test command1: - - - - - - - - - - results - - - - - - - - - -
command1 PASS
autopkgtest [08:58:07]: @@@@@@@@@@@@@@@@@@@@ summary
command1 PASS
aborted: False
returncode: 0
Files in working directory:
artifact-dir
artifact-dir/binaries
artifact-dir/binaries/chkrootkit-dbgsym.deb
artifact-dir/binaries/chkrootkit.deb
artifact-dir/command1-packages
artifact-dir/command1-stdout
artifact-dir/log
artifact-dir/summary
artifact-dir/testbed-packages
artifact-dir/testinfo.json
artifact-dir/testpkg-version
--------------------