📄 en
字号:
FILE_PROP_SIZE_UNAVAIL:Current size: Unavailable Stored size: $1FILE_PROP_SIZE:Current size: $1 Stored size: $2FILE_PROP_NO_RKHSIZE:No size value found for file '$1' in the rkhunter.dat file.FILE_PROP_SYSDTM_UNAVAIL:Current file modification time: UnavailableFILE_PROP_SYSDTM:Current file modification time: $1FILE_PROP_RKHDTM:Stored file modification time : $1FILE_PROP_NO_RKHDTM:No file modification time value found for file '$1' in the rkhunter.dat file.FILE_PROP_NO_SYSATTR:Unable to obtain current properties for file '$1'FILE_PROP_WRITE:Write permission is set on file '$1' for all users.FILE_PROP_SYSPERM_UNAVAIL:Unable to obtain current write permission for file '$1'FILE_PROP_IMMUT:File '$1' has the immutable-bit set.FILE_PROP_SCRIPT:The command '$1' has been replaced by a script: $2FILE_PROP_SCRIPT_RKH:The command '$1' has been replaced and is not a script: $2FILE_PROP_VRFY:Package manager verification has failed:FILE_PROP_VRFY_HASH:The file hash value has changedFILE_PROP_VRFY_PERM:The file permissions have changedFILE_PROP_VRFY_UID:The file owner has changedFILE_PROP_VRFY_GID:The file group has changedFILE_PROP_VRFY_DTM:The file modification time has changedFILE_PROP_VRFY_SIZE:The file size has changedCHECK_ROOTKITS:Checking for rootkits...ROOTKIT_FILES_DIRS_START:Performing check of known rootkit files and directoriesROOTKIT_FILES_DIRS_NAME_LOG:Checking for ${1}...ROOTKIT_FILES_DIRS_FILE:Checking for file '$1'ROOTKIT_FILES_DIRS_DIR:Checking for directory '$1'ROOTKIT_FILES_DIRS_KSYM:Checking for kernel symbol '$1'ROOTKIT_FILES_DIRS_FILE_FOUND:File '$1' foundROOTKIT_FILES_DIRS_DIR_FOUND:Directory '$1' foundROOTKIT_FILES_DIRS_KSYM_FOUND:Kernel symbol '$1' foundROOTKIT_FILES_DIRS_STR:Checking for string '$1'ROOTKIT_FILES_DIRS_STR_FOUND:Found string '$1' in file '$2'ROOTKIT_FILES_DIRS_NOFILE:The file '$1' does not exist!ROOTKIT_FILES_DIRS_SINAR_DIR:Checking in '$1'ROOTKIT_FILES_DIRS_SINAR:Found SInAR in: $1ROOTKIT_ADD_START:Performing additional rootkit checksROOTKIT_ADD_SUCKIT:Suckit Rookit additional checksROOTKIT_ADD_SUCKIT_LOG:Performing Suckit Rookit additional checksROOTKIT_ADD_SUCKIT_LINK:Checking /sbin/init link countROOTKIT_ADD_SUCKIT_LINK_NOCMD:Checking /sbin/init link count: no 'stat' command foundROOTKIT_ADD_SUCKIT_LINK_ERR:Checking /sbin/init link count: error from 'stat' commandROOTKIT_ADD_SUCKIT_LINK_FOUND:Checking /sbin/init link count: count is $1, it should be 1ROOTKIT_ADD_SUCKIT_EXT:Checking for hidden file extensionsROOTKIT_ADD_SUCKIT_EXT_FOUND:Checking for hidden file extensions: found: $1ROOTKIT_ADD_SUCKIT_SKDET:Running skdet commandROOTKIT_ADD_SUCKIT_SKDET_FOUND:Running skdet command: found: $1ROOTKIT_ADD_SUCKIT_SKDET_VER:Running skdet command: unknown version: $1ROOTKIT_POSS_FILES_DIRS:Checking for possible rootkit files and directoriesROOTKIT_POSS_FILES_DIRS_LOG:Performing check of possible rootkit files and directoriesROOTKIT_POSS_FILES_FILE_FOUND:Found file '$1'. Possible rootkit: $2ROOTKIT_POSS_FILES_DIR_FOUND:Found directory '$1'. Possible rootkit: $2ROOTKIT_POSS_STRINGS:Checking for possible rootkit stringsROOTKIT_POSS_STRINGS_LOG:Performing check for possible rootkit stringsROOTKIT_POSS_STRINGS_FOUND:Found string '$1' in file '$2'. Possible rootkit: $3ROOTKIT_MALWARE_START:Performing