• We’re currently investigating an issue related to the forum theme and styling that is impacting page layout and visual formatting. The problem has been identified, and we are actively working on a resolution. There is no impact to user data or functionality, this is strictly a front-end display issue. We’ll post an update once the fix has been deployed. Thanks for your patience while we get this sorted.

chkrootkit warning "Checking `bindshell'... INFECTED (PORTS: 60001)"

B

bubba

Golden Member

I get the following warning from chkrootkit (http://www.chkrootkit.org/):

Checking `bindshell'... INFECTED (PORTS: 60001)

Now from their site:

If you're running PortSentry/klaxon or another program that binds itself to unused ports probably chkrootkit will give you a false positive on the bindshell test (ports 114/tcp, 465/tcp, 511/tcp, 1008/tcp, 1524/tcp, 1999/tcp, 3879/tcp, 4369/tcp, 5665/tcp, 10008/tcp, 12321/tcp, 23132/tcp, 27374/tcp, 29364/tcp, 31336/tcp, 31337/tcp, 45454/tcp, 47017/tcp, 47889/tcp, 60001/tcp).
Click to expand...

However, I didn't setup portsentry. These are RedHat 7.3 machines. I am wondering if this is still a false positive and that something else is binding itself to port 60001. Does anyone have any insight into this, or am I just screwed???
 
Ok... Are these production machines? Are they all doing this? This is tough to do without being there personaally and knowing all the facts 😉

You can try downloading lsof and trying to get that to work to see what is binding to that port. Best case scenario would be to make an image of the drive, mount the drive in another machine ro, and look around that way... But its also tough to do. So try lsof and see if that shows what process is binding to that port.
 


Ahhhhh *whew*!!!

sinfod is using that port. That is a very nice top-style utility for all my cluster machines. I can run that and see what is running on every machine in all the clusters. Thank god it is just that!

 
You must log in or register to reply here.

TRENDING THREADS

Back
Top