Normal Chkrootkit output??

Discussion in 'HOWTO-Related Questions' started by trcinc1, May 27, 2009.

  1. trcinc1

    trcinc1 New Member HowtoForge Supporter

    I just started noticing this output from chkrootkit.

    Is this normal? The issue appears right after: 'Searching for suspect PHP files...' A few pages later it continues as normal.

    Searching for ESRK rootkit default files... nothing found
    Searching for rootedoor... nothing found
    Searching for ENYELKM rootkit default files... nothing found
    Searching for common ssh-scanners default files... nothing found
    Searching for suspect PHP files...
    PMA_token |s:32:"597feec2b25e984af078476a65626e4d";PMA_Config|O:10:"PMA_Config":10:{s:14:"default_source";s:30:"./libraries/config.defaul
    t.php";s:8:"settings";a:167:{s:14:"PmaAbsoluteUri";s:43:"https://www.mydomain.com:81/phpmyadmin/";s:28:"PmaNoRelation_DisableWarning";
    b:0;s:21:"SuhosinDisableWarning";b:0;s:22:"AllowThirdPartyFraming";b:0;s:15:"blowfish_secret";s:0:"";s:13:"ServerDefault";i:1;s:9:"MaxDbLi
    st";i:100;s:12:"MaxTableList";i:2 (snip)

    ";i:15;s:4:"args";a:1:{i:0;s:68:"/home/admispconfig/ispconfig/web/phpmyadmin/libraries/common.inc.php";}s:8:"function";s:12:"require_once"
    ;}}s:8:"*_hash";s:32:"4e6c84a8dd131339f4d9998cef0428e1";s:10:"*_number";i:2048;s:10:"*_string";s:0:"";s:11:"*_message";s:469:"date_default
    _timezone_get() [<a href='function.date-default-timezone-get'>function.date-default-timezone-get</a>]: It is not safe to rely on the syste
    m's timezone settings. Please use the date.timezone setting, the TZ environment variable or the date_default_timezone_set() function. In c
    ase you used any of those methods and you are still getting this warning, you most likely misspelled the timezone identifier. We selected
    'America/Denver' for 'MDT/-6.0/DST' instead";s:16:"*_is_displayed";b:0;s:10:"*_params";a:0:{}s:18:"*_added_messages";a:0:{}}s:32:"a27802b6
    Searching for anomalies in shell history files... nothing found
    Checking `asp'... not infected (snip)

    I am using Debian Lenny - Chkrookit 0.48.

    Any ideas??
     
    trcinc1, May 27, 2009
    #1
  2. falko

    falko Super Moderator Howtoforge Staff

    I wouldn't worry about this. It seems as if chkrootkit doesn't know how to handle the phpMyAdmin package.
     
    falko, May 28, 2009
    #2
  3. trcinc1

    trcinc1 New Member HowtoForge Supporter

    Sounds great.

    I just noticed the same output on a "Test Server" which was just built - So I was thinking it was something just throwing off chkrootkit.

    Thanks again.

    Dave
     
    trcinc1, May 28, 2009
    #3

Share This Page