malware checksROOTKIT_MALWARE_SUSP_FILES:Checking running processes for suspicious filesROOTKIT_MALWARE_SUSP_FILES_FOUND:One or more of these files were found: $1ROOTKIT_MALWARE_SUSP_FILES_FOUND:Check the output of the lsof command 'lsof -F n -w -n'ROOTKIT_MALWARE_HIDDEN_PROCS:Checking for hidden processesROOTKIT_MALWARE_HIDDEN_PROCS_FOUND:Hidden processes found: $1ROOTKIT_MALWARE_DELETED_FILES:Checking running processes for deleted filesROOTKIT_MALWARE_DELETED_FILES_FOUND:The following processes are using deleted files:ROOTKIT_MALWARE_DELETED_FILES_FOUND_DATA:Process: $1 PID: $2 File: $3ROOTKIT_MALWARE_LOGIN_BDOOR:Checking for login backdoorsROOTKIT_MALWARE_LOGIN_BDOOR_LOG:Performing check for login backdoorsROOTKIT_MALWARE_LOGIN_BDOOR_CHK:Checking for '$1'ROOTKIT_MALWARE_LOGIN_BDOOR_FOUND:Found login backdoor file: $1ROOTKIT_MALWARE_SUSP_DIR:Checking for suspicious directoriesROOTKIT_MALWARE_SUSP_DIR_LOG:Performing check for suspicious directoriesROOTKIT_MALWARE_SUSP_DIR_FOUND:Found suspicious directory: $1ROOTKIT_MALWARE_SFW_INTRUSION:Checking for software intrusionsROOTKIT_MALWARE_SFW_INTRUSION_FOUND:The file '$1' contains the string '$2'. Possible rootkit: SHV5ROOTKIT_MALWARE_SFW_INTRUSION_SKIP:Check skipped - tripwire not installedROOTKIT_MALWARE_SNIFFER:Checking for sniffer log filesROOTKIT_MALWARE_SNIFFER_LOG:Performing check for sniffer log filesROOTKIT_MALWARE_SNIFFER_FOUND:Found possible sniffer log file: $1ROOTKIT_TROJAN_START:Performing trojan specific checksROOTKIT_TROJAN_INETD:Checking for enabled inetd servicesROOTKIT_TROJAN_INETD_SKIP:Check skipped - file '$1' does not exist.ROOTKIT_TROJAN_INETD_FOUND:Found enabled inetd service: $1ROOTKIT_TROJAN_XINETD:Checking for enabled xinetd servicesROOTKIT_TROJAN_XINETD_LOG:Performing check for enabled xinetd servicesROOTKIT_TROJAN_XINETD_ENABLED:Checking '$1' for enabled servicesROOTKIT_TROJAN_XINETD_INCLUDE:Found 'include $1' directiveROOTKIT_TROJAN_XINETD_INCLUDEDIR:Found 'includedir $1' directiveROOTKIT_TROJAN_XINETD_ENABLED_FOUND:Found enabled xinetd service: $1ROOTKIT_TROJAN_XINETD_WHITELIST:Found service '$1': it is $2 whitelisted.ROOTKIT_TROJAN_APACHE:Checking for Apache backdoorROOTKIT_TROJAN_APACHE_SKIPPED:Apache backdoor check skipped: Apache modules and configuration directories not found.ROOTKIT_TROJAN_APACHE_FOUND:Apache backdoor module 'mod_rootme' found: $1ROOTKIT_OS_START:Performing $1 specific checksROOTKIT_OS_SKIPPED:No specific tests availableROOTKIT_OS_BSD_SOCKNET:Checking sockstat and netstat commandsROOTKIT_OS_BSD_SOCKNET_FOUND:Differences found between sockstat and netstat output:ROOTKIT_OS_BSD_SOCKNET_OUTPUT:$1 output: $2ROOTKIT_OS_FREEBSD_KLD:Checking for KLD backdoorsROOTKIT_OS_FREEBSD_KLD_FOUND:Found possible FreeBSD KLD backdoor. 