今天晚上跑了,我得到了这个结果:
[04:17:34] System checks summary [04:17:34] ===================== [04:17:34] [04:17:34] File properties checks... [04:17:34] Files checked: 133 [04:17:34] Suspect files: 16 [04:17:34] [04:17:34] Rootkit checks... [04:17:34] Rootkits checked : 245 [04:17:34] Possible rootkits: 1 [04:17:34] Rootkit names : Slapper Worm [04:17:34] [04:17:34] Applications checks... [04:17:34] All checks skipped [04:17:34] [04:17:34] The system checks took: 2 minutes and 27 seconds [04:17:34] [04:17:34] Info: End date is Sat Jul 12 04:17:34 UTC 2014 说可能的Rootkit“Slapper Worm”,它指向这个文件:
[04:16:42] Checking for Slapper Worm... [04:16:42] Checking for file '/tmp/.bugtraq' [ Not found ] [04:16:42] Checking for file '/tmp/.uubugtraq' [ Not found ] [04:16:42] Checking for file '/tmp/.bugtraq.c' [ Not found ] [04:16:42] Checking for file '/tmp/httpd' [ Not found ] [04:16:42] Checking for file '/tmp/.unlock' [ Not found ] [04:16:42] Checking for file '/tmp/update' [ Found ] [04:16:42] Checking for file '/tmp/.cinik' [ Not found ] [04:16:43] Checking for file '/tmp/.b' [ Not found ] [04:16:43] Warning: Slapper Worm [ Warning ] [04:16:43] File '/tmp/update' found
我删除了这个文件,但似乎没有什么严重的? 我应该担心我可能会有rootkit吗? 将删除此文件解决这个问题?
在这种情况下,我不会太担心,因为它只检测到一个文件名存在,由于update单词的共同特性,不可能由完全不相关的东西创build。 像/tmp/.bugtraq这些更重要的文件丢失了。 另外, Slapper已经有12年的历史,并且使用了一个长期被closures的漏洞。
如果因为怀疑感染而跑步,可以进一步调查,但是如果是常规手术,就要结束这个事情。