rkhunter-1.4.6/0000755000000000000000000000000013242661162012065 5ustar rootrootrkhunter-1.4.6/files/0000755000000000000000000000000013242661162013167 5ustar rootrootrkhunter-1.4.6/files/readlink.sh0000755000000000000000000000623313207556312015324 0ustar rootroot#!/bin/sh # # This is a short script to get the full pathname of a link file. # It has the same effect as the Linux 'readlink -f' command. The # script was written because some systems have no 'readlink' command, # and others have no '-f' option for readlink. As such we use the 'ls' # and 'awk' commands to get the link target. # # We check the 'pwd' command because the shell builtin command will # usually print out the current directory, which may be a link, rather # than the true working directory. The (typically) '/bin/pwd' command # itself shows the true directory. # # A soft (symbolic) link has two parts to it: # # linkname -> target # # Usage: readlink.sh [-f] [pwd command] # # # We don't actually do anything with the '-f' option # if it is used. # test "$1" = "-f" && shift LINKNAME=$1 PWD_CMD=$2 test -z "${PWD_CMD}" -o ! -x "${PWD_CMD}" && PWD_CMD="pwd" # # If we were given just a filename, then prepend # the current directory to it. # if [ -z "`echo \"${LINKNAME}\" | grep '/'`" ]; then DIR=`${PWD_CMD}` test "${DIR}" = "/" && DIR="" LINKNAME="${DIR}/${LINKNAME}" fi # # Now do some tests on the link name. # if [ -d "${LINKNAME}" ]; then FNAME="" DIR="${LINKNAME}" else # # We have been given a pathname to a file. Separate # out the filename and the directory. # FNAME=`echo "${LINKNAME}" | sed -e 's:^.*/\([^/]*\)$:\1:'` DIR=`echo "${LINKNAME}" | sed -e 's:/[^/]*$::'` # Check if it is a top-level name. if [ -z "${DIR}" ]; then if [ ! -e "${LINKNAME}" ]; then DIR="${LINKNAME}" else DIR="/" fi fi if [ ! -d "${DIR}" ]; then echo "Directory ${DIR} does not exist." >&2 echo "${LINKNAME}" exit fi fi # # Get the true directory path. # DIR=`cd ${DIR}; ${PWD_CMD}` # # If we were only given a directory name, then return # its true path. # if [ -z "${FNAME}" ]; then echo "${DIR}" exit fi # # Now we loop round while we have a link. # RKHLINKCOUNT=0 ORIGLINK="${LINKNAME}" while test -h "${DIR}/${FNAME}"; do # # Get the link directory, and the target. # LINKNAME="${DIR}" FNAME=`ls -ld "${DIR}/${FNAME}" | awk '{ print $NF }'` # # If the target is just a filename, then we # prepend the link directory path. If it isn't # just a filename, then we have a pathname. That # now becomes our new link name. # if [ -z "`echo \"${FNAME}\" | grep '^/'`" ]; then LINKNAME="${LINKNAME}/${FNAME}" else LINKNAME="${FNAME}" fi # # Once again, extract the file name and the directory # path, and then get the real directory path name. # FNAME=`echo "${LINKNAME}" | sed -e 's:^.*/\([^/]*\)$:\1:'` DIR=`echo "${LINKNAME}" | sed -e 's:/[^/]*$::'` DIR=`cd ${DIR}; ${PWD_CMD}` RKHLINKCOUNT=`expr ${RKHLINKCOUNT} + 1` if [ ${RKHLINKCOUNT} -ge 64 ]; then echo "Too many levels of symbolic links (${RKHLINKCOUNT}): ${ORIGLINK}" >&2 echo "${ORIGLINK}" exit fi done # # At this point we have a pathname to a file, which is not # a link. To ensure we have the true pathname, we once again # extract the directory. # FNAME=`echo "${LINKNAME}" | sed -e 's:^.*/\([^/]*\)$:\1:'` DIR=`echo "${LINKNAME}" | sed -e 's:/[^/]*$::'` test -n "${DIR}" && DIR=`cd ${DIR}; ${PWD_CMD}` echo "${DIR}/${FNAME}" exit rkhunter-1.4.6/files/signatures/0000755000000000000000000000000013207556312015354 5ustar rootrootrkhunter-1.4.6/files/signatures/RKH_BillGates.ldb0000644000000000000000000000064513207556312020416 0ustar rootrootRKH_BillGates;Target:6;(0&1&2&3&4&5&6&7&8&9&10&11);2f6574632f726325642e642f5325642573;2f686f6d2f6d6f6e69746f722f6761746573;2f746d702f62696c6c2e6c6f636b;2f746d702f67617465732e6c6f636b;2f746d702f6d6f6e692e6c6f636b;2f746d702f6e6f746966792e66696c65;2f7573722f62696e2f706f6a6965;2f7573722f6c69622f6c6962616d706c6966792e736f;2f6574632f696e69742e642f;23212f62696e2f62617368;6c6e202d73202f6574632f696e69742e642f2573202573;555058 rkhunter-1.4.6/files/signatures/RKH_pamunixtrojan.ldb0000644000000000000000000000023413207556312021441 0ustar rootrootRKH_pamunix;Target:0;(0&1&2&3&4);2f7661722f72756e2f737368706964;476f6f644d4435496e6974;476f6f644d4435557064617465;476f6f644d443546696e616c;636c6f73656c6f67 rkhunter-1.4.6/files/signatures/RKH_turtle.ldb0000644000000000000000000000062413207556312020064 0ustar rootrootRKH_turtle;Target:0;(0&1&2&3&4&5&6&7&8&9&10&11);747572746c652e706964;747572746c652e66696c65;747572746c652e6b6f;61706d2e6b6f;747572746c656d6f64756c655f7379735f696e6974;5f6d6f645f6d657461646174615f6d645f747572746c65;747572746c6532;6b6c64737461745f686f6f6b;747572746c65326d6f64756c655f7379735f696e6974;5f6d6f645f6d657461646174615f6d645f747572746c6532;686964655f70726f63657373;2f6465762f747572746c6532646576 rkhunter-1.4.6/files/signatures/RKH_shv.ldb0000644000000000000000000000051013207556312017337 0ustar rootrootRKH_SHV4;Target:0;(0&1&2&3&4);2f2e636f6e666967;2f6c69622f6c64642e736f2f746b7073;2f6c69622f6c6962657874;2f7573722f7362696e2f786e747073;696e2e696e657464 RKH_SHV5;Target:0;(0&1&2&3&4&5&6);2f7362696e2f7474796c6f6164;2f7362696e2f7474796d6f6e;6675636b6e7574;6c616d65727375636b73;70726f70657274206f66205348;736b696c6c7a;7474796c6f6164 rkhunter-1.4.6/files/signatures/RKH_sniffer.ldb0000644000000000000000000000016713207556312020203 0ustar rootrootRKH_sniffer;Target:0;((0|1)&(2&3));63616e74206f70656e206c6f67;70726f6d697363756f7573;736e6966662e706964;7463702e6c6f67 rkhunter-1.4.6/files/signatures/RKH_libkeyutils.ldb0000644000000000000000000000046613207556312021111 0ustar rootrootRKH_libkeyutils.1.9.so;Target:0;(0&1&2&3&4&5&6&7&8&9&10&11&12&13&14&15&16);737973636f6e66;746d7066696c65;77616974706964;736f636b6574;636f6e6e656374;73686d6174;73686d6474;73686d676574;73656d676574;73656d74696d65646f70;736c656570;737072696e7466;7372616e64;7374646f7574;737472636174;737472637079;5f5f737472647570 rkhunter-1.4.6/files/signatures/RKH_libncom.ldb0000644000000000000000000000074713207556312020176 0ustar rootrootRKH_libncom;Target:0;(0&1&2&3&4&5&6&7&8&9&10&11);6d795f616363657074;64726f705f6475707368656c6c;64726f705f737569647368656c6c;64726f705f737569647368656c6c5f69665f656e765f69735f736574;69735f726561646469725f726573756c745f696e76697369626c65;69735f7265616464697236345f726573756c745f696e76697369626c65;6d795f6e657473746174;69735f70726f635f6e65745f746370;69735f6c645f736f5f7072656c6f6164;69735f696e76697369626c65;69735f66696c655f696e76697369626c65;7368616c6c5f737461745f72657475726e5f6572726f72 rkhunter-1.4.6/files/signatures/RKH_jynx.ldb0000644000000000000000000000031313207556312017530 0ustar rootrootRKH_Jynx;Target:0;(0&1&2&3&4);203C697374656E206F6E203C696E746572666163653E20666F72207061636B657473;6D61676963207061636b6574207265636569766564;6C642E736F2E7072656C6F6164;6C645F706F69736F6e2E63;786F636869 rkhunter-1.4.6/files/signatures/RKH_dso.ldb0000644000000000000000000000407713207556312017340 0ustar rootrootRKH_ApacheDSO;Target:0;(0&1&2&3&4&5&6&7&8&9&10&11&12&13&14&15&16&17&18&19&20&21&22&23&24&25&26&27&28&29&30&31&32&33&34&35&36&37&38&39&40&41&42&43&44&45&46&47&48&49&50&51&52&53&54&55&56&57);6d6f64756c65207377697463686572;5f434845434b5f5241575f434f4f4b4945;4b45595f434c49454e54;5f434845434b5f534954455f4b45524e454c;5f434845434b5f524546455245525f49535f484f5354;6261736536346465636f6465;786f725f646563727970745f737472696e67;786f725f656e63727970745f737472696e67;5f47454e5f46494c454e414d455f424c41434b4c495354;5f434845434b5f524546455245525f49535f53454f;53495a455f41525241595f53455f52454645524552;5f434845434b5f424f545f555345524147454e54;53495a455f41525241595f42414e5f555345524147454e54;5f4144445f544f5f424c41434b4c495354;5f434845434b5f534954455f41444d494e;53495a455f41525241595f424c41434b4c4953545f555249;434c49454e545f4950;53495a455f41525241595f42414e5f50524f43;5f49535f5355444f4552;53495a455f41525241595f5355444f455253;5f434845434b5f424c41434b4c495354;5f494e4a4543545f534b4950;5f4144445f544f5f574149544c495354;47454e5f46494c454e414d455f574149544c495354;5f53455353494f4e5f44454c455445;47454e5f46494c454e414d455f53455353494f4e;5f53455353494f4e5f4b455947454e;5f5345545f434f4f4b49455f4b4559;5f494e4a4543545f53415645;47454e5f46494c454e414d455f494e4a454354;5f53455353494f4e5f53415645;5f434845434b5f4c4f43414c5f4950;5f53455353494f4e5f4c4f4144;5f494e4a4543545f555044415445;46494c454e414d455f5550444154494e47;5f434845434b5f574149544c495354;5f494e4a4543545f4c4f4144;5f494e4a4543545f444f;53495a455f41525241595f544147535f464f525f494e4a454354;4b45595f584f52;435f4d4f44554c455f56455253494f4e;435f43435f484f5354;435f43435f555249;435f43435f524551554553545f464f524d4154;435f4d41524b45525f4c454654;435f4d41524b45525f5249474854;435f544d505f444952;435f4c4953545f50524546;435f4b45595f434f4f4b49455f4e414d45;435f41525241595f544147535f464f525f494e4a454354;435f41525241595f42414e5f555345524147454e54;435f41525241595f424c41434b4c4953545f555249;435f41525241595f53455f52454645524552;435f41525241595f5355444f455253;435f41525241595f42414e5f50524f43;435f41525241595f42414e5f4c4f43414c5f4950;646c456e67696e65;646c206d6f64756c65207377697463686572 rkhunter-1.4.6/files/signatures/RKH_MMD-0028-2014.ldb0000644000000000000000000000146513207556312020141 0ustar rootrootRKH_MMD-0028-2014;Target:0;(0&1&2&3&4&5&6&7&8&9&10&11&12&13&14&15&16&17&18&19&20&21&22&23&24&25);4849535446494c453d2f6465762f6e756c6c;4d5953514c5f4849535446494c453d2f6465762f6e756c6c;232063686b636f6e6669673a203132333435203930203930;232044656661756c742d53746172743a09312032203320342035;2f6574632f63726f6e2e686f75726c792f63726f6e2e7368;54656e63656e7454726176656c6572;2f6c69622f756465762f75646576;2f6c69622f756465762f6465627567;3131342e3131342e3131342e313134;382e382e382e38;786f726b657973;6279706173735f69707461626c6573;48696465506964506f7274;4869646546696c65;646563727970745f72656d6f7465737472;6175746f72756e2e63;2f686f6d652f78696e677765692f4465736b746f702f64646f73;656e63727970745f636f6465;786f726b657973;436865636b4c4b4d;4869646544617461;656e63727970742e63;657865637061636b65742e63;686964652e63;687474702e63;6b696c6c2e63 rkhunter-1.4.6/files/signatures/RKH_kbeast.ldb0000644000000000000000000000061413207556312020015 0ustar rootrootRKH_kbeast;Target:0;(0&1&2&3&4&5&6&7&8&9&10);4572726f72206f636375726564206f6e20796f75722073797374656d;50617373776f7264205b646973706c6179656420746f2073637265656e;57656c636f6d6520546f2054686520536572766572;6834783364;2f5f6834785f;62642d6970736563732d6b6265617374;62696e647368656c6c;656e74657270617373;6970736563732d6b6265617374;6834785f64656c6574655f6d6f64756c65;6834785f746370345f7365715f73686f77 rkhunter-1.4.6/files/signatures/RKH_iptablex.ldb0000644000000000000000000000106213207556312020352 0ustar rootrootRKH_iptablex;Target:0;(0|1)|(2&3&4&5&6&7&8&9&10&11&12&13&14&15&16&17);49707461624c6578;49707461624c6573;53796e466c6f6f6453656e64546872656164;446e73466c6f6f6453656e64546872656164;4368616e6765446e73;446e73466c6f6f644275696c64546872656164;4368616e676553796e;53796e466c6f6f64546872656164;53796e466c6f6f644275696c64546872656164;446e73466c6f6f64546872656164;48624372656174654c6f636b73;4862437265617465546872656164;6b696c6c70656f666e616d6573;4d79526576696365;5f4765744c616e5370656564;53656e64436865636b466f72676f744970;696e69745f6461656d6f6e;73656e644c6f67696e496e666f rkhunter-1.4.6/files/signatures/RKH_libkeyutils1.ldb0000644000000000000000000000031113207556312021157 0ustar rootrootRKH_libkeyutils.so.1.9-v1;Target:0;(((0&1&2)|(3&4&5))&((6&7&8)|(9&10)));58636174;58766572;58626e64;73686d6174;73686d6474;73686d676574;62696e64;636f6e6e656374;736f636b6574;737973636f6e66;746d7066696c65 rkhunter-1.4.6/files/signatures/RKH_Glubteba.ldb0000644000000000000000000000023713207556312020272 0ustar rootrootRKH_Glupteba-v1;Target:0;(0&0&2&3&4&5&6&7);757074696d65;646f776e6c696e6b;75706c696e6b;7374617470617373;76657273696f6e;6665617475726573;67756964;636f6d6d656e74 rkhunter-1.4.6/files/signatures/RKH_sshd.ldb0000644000000000000000000000120513207556312017502 0ustar rootrootRKH_Trojaned_SSHd1;Target:0;((0&1)|(2&3));2f7573722f696e636c7564652f67706d322e68;2f7573722f696e636c7564652f6f70656e73736c;4465636f6465537472696e67;456e636f6465537472696e67 RKH_Trojaned_SSHd1a;Target:0;((0|1)&(2|3));2f7573722f696e636c7564652f67706d322e68;2f7573722f696e636c7564652f6f70656e73736c;4465636f6465537472696e67;456e636f6465537472696e67 RKH_Trojaned_SSHd2;Target:0;((0&1)|(2&3));4c6f6750617373;4c6f67696e5f436865636b;6261636b646f6f722e68;6261636b646f6f725f616374697665 RKH_Trojaned_SSHd3;Target:0;(0&1&2);696e636c756465732e68;6d616769635f706173735f616374697665;7063737a50617373 RKH_Trojaned_SSHd4;Target:0;0;2b5c242e2a5c24212e2a21215c24 rkhunter-1.4.6/files/signatures/RKH_xsyslog.ldb0000644000000000000000000000163313207556312020256 0ustar rootrootRKH_xsyslog;Target:0;(0&1&2&4&5&6&7&8&9&10&11&12&13&14&15&16&17&18&19&20&21&22&23&24&25&26&27&28);2f746d702f6f726269742d67646d3131;2f6c69622f2e737379736c6f67;692077696c6c207570646174652074686520706964;692077696c6c2071756974;2f746d702f2e73656e646d61696c;757064617465206f7665722074696d65;63726561746520736f636b6574206661696c6564;646e73206f7665722074696d65;646e73207269676874;636f6e6e6563742074696d65206f7574;636f6e6e6563742073756363657373;73656c656374206f7665722074696d65;4249475041434b;4155544f555044415445;4d4f5245444e53;6d6f6e69746572;6269677061636b6574;6e6e756d7061636b6574;6d6f72655f69705f646e735f74657374;6765745f6f6e6c696e655f6970;636f6e6e6563745f746f5f736572766572;497341747461636b;6f6e5f6c696e655f6970;2f7573722f6c69622f6763632f693338362d726564666c61672d6c696e75782f342e332e322f696e636c756465;676c6f62656c2e68;6e41747461636b54797065;6e4d6f6e694368696e61;77616e745f746f5f7075745f6e616d65;2f726f6f742f636f646531323138 rkhunter-1.4.6/files/check_modules.pl0000755000000000000000000000354613207556312016345 0ustar rootroot#!/usr/bin/perl -w ################################################################################# # # Perl module checker 0.0.3 # ################################################################################# # # This Perl script checks for installed modules by trying to 'use' the # module. If the check fails, then the module is not present. # # If you want to install additional modules, use: # > perl -MCPAN -e shell # > install [module name] # # If the first one fails, please install the perl-CPAN package first # # Upgrade CPAN if possible: # > install Bundle::CPAN # > reload cpan # # Digest modules: # > install Digest::MD5 # > install Digest::SHA # > install Digest::SHA1 # > install Digest::SHA256 # ################################################################################# use strict; my $check = "0"; # Modules to check my @modCheck = qw( Digest::MD5 Digest::SHA Digest::SHA1 Digest::SHA256 ); # Use command-line module names if present. @modCheck = @ARGV if (@ARGV); for (@modCheck) { if (installed("$_")) { print "$_ installed (version ",$check,").\n" } else { print "$_ NOT installed.\n" } } ######################################### # # SUB: Installed modules # ######################################### sub installed { my $module = $_; # Try to use the Perl module eval "use $module"; # Check eval response if ($@) { # Module is NOT installed $check = 0; } else { # Module is installed (reset module version to '1') $check = 1; my $version = 0; # Try to retrieve version number (by using eval again) eval "\$version = \$$module\::VERSION"; # Set version number if no problem occurred $check = $version if (!$@); } # Return version number return $check; } exit(); # The end rkhunter-1.4.6/files/FAQ0000644000000000000000000006364713242661162013541 0ustar rootroot ROOTKIT HUNTER FREQUENTLY ASKED QUESTIONS (FAQ) =============================================== The latest version of this FAQ can be found on the RKH web site. (https://sourceforge.net/p/rkhunter/rkh_code/ci/develop/tree/files/FAQ) =========================================================== 1. GENERAL QUESTIONS 1.1) What is Rootkit Hunter? 1.2) What are rootkits? 1.3) Can I help with the development of this project? 1.4) I like your software! How can I thank you? 2. INSTALLATION QUESTIONS 2.1) How do I install Rootkit Hunter? 2.2) How do I create a Rootkit Hunter RPM file? 3. USAGE QUESTIONS 3.1) Rootkit Hunter tells me there is something wrong with my system. What do I do? 3.2) Rootkit Hunter tells me that I have vulnerable applications installed. But I have fully patched my server! How is this possible? 3.3) How can I automatically run Rootkit Hunter every day? 3.4) What is the meaning of the test names? 3.5) Can rkhunter handle filenames with spaces in them? 3.6) What does the following warning mean: Determining OS... Warning: this operating system is not fully supported! 3.7) I have just installed Rootkit Hunter, and I am already getting warning messages. Why is that? 3.8) When I used the '--propupd' option, Rootkit Hunter told me I had some missing hashes. What does this mean? 3.9) I run rkhunter in cron and in the emailed output I get some strange characters. Why is this? 3.10) When I used the '--propupd' option, Rootkit Hunter told me that it had found more files than it was searching for. How is this possible? 4. ERROR AND WARNING MESSAGES 4.1) What does the following warning mean: The file of stored file properties (rkhunter.dat) is empty, and should be created. To do this type in 'rkhunter --propupd'. 4.2) Rootkit Hunter skips some checks, and the logfile indicates that certain commands are missing. What can I do? 4.3) I get warnings from PHP like: PHP Warning: Function registration failed - duplicate name - pg_update in Unknown on line 0. What does this mean? 4.4) After performing some updates, all, or some, binaries in the file properties checks are marked with a 'Warning'. What can I do? 5. UPDATING QUESTIONS 5.1) Rootkit Hunter tells me that I have multiple versions installed. How it this possible? 