'kldstat -v' command shows string '$1'ROOTKIT_OS_FREEBSD_PKGDB:Checking package databaseROOTKIT_OS_FREEBSD_PKGDB_NOTOK:The package database seems to have inconsistencies.ROOTKIT_OS_FREEBSD_PKGDB_NOTOK:This may not be a security issue, but running 'pkgdb -F' may help diagnose the problem.ROOTKIT_OS_LINUX_LKM:Checking kernel module commandsROOTKIT_OS_LINUX_LKM_FOUND:Differences found between the lsmod command and the /proc/modules file:ROOTKIT_OS_LINUX_LKM_OUTPUT:$1 output: $2ROOTKIT_OS_LINUX_LKM_EMPTY:No output found from the lsmod command or the /proc/modules file:ROOTKIT_OS_LINUX_LKM_MOD_MISSING:The modules file '$1' is missing.ROOTKIT_OS_LINUX_LKMNAMES:Checking kernel module namesROOTKIT_OS_LINUX_LKMNAMES_PATH:Using modules pathname of '$1'ROOTKIT_OS_LINUX_LKMNAMES_FOUND:Known bad kernel module found in '$1': $2ROOTKIT_OS_LINUX_LKMNAMES_PATH_MISSING:The kernel module directory '$1' is missing.CHECK_LOCALHOST:Checking the local host...STARTUP_FILES_START:Performing system boot checksSTARTUP_HOSTNAME:Checking for local host nameSTARTUP_NO_HOSTNAME:No host name found.STARTUP_LOCAL_RC_FILE:Checking for local startup filesSTARTUP_FOUND_LOCAL_RC_FILE:Found local startup file: $1STARTUP_NO_LOCAL_RC_FILE:No local startup files found.STARTUP_CHECK_LOCAL_RC:Checking local startup files for malwareSTARTUP_CHECK_SYSTEM_RC:Checking system startup files for malwareSTARTUP_CHECK_SYSTEM_RC_FOUND:Found system startup directory: $1STARTUP_CHECK_SYSTEM_RC_NONE:No system startup files found.ACCOUNTS_START:Performing group and account checksACCOUNTS_PWD_FILE_CHECK:Checking for passwd fileACCOUNTS_FOUND_PWD_FILE:Found password file: $1ACCOUNTS_NO_PWD_FILE:Password file $1 does not exist.ACCOUNTS_UID0:Checking for root equivalent (UID 0) accountsACCOUNTS_UID0_WL:Found root equivalent account '$1': it is whitelisted.ACCOUNTS_UID0_FOUND:Account '$1' is root equivalent (UID = 0)ACCOUNTS_SHADOW_FILE:Found shadow file: $1ACCOUNTS_PWDLESS:Checking for passwordless accountsACCOUNTS_PWDLESS_WL:Found passwordless account '$1': it is whitelisted.ACCOUNTS_PWDLESS_FOUND:Found passwordless account: $1ACCOUNTS_NO_SHADOW_FILE:No shadow/password file found.PASSWD_CHANGES:Checking for passwd file changesPASSWD_CHANGES_NO_TMP:Unable to check for passwd file differences: no copy of the passwd file exists.PASSWD_CHANGES_ADDED:Users have been added to the passwd file:PASSWD_CHANGES_REMOVED:Users have been removed from the passwd file:GROUP_CHANGES:Checking for group file changesGROUP_CHANGES_NO_FILE:Group file $1 does not exist.GROUP_CHANGES_NO_TMP:Unable to check for group file differences: no copy of the group file exists.GROUP_CHANGES_ADDED:Groups have been added to the group file:GROUP_CHANGES_REMOVED:Groups have been removed from the group file:HISTORY_CHECK:Checking root account shell history filesHISTORY_CHECK_FOUND:Root account $1 shell history file is a symbolic link: $2SYSTEM_CONFIGS_START:Performing system configuration file checksSYSTEM_CONFIGS_FILE:Checking for $1 configuration fileSYSTEM_CONFIGS_FILE_FOUND:Found $1 configuration file: $2SYSTEM_CONFIGS_SSH_ROOT:Checking if SSH root access is allowedSYSTEM_CONFIGS_SSH_ROOT_FOUND:The SSH and rkhunter configuration options should be the same:SYSTEM_CONFIGS_SSH_ROOT_FOUND1:SSH configuration option 'PermitRootLogin': $1SYSTEM_CONFIGS_SSH_ROOT_FOUND2:Rkhunter configuration option 'ALLOW_SSH_ROOT_USER': $1SYSTEM_CONFIGS_SSH_ROOT_NOTFOUND:The SSH configuration option 'PermitRootLogin' has not been set.SYSTEM_CONFIGS_SSH_ROOT_NOTFOUND:The default value may be 'yes', to allow root access.SYSTEM_CONFIGS_SSH_PROTO:Checking if SSH protocol v1 is allowedSYSTEM_CONFIGS_SSH_PROTO_FOUND:SSH protocol version 1 has been enabled in the SSH configuration file ($1).SYSTEM_CONFIGS_SSH_PROTO_NOTFOUND:The