en

在网络安全中经常会遇到rootkit

Version:2007103001
#
# We start with the definitions of the message types and results. There
# are very few of these, so including these and all the parts of each
# message in one file makes sense and for easier translation.
#
# The message type MSG_TYPE_PLAIN is used for ordinary messages. It has
# no specific value, and is intercepted in the display function. It is
# included here for completeness. The index names of MSG_TYPE_ and
# MSG_RESULT_ are reserved - no messages can use this as part of its index.
#
MSG_TYPE_PLAIN:
MSG_TYPE_INFO:Info
MSG_TYPE_WARNING:Warning


#
# This is the list of message results.
#
MSG_RESULT_OK:OK
MSG_RESULT_SKIPPED:Skipped
MSG_RESULT_WARNING:Warning
MSG_RESULT_FOUND:Found
MSG_RESULT_NOT_FOUND:Not found
MSG_RESULT_NONE_FOUND:None found
MSG_RESULT_ALLOWED:Allowed
MSG_RESULT_NOT_ALLOWED:Not allowed
MSG_RESULT_UNSET:Not set

MSG_RESULT_UPD:Updated
MSG_RESULT_NO_UPD:No update
MSG_RESULT_UPD_FAILED:Update failed
MSG_RESULT_VCHK_FAILED:Version check failed


#
# The messages.
#
VERSIONLINE:[ $1 version $2 ]
VERSIONLINE2:Running $1 version $2 on $3
VERSIONLINE3:Running $1 version $2

RKH_STARTDATE:Start date is $1
RKH_ENDDATE:End date is $1

OPSYS:Detected operating system is '$1'
UNAME:Uname output is '$1'

CONFIG_CHECK_START:Checking configuration file and command-line options...
CONFIG_CMDLINE:Command line is $1
CONFIG_ENVSHELL:Environment shell is $1; rkhunter is using $2
CONFIG_CONFIGFILE:Using configuration file '$1'
CONFIG_INSTALLDIR:Installation directory is '$1'
CONFIG_LANGUAGE:Using language '$1'
CONFIG_DBDIR:Using '$1' as the database directory
CONFIG_SCRIPTDIR:Using '$1' as the support script directory
CONFIG_BINDIR:Using '$1' as the command directories
CONFIG_ROOTDIR:Using '$1' as the root directory
CONFIG_TMPDIR:Using '$1' as the temporary directory
CONFIG_NO_MAIL_ON_WARN:No mail-on-warning address configured
CONFIG_MOW_DISABLED:Disabling use of mail-on-warning at users request
CONFIG_MAIL_ON_WARN:Emailing warnings to '$1' using command '$2'
CONFIG_SSH_ROOT:Rkhunter option ALLOW_SSH_ROOT_USER set to '$1'.
CONFIG_SSH_PROTV1:Rkhunter option ALLOW_SSH_PROT_V1 set to '$1'.
CONFIG_X_AUTO:X will be automatically detected
CONFIG_CLRSET2:Using second color set
CONFIG_NO_SHOW_SUMMARY:Disabling system check summary at users request
CONFIG_SCAN_MODE_DEV:SCAN_MODE_DEV set to '$1'
CONFIG_NO_VL:Disabling verbose logging at users request
CONFIG_XINETD_PATH:Using $1 configuration file '$2'
CONFIG_SOL10_INETD:Using Solaris 10 and later inetd mechanism
CONFIG_LOCAL_RC_DIR:Using system startup directory: $1
CONFIG_LOCAL_RC_FILE:Using local startup file(s): $1
CONFIG_ROTATE_MIRRORS:The mirrors file will be rotated
CONFIG_NO_ROTATE_MIRRORS:The mirrors file will not be rotated
CONFIG_UPDATE_MIRRORS:The mirrors file will be updated
CONFIG_NO_UPDATE_MIRRORS:The mirrors file will not be updated
CONFIG_MIRRORS_MODE0:Both local and remote mirrors will be used
CONFIG_MIRRORS_MODE1:Only local mirrors will be used
CONFIG_MIRRORS_MODE2:Only remote mirrors will be used

FOUND_CMD:Found the '$1' command: $2
NOT_FOUND_CMD:Unable to find the '$1' command
CMD_ERROR:The command '$1' gave error code $2.

SYS_PRELINK:System is using prelinking
SYS_NO_PRELINK:System is not using prelinking
SYS_SELINUX:SELinux is enabled
SYS_NO_SELINUX:SELinux is disabled

HASH_FUNC_PRELINK:Using prelink command (with $1) for file hash checks
HASH_FUNC_PERL:Using the perl $1 module for the file hash checks
HASH_FUNC:Using the '$1' command for the file hash checks
HASH_FUNC_NONE:File hash checks disabled: NONE specified
HASH_FUNC_NONE_PKGMGR:File hash function NONE specified: only package manager will be used
HASH_FUNC_DISABLED:Hash function set to 'NONE': automatically disabling file hash checks
HASH_FUNC_OLD:Stored hash values used hash function '$1'
HASH_FUNC_OLD_DISABLED:Previous hash function was disabled: no hash values were stored
HASH_PKGMGR_OLD:Stored hash values used package manager '$1' (md5 function)
HASH_PKGMGR_OLD_UNSET:Stored hash values did not use a package manager

HASH_PKGMGR:Using package manager '$1' for file property checks
HASH_PKGMGR_MD5:Using MD5 hash function command '$1' to assist package manager verification
HASH_PKGMGR_NOT_SPEC:No package manager specified: using hash function '$1'
HASH_PKGMGR_NOT_SPEC_PRELINKED:No package manager specified: using prelink command with '$1'

HASH_FIELD_INDEX:The hash function field index is set to $1

HASHUPD_DISABLED:Hash checks disabled: current file hash values will not be stored
HASHUPD_PKGMGR:Using package manager '$1' to update the file hash values
HASHUPD_PKGMGR_NOT_SPEC:No file hash update package manager specified: using hash function '$1'
HASHUPD_PKGMGR_NOT_SPEC_PRELINKED:No file hash update package manager specified: using prelink command with '$1'

ATTRUPD_DISABLED:File attribute checks disabled: current file attributes will not be stored
ATTRUPD_NOSTATCMD:File attribute checks disabled: no 'stat' command found: current file attributes will not be stored
ATTRUPD_OK:Current file attributes will be stored
ATTRUPD_OLD_DISABLED:Previous file attributes were disabled: no file attributes were stored
ATTRUPD_OLD_NOSTATCMD:Previous file attributes were disabled: no 'stat' command found: no file attributes were stored
ATTRUPD_OLD_OK:Previous file attributes were stored

GRSECINSTALLED:Found grsecurity installed

SYSLOG_ENABLED:Using syslog for some logging - facility/priority level is '$1'.
SYSLOG_DISABLED:Disabling use of syslog at users request.
SYSLOG_NO_LOGGER:Disabling use of syslog - unable to find 'logger' command.

NAME:$1
PRESSENTER:[Press <ENTER> to continue]
TEST_SKIPPED_OS:Test '$1' skipped due to O/S: $2

SUMMARY_TITLE1:System checks summary
SUMMARY_TITLE2:=====================
SUMMARY_PROP_SCAN:File properties checks...
SUMMARY_PROP_REQCMDS:Required commands check failed
SUMMARY_PROP_COUNT:Files checked: $1
SUMMARY_PROP_FAILED:Suspect files: $1
SUMMARY_CHKS_SKIPPED:All checks skipped
SUMMARY_RKT_SCAN:Rootkit checks...
SUMMARY_RKT_COUNT:Rootkits checked : $1
SUMMARY_RKT_FAILED:Possible rootkits: $1
SUMMARY_RKT_NAMES:Rootkit names    : $1
SUMMARY_APPS_SCAN:Applications checks...
SUMMARY_APPS_COUNT:Applications checked: $1
SUMMARY_APPS_FAILED:Suspect applications: $1
SUMMARY_SCAN_TIME:The system checks took: $1
SUMMARY_NO_SCAN_TIME:The system check took: Unable to determine clock time
SUMMARY_LOGFILE:All results have been written to the logfile ($1)
SUMMARY_NO_LOGFILE:No log file created.

CREATED_TEMP_FILE:Created temporary file '$1'

MIRRORS_NO_FILE:The mirrors file '$1' does not exist.
MIRRORS_NO_MIRRORS:The mirrors file '$1' has no required mirrors in it.
MIRRORS_NO_VERSION:The mirrors file '$1' has no version number - resetting to zero.
MIRRORS_ROTATED:Mirrors file '$1' has been rotated.
MIRRORS_SF_DEFAULT:Using the SourceForge mirror: $1

DOWNLOAD_CMD:Executing download command '$1'
DOWNLOAD_FAIL:Download failed - $1 mirrors left.