5.2) Can I be notified when a new release will be available? 6. WHITELISTING EXAMPLES 6.1) Common whitelisting examples =========================================================== 1. GENERAL QUESTIONS ==================== 1.1) What is Rootkit Hunter? A. Rootkit Hunter (RKH) is an easy-to-use tool which checks computers running UNIX (clones) for the presence of rootkits and other unwanted tools. 1.2) What are rootkits? A. Most times they are self-hiding toolkits used by blackhats, crackers and scriptkiddies, to avoid the eye of the sysadmin. 1.3) Can I help with the development of this project? A. Yes, everyone can help in some way. For example: Help your fellow Rootkit Hunter users on the rkhunter-users mailing list; Send a copy of an undetected rootkit to us so that it can be added and help others; Translate RKH messages to your native language. Details of how to do this are in the README file. For the template see the standard language file i18n/en. Are you a package maintainer? If so, then please submit your changes to us so that everyone can benefit from them; Are you an end-user? FOSS, and hence RKH, ultimately depends upon you. Contributing is your responsibility, not someone elses. Whatever you contribute is very much welcomed. For example, contribute or discuss enhancing Rootkit Hunter with us; submit a patch or discuss enhancements; file a bug report; or test the application by using it on your servers. 1.4) I like your software! How can I thank you? A. Simple - by contributing. See question 1.3 above. =========================================================== 2. INSTALLATION QUESTIONS ========================= 2.1) How do I install Rootkit Hunter? A. Instructions on installing RKH can be found in the README file. 2.2) How do I create a Rootkit Hunter RPM file? A. The RKH source contains an rkhunter.spec file which will allow an RPM to be built. To build the RPM run the following command: rpmbuild -ta rkhunter-.tar.gz The last part of the displayed build process should indicate where the RPM file has been written. However, it will usually be found in '/usr/src/redhat/RPMS/noarch'. NOTE: The RKH development team do not support any third-party RPM files. However, the rkhunter.spec file will be maintained. =========================================================== 3. USAGE QUESTIONS ================== 3.1) Rootkit Hunter tells me there is something wrong with my system. What do I do? A. Prior to any incident it is recommended that you have read "Intruder Detection Checklist". This is available from http://web.archive.org/web/20080109214340/http://www.cert.org/tech_tips/intruder_detection_checklist.html This document will tell you what to check, and makes it easier for you to find out and answer any questions. If you are unsure as to whether your system is compromised, you can get a second opinion from sources such as the rkhunter-users mailing list, the Linux-oriented forum LinuxQuestions.org, or even IRC. Please note you need to subscribe before posting to the rkhunter-users mailing list. If a file property check fails, then it is possible you have what is called a 'false positive'. Sometimes this will happen due to package updates, customised configurations or changed binaries. If so, then please check further: 1. If you run a file integrity checker, for example Aide, Samhain, or Tripwire, consult the results from running those tools. Note they must be installed directly after the O/S installation in order to be useful, and you must keep a copy of the binary, configuration files and databases off-site. Also note that running those tools, and Rootkit Hunter, is no substitute for updating software when updates are released, and proper host and network hardening. 2. If you don't run a file integrity checker you can possibly use your distributions package management system if it is configured to deal with verification. 3. Run 'strings ' and check the results for untrusted file paths (for example, /dev/.hiddendir). 4. Check recently updated binaries and their original source. 5. Run 'file ' and compare the results with other files, especially trusted binaries. If some binaries are statically linked and others are all dynamic, then they could have been trojaned. If you have a warning from another part of the checks, then please subscribe first and then email the rkhunter-users mailing list and tell us about your system configuration: The purpose of the server (for example: web server, intranet fileserver, shell server); The (approximate) date of the incident and when you found out; The running distribution name, release and kernel version; Whether any passwd or shadow file data has changed; Any anomalies you find from reading the system, daemon, IDS and firewall logs; If all the installed software was recently updated; What services are or were running at the time; If you found setuid root files in directories for temporary files; Any anomalies you find from reading user shell histories. If your system is infected with a rootkit, cleaning it up is not an option. Restoring is also not an option unless you are skilled, and have autonomous and an independent means of verifying that the backup is clean, and does not contain misconfigured or stale software. Never trust a compromised machine. Period. Read "Steps for Recovering from a UNIX or NT System Compromise". This is available from http://www.cert.org/tech_tips/win-UNIX-system_compromise.html A clean install of the system is recommended after backing up the full system. To do this follow these steps: 1. Stay calm. Be methodical. 2. From another machine inform users, and the network, facility or host owner, that the machine is compromised. 3. Get the host offline or make sure the firewall is raised to only allow network traffic to and from your management IP address or range. 4. Backup your data. If you do not intend to investigate the problem, then do not backup any binaries or binary data which you cannot verify. 5. Verify the integrity of your backup by visual inspection (authentication data, configurations, log files), or by using a file integrity checker or your distributions package management tools. 6. Install your host with a fresh install. Whilst you are updating and configuring the software and services, restrict network access to the system using authentication features like accounts, PAM, firewall, TCP wrappers, and daemon configurations. Make sure you properly harden the machine. 7. Investigate the old log files, and the tools used if possible. Also investigate the services which were vulnerable at the time of attack. 3.2) Rootkit Hunter tells me that I have an out-of-date or unsecure application installed. But I have fully patched my server! How is this possible? A. Some distributions, for example Red Hat and OpenBSD, do patch old versions of software. However, Rootkit Hunter thinks it is an old version, and so sees it as being unsecure. It is possible to whitelist specific applications, or specific versions of an application. The configuration file contains more details about this. If you wish you can skip the application version check completely by adding the 'apps' test name to the DISABLE_TESTS option in your rkhunter configuration file. 3.3) How can I automatically run Rootkit Hunter every day? A. There are several ways that rkhunter can be run via cron. However, it must be remembered that cron will automatically email any output produced by the program to the root user. Secondly, when the rkhunter '--cronjob' option is used, the program will generally not produce any output. It is, therefore, necessary to tell rkhunter what output should be shown. Typically this will just be any warning messages, and this can be achieved by using the '--rwo' (report warnings only) option. For the first example, the rkhunter command could be added directly to the root crontab: 30 5 * * * /usr/local/bin/rkhunter --cronjob --update --rwo This would run rkhunter at 5:30 (AM) every day. If no output is produced by rkhunter, then nothing is emailed to root. Any output this is produced, which would only be warning messages, is automatically emailed to root by the cron process. Note that the '--update' option has been included. Rkhunter will first perform any updates required to its data files, and then perform the system checks. This option can be omitted, but it is suggested that the option is used regularly to ensure that the rkhunter data files are kept up todate. If it is wished that all the normal output of rkhunter, as seen when running rkhunter from the command-line, is emailed to root, then this is possible. The '--rwo' option should be removed, and the '--cronjob' option replaced by '--sk --nocolors --check'. The next example is of a cronjob script. For Linux systems this script could be put in to the /etc/cron.daily directory, so that it will be automatically run every day. The script might look like this: #!