SSH configuration option 'Protocol' has not been set.SYSTEM_CONFIGS_SSH_PROTO_NOTFOUND:The default value may be '2,1', to allow the use of protocol version 1.SYSTEM_CONFIGS_SYSLOG:Checking for running syslog daemonSYSTEM_CONFIGS_SYSLOG_NOT_RUNNING:The syslog daemon is not running.SYSTEM_CONFIGS_SYSLOG_METALOG_RUNNING:The syslog daemon is not running, but a metalog daemon has been found.SYSTEM_CONFIGS_SYSLOG_SOCKLOG_RUNNING:The syslog daemon is not running, but a socklog daemon has been found.SYSTEM_CONFIGS_SYSLOG_NO_FILE:The syslog daemon is running, but no configuration file can be found.SYSTEM_CONFIGS_SYSLOG_REMOTE:Checking if syslog remote logging is allowedSYSTEM_CONFIGS_SYSLOG_REMOTE_FOUND:Syslog configuration file allows remote logging: $1SYSTEM_CONFIGS_SYSLOG_REMOTE_ALLOWED:Rkhunter configuration option 'ALLOW_SYSLOG_REMOTE_LOGGING' has been enabled.FILESYSTEM_START:Performing filesystem checksFILESYSTEM_DEV_CHECK:Checking /dev for suspicious file typesFILESYSTEM_DEV_CHECK_NO_DEV:/dev does not exist.FILESYSTEM_DEV_FILE_WL:Found file '$1': it is whitelisted.FILESYSTEM_DEV_FILE_FOUND:Suspicious file types found in ${1}:FILESYSTEM_HIDDEN_DIR_WL:Found hidden directory '$1': it is whitelisted.FILESYSTEM_HIDDEN_FILE_WL:Found hidden file '$1': it is whitelisted.FILESYSTEM_HIDDEN_CHECK:Checking for hidden files and directoriesFILESYSTEM_HIDDEN_DIR_FOUND:Hidden directory found: $1FILESYSTEM_HIDDEN_FILE_FOUND:Hidden file found: $1CHECK_APPS:Checking application versions...APPS_NONE_FOUND:No known applications found - all checks skipped.APPS_DAT_MISSING:All application version checks skipped.APPS_DAT_MISSING:The file of unsecure application versions (programs_bad.dat) is missing or empty.APPS_DAT_MISSING:If it has been deleted, then you will need to run 'rkhunter --update'.APPS_NOT_FOUND:Application '$1' not found.APPS_CHECK:Checking version of $1APPS_CHECK_WL:Found application '$1': it is whitelisted.APPS_CHECK_VERSION_UNKNOWN:Unable to obtain version number for '$1'.APPS_CHECK_VERSION_FOUND:Application '$1' version '$2' found.APPS_CHECK_VERSION_WL:Found application '$1' version '$2': this version is whitelisted.APPS_CHECK_WHOLE_VERSION_USED:Unable to obtain version number for '$1': version option gives: $2APPS_CHECK_FOUND:Application '$1', version '$2', is out of date, and possibly a security risk.APPS_TOTAL_COUNT:Applications checked: $1 out of $2CHECK_NETWORK:Checking the network...NETWORK_PORTS_START:Performing check for backdoor portsNETWORK_PORTS_FILE_MISSING:All backdoor port checks skipped.NETWORK_PORTS_FILE_MISSING:The file of known backdoor ports (backdoorports.dat) is missing or empty.NETWORK_PORTS_FILE_MISSING:If it has been deleted, then you will need to run 'rkhunter --update'.NETWORK_PORTS_UNKNOWN_NETSTAT:All backdoor port checks skipped.NETWORK_PORTS_UNKNOWN_NETSTAT:Unknown netstat command format with this O/S.NETWORK_PORTS_DISABLE_PATHS:Disabling pathnames and '*' in PORT_WHITELIST setting: no 'lsof' command present.NETWORK_PORTS_ENABLE_TRUSTED:Trusted pathnames are enabled for port whitelisting.NETWORK_PORTS:Checking for $1 port $2NETWORK_PORTS_PATH_WHITELIST:Network $1 port $2 is being used by $3: the pathname is whitelisted.NETWORK_PORTS_TRUSTED_WHITELIST:Network $1 port $2 