I just started noticing this output from chkrootkit. Is this normal? The issue appears right after: 'Searching for suspect PHP files...' A few pages later it continues as normal. Searching for ESRK rootkit default files... nothing found Searching for rootedoor... nothing found Searching for ENYELKM rootkit default files... nothing found Searching for common ssh-scanners default files... nothing found Searching for suspect PHP files... PMA_token |s:32:"597feec2b25e984af078476a65626e4d";PMA_Config|O:10:"PMA_Config":10:{s:14:"default_source";s:30:"./libraries/config.defaul t.php";s:8:"settings";a:167:{s:14:"PmaAbsoluteUri";s:43:"https://www.mydomain.com:81/phpmyadmin/";s:28:"PmaNoRelation_DisableWarning"; b:0;s:21:"SuhosinDisableWarning";b:0;s:22:"AllowThirdPartyFraming";b:0;s:15:"blowfish_secret";s:0:"";s:13:"ServerDefault";i:1;s:9:"MaxDbLi st";i:100;s:12:"MaxTableList";i:2 (snip) ";i:15;s:4:"args";a:1:{i:0;s:68:"/home/admispconfig/ispconfig/web/phpmyadmin/libraries/common.inc.php";}s:8:"function";s:12:"require_once" ;}}s:8:"*_hash";s:32:"4e6c84a8dd131339f4d9998cef0428e1";s:10:"*_number";i:2048;s:10:"*_string";s:0:"";s:11:"*_message";s:469:"date_default _timezone_get() [<a href='function.date-default-timezone-get'>function.date-default-timezone-get</a>]: It is not safe to rely on the syste m's timezone settings. Please use the date.timezone setting, the TZ environment variable or the date_default_timezone_set() function. In c ase you used any of those methods and you are still getting this warning, you most likely misspelled the timezone identifier. We selected 'America/Denver' for 'MDT/-6.0/DST' instead";s:16:"*_is_displayed";b:0;s:10:"*_params";a:0:{}s:18:"*_added_messages";a:0:{}}s:32:"a27802b6 Searching for anomalies in shell history files... nothing found Checking `asp'... not infected (snip) I am using Debian Lenny - Chkrookit 0.48. Any ideas??
I wouldn't worry about this. It seems as if chkrootkit doesn't know how to handle the phpMyAdmin package.
Sounds great. I just noticed the same output on a "Test Server" which was just built - So I was thinking it was something just throwing off chkrootkit. Thanks again. Dave