/bin/sh ( /usr/local/bin/rkhunter --cronjob --update --rwo && echo "" ) \ | /bin/mail -s "Rkhunter daily run on `uname -n`" root exit 0 Because we are piping any output through to the mail command, it is required to use 'echo ""' when there are no warnings. Without this, the mail command would issue its own warning about there being no message body. If it is wished to include the date in the output, then something like this could be used instead: #!/bin/sh ( date; /usr/local/bin/rkhunter --cronjob --update --rwo ) \ | /bin/mail -s "Rkhunter daily run on `uname -n`" root exit 0 Finally, it is possible to run rkhunter in quiet-mode, whereby no output will be produced at all. However, if the return code indicates that warnings were found, then we get cron to mail the root user. For example: 30 5 * * * /usr/local/bin/rkhunter --cronjob --update --quiet \ || echo "Rkhunter daily run on `uname -n` has produced warning messages" An alternative to the above example would be to use: 30 5 * * * /usr/local/bin/rkhunter --cronjob --update --quiet and then simply set the MAIL-ON-WARNING option in the configuration file with the root email address. This way, rkhunter produces no output, and so nothing is emailed to root by cron. However, if any warnings are found during the system check, then a notice message is emailed to root by rkhunter itself. Note: The '--quiet' option in the above two examples is not actually necessary, but was included for clarity. The '--cronjob' option assumes the '--quiet' option, and so, as mentioned above, when rkhunter is run with the '--cronjob' option no output is generally produced. 3.4) What is the meaning of the test names? A. See the README file for information about the test names. 3.5) Can rkhunter handle filenames with spaces in them? A. Generally yes for the tests themselves, but not for configuration options. Additionally, Some tests may not like filenames with the colon (:) character in them. 3.6) What does the following warning mean: Determining OS... Warning: this operating system is not fully supported! A. This is a message from older versions of rkhunter. Upgrade to a newer version. 3.7) I have just installed Rootkit Hunter, and I am already getting warning messages. Why is that? A. The first run of rkhunter after an installation will usually give some warning messages. One of the checks is whether the file of file properties (called 'rkhunter.dat') exists. This file won't exist until rkhunter is run with the '--propupd' option. There is also a check to see if any commands have been replaced by a script. To avoid these warning messages you can whitelist the commands in your configuration file. Similarly if there are warnings about hidden files or directories, then these can be whitelisted. Look in the configuration file and you will find examples of these. Once these changes have been made, then re-run rkhunter and no warnings should appear. Obviously warning messages from other checks indicate that something else is wrong, and so should be investigated. NOTE: When using the '--propupd' option it is the users responsibility to ensure that the files on their system are genuine. Rootkit Hunter can only inform the user of a change to the files, not whether they are the original files or not. Although Rootkit Hunter can use a package manager for some systems, it must be remembered that the package manager itself uses files stored on the system. Those files may have been tampered with. The logfile will contain further information about each warning message. Once the reason for the warning has been found, and you believe that rkhunter has given a false-positive result, then looking in the configuration file may show you that the relevant item can be whitelisted. Also see WHITELISTING EXAMPLES below. 3.8) When I used the '--propupd' option, Rootkit Hunter told me I had some missing hashes. What does this mean? A. Your system probably uses prelinking (the log file will say if it does or not). Sometimes a file may be updated but not be prelinked. When this happens RKH cannot determine the files hash value. If you run the command 'prelink --verify --sha ' on the file, it will probably give an error about the files dependencies having changed. This is what RKH sees, and flags it as a missing hash. If you are sure that the file is genuine, then you can try using 'prelink ' to correct it. The 'prelink' command above should then work. Re-run RKH with the '--propupd' option to ensure that all the hash values are recorded. 3.9) I run rkhunter in cron and in the emailed output I get some strange characters. Why is this? A. The problem only occurs when the '--update' or '--versioncheck' options are used, and does not occur when rkhunter is run from the command-line. It also does not occur if the '--cronjob' or '--quiet' options are used in cron. The emailed output probably looks something like this: [1;33mChecking rkhunter data files...[0;39m Checking file mirrors.dat[34C[ [1;32mNo update[0;39m ] The 'strange' characters are ANSI color codes and escape sequences, and this is why the problem does not occur if rkhunter is run from the command-line. The terminal correctly interprets the codes, but cron cannot do this. The solution is to use the '--nocolors' option in your cron job. The '--cronjob' option assumes '--nocolors', which is why the problem does not occur when '--cronjob' is used. 3.10) When I used the '--propupd' option, Rootkit Hunter told me that it had found more files than it was searching for. How is this possible? A. The output from rkhunter probably shows something like this: File updated: searched for 149 files, found 171 When rkhunter collects file property information about files (commands), it uses generic file names - for example, 'awk' and 'sed'. As such, if these files exist in more than one directory that is being searched, then it will have found two files but only have been looking for one. Secondly, some files are symbolic (soft) links to another file. In this instance rkhunter will record both the link itself, and the file that it points to. So, again, two files have been found. It is, therefore, quite possible on some systems for rkhunter to find more files than it says it is looking for. It simply indicates that rkhunter has found some files more than once. =========================================================== 4. ERROR AND WARNING MESSAGES ============================= 4.1) What does the following warning mean: The file of stored file properties (rkhunter.dat) is empty, and should be created. To do this type in 'rkhunter --propupd'. A. For rkhunter to perform file property checks, it must first have a database file ('rkhunter.dat') containing the property values for each file. It can then compare each files current values against those stored in the database. Any difference indicates that the file has changed. To create and/or update the database file use the '--propupd' option. NOTE: An additional warning will be displayed stating that it is the users responsibility to ensure that the files are valid before using the '--propupd' option. That is, the user must be sure that the files have not been compromised. 4.2) Rootkit Hunter skips some checks, and the logfile indicates that certain commands are missing. What can I do? A. You have a choice: 1) Install the relevant command. You may be able to do this simply by running a package updater for your system (for example, 'yum' or 'apt-get'). 2) You may be able to disable the check by adding its test name to your configuration file. (See the README file for more information about the test names.) 3) If you are sure that the relevant command is present on your system, then rkhunter is having a problem locating it. Check the logfile for the 'command directories' it is using. If the directory containing the command isn't listed, then you can set the command directories to use by using the '--bindir' command-line option, or the BINDIR option in the configuration file. 4.3) I get warnings from PHP like: PHP Warning: Function registration failed - duplicate name - pg_update in Unknown on line 0. What does this mean? A. This may occur during the 'apps' test. It is usually because you have updated the Apache version of PHP, but forgot to update or recompile the CLI (console version) of PHP. So update or recompile it, and then try again. 4.4) After performing some updates, all, or some, binaries in the file properties checks are marked with a 'Warning'. What can I do? A. The first thing would be to verify that the update is the cause of the warnings. Checking the system log files should indicate what has been updated. It is most likely that the stored rkhunter file property values need to be recalculated. To do this use the RKH '--propupd' option. However, the output of the RKH file properties check should only be seen as an indication that the file has changed. Updating the stored property values should be done only after proper verification of the files using a file integrity checker or your distributions package management tools. Alternatively, you can use the '--pkgmgr' command-line option, or the PKGMGR option in the configuration file, to tell RKH to obtain its file properties information from the package manager database. See the README file for more information about the package manager options. NOTES ===== 1) If the logfile indicates that a files' hash value has changed from some value to 'No hash value found', and your system uses prelinking, then the file probably needs to be specifically prelinked. This can usually be done by running the 'prelink' command on the relevant file. Running RKH with the '--propupd' option afterwards will indicate if there are still any hash values missing. Check the logfile and repeat the above process of prelinking the files. RKH will try and determine if your system is using prelinking or not. The logfile will contain the result of the check. 2) If your system uses Libsafe and prelinking, then errors can occur. Disable preloading Libsafe in /etc/ld.so.preload. Prelink again, and then run 'rkhunter --propupd'. =========================================================== 5. UPDATING QUESTIONS ===================== 5.1) Rootkit Hunter tells me that I have multiple versions installed. How it this possible? A. Usually you install a tool and upgrade it later. Sometimes if you use a 'non-official' updater or package manager (for example, from an external party, or build from source using an installer like RPM/DEB/TGZ/TXZ), the binaries may be installed into a different location from the original. So there are then two binaries with the same name, but in different locations. You will have to check which are the old binaries, and remove them. 5.2) Can I be notified when a new release will be available? A. Yes, you can join the rkhunter-announce mailing list. This is a low volume list. Details can be found on the RKH web site. Additionally, the '--versioncheck' option of rkhunter itself will indicate if a new version is available. =========================================================== 6. WHITELISTING EXAMPLES ======================== 6.1) After Rootkit Hunter has run you may encounter items in the log file you would like to whitelist. First verify that the entries are safe to add. The results of running these commands can be added to your 'rkhunter.conf.local' configuration file. Please adjust the commands, and the location of your 'rkhunter.log' log file, and verify the results before adding them. Do not automate adding whitelist entries to your configuration file. Allow script replacements ("properties" test): awk -F"'" '/replaced by a script/ {print "SCRIPTWHITELIST="$2}' rkhunter.log Allow processes using deleted files ("deleted_files" test): awk '/Process: / {print "ALLOWPROCDELFILE="$3}' rkhunter.log | sort -u Allow Xinetd services: awk '/Found enabled xinetd service/ {print $NF}' rkhunter.log |\ xargs -iX grep -e "server[[:blank:]]" 'X' | awk '{print "XINETD_ALLOWED_SVC="$NF}' Allow packet capturing applications ("packet_cap_apps" test): awk -F"'" '/is listening on the network/ {print "ALLOWPROCLISTEN="$2}' rkhunter.log Allow "suspicious" files ("filesystem" test): grep '^\[..:..:..\][[:blank:]]\{6\}.*/dev/shm/.*:' rkhunter.log |\ awk '{print "ALLOWDEVFILE="$2}' | sed -e "s|:$||g" Allow hidden directories ("filesystem" test): awk '/Warning: Hidden directory/ {print "ALLOWHIDDENDIR="$6}' rkhunter.log Allow hidden files ("filesystem" test): awk '/Warning: Hidden file/ {print "ALLOWHIDDENFILE="$6}' rkhunter.log |\ sed -e "s|:$||g" =========================================================== rkhunter-1.4.6/files/rkhunter.spec0000644000000000000000000001443113207556312015711 0ustar rootroot# No debuginfo: %define debug_package %{nil} # If you want to debug, uncomment the next line and remove # the duplicate percent sign (due to macro expansion) #%%dump %define name rkhunter %define ver 1.4.5 %define rel 1 %define epoch 0 # Don't change this define or also: # 1. installer.sh --layout custom /temporary/dir/usr --striproot /temporary/dir --install # 2. rewrite the files section below. %define _prefix /usr/local # We can't let RPM do the dependencies automatically because it will then pick up # a correct, but undesirable, perl dependency, which rkhunter does not require in # order to function properly. AutoReqProv: no Name: %{name} Summary: %{name} scans for rootkits, backdoors and local exploits Version: %{ver} Release: %{rel} Epoch: %{epoch} License: GPL Group: Applications/System Source0: %{name}-%{version}.tar.gz BuildArch: noarch Requires: filesystem, bash, grep, findutils, net-tools, coreutils, e2fsprogs, modutils, procps, binutils, wget, perl Provides: %{name} URL: http://rkhunter.sourceforge.net/ BuildRoot: %{_tmppath}/%{name}-%{version} %description Rootkit Hunter is a scanning tool to ensure you are about 99.9%% clean of nasty tools. It scans for rootkits, backdoors and local exploits by running tests like: - File hash check - Look for default files used by rootkits - Wrong file permissions for binaries - Look for suspected strings in LKM and KLD modules - Look for hidden files - Optional scan within plaintext and binary files - Software version checks - Application tests Rootkit Hunter is released as a GPL licensed project and free for everyone to use. %prep %setup -q %build %install MANPATH="" export MANPATH sh ./installer.sh --layout RPM --install # Make a cron.daily file to mail us the reports %{__mkdir} -p "${RPM_BUILD_ROOT}/%{_sysconfdir}/cron.daily" %{__cat} > "${RPM_BUILD_ROOT}/%{_sysconfdir}/cron.daily/rkhunter" </dev/null 2>&1 || : %{__cp} -p /etc/group /var/lib/rkhunter/tmp >/dev/null 2>&1 || : fi %preun # Only do this when removing the RPM if [ $1 -eq 0 ]; then %{__rm} -f /var/log/rkhunter.log /var/log/rkhunter.log.old >/dev/null 2>&1 %{__rm} -rf /var/lib/rkhunter/* >/dev/null 2>&1 fi %clean if [ "$RPM_BUILD_ROOT" = "/" ]; then echo Invalid Build root \'"$RPM_BUILD_ROOT"\' exit 1 else rm -rf $RPM_BUILD_ROOT fi %define docdir %{_prefix}/share/doc/%{name}-%{version} %files %defattr(-,root,root) %attr(600,root,root) %config(noreplace) %{_sysconfdir}/%{name}.conf %attr(700,root,root) %{_prefix}/bin/%{name} %attr(700,root,root) %dir %{_libdir}/%{name} %attr(700,root,root) %dir %{_libdir}/%{name}/scripts %attr(700,root,root) %{_libdir}/%{name}/scripts/*.pl %attr(700,root,root) %{_libdir}/%{name}/scripts/*.sh %attr(644,root,root) %doc %{_prefix}/share/man/man8/%{name}.8 %attr(755,root,root) %dir %{docdir} %attr(644,root,root) %doc %{docdir}/* %attr(700,root,root) %dir %{_var}/lib/%{name} %attr(700,root,root) %dir %{_var}/lib/%{name}/db %attr(600,root,root) %verify(not md5 size mtime) %{_var}/lib/%{name}/db/*.dat %attr(700,root,root) %dir %{_var}/lib/%{name}/db/i18n %attr(600,root,root) %verify(not md5 size mtime) %{_var}/lib/%{name}/db/i18n/* %attr(700,root,root) %dir %{_var}/lib/%{name}/tmp %{_sysconfdir}/cron.daily/rkhunter %changelog * Thu Jun 29 2017 jhorne - 1.4.4 - Updated for release 1.4.4 * Sun Dec 27 2015 jhorne - 1.4.2 - Changed file permissions mode to 700 for executables, and 600 for others. Directories are now set to mode 700. The man page is left at 644. The documentation directory is left at 755 and 644 for the files within it. * Tue May 01 2012 unSpawn - 1.4.0 - Spec sync, see CHANGELOG. * Tue Nov 16 2010 unSpawn - 1.3.7 - Spec sync. * Sun Nov 29 2009 unSpawn - 1.3.6 - For changes please see the CHANGELOG. * Fri Nov 27 2009 jhorne - 1.3.6 - Spec sync. * Sat Jul 18 2009 jhorne - 1.3.5 - Do not verify the checksum, size or mtime of the database files or the i18n files. * Wed Dec 10 2008 unSpawn - 1.3.4 - Spec sync. * Sun Aug 09 2008 jhorne - 1.3.3 - Renamed cron.daily file from '01-rkhunter' to 'rkhunter' so that it will run after a prelink cron job (if it exists). * Sun Feb 11 2007 unSpawn - pre-1.3.0 - Sync spec with fixes, installer and CVS * Sun Nov 12 2006 unSpawn - 1.2.9 - Re-spec, new installer * Fri Sep 29 2006 unSpawn - 1.2.9 - Updated for release 1.2.9 * Tue Aug 10 2004 Michael Boelen - 1.1.5 - Added update script - Extended description * Sun Aug 08 2004 Greg Houlette - 1.1.5 - Changed the install procedure eliminating the specification of destination filenames (only needed if you are renaming during install) - Changed the permissions for documentation files (root only