is being used by $3: the pathname is trusted.NETWORK_PORTS_PORT_WHITELIST:Network $1 port $2 is being used: the port is whitelisted.NETWORK_PORTS_FOUND:Network $1 port $2 is being used${3}. Possible rootkit: $4NETWORK_PORTS_FOUND:Use the 'lsof -i' or 'netstat -an' command to check this.NETWORK_INTERFACE_START:Performing checks on the network interfacesNETWORK_PROMISC_CHECK:Checking for promiscuous interfacesNETWORK_PROMISC_NO_IFCONFIG:Promiscuous network interface check skipped - unable to find the 'ifconfig' command.NETWORK_PROMISC_NO_IP:Promiscuous network interface check using 'ip' command skipped - unable to find the 'ip' command.NETWORK_PROMISC_IF:Possible promiscuous interfaces:NETWORK_PROMISC_IF_1:'ifconfig' command output: $1NETWORK_PROMISC_IF_2:'ip' command output: $1NETWORK_PACKET_CAP_CHECK:Checking for packet capturing applicationsNETWORK_PACKET_CAP_CHECK_NO_FILE:Packet capturing application check skipped - the '$1' file is missing.NETWORK_PACKET_CAP_FOUND:Process '$1' (PID $2) is listening on the network.NETWORK_PACKET_CAP_WL:Found process '$1': it is whitelisted.SHARED_LIBS_START:Performing 'shared libraries' checksSHARED_LIBS_PRELOAD_VAR:Checking for preloading variablesSHARED_LIBS_PRELOAD_VAR_FOUND:Found library preload variable(s): $1SHARED_LIBS_PRELOAD_FILE:Checking for preload fileSHARED_LIBS_PRELOAD_FILE_FOUND:Found library preload file: $1SHARED_LIBS_PATH:Checking LD_LIBRARY_PATH variableSHARED_LIBS_PATH_BAD:The LD_LIBRARY_PATH environment variable is set and can influence binaries: set to: $1SUSPSCAN_CHECK:Checking for files with suspicious contentsSUSPSCAN_DIR_NOT_EXIST:The directory '$1' does not exist.SUSPSCAN_INSPECT:File '$1' (score: $2) contains some suspicious content and should be checked.SUSPSCAN_START:Performing check of files with suspicious contentsSUSPSCAN_DIRS:Directories to check are: $1SUSPSCAN_NO_DIRS:No directories specified: using defaults ($1)SUSPSCAN_TEMP:Temporary directory to use: $1SUSPSCAN_NO_TEMP:No temporary directory specified: using default ($1)SUSPSCAN_TEMP_NOT_EXIST:The suspscan temporary directory does not exist: $1SUSPSCAN_TEMP_NO_WRITE:The suspscan temporary directory is not writeable: $1SUSPSCAN_SIZE:Maximum file size to check (in bytes): '$1'SUSPSCAN_NO_SIZE:No maximum file size specified: using default ($1)SUSPSCAN_SIZE_INVALID:The suspscan maximum file size is invalid: $1SUSPSCAN_THRESH:Score threshold is set to: $1SUSPSCAN_NO_THRESH:No score threshold specified: using default ($1)SUSPSCAN_THRESH_INVALID:The suspscan score threshold is invalid: $1SUSPSCAN_DIR_CHECK:Checking directory: '$1'SUSPSCAN_DIR_CHECK_NO_FILES:No suitable files found to check.SUSPSCAN_FILE_CHECK:File checked: Name: '$1' Score: $2SUSPSCAN_FILE_CHECK_DEBUG:File checked: Name: '$1' Score: $2 Hitcount: $3 Hits: ($4)SUSPSCAN_FILE_SKIPPED_EMPTY:File ignored: empty: '$1'SUSPSCAN_FILE_SKIPPED_LINK:File ignored: symbolic link: '$1'SUSPSCAN_FILE_SKIPPED_TYPE:File ignored: wrong type: '$1': '$2'SUSPSCAN_FILE_SKIPPED_SIZE:File ignored: too big: '$1'SUSPSCAN_FILE_LINK_CHANGE:Symbolic link found: '$1' -> '$2'LIST_TESTS:Available test names:LIST_GROUPED_TESTS:Grouped test names:LIST_LANGS:Available languages:LIST_RTKTS:Rootkits checked for:⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -