Void's Forums

Void Main's Beautiful Site

Skip to content

My box is r00ted! help...

Place to discuss Fedora and/or Red Hat
Post a reply

My box is r00ted! help...

Postby agent007 » Thu Jun 19, 2003 12:23 pm

hi all,

I need some help....I downloaded chkrootkit and made it scan the system. The following is the output. Notice the "Warning: Possible LKM Trojan installed".....The warning comes up only if an application is running like Galeon, Evolution, XMMS etc.....

So, what do I do now? Is it possible to get rid of this without a format? I've installed Windows to connect to the net and post this....These r00t-kits can be really nasty.

Distro=RedHat 9

ROOTDIR is `/'
Checking `amd'... not found
Checking `basename'... not infected
Checking `biff'... not found
Checking `chfn'... not infected
Checking `chsh'... not infected
Checking `cron'... not infected
Checking `date'... not infected
Checking `du'... not infected
Checking `dirname'... not infected
Checking `echo'... not infected
Checking `egrep'... not infected
Checking `env'... not infected
Checking `find'... not infected
Checking `fingerd'... not found
Checking `gpm'... not infected
Checking `grep'... not infected
Checking `hdparm'... not infected
Checking `su'... not infected
Checking `ifconfig'... not infected
Checking `inetd'... not tested
Checking `inetdconf'... not found
Checking `identd'... not found
Checking `init'... not infected
Checking `killall'... not infected
Checking `ldsopreload'... not infected
Checking `login'... not infected
Checking `ls'... not infected
Checking `lsof'... not infected
Checking `mail'... not infected
Checking `mingetty'... not infected
Checking `netstat'... not infected
Checking `named'... not infected
Checking `passwd'... not infected
Checking `pidof'... not infected
Checking `pop2'... not found
Checking `pop3'... not found
Checking `ps'... not infected
Checking `pstree'... not infected
Checking `rpcinfo'... not infected
Checking `rlogind'... not found
Checking `rshd'... not found
Checking `slogin'... not infected
Checking `sendmail'... not infected
Checking `sshd'... not infected
Checking `syslogd'... not infected
Checking `tar'... not infected
Checking `tcpd'... not infected
Checking `tcpdump'... not infected
Checking `top'... not infected
Checking `telnetd'... not found
Checking `timed'... not found
Checking `traceroute'... not infected
Checking `w'... not infected
Checking `write'... not infected
Checking `aliens'... no suspect files
Searching for sniffer's logs, it may take a while... nothing found
Searching for HiDrootkit's default dir... nothing found
Searching for t0rn's default files and dirs... nothing found
Searching for t0rn's v8 defaults... nothing found
Searching for Lion Worm default files and dirs... nothing found
Searching for RSHA's default files and dir... nothing found
Searching for RH-Sharpe's default files... nothing found
Searching for Ambient's rootkit (ark) default files and dirs... nothing found
Searching for suspicious files and dirs, it may take a while...
/usr/lib/perl5/5.8.0/i386-linux-thread-multi/.packlist /usr/lib/openoffice/share/gnome/net/.directory /usr/lib/openoffice/share/gnome/net/.order /usr/lib/openoffice/share/kde/net/applnk/OpenOffice.org/.directory /usr/lib/openoffice/share/kde/net/applnk/OpenOffice.org/.order /usr/lib/qt-3.1/etc/settings/.qtrc.lock /usr/lib/qt-3.1/etc/settings/.qt_plugins_3.1rc.lock /usr/lib/qt-3.1/etc/settings/.kstylerc.lock /usr/lib/qt-3.1/etc/settings/.qt_designerrc.lock
Searching for LPD Worm files and dirs... nothing found
Searching for Ramen Worm files and dirs... nothing found
Searching for Maniac files and dirs... nothing found
Searching for RK17 files and dirs... nothing found
Searching for Ducoci rootkit... nothing found
Searching for Adore Worm... nothing found
Searching for ShitC Worm... nothing found
Searching for Omega Worm... nothing found
Searching for Sadmind/IIS Worm... nothing found
Searching for MonKit... nothing found
Searching for Showtee... nothing found
Searching for OpticKit... nothing found
Searching for T.R.K... nothing found
Searching for Mithra... nothing found
Searching for LOC rootkit ... nothing found
Searching for Romanian rootkit ... nothing found
Searching for HKRK rootkit ... nothing found
Searching for anomalies in shell history files... nothing found
Checking `asp'... not infected
Checking `bindshell'... not infected
Checking `lkm'... You have 4 process hidden for readdir command
--------------->Warning: Possible LKM Trojan installed
Checking `rexedcs'... not found
Checking `sniffer'...
Checking `wted'... nothing deleted
Checking `scalper'... not infected
Checking `slapper'... not infected
Checking `z2'... PID 3409: not in readdir output
PID 3410: not in readdir output
PID 3413: not in readdir output
PID 3414: not in readdir output
You have 4 process hidden for readdir command



The following is the output of:

./chkrootkit -x lkm

ROOTDIR is `/'
###
### Output of: ./chkproc -v -v
###
PID 15196: not in readdir output
CWD 15196: /home/agent007
EXE 15196: /usr/bin/xmms
PID 15200: not in readdir output
CWD 15200: /home/agent007
EXE 15200: /usr/bin/xmms
You have 2 process hidden for readdir command
agent007
administrator
administrator
 
Posts: 254
Joined: Wed Feb 12, 2003 11:26 pm
Top

Postby Void Main » Thu Jun 19, 2003 6:34 pm

I wouldn't jump to the conclusion that you have been rooted. I have dealt with a few rooted systems in the past that were rooted only because they weren't kept up to date. It's very possible that this is a false alarm... Can you run an "rpm -Va > /tmp/verify.txt" and make the file available for viewing or look through it and check out all files that have been modified?
User avatar
Void Main
Site Admin
Site Admin
 
