Gentoo Forums
Gentoo Forums
Gentoo Forums
Quick Search: in
[solved] what might have pulled webmin
View unanswered posts
View posts from last 24 hours

 
Reply to topic    Gentoo Forums Forum Index Networking & Security
View previous topic :: View next topic  
Author Message
Elleni
l33t
l33t


Joined: 23 May 2006
Posts: 939

PostPosted: Sat Aug 24, 2019 9:28 pm    Post subject: [solved] what might have pulled webmin Reply with quote

While upgrading I have seen that installed webmin is masked, and unmerged it with emerge -C. As I was not aware of webmin nor I ever used it, I am wondering if there is a way to find out, if any of my other installed packages could have pulled it in. equery d webmin did not spit out anything. As I have already uninstalled it, I cannot check anymore, if it was in the worldfile itself. Any ideas?

After unmerging it I got the following, which might be a hint ?
Code:
!!! existing preserved libs:
>>> package: media-libs/gd-2.2.5-r2
 *  - /usr/lib64/libgd.so.3
 *  - /usr/lib64/libgd.so.3.0.5
 *      used by /usr/bin/memusagestat (sys-libs/glibc-2.29-r2)


world file

As I felt a bit unconfortable, I run rkhunter, and hope the following is only showing a false positive and the mentioned warnings are not bad signs :?:
rkhunter.log


Last edited by Elleni on Sat Aug 24, 2019 10:14 pm; edited 2 times in total
Back to top
View user's profile Send private message
mike155
Veteran
Veteran


Joined: 17 Sep 2010
Posts: 1730
Location: Frankfurt, Germany

PostPosted: Sat Aug 24, 2019 10:03 pm    Post subject: Reply with quote

Quote:
Any ideas?

Search the first occurrence of 'webmin' in '/var/log/emerge.log' Then go back a few lines to find the emerge command which pulled in webmin.
Back to top
View user's profile Send private message
Elleni
l33t
l33t


Joined: 23 May 2006
Posts: 939

PostPosted: Sat Aug 24, 2019 10:08 pm    Post subject: Reply with quote

Thanks mike155, I aparently did it myself long ago while following mailserver setup wiki - probably this one Feeling better now :)

Code:
1448736671: Started emerge on: Nov 28, 2015 19:51:11
1448736671:  *** emerge --ask --verbose webmin postfixadmin roundcube awstats


Last edited by Elleni on Sat Aug 24, 2019 10:15 pm; edited 1 time in total
Back to top
View user's profile Send private message
mike155
Veteran
Veteran


Joined: 17 Sep 2010
Posts: 1730
Location: Frankfurt, Germany

PostPosted: Sat Aug 24, 2019 10:15 pm    Post subject: Re: what might have pulled webmin Reply with quote

Elleni wrote:
As I felt a bit unconfortable, I run rkhunter, and hope the following is only showing a false positive and the mentioned warnings are not bad signs :?:

Are you worried because of the lines below?
Code:
[23:19:41] Warning: Checking for possible rootkit files and directories [ Warning ]
[23:19:41]          Found file '/var/run/udev.pid'. Possible rootkit: xorddos component
...
[23:20:35] Rootkit checks...
[23:20:35] Rootkits checked : 498
[23:20:35] Possible rootkits: 1
[23:20:35] Rootkit names    : xorddos component

There is probably no need to worry. See:


Last edited by mike155 on Sat Aug 24, 2019 10:17 pm; edited 1 time in total
Back to top
View user's profile Send private message
Elleni
l33t
l33t


Joined: 23 May 2006
Posts: 939

PostPosted: Sat Aug 24, 2019 10:17 pm    Post subject: Reply with quote

Yeah, that and some of the warnings. But I think, I should be good.

Since I also run chkrootkit and only reported thing was
Code:
Checking `bindshell'... INFECTED PORTS: ( 465)


But

Code:
lsof -RPni :465
COMMAND  PID PPID USER   FD   TYPE DEVICE SIZE/OFF NODE NAME
master  8037    1 root   23u  inet  35980      0t0  TCP *:465 (LISTEN)

Code:
netstat -pan | grep ":465 "
tcp        0      0 0.0.0.0:465             0.0.0.0:*               LISTEN      8037/master         

Code:
ps -F -p 8037
UID        PID  PPID  C    SZ   RSS PSR STIME TTY          TIME CMD
root      8037     1  0 13029  4748   1 Aug19 ?        00:00:04 /usr/libexec/postfix/master -w

Source
Thanks for your lightening fast support. Once more, I feel soo confortable using gentoo and being part of this great community :D
Back to top
View user's profile Send private message
Display posts from previous:   
Reply to topic    Gentoo Forums Forum Index Networking & Security All times are GMT
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum