Question about chkrootkit entry
Hello,
I installed chkrootkit on my server and it gave this result:
Checking `bindshell'... INFECTED (PORTS: 465)
After this I ran the following commands:
root@server [~/chkrootkit-0.43]# fuser 465/tcp
465/tcp: 32735
root@server [~/chkrootkit-0.43]# ps -ef | grep -i 32735
mailnull 32735 1 0 May13 ? 00:00:00 /usr/sbin/exim -tls-on-connect -bd -oX 465
root 25309 24033 0 09:52 pts/2 00:00:00 grep -i 32735
Is this root user ok? Or is this a security bug?
-
Hello @tym busku This is not a security issue. It is exim running over SSL/TLS chkrootkit. No worries there and is safe. It's a negative. chkrootkit scanned for 465 port and found that something is running on the port. Since the bindshell (as per its database), runs on port 465, it said the bindshell infected. No worries and that is is running as mailnull and not as root (root is the user who ran the grep command) 0 -
Hello As suggested by @SS-Maddy this looks pretty normal. Please let us know if you have any further questions. Thanks! 0
Please sign in to leave a comment.
Comments
2 comments