Posts: 5705
Joined: Wed Jan 08, 2003 5:24 am
Location: Tuxville, USA
Top

Postby agent007 » Fri Jun 20, 2003 12:45 am

Here is the o/p


S.5....T c /etc/printcap
missing c /var/log/lastlog
S.5....T c /etc/hotplug/usb.usermap
S.5....T c /etc/sysconfig/pcmcia
.......T c /etc/libuser.conf
.......T c /etc/crontab
.......T c /etc/mail/sendmail.cf
missing /var/log/httpd
missing /var/log/samba
S.5....T c /etc/xinetd.d/sgi_fam
S.5....T c /etc/sysconfig/redhat-config-securitylevel
S.5....T c /etc/ntp.conf
..5....T c /etc/sysconfig/redhat-config-users
.M....G. /usr/bin/cdrdao
....L... /usr/bin/mozilla
S.5....T /usr/lib/mozilla-1.2.1/chrome/installed-chrome.txt
S.5....T c /etc/sysconfig/rhn/rhn-applet
SM5....T /usr/share/rhn/rhn_applet/rhn_applet.pyc
SM5....T /usr/share/rhn/rhn_applet/rhn_applet_animation.pyc
SM5....T /usr/share/rhn/rhn_applet/rhn_applet_dialogs.pyc
SM5....T /usr/share/rhn/rhn_applet/rhn_applet_model.pyc
SM5....T /usr/share/rhn/rhn_applet/rhn_applet_rpc.pyc
SM5....T /usr/share/rhn/rhn_applet/rhn_applet_rpm.pyc
SM5....T /usr/share/rhn/rhn_applet/rhn_utils.pyc
S.5....T c /etc/xml/catalog
S.5....T c /usr/share/sgml/docbook/xmlcatalog
missing /usr/lib/xmms/Effect/libecho.so
missing /usr/lib/xmms/Effect/libvoice.so
S.5....T c /etc/squid/squid.conf
missing /usr/share/squid/errors/Bulgarian
missing /usr/share/squid/errors/Bulgarian/ERR_ACCESS_DENIED
missing /usr/share/squid/errors/Bulgarian/ERR_CACHE_ACCESS_DENIED
missing /usr/share/squid/errors/Bulgarian/ERR_CACHE_MGR_ACCESS_DENIED
missing /usr/share/squid/errors/Bulgarian/ERR_CANNOT_FORWARD
missing /usr/share/squid/errors/Bulgarian/ERR_CONNECT_FAIL
missing /usr/share/squid/errors/Bulgarian/ERR_DNS_FAIL
missing /usr/share/squid/errors/Bulgarian/ERR_FORWARDING_DENIED
missing /usr/share/squid/errors/Bulgarian/ERR_FTP_DISABLED
missing /usr/share/squid/errors/Bulgarian/ERR_FTP_FAILURE
missing /usr/share/squid/errors/Bulgarian/ERR_FTP_FORBIDDEN
missing /usr/share/squid/errors/Bulgarian/ERR_FTP_NOT_FOUND
missing /usr/share/squid/errors/Bulgarian/ERR_FTP_PUT_CREATED
missing /usr/share/squid/errors/Bulgarian/ERR_FTP_PUT_ERROR
missing /usr/share/squid/errors/Bulgarian/ERR_FTP_PUT_MODIFIED
missing /usr/share/squid/errors/Bulgarian/ERR_FTP_UNAVAILABLE
missing /usr/share/squid/errors/Bulgarian/ERR_INVALID_REQ
missing /usr/share/squid/errors/Bulgarian/ERR_INVALID_URL
missing /usr/share/squid/errors/Bulgarian/ERR_LIFETIME_EXP
missing /usr/share/squid/errors/Bulgarian/ERR_NO_RELAY
missing /usr/share/squid/errors/Bulgarian/ERR_ONLY_IF_CACHED_MISS
missing /usr/share/squid/errors/Bulgarian/ERR_READ_ERROR
missing /usr/share/squid/errors/Bulgarian/ERR_READ_TIMEOUT
missing /usr/share/squid/errors/Bulgarian/ERR_SHUTTING_DOWN
missing /usr/share/squid/errors/Bulgarian/ERR_SOCKET_FAILURE
missing /usr/share/squid/errors/Bulgarian/ERR_TOO_BIG
missing /usr/share/squid/errors/Bulgarian/ERR_UNSUP_REQ
missing /usr/share/squid/errors/Bulgarian/ERR_URN_RESOLVE
missing /usr/share/squid/errors/Bulgarian/ERR_WRITE_ERROR
missing /usr/share/squid/errors/Bulgarian/ERR_ZERO_SIZE_OBJECT
missing /usr/share/squid/errors/Catalan
missing /usr/share/squid/errors/Catalan/ERR_ACCESS_DENIED
missing /usr/share/squid/errors/Catalan/ERR_CACHE_ACCESS_DENIED
missing /usr/share/squid/errors/Catalan/ERR_CACHE_MGR_ACCESS_DENIED
missing /usr/share/squid/errors/Catalan/ERR_CANNOT_FORWARD
missing /usr/share/squid/errors/Catalan/ERR_CONNECT_FAIL
missing /usr/share/squid/errors/Catalan/ERR_DNS_FAIL
missing /usr/share/squid/errors/Catalan/ERR_FORWARDING_DENIED
missing /usr/share/squid/errors/Catalan/ERR_FTP_DISABLED
missing /usr/share/squid/errors/Catalan/ERR_FTP_FAILURE
missing /usr/share/squid/errors/Catalan/ERR_FTP_FORBIDDEN
missing /usr/share/squid/errors/Catalan/ERR_FTP_NOT_FOUND
missing /usr/share/squid/errors/Catalan/ERR_FTP_PUT_CREATED
missing /usr/share/squid/errors/Catalan/ERR_FTP_PUT_ERROR
missing /usr/share/squid/errors/Catalan/ERR_FTP_PUT_MODIFIED
missing /usr/share/squid/errors/Catalan/ERR_FTP_UNAVAILABLE
missing /usr/share/squid/errors/Catalan/ERR_INVALID_REQ
missing /usr/share/squid/errors/Catalan/ERR_INVALID_URL
missing /usr/share/squid/errors/Catalan/ERR_LIFETIME_EXP
missing /usr/share/squid/errors/Catalan/ERR_NO_RELAY
missing /usr/share/squid/errors/Catalan/ERR_ONLY_IF_CACHED_MISS
missing /usr/share/squid/errors/Catalan/ERR_READ_ERROR
missing /usr/share/squid/errors/Catalan/ERR_READ_TIMEOUT
missing /usr/share/squid/errors/Catalan/ERR_SHUTTING_DOWN
missing /usr/share/squid/errors/Catalan/ERR_SOCKET_FAILURE
missing /usr/share/squid/errors/Catalan/ERR_TOO_BIG
missing /usr/share/squid/errors/Catalan/ERR_UNSUP_REQ
missing /usr/share/squid/errors/Catalan/ERR_URN_RESOLVE
missing /usr/share/squid/errors/Catalan/ERR_WRITE_ERROR
missing /usr/share/squid/errors/Catalan/ERR_ZERO_SIZE_OBJECT
missing /usr/share/squid/errors/Czech
missing /usr/share/squid/errors/Czech/ERR_ACCESS_DENIED
missing /usr/share/squid/errors/Czech/ERR_CACHE_ACCESS_DENIED
missing /usr/share/squid/errors/Czech/ERR_CACHE_MGR_ACCESS_DENIED
missing /usr/share/squid/errors/Czech/ERR_CANNOT_FORWARD
missing /usr/share/squid/errors/Czech/ERR_CONNECT_FAIL
missing /usr/share/squid/errors/Czech/ERR_DNS_FAIL
missing /usr/share/squid/errors/Czech/ERR_FORWARDING_DENIED
missing /usr/share/squid/errors/Czech/ERR_FTP_DISABLED
missing /usr/share/squid/errors/Czech/ERR_FTP_FAILURE
missing /usr/share/squid/errors/Czech/ERR_FTP_FORBIDDEN
missing /usr/share/squid/errors/Czech/ERR_FTP_NOT_FOUND
missing /usr/share/squid/errors/Czech/ERR_FTP_PUT_CREATED
missing /usr/share/squid/errors/Czech/ERR_FTP_PUT_ERROR
missing /usr/share/squid/errors/Czech/ERR_FTP_PUT_MODIFIED
missing /usr/share/squid/errors/Czech/ERR_FTP_UNAVAILABLE
missing /usr/share/squid/errors/Czech/ERR_INVALID_REQ
missing /usr/share/squid/errors/Czech/ERR_INVALID_URL
missing /usr/share/squid/errors/Czech/ERR_LIFETIME_EXP
missing /usr/share/squid/errors/Czech/ERR_NO_RELAY
missing /usr/share/squid/errors/Czech/ERR_ONLY_IF_CACHED_MISS
missing /usr/share/squid/errors/Czech/ERR_READ_ERROR
missing /usr/share/squid/errors/Czech/ERR_READ_TIMEOUT
missing /usr/share/squid/errors/Czech/ERR_SHUTTING_DOWN
missing /usr/share/squid/errors/Czech/ERR_SOCKET_FAILURE
missing /usr/share/squid/errors/Czech/ERR_TOO_BIG
missing /usr/share/squid/errors/Czech/ERR_UNSUP_REQ
missing /usr/share/squid/errors/Czech/ERR_URN_RESOLVE
missing /usr/share/squid/errors/Czech/ERR_WRITE_ERROR
missing /usr/share/squid/errors/Czech/ERR_ZERO_SIZE_OBJECT
