Help - Search - Members - Calendar
Full Version: Chkrootkit sniffer output
The Planet Forums > Security > General Security > UNIX Security
blairp
Jul 16 2006, 10:55 AM
Just updated Chkrootkit to new version. Everything fine for a couple of days and then I see this:

Checking `sniffer'... /proc/20934/fd: No such file or directory
/proc/23496/fd: No such file or directory
/proc/25959/fd: No such file or directory
/proc/27225/fd: No such file or directory
/proc/28446/fd: No such file or directory
eth0: not promisc and no PF_PACKET sockets

The processes are a bunch of these...
root 27225 0.0 0.0 0 0 ? Z 07:12 0:00 [authProg <defunct>]
root 28446 0.0 0.0 0 0 ? Z 07:16 0:00 [authProg <defunct>]

They change all the time. Most of the time there are five or more.

This output also changed...
Searching for anomalies in shell history files... /usr/bin/find: //proc/17403/fd: No such file or directory
/usr/bin/find: //proc/24413/fd: No such file or directory
/usr/bin/find: //proc/26041/fd: No such file or directory
/usr/bin/find: //proc/27688/fd: No such file or directory
/usr/bin/find: //proc/24413/fd: No such file or directory
/usr/bin/find: //proc/26041/fd: No such file or directory
/usr/bin/find: //proc/32305/fd: No such file or directory
/usr/bin/find: //proc/1533/fd: No such file or directory


Anyone else ever see this under the "sniffer" output?

Thanks for any input.
TheUniverses
Jul 17 2006, 03:21 PM
Nope.

Mines like
CODE
Checking `sniffer'... eth0: not promisc and no PF_PACKET sockets

eth0:1: not promisc and no PF_PACKET sockets

eth0:2: not promisc and no PF_PACKET sockets

eth0:3: not promisc and no PF_PACKET sockets

eth0:4: not promisc and no PF_PACKET sockets
This is a "lo-fi" version of our main content. To view the full version with more information, formatting and images, please click here.
Invision Power Board © 2001-2009 Invision Power Services, Inc.