VERSIONCHECK_START:Checking rkhunter version...
VERSIONCHECK_FAIL_ALL:Download failed: Unable to determine the latest program version number.
VERSIONCHECK_CURRENT:This version  : $1
VERSIONCHECK_LATEST:Latest version: $1
VERSIONCHECK_LATEST_FAIL:Latest version: Download failed
VERSIONCHECK_UPDT_AVAIL:Update available
VERSIONCHECK_CONV_FAIL:Unable to compare version numbers: Program: '$1'    Latest: '$2'

UPDATE_START:Checking rkhunter data files...
UPDATE_CHECKING_FILE:Checking file $1
UPDATE_FILE_NO_VERS:File '$1' has no valid version number. Downloading a new copy.
UPDATE_FILE_MISSING:File '$1' is missing or empty. Downloading a new copy.
UPDATE_DOWNLOAD_FAIL:Download of '$1' failed: Unable to determine the latest version number.
UPDATE_I18N_NO_VERS:No i18n language file version numbers can be found.

OSINFO_START:Checking if the O/S has changed since last time...
OSINFO_END:Nothing seems to have changed
OSINFO_HOST_CHANGE1:The host name has changed since the last run:
OSINFO_HOST_CHANGE2:Old host value: $1    New value: $2
OSINFO_OSVER_CHANGE1:The O/S name or version has changed since the last run:
OSINFO_OSVER_CHANGE2:Old O/S value: $1    New value: $2
OSINFO_PRELINK_CHANGE:The system has changed to ${1}using prelinking since the last run.
OSINFO_ARCH_CHANGE1:The system seems to have changed CPU type:
OSINFO_ARCH_CHANGE2:Old CPU value: $1    New value: $2
OSINFO_MSG1:Because of the change(s) the file properties checks may give some false-positive results.
OSINFO_MSG2:You may need to re-run rkhunter with the '--propupd' option.

SET_FILE_PROP_START:Getting file properties...
SET_FILE_PROP_DIR_FILE_COUNT:Found $1 files in $2
SET_FILE_PROP_FILE_COUNT:File $1: searched for $2 files, found $3
SET_FILE_PROP_FILE_COUNT_NOHASH:File $1: searched for $2 files, found $3, missing hashes $4

PROPUPD_START:Starting file properties data update...
PROPUPD_OSINFO_START:Collecting O/S info...
PROPUPD_ARCH_FOUND:Found system architecture: $1
PROPUPD_REL_FILE:Found release file: $1
PROPUPD_NO_REL_FILE:Unable to find a release file: LS output shows:
PROPUPD_OSNAME_FOUND:Found O/S name: $1
PROPUPD_ERROR:Error installing new rkhunter.dat file. Code $1
PROPUPD_NEW_DAT_FILE:New rkhunter.dat file installed in '$1'
PROPUPD_WARN:WARNING! It is the users responsibility to ensure that when the '--propupd' option
PROPUPD_WARN:is used, all the files on their system are known to be genuine, and installed from a
PROPUPD_WARN:reliable source. The rkhunter '--check' option will compare the current file properties
PROPUPD_WARN:against previously stored values, and report if any values differ. However, rkhunter
PROPUPD_WARN:cannot determine what has caused the change, that is for the user to do.

ENABLED_TESTS:Enabled tests are: $1
DISABLED_TESTS:Disabled tests are: $1

KSYMS_FOUND:Found ksym file '$1'
KSYMS_MISSING:All ksyms and kallsyms checks will be skipped - neither file is present on the system.

STARTING_TEST:Starting test name '$1'
USER_DISABLED_TEST:Test '$1' disabled at users request.

CHECK_START:Starting system checks...
CHECK_WARNINGS_NOT_FOUND:No warnings were found while checking the system.
CHECK_WARNINGS_FOUND:One or more warnings have been found while checking the system.
CHECK_WARNINGS_FOUND_RERUN:Please re-run rkhunter, ensuring that a log file is created.
CHECK_WARNINGS_FOUND_CHK_LOG:Please check the log file ($1)

CHECK_SYS_COMMANDS:Checking system commands...
STRINGS_CHECK_START:Performing 'strings' command checks
STRINGS_SCANNING_OK:Scanning for string $1
STRINGS_SCANNING_BAD:Scanning for string $1
STRINGS_SCANNING_BAD:String not found in 'strings' command
STRINGS_CHECK:Checking 'strings' command
STRINGS_CHECK:Check skipped - no 'strings' command found.