missing /usr/share/squid/errors/Danish
missing /usr/share/squid/errors/Danish/ERR_ACCESS_DENIED
missing /usr/share/squid/errors/Danish/ERR_CACHE_ACCESS_DENIED
missing /usr/share/squid/errors/Danish/ERR_CACHE_MGR_ACCESS_DENIED
missing /usr/share/squid/errors/Danish/ERR_CANNOT_FORWARD
missing /usr/share/squid/errors/Danish/ERR_CONNECT_FAIL
missing /usr/share/squid/errors/Danish/ERR_DNS_FAIL
missing /usr/share/squid/errors/Danish/ERR_FORWARDING_DENIED
missing /usr/share/squid/errors/Danish/ERR_FTP_DISABLED
missing /usr/share/squid/errors/Danish/ERR_FTP_FAILURE
missing /usr/share/squid/errors/Danish/ERR_FTP_FORBIDDEN
missing /usr/share/squid/errors/Danish/ERR_FTP_NOT_FOUND
missing /usr/share/squid/errors/Danish/ERR_FTP_PUT_CREATED
missing /usr/share/squid/errors/Danish/ERR_FTP_PUT_ERROR
missing /usr/share/squid/errors/Danish/ERR_FTP_PUT_MODIFIED
missing /usr/share/squid/errors/Danish/ERR_FTP_UNAVAILABLE
missing /usr/share/squid/errors/Danish/ERR_INVALID_REQ
missing /usr/share/squid/errors/Danish/ERR_INVALID_URL
missing /usr/share/squid/errors/Danish/ERR_LIFETIME_EXP
missing /usr/share/squid/errors/Danish/ERR_NO_RELAY
missing /usr/share/squid/errors/Danish/ERR_ONLY_IF_CACHED_MISS
missing /usr/share/squid/errors/Danish/ERR_READ_ERROR
missing /usr/share/squid/errors/Danish/ERR_READ_TIMEOUT
missing /usr/share/squid/errors/Danish/ERR_SHUTTING_DOWN
missing /usr/share/squid/errors/Danish/ERR_SOCKET_FAILURE
missing /usr/share/squid/errors/Danish/ERR_TOO_BIG
missing /usr/share/squid/errors/Danish/ERR_UNSUP_REQ
missing /usr/share/squid/errors/Danish/ERR_URN_RESOLVE
missing /usr/share/squid/errors/Danish/ERR_WRITE_ERROR
missing /usr/share/squid/errors/Danish/ERR_ZERO_SIZE_OBJECT
missing /usr/share/squid/errors/Dutch
missing /usr/share/squid/errors/Dutch/ERR_ACCESS_DENIED
missing /usr/share/squid/errors/Dutch/ERR_CACHE_ACCESS_DENIED
missing /usr/share/squid/errors/Dutch/ERR_CACHE_MGR_ACCESS_DENIED
missing /usr/share/squid/errors/Dutch/ERR_CANNOT_FORWARD
missing /usr/share/squid/errors/Dutch/ERR_CONNECT_FAIL
missing /usr/share/squid/errors/Dutch/ERR_DNS_FAIL
missing /usr/share/squid/errors/Dutch/ERR_FORWARDING_DENIED
missing /usr/share/squid/errors/Dutch/ERR_FTP_DISABLED
missing /usr/share/squid/errors/Dutch/ERR_FTP_FAILURE
missing /usr/share/squid/errors/Dutch/ERR_FTP_FORBIDDEN
missing /usr/share/squid/errors/Dutch/ERR_FTP_NOT_FOUND
missing /usr/share/squid/errors/Dutch/ERR_FTP_PUT_CREATED
missing /usr/share/squid/errors/Dutch/ERR_FTP_PUT_ERROR
missing /usr/share/squid/errors/Dutch/ERR_FTP_PUT_MODIFIED
missing /usr/share/squid/errors/Dutch/ERR_FTP_UNAVAILABLE
missing /usr/share/squid/errors/Dutch/ERR_INVALID_REQ
missing /usr/share/squid/errors/Dutch/ERR_INVALID_URL
missing /usr/share/squid/errors/Dutch/ERR_LIFETIME_EXP
missing /usr/share/squid/errors/Dutch/ERR_NO_RELAY
missing /usr/share/squid/errors/Dutch/ERR_ONLY_IF_CACHED_MISS
missing /usr/share/squid/errors/Dutch/ERR_READ_ERROR
missing /usr/share/squid/errors/Dutch/ERR_READ_TIMEOUT
missing /usr/share/squid/errors/Dutch/ERR_SHUTTING_DOWN
missing /usr/share/squid/errors/Dutch/ERR_SOCKET_FAILURE
missing /usr/share/squid/errors/Dutch/ERR_TOO_BIG
missing /usr/share/squid/errors/Dutch/ERR_UNSUP_REQ
missing /usr/share/squid/errors/Dutch/ERR_URN_RESOLVE
missing /usr/share/squid/errors/Dutch/ERR_WRITE_ERROR
missing /usr/share/squid/errors/Dutch/ERR_ZERO_SIZE_OBJECT
missing /usr/share/squid/errors/Hebrew
missing /usr/share/squid/errors/Hebrew/ERR_ACCESS_DENIED
missing /usr/share/squid/errors/Hebrew/ERR_CACHE_ACCESS_DENIED
missing /usr/share/squid/errors/Hebrew/ERR_CACHE_MGR_ACCESS_DENIED
missing /usr/share/squid/errors/Hebrew/ERR_CANNOT_FORWARD
missing /usr/share/squid/errors/Hebrew/ERR_CONNECT_FAIL
missing /usr/share/squid/errors/Hebrew/ERR_DNS_FAIL
missing /usr/share/squid/errors/Hebrew/ERR_FORWARDING_DENIED
missing /usr/share/squid/errors/Hebrew/ERR_FTP_DISABLED
missing /usr/share/squid/errors/Hebrew/ERR_FTP_FAILURE
missing /usr/share/squid/errors/Hebrew/ERR_FTP_FORBIDDEN
missing /usr/share/squid/errors/Hebrew/ERR_FTP_NOT_FOUND
missing /usr/share/squid/errors/Hebrew/ERR_FTP_PUT_CREATED
missing /usr/share/squid/errors/Hebrew/ERR_FTP_PUT_ERROR
missing /usr/share/squid/errors/Hebrew/ERR_FTP_PUT_MODIFIED
missing /usr/share/squid/errors/Hebrew/ERR_FTP_UNAVAILABLE
missing /usr/share/squid/errors/Hebrew/ERR_INVALID_REQ
missing /usr/share/squid/errors/Hebrew/ERR_INVALID_URL
missing /usr/share/squid/errors/Hebrew/ERR_LIFETIME_EXP
missing /usr/share/squid/errors/Hebrew/ERR_NO_RELAY
missing /usr/share/squid/errors/Hebrew/ERR_ONLY_IF_CACHED_MISS
missing /usr/share/squid/errors/Hebrew/ERR_READ_ERROR
missing /usr/share/squid/errors/Hebrew/ERR_READ_TIMEOUT
missing /usr/share/squid/errors/Hebrew/ERR_SHUTTING_DOWN
missing /usr/share/squid/errors/Hebrew/ERR_SOCKET_FAILURE
missing /usr/share/squid/errors/Hebrew/ERR_TOO_BIG
missing /usr/share/squid/errors/Hebrew/ERR_UNSUP_REQ
missing /usr/share/squid/errors/Hebrew/ERR_URN_RESOLVE
missing /usr/share/squid/errors/Hebrew/ERR_WRITE_ERROR
missing /usr/share/squid/errors/Hebrew/ERR_ZERO_SIZE_OBJECT
missing /usr/share/squid/errors/Hungarian
missing /usr/share/squid/errors/Hungarian/ERR_ACCESS_DENIED
missing /usr/share/squid/errors/Hungarian/ERR_CACHE_ACCESS_DENIED
missing /usr/share/squid/errors/Hungarian/ERR_CACHE_MGR_ACCESS_DENIED
missing /usr/share/squid/errors/Hungarian/ERR_CANNOT_FORWARD
missing /usr/share/squid/errors/Hungarian/ERR_CONNECT_FAIL
missing /usr/share/squid/errors/Hungarian/ERR_DNS_FAIL
missing /usr/share/squid/errors/Hungarian/ERR_FORWARDING_DENIED
missing /usr/share/squid/errors/Hungarian/ERR_FTP_DISABLED
missing /usr/share/squid/errors/Hungarian/ERR_FTP_FAILURE
missing /usr/share/squid/errors/Hungarian/ERR_FTP_FORBIDDEN
missing /usr/share/squid/errors/Hungarian/ERR_FTP_NOT_FOUND
missing /usr/share/squid/errors/Hungarian/ERR_FTP_PUT_CREATED
missing /usr/share/squid/errors/Hungarian/ERR_FTP_PUT_ERROR
missing /usr/share/squid/errors/Hungarian/ERR_FTP_PUT_MODIFIED
missing /usr/share/squid/errors/Hungarian/ERR_FTP_UNAVAILABLE
missing /usr/share/squid/errors/Hungarian/ERR_INVALID_REQ
missing /usr/share/squid/errors/Hungarian/ERR_INVALID_URL
missing /usr/share/squid/errors/Hungarian/ERR_LIFETIME_EXP
missing /usr/share/squid/errors/Hungarian/ERR_NO_RELAY
missing /usr/share/squid/errors/Hungarian/ERR_ONLY_IF_CACHED_MISS
missing /usr/share/squid/errors/Hungarian/ERR_READ_ERROR
missing /usr/share/squid/errors/Hungarian/ERR_READ_TIMEOUT