overkill) - Added the installation of the rkhunter Man Page - Added the installation of the programs_{bad, good}.dat database files - Added the installation of the LICENSE documentation file - Added the chmod for root only to the /var/rkhunter/db directory * Sun May 23 2004 Craig Orsinger (cjo) - version 1.1.0-1.cjo - changed installation in accordance with new rootkit installation procedure - changed installation root to conform to LSB. Use standard macros. - added recursive remove of old build root as prep for install phase * Wed Apr 28 2004 Doncho N. Gunchev - 1.0.9-0.mr700 - dropped Requires: perl - rkhunter works without it - dropped the bash alignpatch (check the source or contact me) - various file mode fixes (.../tmp/, *.db) - optimized the %%files section - any new files in the current dirs will be fine - just %%{__install} them. * Mon Apr 26 2004 Michael Boelen - 1.0.8-0 - Fixed missing md5blacklist.dat * Mon Apr 19 2004 Doncho N. Gunchev - 1.0.6-1.mr700 - added missing /usr/local/rkhunter/db/md5blacklist.dat - patched to align results in --cronjob, I think rpm based distros have symlink /bin/sh -> /bin/bash - added --with/--without alignpatch for conditional builds (in case previous patch breaks something) * Sat Apr 03 2004 Michael Boelen / Joe Klemmer - 1.0.6-0 - Update to 1.0.6 * Mon Mar 29 2004 Doncho N. Gunchev - 1.0.0-0 - initial .spec file rkhunter-1.4.6/files/suspscan.dat0000644000000000000000000000356013207556312015525 0ustar rootrootVersion:2009112901 a:0x..,.0x.., a:add? a:asm+10 a:%:bh a:decb a:decl a:disasm+10 a:%e[bp,di,sp] a:%e[cx,si] a:%e?x a:%hi a:inc[b,l] a:jmp a:jmpcode ajuda a:jump a:%?l a:mov? a:nasm+10 a:ndisasm+10 a:nopsize+10 a:notb a:offset+10 a:opcode+10 a:p[op,ush] a:reassembl a:ret a:ro[r,l]b a:sub? a:xor c:%..%..%..% d:flood+100 d:nuke+100 f:abort f:access f:AF_INET f:atoi@ f:buf[fe,si] f:call f:changeown f:exec.* f:fopen@ f:malloc f:memcpy f:memset f:mmap f:'system(' i:bounc+10 i:dalnet i:eggbot+10 i:eggshell+10 i:invite+10 i:irc\.+100 i:iroffer+100 i:dalnet i:efnet i:undernet i:nick+10 i:pbsync+100 i:psybnc+100 i:vhost+100 i:xdcc+100 n:bind n:connect+100 n:'inet_aton(' n:listen+100 n:remote+10 n:resolv+10 n:sendfile+10 n:server+10 n:setsockopt+10 n:'(?sock' n:sockaddr n:'sockaddr_in(' n:sock[ad,et,fd] n:socket n:socklen n:'sockopen(' s:?0x[a-z0-9]\{2\}.* s:backdoor+10 s:/bin/sh+100 s:chmod s:chown s:logclean s:login s:password+10 s:/ptmx+100 s:/pty+100 s:setgid+100 s:setreuid+100 s:setuid+100 s:shellcode+100 s:tmp/sh+100 s:/tty+100 s:\"/\x[a-z0-9]\{2\}.* t:'0^wN' t:[O,0,P,p]wn.d+100 t:adviso+100 t:attack+10 t:authent t:bogus t:brute+100 t:crypt t:decode t:destruct t:device t:/dev/kmem+100 t:/dev/mem+100 t:disclos+10 t:discov+10 t:distrib+10 t:download t:elf-init t:elflbl t:evasion+10 t:exception t:exclusiv+10 t:existant t:ploit+100 t:fatal+10 t:fragment t:h[a4]x[oO0]r t:hardcod+100 t:heap+100 t:hexdump+10 t:hidden+10 t:hide+100 t:host t:hostile t:infect+10 t:inject+100 t:invisibl+10 t:javascr+50 t:kernel+100 t:leak t:'log(' t:mech+10 t:modif[yi] t:mprot t:nvalid+10 t:overwrit+10 t:patch t:payload+100 t:pointer+100 t:priv[a8] t:process t:scam+10 t:segment t:sent t:sniff+10 t:spoof+10 t:stealth+10 t:terminat t:transpar t:victim t:violat t:vuln t:worm t:rootkit t:banner t:portsc x:apache x:mambo x:openssl x:samba x:sshd x:openssh x:xhide x:joomla x:webmin x:wwwadmin x:telnet x:ftpd rkhunter-1.4.6/files/programs_bad.dat0000644000000000000000000000702513207556312016326 0ustar rootrootVersion:2014042901 httpd: 1.3a1 1.3b1 1.3b3 1.3b4 1.3b5 1.3b6 1.3b7 1.3.0 1.3.1 1.3.2 1.3.3 1.3.4 1.3.6 1.3.9 1.3.10 1.3.11 1.3.12 1.3.14 1.3.17 1.3.19 1.3.20 1.3.21 1.3.22 1.3.23 1.3.24 1.3.25 1.3.26 1.3.27 1.3.28 1.3.29 1.3.30 1.3.31 1.3.32 1.3.33 1.3.34 1.3.35 1.3.36 1.3.37 1.3.39 1.3.40 2.0a1 2.0a2 2.0a3 2.0a4 2.0a5 2.0a6 2.0a7 2.0a8 2.0a9 2.0.11 2.0.12 2.0.13 2.0.14 2.0.15 2.0.16 2.0.17 2.0.18 2.0.19 2.0.20 2.0.21 2.0.22 2.0.23 2.0.24 2.0.25 2.0.26 2.0.27 2.0.28 2.0.29 2.0.30 2.0.31 2.0.32 2.0.33 2.0.34 2.0.35 2.0.36 2.0.37 2.0.38 2.0.39 2.0.40 2.0.41 2.0.42 2.0.43 2.0.44 2.0.45 2.0.46 2.0.47 2.0.48 2.0.49 2.0.50 2.0.51 2.0.52 2.0.53 2.0.54 2.0.55 2.0.56 2.0.57 2.0.58 2.0.59 2.0.61 2.0.62 2.0.63 2.0.64 2.0.62 2.2.0 2.2.1 2.2.2 2.2.3 2.2.4 2.2.6 2.2.8 2.2.9 2.2.10 2.2.11 2.2.12 2.2.13 2.2.14 2.2.15 2.2.16 2.2.17 2.2.18 2.2.19 2.2.20 2.2.21 2.2.22 2.2.23 2.2.24 2.2.25 2.2.26 2.4.2 2.4.3 2.4.4 2.4.6 2.4.7 sshd: 2.1.1p4 2.2.0p1 2.3.0p1 2.5.1p1 2.5.1p2 2.5.2p1 2.5.2p2 2.9.9p1 2.9.9p2 2.9p1 2.9p2 3.0.1p1 3.0.2p1 3.0p1 3.1p1 3.2.2p1 3.2.3p1 3.3p1 3.4p1 3.5p1 3.6.1p1 3.6.1p2 3.6p1 3.7.1p1 3.7.1p2 3.7p1 3.8.1p1 3.8p1 3.9p1 4.0p1 4.1p1 4.2p1 4.3p1 4.3p2 4.4p1 4.5p1 4.6p1 4.7p1 4.9p1 5.0p1 5.1p1 5.2p1 5.5p1 5.6p1 5.7p1 5.8p1 5.8p2 5.9p1 6.0p1 6.1p1 6.2p1 6.2p2 6.3p1 6.4p1 6.5p1 exim: 4.20 4.21 4.22 4.23 4.24 4.30 4.31 4.32 4.33 4.34 4.40 4.41 4.42 4.43 4.44 4.50 4.51 4.52 4.53 4.54 4.60 4.61 4.62 4.63 4.64 4.65 4.66 4.67 4.68 4.69 4.70 4.71 php: 4.1.2 4.3.0 4.3.1 4.3.2 4.3.3 4.3.4 4.3.5 4.3.6 4.3.7 4.3.8 4.3.9 4.3.10 4.3.9RC2 5.0.0 5.0.1 5.0.2 5.0.3 5.0.4 5.0.5 5.1.0 5.1.1 5.1.2 5.1.3 5.1.4 5.1.5 5.1.6 5.2.0 5.2.1 5.2.2 5.2.3 5.2.4 5.2.5 5.2.6 5.2.7 5.2.8 5.2.9 5.2.10 5.3.0 5.3.1 5.3.2 gpg: 1.0.2 1.0.4 1.0.6 1.0.7 1.2.0 1.2.1 1.2.2 1.2.3 1.2.4 1.2.5 1.2.6 1.2.7 1.3.3 1.3.4 1.4.0 1.4.1 1.4.2 2.0.12 2.0.11 2.0.10 2.0.8 1.4.8 2.0.7 2.0.6 2.0.5 2.0.4 2.0.3 2.0.1 2.0 1.4.4 1.4.3 1.9.19 1.4.2 1.9.17 1.9.16 1.4.9 1.4.10 1.4.11 1.4.12 1.4.13 1.4.14 1.4.15 named: 8.1 8.1.1 8.1.2 8.2 8.2.1 8.2.2 8.2.2-P3 8.2.2-P5 8.2.2-P7 8.2.3 8.2.4 8.2.5 8.2.6 8.2.7 8.3.0 8.3.1 8.3.2 8.3.3 8.3.4 8.3.5 8.3.6 8.3.7 8.4.0 8.4.1 8.4.2 8.4.3 8.4.4 8.4.5 8.4.6 8.4.7 8.4.7-P1 9.0.0 9.0.0b1 9.0.0b2 9.0.0b3 9.0.0b4 9.1.0b1 9.1.0b2 9.2.0a1 9.2.0a2 9.2.0a3 9.2.0b1 9.2.0b2 9.2.0rc1 9.5.0a1 9.5.0a2 9.5.0a3 9.5.0a4 9.5.0a5 9.5.0a6 9.5.0a7 9.5.0b1 9.6.0a1 9.6.0b1 9.6.0rc1 9.7.0a1 9.7.0a2 9.7.0a3 9.7.0b1 9.7.0b2 9.7.0b3 9.7.0rc1 9.7.0rc2 9.7.0 9.7.1b1 9.7.1rc1 9.7.1 9.7.2b1 9.7.2rc1 9.7.2 9.7.2-P1 procmail: 1.00 1.01 1.02 1.10 1.20 1.21 1.30 1.35 1.99 2.00 2.01 2.02 2.03 2.10 2.11 2.30 2.31 2.40 2.50 2.60 2.61 2.70 2.71 2.80 2.81 2.90 2.91 3.00 3.01 3.02 3.03 3.04 3.05 3.06 3.10 3.11pre3 3.11pre4 3.11pre7 3.12 3.13 3.14 3.15 3.20 3.21 proftpd: 1.2.10rc1 1.2.10rc2 1.2.10rc3 1.2.5 1.2.6 1.2.8p 1.2.9 1.3.0a 1.3.1 1.3.1rc1 1.3.1rc2 1.3.1rc3 1.3.2 1.3.2rc1 1.3.2rc2 1.3.2rc3 1.3.2rc4 1.3.2 1.3.2a 1.3.2b 1.3.2c 1.3.2d 1.3.3rc1 1.3.3rc2 1.3.3rc3 1.3.3rc4 1.3.3 1.3.3a 1.3.3b openssl: 0.9.3 0.9.3a 0.9.4 0.9.5 0.9.5a 0.9.6 0.9.6a 0.9.6a 0.9.6b 0.9.6b 0.9.6c 0.9.6c 0.9.6d 0.9.6d 0.9.6e 0.9.6e 0.9.6f 0.9.6f 0.9.6g 0.9.6g 0.9.6h 0.9.6h 0.9.7 0.9.6i 0.9.6i 0.9.7a 0.9.6j 0.9.6j 0.9.7b 0.9.6k 0.9.6k 0.9.7c 0.9.6l 0.9.6l 0.9.6m 0.9.6m 0.9.7d 0.9.7e 0.9.7f 0.9.7g 0.9.8 0.9.7h 0.9.8a 0.9.7i 0.9.7j 0.9.8b 0.9.7k 0.9.8c 0.9.7l 0.9.8d 0.9.7m 0.9.8e 0.9.8f 0.9.8g 0.9.8h 0.9.8i 0.9.8j 0.9.8k 0.9.8l 0.9.8m 0.9.8n 0.9.8o 0.9.8p 0.9.8q 0.9.8r 0.9.8s 0.9.8t 0.9.8u 0.9.8v 0.9.8w 0.9.8x 1.0.0 1.0.0a 1.0.0b 1.0.0c 1.0.0d 1.0.0e 1.0.0f 1.0.0g 1.0.0h 1.0.0i 1.0.0j 1.0.0k 1.0.1 1.0.1a 1.0.1b 1.0.1c 1.0.1d 1.0.1e 1.0.1f rkhunter-1.4.6/files/ACKNOWLEDGMENTS0000644000000000000000000000305313207556312015341 0ustar rootroot ROOTKIT HUNTER ACKNOWLEDGMENTS ============================== Michael Boelen Initial Rootkit Hunter developer John Horne Current Rootkit Hunter developer Aus9 For Wiki and documentation support Gary Bak For enhancing AIX support and testing Andrej Ricnik For patching and testing konsolebox For loads of suggestions and testing Sibtay Abbas For testing Constantin Stefan For ideas Iain Roberts AIX and OpenBSD support Doncho N. Gunchev Steph For testing unSpawn Current Rootkit Hunter developer KNOWN CONTRIBUTORS ================== Macemoneta FUSE support B. Donnachie cAos support intrigeri Parallel run support jabel FreeBSD 6.1 cli vs cron baddcarma ProFTPd 1.3.0 on SuSE 10.0 linux_fqh Chinese translations Ryan Beckett For IRIX support Marc Becker German translation Mark Dominik Bürkle German translation (updated) Julien Valroff Bug reports, ideas and fixes Dick Gevers For packaging and hosting skdet Jan Iven Bug reports, ideas and fixes CaPaCuL Turkish translations Mitsuhiri Yoshida Japanese translation Alexander Wittig BSDng package manager code Patrick G. IPCS whitelisting code incitem/geophy Alpine Linux (busybox) support And thanks to all others who contributed to Rootkit Hunter: the regulars on the Rootkit Hunter users mailing list, bug reporters, package maintainers, end-users and those promoting Rootkit Hunter usage. rkhunter-1.4.6/files/i18n/0000755000000000000000000000000013242661162013746 5ustar rootrootrkhunter-1.4.6/files/i18n/zh.utf80000644000000000000000000006770313207556312015215 0ustar rootrootVersion:2009091601 # # We start with the definitions of the message types and results. There # are very few of these, so including these and all the parts of each # message in one file makes sense and for easier translation. # # The message type MSG_TYPE_PLAIN is used for ordinary messages. It has # no specific value, and is intercepted in the display function. It is # included here for completeness. The index names of MSG_TYPE_ and # MSG_RESULT_ are reserved - no messages can use this as part of its index. # MSG_TYPE_PLAIN: MSG_TYPE_INFO:è¨Šæ¯ MSG_TYPE_WARNING:警告 # # This is the list of message results. # MSG_RESULT_OK:正常 MSG_RESULT_BAD:æ壞 MSG_RESULT_SKIPPED:è·³éŽ MSG_RESULT_WARNING:!注æ„! MSG_RESULT_FOUND:ç™¼ç¾ MSG_RESULT_NOT_FOUND:æ²’ç™¼ç¾ MSG_RESULT_NONE_FOUND:æ²’ç™¼ç¾ MSG_RESULT_ALLOWED:å¯ä»¥ MSG_RESULT_NOT_ALLOWED:ä¸å¯ä»¥ MSG_RESULT_UPD: æ›´æ–°çš„ MSG_RESULT_NO_UPD: æ²’æ›´æ–° MSG_RESULT_UPD_FAILED: 更新失敗 MSG_RESULT_VCHK_FAILED: 版本檢查失敗 # # The messages. # VERSIONLINE:[ $1 版本 $2 ] VERSIONLINE2:在主機 $3 執行 $1 版本 $2 VERSIONLINE3:執行 $1 版本 $2 RKH_STARTDATE:開始時間是 $1 RKH_ENDDATE:çµæŸæ™‚間是 $1 OPSYS:åµæ¸¬åˆ°çš„系統是 '$1' UNAME:Uname 輸出是 '$1' CONFIG_CHECK_START:檢查設定檔åŠå‘½ä»¤åˆ—é¸é …... CONFIG_CMDLINE:命令列是 $1 CONFIG_ENVSHELL:SHELL程å¼æ˜¯ $1; rkhunter 正在使用 $2 CONFIG_CONFIGFILE:rkhunter設定檔是 '$1' CONFIG_INSTALLDIR:安è£ç›®éŒ„是'$1' CONFIG_LANGUAGE:使用的語言是 '$1' CONFIG_DBDIR:資料庫目錄 '$1' CONFIG_SCRIPTDIR:script目錄 '$1' CONFIG_BINDIR:執行檔目錄 '$1' CONFIG_ROOTDIR:根目錄 '$1' CONFIG_TMPDIR:暫存檔目錄 '$1' CONFIG_NO_MAIL_ON_WARN:沒有設置警告信的郵件ä½å€ CONFIG_MOW_DISABLED:根據使用者設定,ä¸ä½¿ç”¨è­¦å‘Šä¿¡ CONFIG_MAIL_ON_WARN:使用命令'$2'給 '$1' 發警告信 CONFIG_SSH_ROOT:Rkhunter çš„é¸é … ALLOW_SSH_ROOT_USERè¢«è¨­ç½®æˆ '$1'. CONFIG_SSH_PROTV1:Rkhunter é¸é …被設置æˆå¯ä»¥ä½¿ç”¨ç‰ˆæœ¬1çš„SSHå”定 CONFIG_X_AUTO:自動檢查X CONFIG_CLRSET2:使用第二個é…色方法 CONFIG_NO_SHOW_SUMMARY:根據使用者設定,ä¸é¡¯ç¤ºç³»çµ±ç¸½çµå ±å‘Š CONFIG_SCAN_MODE_DEV:SCAN_MODE_DEV被設置為'$1' CONFIG_NO_VL:根據使用者設定,ä¸è©³ç´°è¨˜éŒ„ CONFIG_XINETD_PATH:使用 $1 設定檔 '$2' CONFIG_SOL10_INETD:使用Solaris 10 åŠä»¥å¾Œçš„inetd機制 CONFIG_LOCAL_RC_DIR:使用系統的啟動目錄: $1 CONFIG_LOCAL_RC_FILE:使用本地的啟動目錄檔案: $1 CONFIG_ROTATE_MIRRORS:å‚™æ´æª”案將予以轉置 ONFIG_NO_ROTATE_MIRRORS:å‚™æ´æª”案將ä¸è¢«è½‰ç½® CONFIG_UPDATE_MIRRORS:å‚™æ´æª”案將被更新 CONFIG_NO_UPDATE_MIRRORS:å‚™æ´æª”案將ä¸è¢«æ›´æ–° CONFIG_MIRRORS_MODE0:本地和é ç«¯å‚™æ´æª”案將都被使用 CONFIG_MIRRORS_MODE1:åªä½¿ç”¨æœ¬åœ°å‚™æ´æª”案 CONFIG_MIRRORS_MODE2:åªä½¿ç”¨é ç«¯å‚™æ´æª”案 FOUND_CMD:找到 '$1' 命令: $2 NOT_FOUND_CMD:無法找到'$1' 命令 SYS_PRELINK:系統正在使用prelinking SYS_NO_PRELINK:系統ä¸ä½¿ç”¨prelinking HASH_FUNC_PRELINK:為了檔案的 hash 檢查而使用 prelink 命令 (帶 $1) HASH_FUNC_PERL:使用 perl $1 模組來檢查檔案hash HASH_FUNC:checksumç¨‹å¼ '$1' HASH_FUNC_NONE:無法檢查檔案hash : 沒有指定 HASH_FUNC_NONE_PKGMGR:沒有指定檔案hash函數: åªèƒ½ä½¿ç”¨å¥—件管ç†ç¨‹å¼ HASH_FUNC_DISABLED:Hash函數設置為'NONE': 自動使檔案hash檢查無效 HASH_FUNC_OLD:使用hash函數 '$1'儲存hash值 HASH_FUNC_OLD_DISABLED:舊的的hash函數無效: 沒有hash值被儲存 HASH_PKGMGR_OLD::使用套件管ç†ç¨‹å¼'$1'儲存hash值 HASH_PKGMGR_OLD_NONMD5:使用套件管ç†ç¨‹å¼'$1'(md5 function)儲存hash值 HASH_PKGMGR_OLD_UNSET:ä¸ä½¿ç”¨å¥—件管ç†ç¨‹å¼è€Œå„²å­˜hash值 HASH_PKGMGR:使用套件管ç†ç¨‹å¼ '$1' 檢查檔案屬性 HASH_PKGMGR_MD5:使用 MD5 hash 函數命令 '$1' 幫助套件管ç†ç¨‹å¼é€²è¡Œé©—è­‰ HASH_PKGMGR_NOT_SPEC:沒有指定套件管ç†ç¨‹å¼: 使用 hash 函數 '$1' HASH_PKGMGR_NOT_SPEC_PRELINKED:沒有指定套件管ç†ç¨‹å¼: 使用帶 '$1' çš„ prelink 命令 HASH_PKGMGR_USE_VRFY:套件管ç†ç¨‹å¼é©—證將用於檔案屬性的檢查çµæžœ HASH_PKGMGR_NO_USE_VRFY:套件管ç†ç¨‹å¼é©—證將ä¸ç”¨æ–¼æª”案屬性的檢查çµæžœ HASH_FIELD_INDEX:hash 函數的欄ä½ç´¢å¼•è¢«è¨­ç½®ç‚º $1 HASHUPD_DISABLED:Hash 檢查失效: ç›®å‰çš„檔案hash值將ä¸æœƒå„²å­˜ HASHUPD_PKGMGR:使用套件管ç†ç¨‹å¼ '$1' 來更新檔案hash值 HASHUPD_PKGMGR_NONE:沒有指定套件管ç†ç¨‹å¼: 使用hash函數 '$1' HASHUPD_PKGMGR_NONE_PRELINKED:沒有指定套件管ç†ç¨‹å¼: 使用帶'$1'çš„prelink命令 HASHUPD_PKGMGR_NOT_SPEC:沒有指定檔案 hash 更新套件管ç†ç¨‹å¼: 使用 hash 函數 '$1' HASHUPD_PKGMGR_NOT_SPEC_PRELINKED:沒有指定檔案 hash 更新套件管ç†ç¨‹å¼: 使用帶 '$1'çš„ prelink 命令 HASHUPD_PKGMGR_MD5:使用MD5 hash函數命令'$1'作為套件管ç†ç¨‹å¼ HASHUPD_PKGMGR_MD5_PRELINK:使用prelink命令 (帶 $1)作為套件管ç†ç¨‹å¼ ATTRUPD_DISABLED:檔案屬性檢查失效: ç›®å‰çš„檔案屬性將ä¸æœƒå„²å­˜ ATTRUPD_NOSTAT:檔案屬性檢查失效: 沒有發ç¾'stat'命令:ç›®å‰çš„檔案屬性將ä¸æœƒå„²å­˜ ATTRUPD_OK:ç›®å‰çš„檔案屬性將被儲存 ATTRUPD_OLD_DISABLED:舊的檔案屬性無效: 沒有檔案屬性儲存 ATTRUPD_OLD_NOSTAT:舊的檔案屬性無效: 沒有發ç¾'stat'命令: 沒有檔案屬性被儲存 ATTRUPD_OLD_OK:儲存舊的檔案屬性 GRSECINSTALLED:發ç¾æœ‰å®‰è£GRSEC SYSLOG_ENABLED:啟用 syslog - facility/priority 等級是 '$1'. SYSLOG_DISABLED:根據使用者設定,ä¸ä½¿ç”¨ syslog . SYSLOG_NO_LOGGER:無法使用 syslog - 無法找到 'logger' 命令. NAME:$1 PRESSENTER:[按 éµç¹¼çºŒ] TEST_SKIPPED_OS:因為 OS: $2,跳éŽæª¢æŸ¥ '$1' SUMMARY_TITLE1:系統檢查çµæžœ SUMMARY_TITLE2:===================== SUMMARY_PROP_SCAN:檢查檔案屬性... SUMMARY_PROP_REQCMDS:è¦æ±‚的檢查命令失敗 SUMMARY_PROP_COUNT:檢查檔案: $1 SUMMARY_PROP_FAILED:å¯ç–‘檔案: $1 SUMMARY_CHKS_SKIPPED:è·³éŽæ‰€æœ‰æª¢æŸ¥ SUMMARY_RKT_SCAN:檢查Rootkit... SUMMARY_RKT_COUNT:檢查Rootkits : $1 SUMMARY_RKT_FAILED:å¯èƒ½å­˜åœ¨ rootkits: $1 SUMMARY_RKT_NAMES:Rootkit å稱 : $1 SUMMARY_APPS_SCAN:應用程å¼æª¢æŸ¥... SUMMARY_APPS_COUNT:應用程å¼æª¢æŸ¥: $1 SUMMARY_APPS_FAILED:å¯ç–‘的應用程å¼: $1 SUMMARY_SCAN_TIME:檢查系統時間: $1 SUMMARY_NO_SCAN_TIME:檢查系統時間: 無法計算系統時間 SUMMARY_LOGFILE:所有çµæžœå·²è¢«å¯«å…¥åˆ°ç³»çµ±è¨˜éŒ„檔($1) SUMMARY_NO_LOGFILE:沒有建立系統記錄檔. CREATED_TEMP_FILE:建立暫存檔目錄 '$1' MIRRORS_NO_FILE:å‚™æ´æª”案'$1'ä¸å­˜åœ¨ MIRRORS_NO_MIRRORS:å‚™æ´æª”案 '$1' 中沒有需è¦çš„å‚™æ´. MIRRORS_NO_VERSION:å‚™æ´æª”案 '$1'中沒有版本編號 - é‡æ–°è¨­ç½®ç‚º0. MIRRORS_ROTATED:å‚™æ´æª”案 '$1' 已被更新. MIRRORS_SF_DEFAULT:使用 SourceForge å‚™æ´: $1 DOWNLOAD_CMD:執行下載命令 '$1' DOWNLOAD_FAIL:下載失敗 - $1 å‚™æ´æª”案無效. VERSIONCHECK_START:正在檢查 rkhunter 版本... VERSIONCHECK_FAIL_ALL:下載失敗: 無法確定最新的程å¼ç‰ˆæœ¬. VERSIONCHECK_CURRENT:ç›®å‰çš„版本 : $1 VERSIONCHECK_LATEST:最新的版本: $1 VERSIONCHECK_LATEST_FAIL:最新版本: 下載失敗 VERSIONCHECK_UPDT_AVAIL:更新有效 VERSIONCHECK_CONV_FAIL:無法比較版本編號: 程å¼: '$1' Latest: '$2' UPDATE_START:正在檢查rkhunter 的資料檔案... UPDATE_CHECKING_FILE:正在檢查檔案$1 UPDATE_FILE_NO_VERS:檔案 '$1' 沒有有效的版本編號. 正下載一個新的副本. UPDATE_FILE_MISSING:檔案 '$1' éºå¤±æˆ–為空檔. 正下載一個新的副本. UPDATE_DOWNLOAD_FAIL:'$1'下載失敗: 無法確定最新的版本編號. UPDATE_I18N_NO_VERS:無法發ç¾i18n語言檔案版本編號. OSINFO_START:檢查自上次檢查後系統是å¦æœ‰è¢«è®Šæ›´... OSINFO_END:沒有發ç¾ä»»ä½•è®Šæ›´ OSINFO_HOST_CHANGE1:自從上次檢查後,主機å稱已改變 OSINFO_HOST_CHANGE2:舊的主機å稱: $1 新的主機å稱: $2 OSINFO_OSVER_CHANGE1:自上次檢查後,系統å稱或版本已改變 OSINFO_OSVER_CHANGE2:舊的作業系統: $1 新的作業系統: $2 OSINFO_PRELINK_CHANGE:自上次檢查後,使用prelinking系統å¯èƒ½å·²æ”¹è®Šç‚º${1} OSINFO_ARCH_CHANGE1:系統的CPUé¡žåž‹å¯èƒ½å·²æ”¹è®Š OSINFO_ARCH_CHANGE2:舊的CPU: $1 æ–°çš„CPU: $2 OSINFO_MSG1:因為這些改變,檔案屬性檢查å¯èƒ½æœ‰éŒ¯èª¤çš„çµæžœ. OSINFO_MSG2:ä½ å¯èƒ½éœ€è¦ç”¨'--propupd' é¸é …é‡æ–°åŸ·è¡Œrkhunter SET_FILE_PROP_START: file properties正在å–得檔案屬性... SET_FILE_PROP_DIR_FILE_COUNT:在$2發ç¾$1 個檔案 SET_FILE_PROP_FILE_COUNT:檔案 $1: æœå°‹äº† $2 個檔案, ç™¼ç¾ $3 SET_FILE_PROP_FILE_COUNT_NOHASH:F檔案 $1: æœå°‹äº† $2 個檔案, ç™¼ç¾ $3, éºå¤± hashes $4 PROPUPD_START:開始更新檔案屬性資料... PROPUPD_OSINFO_START:正在收集作業系統的訊æ¯... PROPUPD_ARCH_FOUND:發ç¾ç³»çµ±æž¶æ§‹: $1 PROPUPD_REL_FILE:ç™¼ç¾ release 檔案: $1 PROPUPD_NO_REL_FILE:ä¸èƒ½æ‰¾åˆ°release 檔案: LS 輸出顯示: PROPUPD_OSNAME_FOUND:發ç¾ä½œæ¥­ç³»çµ±å稱: $1 PROPUPD_ERROR:安è£æ–°çš„ rkhunter.dat 檔案發生錯誤. 代碼 $1 PROPUPD_NEW_DAT_FILE:æ–°çš„ rkhunter.dat 檔案已安è£åœ¨ '$1' PROPUPD_WARN:警告! 當使用 '--propupd' é¸é …時,使用者必須自行確定 PROPUPD_WARN:系統中所有的檔案是真實的ã€å®‰è£çš„檔案來æºæ˜¯å¯é çš„. PROPUPD_WARN:rkhunter '--check' é¸é …將目å‰çš„æª”æ¡ˆå±¬æ€§èˆ‡å…ˆå‰ PROPUPD_WARN:儲存的值進行å°æ¯”,並且報告任何的變動. 然而, rkhunter PROPUPD_WARN:無法確定是什麼原因造æˆäº†é€™äº›è®Šå‹•ï¼Œéœ€å¾…使用者去確èª. ENABLED_TESTS:啟用的測試是: $1 DISABLED_TESTS:ä¸å•Ÿç”¨çš„測試是: $1 KSYMS_FOUND:ç™¼ç¾ ksym 檔案 '$1' KSYMS_MISSING:所有的 ksyms å’Œ kallsyms 檢查已被å–消 - 這兩種檔案在系統中都ä¸å­˜åœ¨. STARTING_TEST:開始 '$1' 檢查 USER_DISABLED_TEST:使用者已å–消 '$1' 檢查. CHECK_START:開始檢查系統... CHECK_WARNINGS_NOT_FOUND:在檢查系統éŽç¨‹ä¸­æ²’有警告產生. CHECK_WARNINGS_FOUND:檢查系統éŽç¨‹ä¸­ç™¼ç¾ä¸€å€‹æˆ–多個警告. CHECK_WARNINGS_FOUND_RERUN:è«‹é‡æ–°åŸ·è¡Œrkhunter,確èªç³»çµ±è¨˜éŒ„檔已建立. CHECK_WARNINGS_FOUND_CHK_LOG:請檢查系統記錄檔 ($1) CHECK_SYS_COMMANDS:檢查系統命令... STRINGS_CHECK_START:執行 '字串' 命令檢查 STRINGS_SCANNING_OK:掃瞄字串 $1 STRINGS_SCANNING_BAD:掃瞄字串 $1 STRINGS_SCANNING_BAD:'字串' 命令中無法發ç¾å­—串 STRINGS_CHECK:檢查 '字串' 命令 STRINGS_CHECK:è·³éŽæª¢æŸ¥ - æ²’æœ‰ç™¼ç¾ '字串' 命令. FILE_PROP_START:執行檔案屬性檢查 FILE_PROP_CMDS:檢查é‡è¦çš„åŸºæœ¬ç¨‹å¼ FILE_PROP_IMMUT_OS:è·³éŽæ‰€æœ‰çš„ immutable-bit 檢查. 該檢查僅在 Linux 系統下有效. FILE_PROP_SKIP_ATTR:無法找到 'stat' 命令 - 所有的檔案屬性檢查將被跳éŽ. FILE_PROP_SKIP_HASH:所有的檔案 hash 檢查將被跳éŽï¼Œå› ç‚º : FILE_PROP_SKIP_HASH_FUNC:ç›®å‰çš„çš„ hash 函數 ($1) 或者套件管ç†ç¨‹å¼ ($2) 與 hash 函數 ($3)ä¸ç›¸å®¹æˆ–套件管ç†ç¨‹å¼ ($4) 被用於儲存這些值. FILE_PROP_SKIP_HASH_PRELINK:無法找到 'prelink' 命令. FILE_PROP_SKIP_HASH_SHA1:這個系統使用 prelinking, 但是 hash 函數命令 ä¸åƒæ˜¯ SHA1 or MD5. FILE_PROP_SKIP_HASH_LIBSAFE:æ²’ç™¼ç¾ Libsafe , 這å¯èƒ½å°Žè‡´éŒ¯èª¤. 如果å¯èƒ½, 關閉 libsafe 並執行 prelink 命令. 最後, 使用 'rkhunter --propupd'é‡æ–°å»ºç«‹ hash 值. FILE_PROP_SKIP_IMMUT:無法找到 'lsattr' 命令 - 所有的檔案 immutable-bit 檢查將被跳éŽ. FILE_PROP_SKIP_SCRIPT:無法找到 'file' 命令 - 所有script代替檢查將被跳éŽ. FILE_PROP_DAT_MISSING:儲存檔案屬性的檔案 (rkhunter.dat) ä¸å­˜åœ¨, 所以必須建立它. 輸入命令 'rkhunter --propupd'建立. FILE_PROP_DAT_EMPTY:儲存檔案屬性的檔案 (rkhunter.dat) 是空的, 所以必須建立它. 