FILE_PROP_START:Performing file properties checks
FILE_PROP_CMDS:Checking for prerequisites
FILE_PROP_IMMUT_OS:Skipping all immutable-bit checks. This check is only available for Linux systems.
FILE_PROP_SKIP_ATTR:Unable to find 'stat' command - all file attribute checks will be skipped.
FILE_PROP_SKIP_HASH:All file hash checks will be skipped because:
FILE_PROP_SKIP_HASH_FUNC:The current hash function ($1) or package manager ($2) is incompatible with the hash function ($3) or package manager ($4) used to store the values.
FILE_PROP_SKIP_HASH_PRELINK:Unable to find 'prelink' command.
FILE_PROP_SKIP_HASH_SHA1:This system uses prelinking, but the hash function command does not look like SHA1 or MD5.
FILE_PROP_SKIP_HASH_LIBSAFE:Libsafe was found, which can cause errors. If possible, disable libsafe and then run the prelink command. Finally, recreate the hash values using 'rkhunter --propupd'.
FILE_PROP_SKIP_IMMUT:Unable to find 'lsattr' command - all file immutable-bit checks will be skipped.
FILE_PROP_SKIP_SCRIPT:Unable to find 'file' command - all script replacement checks will be skipped.
FILE_PROP_OS_CHANGED:The local host configuration or operating system has changed.
FILE_PROP_DAT_MISSING:The file of stored file properties (rkhunter.dat) does not exist, and so must be created. To do this type in 'rkhunter --propupd'.
FILE_PROP_DAT_EMPTY:The file of stored file properties (rkhunter.dat) is empty, and so must be created. To do this type in 'rkhunter --propupd'.
FILE_PROP_SKIP_ALL:All file property checks are now being skipped.

FILE_PROP_FILE_NOT_EXIST:The file '$1' does not exist on the system, but it is present in the rkhunter.dat file.
FILE_PROP_WL:Found file '$1': it is whitelisted for the '$2' check.
FILE_PROP_WL_DIR:Found directory '$1': it is whitelisted for the '$2' check.
FILE_PROP_NO_RKH_REC:The file '$1' exists on the system, but it is not present in the rkhunter.dat file.
FILE_PROP_CHANGED:The file properties have changed:
FILE_PROP_CHANGED2:File: $1
FILE_PROP_NO_PKGMGR_FILE:File '$1' hash value skipped: file does not belong to a package
FILE_PROP_NO_SYSHASH:No hash value found for file '$1'
FILE_PROP_NO_SYSHASH_CMD:Hash command output: $1
FILE_PROP_NO_SYSHASH_DEPENDENCY:Try running the command 'prelink $1' to resolve dependency errors.
FILE_PROP_SYSHASH_UNAVAIL:Current hash: Unavailable
FILE_PROP_SYSHASH:Current hash: $1
FILE_PROP_RKHHASH:Stored hash : $1
FILE_PROP_NO_RKHHASH:No hash value found for file '$1' in the rkhunter.dat file.
FILE_PROP_NO_RKHPERM:No file permissions value found for file '$1' in the rkhunter.dat file.
FILE_PROP_PERM_UNAVAIL:Current permissions: Unavailable    Stored permissions: $1
FILE_PROP_PERM:Current permissions: $1    Stored permissions: $2
FILE_PROP_UID_UNAVAIL:Current uid: Unavailable    Stored uid: $1
FILE_PROP_UID:Current uid: $1    Stored uid: $2
FILE_PROP_NO_RKHUID:No user-id value found for file '$1' in the rkhunter.dat file.
FILE_PROP_GID_UNAVAIL:Current gid: Unavailable    Stored gid: $1
FILE_PROP_GID:Current gid: $1    Stored gid: $2
FILE_PROP_NO_RKHGID:No group-id value found for file '$1' in the rkhunter.dat file.
FILE_PROP_INODE_UNAVAIL:Current inode: Unavailable    Stored inode: $1
FILE_PROP_INODE:Current inode: $1    Stored inode: $2
FILE_PROP_NO_RKHINODE:No inode value found for file '$1' in the rkhunter.dat file.