missing /usr/share/squid/errors/Hungarian/ERR_SHUTTING_DOWN
missing /usr/share/squid/errors/Hungarian/ERR_SOCKET_FAILURE
missing /usr/share/squid/errors/Hungarian/ERR_TOO_BIG
missing /usr/share/squid/errors/Hungarian/ERR_UNSUP_REQ
missing /usr/share/squid/errors/Hungarian/ERR_URN_RESOLVE
missing /usr/share/squid/errors/Hungarian/ERR_WRITE_ERROR
missing /usr/share/squid/errors/Hungarian/ERR_ZERO_SIZE_OBJECT
missing /usr/share/squid/errors/Italian
missing /usr/share/squid/errors/Italian/ERR_ACCESS_DENIED
missing /usr/share/squid/errors/Italian/ERR_CACHE_ACCESS_DENIED
missing /usr/share/squid/errors/Italian/ERR_CACHE_MGR_ACCESS_DENIED
missing /usr/share/squid/errors/Italian/ERR_CANNOT_FORWARD
missing /usr/share/squid/errors/Italian/ERR_CONNECT_FAIL
missing /usr/share/squid/errors/Italian/ERR_DNS_FAIL
missing /usr/share/squid/errors/Italian/ERR_FORWARDING_DENIED
missing /usr/share/squid/errors/Italian/ERR_FTP_DISABLED
missing /usr/share/squid/errors/Italian/ERR_FTP_FAILURE
missing /usr/share/squid/errors/Italian/ERR_FTP_FORBIDDEN
missing /usr/share/squid/errors/Italian/ERR_FTP_NOT_FOUND
missing /usr/share/squid/errors/Italian/ERR_FTP_PUT_CREATED
missing /usr/share/squid/errors/Italian/ERR_FTP_PUT_ERROR
missing /usr/share/squid/errors/Italian/ERR_FTP_PUT_MODIFIED
missing /usr/share/squid/errors/Italian/ERR_FTP_UNAVAILABLE
missing /usr/share/squid/errors/Italian/ERR_INVALID_REQ
missing /usr/share/squid/errors/Italian/ERR_INVALID_URL
missing /usr/share/squid/errors/Italian/ERR_LIFETIME_EXP
missing /usr/share/squid/errors/Italian/ERR_NO_RELAY
missing /usr/share/squid/errors/Italian/ERR_ONLY_IF_CACHED_MISS
missing /usr/share/squid/errors/Italian/ERR_READ_ERROR
missing /usr/share/squid/errors/Italian/ERR_READ_TIMEOUT
missing /usr/share/squid/errors/Italian/ERR_SHUTTING_DOWN
missing /usr/share/squid/errors/Italian/ERR_SOCKET_FAILURE
missing /usr/share/squid/errors/Italian/ERR_TOO_BIG
missing /usr/share/squid/errors/Italian/ERR_UNSUP_REQ
missing /usr/share/squid/errors/Italian/ERR_URN_RESOLVE
missing /usr/share/squid/errors/Italian/ERR_WRITE_ERROR
missing /usr/share/squid/errors/Italian/ERR_ZERO_SIZE_OBJECT
missing /usr/share/squid/errors/Japanese
missing /usr/share/squid/errors/Japanese/ERR_ACCESS_DENIED
missing /usr/share/squid/errors/Japanese/ERR_CACHE_ACCESS_DENIED
missing /usr/share/squid/errors/Japanese/ERR_CACHE_MGR_ACCESS_DENIED
missing /usr/share/squid/errors/Japanese/ERR_CANNOT_FORWARD
missing /usr/share/squid/errors/Japanese/ERR_CONNECT_FAIL
missing /usr/share/squid/errors/Japanese/ERR_DNS_FAIL
missing /usr/share/squid/errors/Japanese/ERR_FORWARDING_DENIED
missing /usr/share/squid/errors/Japanese/ERR_FTP_DISABLED
missing /usr/share/squid/errors/Japanese/ERR_FTP_FAILURE
missing /usr/share/squid/errors/Japanese/ERR_FTP_FORBIDDEN
missing /usr/share/squid/errors/Japanese/ERR_FTP_NOT_FOUND
missing /usr/share/squid/errors/Japanese/ERR_FTP_PUT_CREATED
missing /usr/share/squid/errors/Japanese/ERR_FTP_PUT_ERROR
missing /usr/share/squid/errors/Japanese/ERR_FTP_PUT_MODIFIED
missing /usr/share/squid/errors/Japanese/ERR_FTP_UNAVAILABLE
missing /usr/share/squid/errors/Japanese/ERR_INVALID_REQ
missing /usr/share/squid/errors/Japanese/ERR_INVALID_URL
missing /usr/share/squid/errors/Japanese/ERR_LIFETIME_EXP
missing /usr/share/squid/errors/Japanese/ERR_NO_RELAY
missing /usr/share/squid/errors/Japanese/ERR_ONLY_IF_CACHED_MISS
missing /usr/share/squid/errors/Japanese/ERR_READ_ERROR
missing /usr/share/squid/errors/Japanese/ERR_READ_TIMEOUT
missing /usr/share/squid/errors/Japanese/ERR_SHUTTING_DOWN
missing /usr/share/squid/errors/Japanese/ERR_SOCKET_FAILURE
missing /usr/share/squid/errors/Japanese/ERR_TOO_BIG
missing /usr/share/squid/errors/Japanese/ERR_UNSUP_REQ
missing /usr/share/squid/errors/Japanese/ERR_URN_RESOLVE
missing /usr/share/squid/errors/Japanese/ERR_WRITE_ERROR
missing /usr/share/squid/errors/Japanese/ERR_ZERO_SIZE_OBJECT
missing /usr/share/squid/errors/Korean
missing /usr/share/squid/errors/Korean/ERR_ACCESS_DENIED
missing /usr/share/squid/errors/Korean/ERR_CACHE_ACCESS_DENIED
missing /usr/share/squid/errors/Korean/ERR_CACHE_MGR_ACCESS_DENIED
missing /usr/share/squid/errors/Korean/ERR_CANNOT_FORWARD
missing /usr/share/squid/errors/Korean/ERR_CONNECT_FAIL
missing /usr/share/squid/errors/Korean/ERR_DNS_FAIL
missing /usr/share/squid/errors/Korean/ERR_FORWARDING_DENIED
missing /usr/share/squid/errors/Korean/ERR_FTP_DISABLED
missing /usr/share/squid/errors/Korean/ERR_FTP_FAILURE
missing /usr/share/squid/errors/Korean/ERR_FTP_FORBIDDEN
missing /usr/share/squid/errors/Korean/ERR_FTP_NOT_FOUND
missing /usr/share/squid/errors/Korean/ERR_FTP_PUT_CREATED
missing /usr/share/squid/errors/Korean/ERR_FTP_PUT_ERROR
missing /usr/share/squid/errors/Korean/ERR_FTP_PUT_MODIFIED
missing /usr/share/squid/errors/Korean/ERR_FTP_UNAVAILABLE
missing /usr/share/squid/errors/Korean/ERR_INVALID_REQ
missing /usr/share/squid/errors/Korean/ERR_INVALID_URL
missing /usr/share/squid/errors/Korean/ERR_LIFETIME_EXP
missing /usr/share/squid/errors/Korean/ERR_NO_RELAY
missing /usr/share/squid/errors/Korean/ERR_ONLY_IF_CACHED_MISS
missing /usr/share/squid/errors/Korean/ERR_READ_ERROR
missing /usr/share/squid/errors/Korean/ERR_READ_TIMEOUT
missing /usr/share/squid/errors/Korean/ERR_SHUTTING_DOWN
missing /usr/share/squid/errors/Korean/ERR_SOCKET_FAILURE
missing /usr/share/squid/errors/Korean/ERR_TOO_BIG
missing /usr/share/squid/errors/Korean/ERR_UNSUP_REQ
missing /usr/share/squid/errors/Korean/ERR_URN_RESOLVE
missing /usr/share/squid/errors/Korean/ERR_WRITE_ERROR
missing /usr/share/squid/errors/Korean/ERR_ZERO_SIZE_OBJECT
missing /usr/share/squid/errors/Polish
missing /usr/share/squid/errors/Polish/ERR_ACCESS_DENIED
missing /usr/share/squid/errors/Polish/ERR_CACHE_ACCESS_DENIED
missing /usr/share/squid/errors/Polish/ERR_CACHE_MGR_ACCESS_DENIED
missing /usr/share/squid/errors/Polish/ERR_CANNOT_FORWARD
missing /usr/share/squid/errors/Polish/ERR_CONNECT_FAIL
missing /usr/share/squid/errors/Polish/ERR_DNS_FAIL
missing /usr/share/squid/errors/Polish/ERR_FORWARDING_DENIED
missing /usr/share/squid/errors/Polish/ERR_FTP_DISABLED
missing /usr/share/squid/errors/Polish/ERR_FTP_FAILURE
missing /usr/share/squid/errors/Polish/ERR_FTP_FORBIDDEN
missing /usr/share/squid/errors/Polish/ERR_FTP_NOT_FOUND
missing /usr/share/squid/errors/Polish/ERR_FTP_PUT_CREATED
missing /usr/share/squid/errors/Polish/ERR_FTP_PUT_ERROR
missing /usr/share/squid/errors/Polish/ERR_FTP_PUT_MODIFIED
