09-06-2012, 10:22 PM
oh ya mau tanya, jika kita terinfeksi sama malware backdoor, bagaimna cara menghapusnya dengan menggunakan 2 tools di atas?
Quote:[21:28:28] Info: Starting test name 'passwd_changes'
[21:28:28] Checking for passwd file changes [ Warning ]
[21:28:28] Warning: Changes found in the passwd file for user 'nobody':
[21:28:28] Warning: Changes found in the passwd file for user 'messagebus':
[21:28:28] The GID has changed from '113' to '112'
[21:28:29] Warning: User 'mysql' has been added to the passwd file.
[21:28:29] Warning: User 'avahi' has been added to the passwd file.
[21:28:29] Warning: User 'snort' has been added to the passwd file.
[21:28:29] Warning: User 'statd' has been added to the passwd file.
[21:28:29] Warning: User 'usbmux' has been added to the passwd file.
[21:28:29] Warning: User 'pulse' has been added to the passwd file.
[21:28:30] Warning: User 'rtkit' has been added to the passwd file.
[21:28:30] Warning: User 'festival' has been added to the passwd file.
[21:28:30] Warning: User 'debian-tor' has been added to the passwd file.
[21:28:30] Warning: User 'haldaemon' has been removed from the passwd file.
[21:28:30]
[21:28:30] Info: Starting test name 'group_changes'
[21:28:30] Checking for group file changes [ Warning ]
[21:28:30] Warning: Changes found in the group file for group 'nogroup':
[21:28:31] Warning: Changes found in the group file for group 'messagebus':
[21:28:31] The group number has changed from '113' to '112'
[21:28:31] Warning: Group 'mysql' has been added to the group file.
[21:28:31] Warning: Group 'avahi' has been added to the group file.
[21:28:31] Warning: Group 'snort' has been added to the group file.
[21:28:31] Warning: Group 'pulse' has been added to the group file.
[21:28:32] Warning: Group 'rtkit' has been added to the group file.
[21:28:32] Warning: Group 'pulse-access' has been added to the group file.
[21:28:32] Warning: Changes found in the group file for group 'ssl-cert':
[21:28:32] The group number has changed from '112' to '119'
[21:28:32] Warning: Group 'winbindd_priv' has been added to the group file.
[21:28:32] Warning: Group 'debian-tor' has been added to the group file.
[21:28:33] Warning: Group 'haldaemon' has been removed from the group file.
[21:28:33] Checking root account shell history files [ OK ]
[21:28:33]
[21:28:33] Info: Starting test name 'system_configs'
[21:28:33] Performing system configuration file checks
[21:28:33] Checking for SSH configuration file [ Found ]
[21:28:33] Info: Found SSH configuration file: /etc/ssh/sshd_config
[21:28:33] Info: Rkhunter option ALLOW_SSH_ROOT_USER set to 'no'.
[21:28:33] Info: Rkhunter option ALLOW_SSH_PROT_V1 set to '0'.
[21:28:33] Checking if SSH root access is allowed [ Warning ]
[21:28:34] Warning: The SSH and rkhunter configuration options should be the same:
[21:28:34] SSH configuration option 'PermitRootLogin': yes
[21:28:34] Rkhunter configuration option 'ALLOW_SSH_ROOT_USER': no
[21:28:34] Checking if SSH protocol v1 is allowed [ Not allowed ]
[21:28:34] Checking for running syslog daemon [ Found ]
[21:28:34] Info: Found rsyslog configuration file: /etc/rsyslog.conf
[21:28:34] Checking for syslog configuration file [ Found ]
[21:28:34] Checking if syslog remote logging is allowed [ Not allowed ]
[21:28:35]
[21:28:35] Info: Starting test name 'filesystem'
[21:28:35] Performing filesystem checks
[21:28:35] Info: SCAN_MODE_DEV set to 'THOROUGH'
[21:28:36] Checking /dev for suspicious file types [ Warning ]
[21:28:36] Warning: Suspicious file types found in /dev:
[21:28:36] /dev/shm/pulse-shm-674156976: data
[21:28:36] /dev/shm/pulse-shm-4263131944: data
[21:28:36] /dev/shm/pulse-shm-4263860934: data
[21:28:37] Checking for hidden files and directories [ Warning ]
[21:28:37] Warning: Hidden directory found: /etc/.java
[21:28:37] Warning: Hidden directory found: /dev/.udev
[21:28:37] Warning: Hidden directory found: /dev/.initramfs
[21:29:20]
[21:29:20] Info: Starting test name 'apps'
[21:29:20] Checking application versions...
[21:29:21] Info: Application 'exim' not found.
[21:29:22] Checking version of GnuPG [ Warning ]
[21:29:22] Warning: Application 'gpg', version '1.4.10', is out of date, and possibly a security risk.
[21:29:22] Info: Application 'httpd' not found.
[21:29:22] Info: Application 'named' not found.
[21:29:22] Checking version of OpenSSL [ Warning ]
[21:29:22] Warning: Application 'openssl', version '0.9.8k', is out of date, and possibly a security risk.
[21:29:22] Checking version of PHP [ Warning ]
[21:29:23] Warning: Application 'php', version '5.3.2', is out of date, and possibly a security risk.
[21:29:23] Info: Application 'procmail' not found.
[21:29:23] Info: Application 'proftpd' not found.
[21:29:23] Checking version of OpenSSH [ OK ]
[21:29:23] Info: Application 'sshd' version '5.3p1' found.
[21:29:23] Info: Applications checked: 4 out of 9
[21:29:23]
[21:29:23] System checks summary
[21:29:23] =====================
[21:29:23]
[21:29:23] File properties checks...
[21:29:23] Required commands check failed
[21:29:23] Files checked: 134
[21:29:24] Suspect files: 4
[21:29:24]
[21:29:24] Rootkit checks...
[21:29:24] Rootkits checked : 245
[21:29:24] Possible rootkits: 0
[21:29:24]
[21:29:24] Applications checks...
[21:29:24] Applications checked: 4
[21:29:24] Suspect applications: 3
[21:29:24]
[21:29:24] The system checks took: 5 minutes and 54 seconds
[21:29:24]
[21:29:24] Info: End date is Thu Sep 6 21:29:24 WIT 2012
root@bt:~#
ada kodok teroret teroret dipinggir kali terorret teroret mencari makan teroret teroret setiap pagi teroret teroret
visit: http://warungiso.blogspot.com/
I was not smart or special but I was unix
visit: http://warungiso.blogspot.com/
I was not smart or special but I was unix