missing /usr/share/squid/errors/Polish/ERR_FTP_UNAVAILABLE
missing /usr/share/squid/errors/Polish/ERR_INVALID_REQ
missing /usr/share/squid/errors/Polish/ERR_INVALID_URL
missing /usr/share/squid/errors/Polish/ERR_LIFETIME_EXP
missing /usr/share/squid/errors/Polish/ERR_NO_RELAY
missing /usr/share/squid/errors/Polish/ERR_ONLY_IF_CACHED_MISS
missing /usr/share/squid/errors/Polish/ERR_READ_ERROR
missing /usr/share/squid/errors/Polish/ERR_READ_TIMEOUT
missing /usr/share/squid/errors/Polish/ERR_SHUTTING_DOWN
missing /usr/share/squid/errors/Polish/ERR_SOCKET_FAILURE
missing /usr/share/squid/errors/Polish/ERR_TOO_BIG
missing /usr/share/squid/errors/Polish/ERR_UNSUP_REQ
missing /usr/share/squid/errors/Polish/ERR_URN_RESOLVE
missing /usr/share/squid/errors/Polish/ERR_WRITE_ERROR
missing /usr/share/squid/errors/Polish/ERR_ZERO_SIZE_OBJECT
missing /usr/share/squid/errors/Serbian
missing /usr/share/squid/errors/Serbian/ERR_ACCESS_DENIED
missing /usr/share/squid/errors/Serbian/ERR_CACHE_ACCESS_DENIED
missing /usr/share/squid/errors/Serbian/ERR_CACHE_MGR_ACCESS_DENIED
missing /usr/share/squid/errors/Serbian/ERR_CANNOT_FORWARD
missing /usr/share/squid/errors/Serbian/ERR_CONNECT_FAIL
missing /usr/share/squid/errors/Serbian/ERR_DNS_FAIL
missing /usr/share/squid/errors/Serbian/ERR_FORWARDING_DENIED
missing /usr/share/squid/errors/Serbian/ERR_FTP_DISABLED
missing /usr/share/squid/errors/Serbian/ERR_FTP_FAILURE
missing /usr/share/squid/errors/Serbian/ERR_FTP_FORBIDDEN
missing /usr/share/squid/errors/Serbian/ERR_FTP_NOT_FOUND
missing /usr/share/squid/errors/Serbian/ERR_FTP_PUT_CREATED
missing /usr/share/squid/errors/Serbian/ERR_FTP_PUT_ERROR
missing /usr/share/squid/errors/Serbian/ERR_FTP_PUT_MODIFIED
missing /usr/share/squid/errors/Serbian/ERR_FTP_UNAVAILABLE
missing /usr/share/squid/errors/Serbian/ERR_INVALID_REQ
missing /usr/share/squid/errors/Serbian/ERR_INVALID_URL
missing /usr/share/squid/errors/Serbian/ERR_LIFETIME_EXP
missing /usr/share/squid/errors/Serbian/ERR_NO_RELAY
missing /usr/share/squid/errors/Serbian/ERR_ONLY_IF_CACHED_MISS
missing /usr/share/squid/errors/Serbian/ERR_READ_ERROR
missing /usr/share/squid/errors/Serbian/ERR_READ_TIMEOUT
missing /usr/share/squid/errors/Serbian/ERR_SHUTTING_DOWN
missing /usr/share/squid/errors/Serbian/ERR_SOCKET_FAILURE
missing /usr/share/squid/errors/Serbian/ERR_TOO_BIG
missing /usr/share/squid/errors/Serbian/ERR_UNSUP_REQ
missing /usr/share/squid/errors/Serbian/ERR_URN_RESOLVE
missing /usr/share/squid/errors/Serbian/ERR_WRITE_ERROR
missing /usr/share/squid/errors/Serbian/ERR_ZERO_SIZE_OBJECT
missing /usr/share/squid/errors/Simplify_Chinese
missing /usr/share/squid/errors/Simplify_Chinese/ERR_ACCESS_DENIED
missing /usr/share/squid/errors/Simplify_Chinese/ERR_CACHE_ACCESS_DENIED
missing /usr/share/squid/errors/Simplify_Chinese/ERR_CACHE_MGR_ACCESS_DENIED
missing /usr/share/squid/errors/Simplify_Chinese/ERR_CANNOT_FORWARD
missing /usr/share/squid/errors/Simplify_Chinese/ERR_CONNECT_FAIL
missing /usr/share/squid/errors/Simplify_Chinese/ERR_DNS_FAIL
missing /usr/share/squid/errors/Simplify_Chinese/ERR_FORWARDING_DENIED
missing /usr/share/squid/errors/Simplify_Chinese/ERR_FTP_DISABLED
missing /usr/share/squid/errors/Simplify_Chinese/ERR_FTP_FAILURE
missing /usr/share/squid/errors/Simplify_Chinese/ERR_FTP_FORBIDDEN
missing /usr/share/squid/errors/Simplify_Chinese/ERR_FTP_NOT_FOUND
missing /usr/share/squid/errors/Simplify_Chinese/ERR_FTP_PUT_CREATED
missing /usr/share/squid/errors/Simplify_Chinese/ERR_FTP_PUT_ERROR
missing /usr/share/squid/errors/Simplify_Chinese/ERR_FTP_PUT_MODIFIED
missing /usr/share/squid/errors/Simplify_Chinese/ERR_FTP_UNAVAILABLE
missing /usr/share/squid/errors/Simplify_Chinese/ERR_INVALID_REQ
missing /usr/share/squid/errors/Simplify_Chinese/ERR_INVALID_URL
missing /usr/share/squid/errors/Simplify_Chinese/ERR_LIFETIME_EXP
missing /usr/share/squid/errors/Simplify_Chinese/ERR_NO_RELAY
missing /usr/share/squid/errors/Simplify_Chinese/ERR_ONLY_IF_CACHED_MISS
missing /usr/share/squid/errors/Simplify_Chinese/ERR_READ_ERROR
missing /usr/share/squid/errors/Simplify_Chinese/ERR_READ_TIMEOUT
missing /usr/share/squid/errors/Simplify_Chinese/ERR_SHUTTING_DOWN
missing /usr/share/squid/errors/Simplify_Chinese/ERR_SOCKET_FAILURE
missing /usr/share/squid/errors/Simplify_Chinese/ERR_TOO_BIG
missing /usr/share/squid/errors/Simplify_Chinese/ERR_UNSUP_REQ
missing /usr/share/squid/errors/Simplify_Chinese/ERR_URN_RESOLVE
missing /usr/share/squid/errors/Simplify_Chinese/ERR_WRITE_ERROR
missing /usr/share/squid/errors/Simplify_Chinese/ERR_ZERO_SIZE_OBJECT
missing /usr/share/squid/errors/Slovak
missing /usr/share/squid/errors/Slovak/ERR_ACCESS_DENIED
missing /usr/share/squid/errors/Slovak/ERR_CACHE_ACCESS_DENIED
missing /usr/share/squid/errors/Slovak/ERR_CACHE_MGR_ACCESS_DENIED
missing /usr/share/squid/errors/Slovak/ERR_CANNOT_FORWARD
missing /usr/share/squid/errors/Slovak/ERR_CONNECT_FAIL
missing /usr/share/squid/errors/Slovak/ERR_DNS_FAIL
missing /usr/share/squid/errors/Slovak/ERR_FORWARDING_DENIED
missing /usr/share/squid/errors/Slovak/ERR_FTP_DISABLED
missing /usr/share/squid/errors/Slovak/ERR_FTP_FAILURE
missing /usr/share/squid/errors/Slovak/ERR_FTP_FORBIDDEN
missing /usr/share/squid/errors/Slovak/ERR_FTP_NOT_FOUND
missing /usr/share/squid/errors/Slovak/ERR_FTP_PUT_CREATED
missing /usr/share/squid/errors/Slovak/ERR_FTP_PUT_ERROR
missing /usr/share/squid/errors/Slovak/ERR_FTP_PUT_MODIFIED
missing /usr/share/squid/errors/Slovak/ERR_FTP_UNAVAILABLE
missing /usr/share/squid/errors/Slovak/ERR_INVALID_REQ
missing /usr/share/squid/errors/Slovak/ERR_INVALID_URL
missing /usr/share/squid/errors/Slovak/ERR_LIFETIME_EXP
missing /usr/share/squid/errors/Slovak/ERR_NO_RELAY
missing /usr/share/squid/errors/Slovak/ERR_ONLY_IF_CACHED_MISS
missing /usr/share/squid/errors/Slovak/ERR_READ_ERROR
missing /usr/share/squid/errors/Slovak/ERR_READ_TIMEOUT
missing /usr/share/squid/errors/Slovak/ERR_SHUTTING_DOWN
missing /usr/share/squid/errors/Slovak/ERR_SOCKET_FAILURE
missing /usr/share/squid/errors/Slovak/ERR_TOO_BIG
missing /usr/share/squid/errors/Slovak/ERR_UNSUP_REQ
missing /usr/share/squid/errors/Slovak/ERR_URN_RESOLVE
missing /usr/share/squid/errors/Slovak/ERR_WRITE_ERROR
missing /usr/share/squid/errors/Slovak/ERR_ZERO_SIZE_OBJECT
missing /usr/share/squid/errors/Turkish
missing /usr/share/squid/errors/Turkish/ERR_ACCESS_DENIED
missing /usr/share/squid/errors/Turkish/ERR_CACHE_ACCESS_DENIED
missing /usr/share/squid/errors/Turkish/ERR_CACHE_MGR_ACCESS_DENIED
missing /usr/share/squid/errors/Turkish/ERR_CANNOT_FORWARD
missing /usr/share/squid/errors/Turkish/ERR_CONNECT_FAIL
missing /usr/share/squid/errors/Turkish/ERR_DNS_FAIL
missing /usr/share/squid/errors/Turkish/ERR_FORWARDING_DENIED
missing /usr/share/squid/errors/Turkish/ERR_FTP_DISABLED
missing /usr/share/squid/errors/Turkish/ERR_FTP_FAILURE
missing /usr/share/squid/errors/Turkish/ERR_FTP_FORBIDDEN
missing /usr/share/squid/errors/Turkish/ERR_FTP_NOT_FOUND
missing /usr/share/squid/errors/Turkish/ERR_FTP_PUT_CREATED
missing /usr/share/squid/errors/Turkish/ERR_FTP_PUT_ERROR
missing /usr/share/squid/errors/Turkish/ERR_FTP_PUT_MODIFIED
missing /usr/share/squid/errors/Turkish/ERR_FTP_UNAVAILABLE
missing /usr/share/squid/errors/Turkish/ERR_INVALID_REQ
missing /usr/share/squid/errors/Turkish/ERR_INVALID_URL
missing /usr/share/squid/errors/Turkish/ERR_LIFETIME_EXP
missing /usr/share/squid/errors/Turkish/ERR_NO_RELAY
missing /usr/share/squid/errors/Turkish/ERR_ONLY_IF_CACHED_MISS
missing /usr/share/squid/errors/Turkish/ERR_READ_ERROR
missing /usr/share/squid/errors/Turkish/ERR_READ_TIMEOUT
missing /usr/share/squid/errors/Turkish/ERR_SHUTTING_DOWN
missing /usr/share/squid/errors/Turkish/ERR_SOCKET_FAILURE
missing /usr/share/squid/errors/Turkish/ERR_TOO_BIG
missing /usr/share/squid/errors/Turkish/ERR_UNSUP_REQ
missing /usr/share/squid/errors/Turkish/ERR_URN_RESOLVE
missing /usr/share/squid/errors/Turkish/ERR_WRITE_ERROR
missing /usr/share/squid/errors/Turkish/ERR_ZERO_SIZE_OBJECT
....L... c /etc/localtime
.......T c /etc/krb5.conf
.....U.. /dev/apm_bios
.....U.. /dev/audio
.....U.. /dev/audio1
.....U.. /dev/audioctl
.....U.. /dev/beep
.....U.. /dev/console
.....U.. /dev/dsp
.....U.. /dev/dsp1
.....U.. /dev/dsp56k
.....U.. /dev/fb0
.....U.. /dev/fb1
.....U.. /dev/fb10
.....U.. /dev/fb11
.....U.. /dev/fb12
.....U.. /dev/fb13
.....U.. /dev/fb14
.....U.. /dev/fb15
.....U.. /dev/fb16
.....U.. /dev/fb17
.....U.. /dev/fb18
.....U.. /dev/fb19
.....U.. /dev/fb2
.....U.. /dev/fb20
.....U.. /dev/fb21
.....U.. /dev/fb22
.....U.. /dev/fb23
.....U.. /dev/fb24
.....U.. /dev/fb25
.....U.. /dev/fb26
.....U.. /dev/fb27
.....U.. /dev/fb28
.....U.. /dev/fb29
.....U.. /dev/fb3
.....U.. /dev/fb30
.....U.. /dev/fb31
.....U.. /dev/fb4
.....U.. /dev/fb5
.....U.. /dev/fb6
.....U.. /dev/fb7
.....U.. /dev/fb8
.....U.. /dev/fb9
.....U.. /dev/fd0
.....U.. /dev/fd0CompaQ
.....U.. /dev/fd0D360
.....U.. /dev/fd0D720
.....U.. /dev/fd0H1440
.....U.. /dev/fd0H360
.....U.. /dev/fd0H720
.....U.. /dev/fd0d360
.....U.. /dev/fd0h1200
.....U.. /dev/fd0h1440
.....U.. /dev/fd0h1476
.....U.. /dev/fd0h1494
.....U.. /dev/fd0h1660
.....U.. /dev/fd0h360
.....U.. /dev/fd0h410
.....U.. /dev/fd0h420
.....U.. /dev/fd0h720
.....U.. /dev/fd0h880
.....U.. /dev/fd0u1040
.....U.. /dev/fd0u1120
.....U.. /dev/fd0u1440
.....U.. /dev/fd0u1660
.....U.. /dev/fd0u1680
.....U.. /dev/fd0u1722
.....U.. /dev/fd0u1743
.....U.. /dev/fd0u1760
.....U.. /dev/fd0u1840
.....U.. /dev/fd0u1920
.....U.. /dev/fd0u2880
.....U.. /dev/fd0u3200
.....U.. /dev/fd0u3520
.....U.. /dev/fd0u360
.....U.. /dev/fd0u3840
.....U.. /dev/fd0u720
.....U.. /dev/fd0u800
.....U.. /dev/fd0u820
.....U.. /dev/fd0u830
.....U.. /dev/fd1
.....U.. /dev/fd1CompaQ
.....U.. /dev/fd1D360
.....U.. /dev/fd1D720
.....U.. /dev/fd1H1440
.....U.. /dev/fd1H360
.....U.. /dev/fd1H720
.....U.. /dev/fd1d360
.....U.. /dev/fd1h1200
.....U.. /dev/fd1h1440
.....U.. /dev/fd1h1476
.....U.. /dev/fd1h1494
.....U.. /dev/fd1h1660
.....U.. /dev/fd1h360
.....U.. /dev/fd1h410
.....U.. /dev/fd1h420
.....U.. /dev/fd1h720
.....U.. /dev/fd1h880
.....U.. /dev/fd1u1040
.....U.. /dev/fd1u1120
.....U.. /dev/fd1u1440
.....U.. /dev/fd1u1660
.....U.. /dev/fd1u1680
.....U.. /dev/fd1u1722
.....U.. /dev/fd1u1743
.....U.. /dev/fd1u1760
.....U.. /dev/fd1u1840
.....U.. /dev/fd1u1920
.....U.. /dev/fd1u2880
.....U.. /dev/fd1u3200
.....U.. /dev/fd1u3520
.....U.. /dev/fd1u360
.....U.. /dev/fd1u3840
.....U.. /dev/fd1u720
.....U.. /dev/fd1u800
.....U.. /dev/fd1u820
.....U.. /dev/fd1u830
.M...U.. /dev/hda
.....U.. /dev/input/js0
.....U.. /dev/input/js1
.....U.. /dev/input/js2
.....U.. /dev/input/js3
.....U.. /dev/midi0
.....U.. /dev/midi00
.....U.. /dev/midi01
.....U.. /dev/midi02
.....U.. /dev/midi03
.....U.. /dev/midi1
.....U.. /dev/midi2
.....U.. /dev/midi3
.....U.. /dev/mixer
.....U.. /dev/mixer1
.....U.. /dev/radio0
.....U.. /dev/radio1
.....U.. /dev/radio2
.....U.. /dev/radio3
.M...U.. /dev/scd0
.....U.. /dev/sequencer
.M...U.. /dev/sg0
.M...... /dev/shm
......G. /dev/tty0
.M....G. /dev/tty1
.M....G. /dev/tty2
.M....G. /dev/tty3
.M....G. /dev/tty4
.M....G. /dev/tty5
.M....G. /dev/tty6
......G. /dev/tty7
.....UG. /dev/tty8
.....UG. /dev/tty9
.M...... /dev/ttyS0
.....U.. /dev/usb/dc2xx0
.....U.. /dev/usb/dc2xx1
.....U.. /dev/usb/dc2xx10
.....U.. /dev/usb/dc2xx11
.....U.. /dev/usb/dc2xx12
.....U.. /dev/usb/dc2xx13
.....U.. /dev/usb/dc2xx14
.....U.. /dev/usb/dc2xx15
.....U.. /dev/usb/dc2xx2
.....U.. /dev/usb/dc2xx3
.....U.. /dev/usb/dc2xx4
.....U.. /dev/usb/dc2xx5
.....U.. /dev/usb/dc2xx6
.....U.. /dev/usb/dc2xx7
.....U.. /dev/usb/dc2xx8
.....U.. /dev/usb/dc2xx9
.....U.. /dev/usb/mdc8000
.....U.. /dev/usb/mdc8001
.....U.. /dev/usb/mdc80010
.....U.. /dev/usb/mdc80011
.....U.. /dev/usb/mdc80012
.....U.. /dev/usb/mdc80013
.....U.. /dev/usb/mdc80014
.....U.. /dev/usb/mdc80015
.....U.. /dev/usb/mdc8002
.....U.. /dev/usb/mdc8003
.....U.. /dev/usb/mdc8004
.....U.. /dev/usb/mdc8005
.....U.. /dev/usb/mdc8006
.....U.. /dev/usb/mdc8007
.....U.. /dev/usb/mdc8008
.....U.. /dev/usb/mdc8009
.....U.. /dev/usb/rio500
.....U.. /dev/usb/scanner0
.....U.. /dev/usb/scanner1
.....U.. /dev/usb/scanner10
.....U.. /dev/usb/scanner11
.....U.. /dev/usb/scanner12
.....U.. /dev/usb/scanner13
.....U.. /dev/usb/scanner14
.....U.. /dev/usb/scanner15
.....U.. /dev/usb/scanner2
.....U.. /dev/usb/scanner3
.....U.. /dev/usb/scanner4
.....U.. /dev/usb/scanner5
.....U.. /dev/usb/scanner6
.....U.. /dev/usb/scanner7
.....U.. /dev/usb/scanner8
.....U.. /dev/usb/scanner9
.....U.. /dev/vbi0
.....U.. /dev/vbi1
.....U.. /dev/vbi2
.....U.. /dev/vbi3
.....U.. /dev/video/em8300
.....U.. /dev/video/em8300_ma
.....U.. /dev/video/em8300_mv
.....U.. /dev/video/em8300_sp
.....U.. /dev/video0
.....U.. /dev/video1
.....U.. /dev/video1394
.....U.. /dev/video2
.....U.. /dev/video3
.....U.. /dev/vtx
.....U.. /dev/vtx0
.....U.. /dev/vtx1
.....U.. /dev/vtx2
.....U.. /dev/vtx3
.....U.. /dev/winradio0
.....U.. /dev/winradio1
.....U.. /dev/winradio2
.....U.. /dev/winradio3
.M...... /dev/shm
S.5....T c /etc/openldap/ldap.conf
S.5....T c /etc/krb.conf
.......T c /etc/pam_smb.conf
S.5....T c /etc/pam.d/ppp
S.5....T c /etc/ppp/chap-secrets
S.5....T c /etc/ppp/pap-secrets
.......T c /etc/xinetd.d/rsync
S.5....T c /usr/share/a2ps/afm/fonts.map
.......T c /usr/share/fonts/default/Type1/fonts.dir
SM5....T c /etc/alchemist/namespace/printconf/local.adl
S.5....T c /etc/cups/cupsd.conf
S.5....T c /etc/cups/printers.conf
.M5....T c /etc/xinetd.d/cups-lpd
SM5....T c /etc/sysconfig/redhat-logviewer
......G. /usr/bin/cdrecord
....L... /usr/lib/libglide3.so.3
.M....G. /usr/bin/mkhybrid
.M....G. /usr/bin/mkisofs
S.5....T /usr/lib/qt-3.1/etc/settings/qtrc
S.5....T /usr/lib/openoffice/share/fonts/truetype/fonts.dir
S.5....T c /etc/X11/gdm/gdm.conf
..5....T c /etc/pam.d/kppp
S.5....T c /etc/security/console.apps/kppp
S.5....T c /etc/xinetd.d/ktalk
missing /usr/share/icewm/themes/metal2
missing /usr/share/icewm/themes/metal2/closeA.xpm
missing /usr/share/icewm/themes/metal2/closeI.xpm
missing /usr/share/icewm/themes/metal2/default.theme
missing /usr/share/icewm/themes/metal2/depthA.xpm
missing /usr/share/icewm/themes/metal2/depthI.xpm
missing /usr/share/icewm/themes/metal2/dframeAB.xpm
missing /usr/share/icewm/themes/metal2/dframeABL.xpm
missing /usr/share/icewm/themes/metal2/dframeABR.xpm
missing /usr/share/icewm/themes/metal2/dframeAL.xpm
missing /usr/share/icewm/themes/metal2/dframeAR.xpm
missing /usr/share/icewm/themes/metal2/dframeAT.xpm
missing /usr/share/icewm/themes/metal2/dframeATL.xpm
missing /usr/share/icewm/themes/metal2/dframeATR.xpm
missing /usr/share/icewm/themes/metal2/dframeIB.xpm
missing /usr/share/icewm/themes/metal2/dframeIBL.xpm
missing /usr/share/icewm/themes/metal2/dframeIBR.xpm
missing /usr/share/icewm/themes/metal2/dframeIL.xpm
missing /usr/share/icewm/themes/metal2/dframeIR.xpm
missing /usr/share/icewm/themes/metal2/dframeIT.xpm
missing /usr/share/icewm/themes/metal2/dframeITL.xpm
missing /usr/share/icewm/themes/metal2/dframeITR.xpm
missing /usr/share/icewm/themes/metal2/frameAB.xpm
missing /usr/share/icewm/themes/metal2/frameABL.xpm
missing /usr/share/icewm/themes/metal2/frameABR.xpm
missing /usr/share/icewm/themes/metal2/frameAL.xpm
missing /usr/share/icewm/themes/metal2/frameAR.xpm
missing /usr/share/icewm/themes/metal2/frameAT.xpm
missing /usr/share/icewm/themes/metal2/frameATL.xpm
missing /usr/share/icewm/themes/metal2/frameATR.xpm
missing /usr/share/icewm/themes/metal2/frameIB.xpm
missing /usr/share/icewm/themes/metal2/frameIBL.xpm
missing /usr/share/icewm/themes/metal2/frameIBR.xpm
missing /usr/share/icewm/themes/metal2/frameIL.xpm
missing /usr/share/icewm/themes/metal2/frameIR.xpm
missing /usr/share/icewm/themes/metal2/frameIT.xpm
missing /usr/share/icewm/themes/metal2/frameITL.xpm
missing /usr/share/icewm/themes/metal2/frameITR.xpm
missing /usr/share/icewm/themes/metal2/hideA.xpm
missing /usr/share/icewm/themes/metal2/hideI.xpm
missing /usr/share/icewm/themes/metal2/maximizeA.xpm
missing /usr/share/icewm/themes/metal2/maximizeI.xpm
missing /usr/share/icewm/themes/metal2/menuButtonA.xpm
missing /usr/share/icewm/themes/metal2/menuButtonI.xpm
missing /usr/share/icewm/themes/metal2/minimizeA.xpm
missing /usr/share/icewm/themes/metal2/minimizeI.xpm
missing /usr/share/icewm/themes/metal2/restoreA.xpm
missing /usr/share/icewm/themes/metal2/restoreI.xpm
missing /usr/share/icewm/themes/metal2/rolldownA.xpm
missing /usr/share/icewm/themes/metal2/rolldownI.xpm
missing /usr/share/icewm/themes/metal2/rollupA.xpm
missing /usr/share/icewm/themes/metal2/rollupI.xpm
missing /usr/share/icewm/themes/metal2/titleAB.xpm
missing /usr/share/icewm/themes/metal2/titleAL.xpm
missing /usr/share/icewm/themes/metal2/titleAM.xpm
missing /usr/share/icewm/themes/metal2/titleAP.xpm
missing /usr/share/icewm/themes/metal2/titleAR.xpm
missing /usr/share/icewm/themes/metal2/titleAS.xpm
missing /usr/share/icewm/themes/metal2/titleAT.xpm
missing /usr/share/icewm/themes/metal2/titleIB.xpm
missing /usr/share/icewm/themes/metal2/titleIL.xpm
missing /usr/share/icewm/themes/metal2/titleIM.xpm
missing /usr/share/icewm/themes/metal2/titleIP.xpm
missing /usr/share/icewm/themes/metal2/titleIR.xpm
missing /usr/share/icewm/themes/metal2/titleIS.xpm
missing /usr/share/icewm/themes/metal2/titleIT.xpm
missing /usr/share/icewm/themes/motif
missing /usr/share/icewm/themes/motif/close.xpm
missing /usr/share/icewm/themes/motif/default.theme
missing /usr/share/icewm/themes/motif/maximize.xpm
missing /usr/share/icewm/themes/motif/menu.xpm
missing /usr/share/icewm/themes/motif/minimize.xpm
missing /usr/share/icewm/themes/motif/restore.xpm
S.5....T c /etc/pam.d/system-auth
..5....T c /etc/inittab
..5....T c /etc/pam.d/halt
..5....T c /etc/pam.d/reboot
missing /misc
S.5....T c /etc/ldap.conf
missing /var/log/vbox
S.5....T c /etc/sysconfig/rhn/up2date-uuid
S.5....T c /etc/anacrontab
.......T c /etc/yp.conf
missing /usr/X11R6/lib/libGL.so.1
missing /usr/X11R6/lib/libGL.so.1.2
....L... /usr/lib/libGL.so.1
S.5....T c /etc/xinetd.d/chargen
.......T c /etc/xinetd.d/chargen-udp
S.5....T c /etc/xinetd.d/daytime
S.5....T c /etc/xinetd.d/daytime-udp
S.5....T c /etc/xinetd.d/echo
S.5....T c /etc/xinetd.d/echo-udp
S.5....T c /etc/xinetd.d/servers
S.5....T c /etc/xinetd.d/services
S.5....T c /etc/xinetd.d/time
S.5....T c /etc/xinetd.d/time-udp
S.5..... c /etc/rndc.key
S.5....T /usr/share/redhat-config-bind/FwdZone.pyc
S.5....T /usr/share/redhat-config-bind/dnsdata.pyc
S.5....T /usr/share/redhat-config-bind/dnsdata_base.pyc
missing /usr/X11R6/lib/modules/extensions/libGLcore.a
missing /usr/X11R6/lib/modules/extensions/libglx.a
missing /usr/share/xmms/Skins/AbsoluteE_Xmms.zip
missing /usr/share/xmms/Skins/BlackXMMS.zip
missing /usr/share/xmms/Skins/BlueSteel.zip
missing /usr/share/xmms/Skins/BrushedMetal_Xmms.zip
missing /usr/share/xmms/Skins/ColderXMMS.tar.gz
missing /usr/share/xmms/Skins/GTK+.zip
missing /usr/share/xmms/Skins/Marble.zip
missing /usr/share/xmms/Skins/Panic.zip
missing /usr/share/xmms/Skins/Vulcan.zip
missing /usr/share/xmms/Skins/X-Tra.zip
missing /usr/share/xmms/Skins/XawMMS.zip
missing /usr/share/xmms/Skins/blackstar.zip
missing /usr/share/xmms/Skins/sinistar.zip
missing /usr/share/xmms/Skins/titanium.zip
missing /usr/share/xmms/Skins/xmms-256.zip
missing /usr/X11R6/lib/libGL.a
missing /usr/X11R6/lib/libGL.so
....L... /usr/lib/libGL.so
Unsatisfied dependencies for seahorse-0.6.2-0: libgpgme.so.6

agent007
administrator
administrator
 
Posts: 254
Joined: Wed Feb 12, 2003 11:26 pm
Top

Postby agent007 » Fri Jun 20, 2003 11:38 pm

IS chkroot the best app for scanning for r00tkits? Also, how can it give a false alarm? Is there a bug in chkproc?

thanks.
agent007
administrator
administrator
 
Posts: 254
Joined: Wed Feb 12, 2003 11:26 pm
Top

Postby Void Main » Sat Jun 21, 2003 8:36 am

I just got it to say I had 26 processes hidden and have a possible LKM. This is on a system on my internal network that is behind my firewall that allows nothing into the internal network. It is also after running few clean scans:

Code: Select all
Checking `lkm'... You have    26 process hidden for readdir command
Warning: Possible LKM Trojan installed


and "chkrootkit -x lkm":

Code: Select all

ROOTDIR is `/'
###
### Output of: ./chkproc -v -v
###
PID 22151: not in readdir output
CWD 22151: /var/lib/mysql
EXE 22151: /usr/libexec/mysqld
PID 24756: not in readdir output
CWD 24756: /
EXE 24756: /usr/sbin/slapd
PID 24761: not in readdir output
CWD 24761: /
EXE 24761: /usr/sbin/slapd
PID 24785: not in readdir output
CWD 24785: /
EXE 24785: /usr/sbin/slapd
PID 26878: not in readdir output
CWD 26878: /home/voidmain
EXE 26878: /usr/bin/nautilus
PID 26879: not in readdir output
CWD 26879: /home/voidmain
EXE 26879: /usr/bin/nautilus
PID 26880: not in readdir output
CWD 26880: /home/voidmain
EXE 26880: /usr/bin/nautilus
PID 26881: not in readdir output
CWD 26881: /home/voidmain
EXE 26881: /usr/bin/nautilus
PID 26882: not in readdir output
CWD 26882: /home/voidmain
EXE 26882: /usr/bin/nautilus
PID 26883: not in readdir output
CWD 26883: /home/voidmain
EXE 26883: /usr/bin/nautilus
PID 26884: not in readdir output
CWD 26884: /home/voidmain
EXE 26884: /usr/bin/nautilus
PID 26885: not in readdir output
CWD 26885: /home/voidmain
EXE 26885: /usr/bin/nautilus
PID 26896: not in readdir output
CWD 26896: /home/voidmain
EXE 26896: /usr/libexec/gweather-applet-2
PID 26897: not in readdir output
CWD 26897: /home/voidmain
EXE 26897: /usr/libexec/gweather-applet-2
PID 26987: not in readdir output
CWD 26987: /home/voidmain
EXE 26987: /usr/lib/mozilla-1.2.1/mozilla-bin
PID 26988: not in readdir output
CWD 26988: /home/voidmain
EXE 26988: /usr/lib/mozilla-1.2.1/mozilla-bin
PID 27005: not in readdir output
CWD 27005: /home/voidmain
EXE 27005: /usr/lib/mozilla-1.2.1/mozilla-bin
PID 27006: not in readdir output
CWD 27006: /
EXE 27006: /usr/bin/evolution-mail
PID 27007: not in readdir output
CWD 27007: /
EXE 27007: /usr/bin/evolution-mail
PID 27008: not in readdir output
CWD 27008: /
EXE 27008: /usr/bin/evolution-mail
PID 27009: not in readdir output
CWD 27009: /
EXE 27009: /usr/bin/evolution-mail
PID 27012: not in readdir output
CWD 27012: /
EXE 27012: /usr/bin/evolution-mail
PID 27013: not in readdir output
CWD 27013: /
EXE 27013: /usr/bin/evolution-mail
PID 27022: not in readdir output
CWD 27022: /
EXE 27022: /usr/bin/evolution-mail
PID 27023: not in readdir output
CWD 27023: /
EXE 27023: /usr/bin/evolution-mail
You have    25 process hidden for readdir command


I just started nautilus during my scan and clicked a few directories. So it appears nautilus might be the thing causing our false alarms.

Here is another example of a false alarm:
https://listman.redhat.com/archives/pho ... 01947.html

To be honest with you I don't use chkrootkit on a regular basis. I prefer to keep my system up to date, have a good firewall setup, follow good security practices (of which running chkrootkit could be a part of). I would opt for tripwire instead of chkrootkit. Actually you might run chkrootkit in response to a tripwire alarm. I much prefer preventative/proactive measures.
User avatar
Void Main
Site Admin
Site Admin
 
Posts: 5705
Joined: Wed Jan 08, 2003 5:24 am
Location: Tuxville, USA
Top
Post a reply

Return to Fedora/Red Hat

Who is online

Users browsing this forum: No registered users and 2 guests

Powered by phpBB® Forum Software © phpBB Group
cron