輸入命令 'rkhunter --propupd'建立. FILE_PROP_SKIP_ALL:ç›®å‰å¿½ç•¥æ‰€æœ‰æª”案屬性的檢查. FILE_PROP_FILE_NOT_EXIST:系統中ä¸å­˜åœ¨ '$1' 檔案, 但是它存在於 rkhunter.dat 檔案. FILE_PROP_WL:發ç¾æª”案 '$1': 它存在於白å單中,用於 '$2' 檢查. FILE_PROP_NO_RKH_REC:系統中存在檔案 '$1' , 但是它ä¸å­˜åœ¨æ–¼ the rkhunter.dat 檔案. FILE_PROP_HASH_WL_INVALID:發ç¾æª”案 '$1': 白å單的 hash 值 ($2) 與目å‰çš„çš„ hash 值ä¸ç›¸ç¬¦. FILE_PROP_CHANGED:檔案屬性已改變: FILE_PROP_CHANGED2:檔案: $1 FILE_PROP_NO_PKGMGR_FILE:è·³éŽæª”案 '$1' hash 值: 檔案ä¸å±¬æ–¼è©²å¥—件 FILE_PROP_NO_SYSHASH:沒發ç¾æª”案 '$1'çš„hash值 FILE_PROP_NO_SYSHASH_CMD:Hash 命令輸出: $1 FILE_PROP_NO_SYSHASH_DEPENDENCY:嘗試使用命令 'prelink $1' 修復相ä¾æ€§éŒ¯èª¤. FILE_PROP_SYSHASH_UNAVAIL:ç›®å‰çš„ hash: 無法å–å¾— FILE_PROP_SYSHASH:ç›®å‰çš„ hash: $1 FILE_PROP_RKHHASH:儲存 hash : $1 FILE_PROP_NO_RKHHASH:ä¸èƒ½æ‰¾åˆ°rkhunter.dat中檔案'$1' çš„hash值. FILE_PROP_NO_RKHPERM:ä¸èƒ½æ‰¾åˆ°rkhunter.dat中檔案'$1' 的權é™å€¼. FILE_PROP_PERM_UNAVAIL:ç›®å‰çš„權é™: 無法å–å¾— cvs -d:pserver:anonymous@rkhunter.cvs.sourceforge.net:/cvsroot/rkhunter 儲存的權é™: $1 FILE_PROP_PERM:ç›®å‰çš„權é™: $1 儲存的權é™: $2 FILE_PROP_UID_UNAVAIL:ç›®å‰çš„ uid: 無法å–å¾— 儲存的 uid: $1 FILE_PROP_UID:ç›®å‰çš„ uid: $1 儲存的 uid: $2 FILE_PROP_NO_RKHUID:在檔案rkhunter.dat中沒有找到檔案 '$1' çš„user-id值. FILE_PROP_GID_UNAVAIL:ç›®å‰çš„çš„ gid: 無法å–å¾— 儲存的 gid: $1 FILE_PROP_GID:ç›®å‰çš„çš„ gid: $1 儲存的 gid: $2 FILE_PROP_NO_RKHGID:在檔案rkhunter.dat中沒有找到檔案 '$1' çš„group-id值. FILE_PROP_INODE_UNAVAIL:ç›®å‰çš„çš„ inode: 無法å–å¾— 儲存的 inode: $1 FILE_PROP_INODE:ç›®å‰çš„çš„ inode: $1 儲存的 inode: $2 FILE_PROP_NO_RKHINODE:在檔案rkhunter.dat中沒有找到檔案 '$1' çš„inode值. FILE_PROP_SYSDTM_UNAVAIL:ç›®å‰çš„的檔案修改時間: 無法å–å¾— FILE_PROP_SYSDTM:ç›®å‰çš„檔案修改時間: $1 FILE_PROP_RKHDTM:儲存的檔案修改時間 : $1 FILE_PROP_NO_RKHDTM:在檔案rkhunter.dat中沒有找到檔案 '$1' 的修改時間值. FILE_PROP_NO_SYSATTR:無法å–å¾— '$1' çš„ç›®å‰çš„屬性 FILE_PROP_WRITE:檔案 '$1'被設置為å°æ‰€æœ‰ä½¿ç”¨è€…å¯å¯«. FILE_PROP_SYSPERM_UNAVAIL:無法å–得檔案 '$1' çš„ç›®å‰çš„å¯«æ¬Šé™ FILE_PROP_IMMUT:檔案 '$1' 被設置了 immutable-bit . FILE_PROP_SCRIPT:命令 '$1' 已經被script: $2 代替 FILE_PROP_VRFY:套件管ç†ç¨‹å¼é©—證已失效: FILE_PROP_VRFY_HASH:檔案hash值已改變 FILE_PROP_VRFY_PERM:檔案權é™å·²æ”¹è®Š FILE_PROP_VRFY_UID:檔案的æ“有者屬性已改變 FILE_PROP_VRFY_GID:檔案組屬性已改變 FILE_PROP_VRFY_DTM:檔案的修改時間已改變 CHECK_ROOTKITS:正在檢查rootkit... ROOTKIT_FILES_DIRS_START:開始檢查目å‰å·²çŸ¥çš„rootkit種類和相關目錄 ROOTKIT_FILES_DIRS_NAME_LOG:檢查 ${1}... ROOTKIT_FILES_DIRS_FILE:檢查檔案 '$1' ROOTKIT_FILES_DIRS_DIR:檢查目錄 '$1' ROOTKIT_FILES_DIRS_KSYM:檢查核心符號 '$1' ROOTKIT_FILES_DIRS_FILE_FOUND:發ç¾æª”案 '$1' ROOTKIT_FILES_DIRS_DIR_FOUND:發ç¾ç›®éŒ„ '$1' ROOTKIT_FILES_DIRS_KSYM_FOUND:發ç¾æ ¸å¿ƒç¬¦è™Ÿ '$1' ROOTKIT_FILES_DIRS_STR:檢查字串 '$1' ROOTKIT_FILES_DIRS_STR_FOUND:在檔案 '$2'中發ç¾å­—串'$1' ROOTKIT_FILES_DIRS_NOFILE:檔案 '$1' ä¸å­˜åœ¨! ROOTKIT_FILES_DIRS_SINAR_DIR:檢查 '$1' ROOTKIT_FILES_DIRS_SINAR:在: $1中發ç¾SInAR ROOTKIT_ADD_START:執行其它的rootkit檢查 ROOTKIT_ADD_SUCKIT:Suckit Rookit é¡å¤–的檢查 ROOTKIT_ADD_SUCKIT_LOG:執行Suckit Rookit é¡å¤–的檢查 ROOTKIT_ADD_SUCKIT_LINK:檢查/sbin/init 連çµæ•¸é‡ ROOTKIT_ADD_SUCKIT_LINK_NOCMD:檢查 /sbin/init 連çµæ•¸é‡: æ²’ç™¼ç¾ 'stat' 命令 ROOTKIT_ADD_SUCKIT_LINK_ERR:檢查 /sbin/init 連çµæ•¸é‡: 'stat' 命令錯誤 ROOTKIT_ADD_SUCKIT_LINK_FOUND:檢查 /sbin/init 連çµæ•¸é‡: 數é‡æ˜¯ $1, 它應當是 1 ROOTKIT_ADD_SUCKIT_EXT:檢查隱è—檔案 ROOTKIT_ADD_SUCKIT_EXT_FOUND:檢查隱è—檔案: 發ç¾: $1 ROOTKIT_ADD_SUCKIT_SKDET:執行 skdet 命令 ROOTKIT_ADD_SUCKIT_SKDET_FOUND:執行 skdet 命令: 發ç¾: $1 ROOTKIT_ADD_SUCKIT_SKDET_VER:執行 skdet 命令: 未知版本: $1 ROOTKIT_POSS_FILES_DIRS:檢查å¯èƒ½å­˜åœ¨çš„rootkitåŠå…¶ç›®éŒ„ ROOTKIT_POSS_FILES_DIRS_LOG:執行檢查å¯èƒ½å­˜åœ¨çš„rootkit檔案åŠå…¶ç›®éŒ„ ROOTKIT_POSS_FILES_FILE_FOUND:發ç¾æª”案 '$1'. å¯èƒ½å­˜åœ¨rootkit: $2 ROOTKIT_POSS_FILES_DIR_FOUND:發ç¾ç›®éŒ„ '$1'. å¯èƒ½å­˜åœ¨rootkit: $2 ROOTKIT_POSS_STRINGS:檢查判定rootkitå¯èƒ½å­˜åœ¨çš„字串 ROOTKIT_POSS_STRINGS_LOG:執行檢查判定rootkitå¯èƒ½å­˜åœ¨çš„字串 ROOTKIT_POSS_STRINGS_FOUND:在檔案 '$2'中發ç¾å­—串'$1' . å¯èƒ½é‚„在rootkit: $3 ROOTKIT_MALWARE_START:執行惡æ„軟體檢查 ROOTKIT_MALWARE_SUSP_FILES:檢查執行中的行程是å¦ç‚ºå¯ç–‘的檔案 ROOTKIT_MALWARE_SUSP_FILES_FOUND:發ç¾ä¸€å€‹æˆ–多個這樣的檔案: $1 ROOTKIT_MALWARE_SUSP_FILES_FOUND:檢查 lsof 命令 'lsof -F n -w -n' 的輸出 ROOTKIT_MALWARE_HIDDEN_PROCS:檢查隱è—行程 ROOTKIT_MALWARE_HIDDEN_PROCS_FOUND:發ç¾éš±è—的行程: $1 ROOTKIT_MALWARE_DELETED_FILES:在正執行行程中檢查 deleted 檔案 ROOTKIT_MALWARE_DELETED_FILES_FOUND:以下行程正在使用 deleted 檔案: ROOTKIT_MALWARE_DELETED_FILES_FOUND_DATA:行程: $1 PID: $2 檔案: $3 ROOTKIT_MALWARE_LOGIN_BDOOR:檢查 login 後門 ROOTKIT_MALWARE_LOGIN_BDOOR_LOG:執行檢查 login 後門 ROOTKIT_MALWARE_LOGIN_BDOOR_CHK:檢查 '$1' ROOTKIT_MALWARE_LOGIN_BDOOR_FOUND:ç™¼ç¾ login 後門檔案: $1 ROOTKIT_MALWARE_SUSP_DIR:檢查å¯ç–‘目錄 ROOTKIT_MALWARE_SUSP_DIR_LOG:執行å¯ç–‘目錄的檢查 ROOTKIT_MALWARE_SUSP_DIR_FOUND:發ç¾å¯ç–‘的目錄: $1 ROOTKIT_MALWARE_SFW_INTRUSION:檢查軟體入侵 ROOTKIT_MALWARE_SFW_INTRUSION_FOUND:檔案 '$1' 中套件å«æœ‰å­—串 '$2'. å¯èƒ½å­˜åœ¨rootkit: SHV5 ROOTKIT_MALWARE_SFW_INTRUSION_SKIP:è·³éŽæª¢æŸ¥ - tripwire æ²’æœ‰å®‰è£ ROOTKIT_MALWARE_SNIFFER:檢查 sniffer 系統記錄檔 ROOTKIT_MALWARE_SNIFFER_LOG:執行 sniffer 系統記錄檔的檢查 ROOTKIT_MALWARE_SNIFFER_FOUND:發ç¾å¯ç–‘çš„sniffer 系統記錄檔: $1 ROOTKIT_TROJAN_START:執行木馬程å¼çš„檢查 ROOTKIT_TROJAN_INETD:檢查啟動的 inetd æœå‹™ ROOTKIT_TROJAN_INETD_SKIP:è·³éŽæª¢æŸ¥ - 檔案 '$1' ä¸å­˜åœ¨. ROOTKIT_TROJAN_INETD_FOUND:發ç¾å·²å•Ÿå‹•çš„ inetd æœå‹™: $1 ROOTKIT_TROJAN_XINETD:檢查啟動的 xinetd æœå‹™ ROOTKIT_TROJAN_XINETD_LOG:執行已啟動的 xinetd æœå‹™çš„檢查 ROOTKIT_TROJAN_XINETD_ENABLED:在 '$1' 中檢查已啟動的æœå‹™ ROOTKIT_TROJAN_XINETD_INCLUDE:ç™¼ç¾ 'include $1' 指令 ROOTKIT_TROJAN_XINETD_INCLUDEDIR:ç™¼ç¾ 'includedir $1' 指令 ROOTKIT_TROJAN_XINETD_ENABLED_FOUND:發ç¾å•Ÿå‹•çš„ xinetd æœå‹™: $1 ROOTKIT_TROJAN_XINETD_WHITELIST:發ç¾æœå‹™ '$1': 它ä½æ–¼ $2 白åå–®. ROOTKIT_TROJAN_APACHE:檢查 Apache 的後門 ROOTKIT_TROJAN_APACHE_SKIPPED:è·³éŽApache 後門的檢查: 沒發ç¾Apache 模組和設置目錄. ROOTKIT_TROJAN_APACHE_FOUND:發ç¾Apache 後門模組 'mod_rootme' : $1 ROOTKIT_OS_START:執行 $1 深入的檢查 ROOTKIT_OS_SKIPPED:沒有å¯ç”¨çš„深入檢查 ROOTKIT_OS_BSD_SOCKNET:檢查 sockstat å’Œ netstat 命令 ROOTKIT_OS_BSD_SOCKNET_FOUND: sockstat å’Œ netstat 的輸出發ç¾ä¸åŒ: ROOTKIT_OS_BSD_SOCKNET_OUTPUT:$1 輸出: $2 ROOTKIT_OS_FREEBSD_KLD:檢查 KLD 後門 ROOTKIT_OS_FREEBSD_KLD_FOUND:發ç¾å¯ç–‘çš„ FreeBSD KLD 後門. 'kldstat -v' 命令顯示字串 '$1' ROOTKIT_OS_FREEBSD_PKGDB:檢查套件資料庫 ROOTKIT_OS_FREEBSD_PKGDB_NOTOK:套件資料庫似乎有å•é¡Œ. ROOTKIT_OS_FREEBSD_PKGDB_NOTOK:這å¯èƒ½ä¸æ˜¯å®‰å…¨å•é¡Œ, 但是執行 'pkgdb -F' å¯èƒ½æœ‰åŠ©æ–¼è¨ºæ–·å•é¡Œ. ROOTKIT_OS_LINUX_LKM:檢查核心模組命令 ROOTKIT_OS_LINUX_LKM_FOUND: lsmod 命令 å’Œ /proc/modules 檔案之間發ç¾ä¸åŒçš„地方: ROOTKIT_OS_LINUX_LKM_OUTPUT:$1 輸出: $2 ROOTKIT_OS_LINUX_LKM_EMPTY: æ²’æœ‰ç™¼ç¾ lsmod 命令 和或 /proc/modules 檔案的輸出: ROOTKIT_OS_LINUX_LKM_MOD_MISSING:模組檔案 '$1' å·²éºå¤±. ROOTKIT_OS_LINUX_LKMNAMES:檢查核心模組å稱 ROOTKIT_OS_LINUX_LKMNAMES_PATH:使用模組路徑å '$1' ROOTKIT_OS_LINUX_LKMNAMES_FOUND:在 '$1'中發ç¾å·²çŸ¥çš„惡æ„核心模組: $2 ROOTKIT_OS_LINUX_LKMNAMES_PATH_MISSING:核心模組目錄 '$1' éºå¤± CHECK_LOCALHOST:檢查本地主機... STARTUP_FILES_START:執行系統開機檢查 STARTUP_HOSTNAME:檢查本地主機å稱 STARTUP_NO_HOSTNAME:沒發ç¾ä¸»æ©Ÿå稱. STARTUP_LOCAL_RC_FILE:檢查本地啟動檔案 STARTUP_FOUND_LOCAL_RC_FILE:發ç¾æœ¬åœ°å•Ÿå‹•æª”案: $1 STARTUP_NO_LOCAL_RC_FILE:沒發ç¾æœ¬åœ°å•Ÿå‹•æª”案. STARTUP_CHECK_LOCAL_RC:檢查本地啟動檔案是å¦æ¶‰åŠæœ‰å®³ç¨‹å¼ STARTUP_CHECK_SYSTEM_RC:檢查系統啟動檔案是å¦æ¶‰åŠæœ‰å®³ç¨‹å¼ STARTUP_CHECK_SYSTEM_RC_FOUND:發ç¾ç³»çµ±å•Ÿå‹•ç›®éŒ„: $1 STARTUP_CHECK_SYSTEM_RC_NONE:沒發ç¾ç³»çµ±å•Ÿå‹•æª”案. ACCOUNTS_START:執行使用者群組和帳號檢查 ACCOUNTS_PWD_FILE_CHECK:檢查密碼檔案 ACCOUNTS_FOUND_PWD_FILE:發ç¾å¯†ç¢¼æª”案: $1 ACCOUNTS_NO_PWD_FILE:密碼檔案 $1 ä¸å­˜åœ¨. ACCOUNTS_UID0:檢查等åŒæ–¼root (UID 0) 帳號 ACCOUNTS_UID0_WL:發ç¾ç­‰åŒæ–¼root 帳號 '$1': 它ä½æ–¼ç™½å單中. ACCOUNTS_UID0_FOUND:帳號 '$1' 是等åŒæ–¼root (UID = 0) ACCOUNTS_SHADOW_FILE:ç™¼ç¾ shadow 檔案: $1 ACCOUNTS_PWDLESS:檢查空密碼的帳號 ACCOUNTS_PWDLESS_FOUND:發ç¾ç©ºå¯†ç¢¼å¸³è™Ÿ: $1 ACCOUNTS_NO_SHADOW_FILE:æ²’ç™¼ç¾ shadow/password 檔案. PASSWD_CHANGES:檢查密碼檔案的變化 PASSWD_CHANGES_NO_TMP:無法檢查密碼檔案的異常: 密碼檔案的副本ä¸å­˜åœ¨. PASSWD_CHANGES_ADDED:有使用者被加到密碼檔案中: PASSWD_CHANGES_REMOVED:有使用者從密碼檔案中移除: GROUP_CHANGES:檢查使用者群組檔案的變化 GROUP_CHANGES_NO_FILE:使用者群組檔案 $1 ä¸å­˜åœ¨. GROUP_CHANGES_NO_TMP:無法檢查使用者群組檔案的變化: 使用者群組檔案的副本ä¸å­˜åœ¨. GROUP_CHANGES_ADDED:有使用者被加進用使用者群組檔案: GROUP_CHANGES_REMOVED:組已被從使用者群組檔案中刪除: HISTORY_CHECK:檢查root帳號的shellæ­·å²è¨˜éŒ„ HISTORY_CHECK_FOUND:Root 帳號 $1 shell æ­·å²è¨˜éŒ„是一個符號連çµ: $2 SYSTEM_CONFIGS_START:執行系統設定檔檢查 SYSTEM_CONFIGS_FILE:檢查 $1 設定檔 SYSTEM_CONFIGS_FILE_FOUND:ç™¼ç¾ $1 設定檔: $2 SYSTEM_CONFIGS_SSH_ROOT:檢查SSH是å¦å¯ç”¨root登入 SYSTEM_CONFIGS_SSH_ROOT_FOUND: SSH å’Œ rkhunter 的設定é¸é ‚應當相åŒ: SYSTEM_CONFIGS_SSH_ROOT_FOUND1:SSH 設定é¸é … 'PermitRootLogin': $1 SYSTEM_CONFIGS_SSH_ROOT_FOUND2:Rkhunter 設定é¸é … 'ALLOW_SSH_ROOT_USER': $1 SYSTEM_CONFIGS_SSH_ROOT_NOTFOUND: 還沒設置SSH 設定é¸é … 'PermitRootLogin' . SYSTEM_CONFIGS_SSH_ROOT_NOTFOUND:é è¨­å€¼å¯èƒ½æ˜¯ 'yes', å¯ç”¨root登入. SYSTEM_CONFIGS_SSH_PROTO:檢查是å¦ä½¿ç”¨ SSH v1版å”定 SYSTEM_CONFIGS_SSH_PROTO_FOUND:SSH的設定檔SSH ($1)已使用SSH v1å”定生效. SYSTEM_CONFIGS_SSH_PROTO_NOTFOUND: SSH 設定é¸é … 'Protocol' 還沒設置. SYSTEM_CONFIGS_SSH_PROTO_NOTFOUND:é è¨­å€¼å¯èƒ½æ˜¯ '2,1', å¯ä»¥ä½¿ç”¨ v1å”定. SYSTEM_CONFIGS_SYSLOG:檢查是å¦åŸ·è¡Œsyslog daemon SYSTEM_CONFIGS_SYSLOG_NOT_RUNNING:syslog daemon 沒有執行. SYSTEM_CONFIGS_SYSLOG_METALOG_RUNNING:The syslog daemon 沒有執行, 但是已經發ç¾ä¸€å€‹metalog daemon. SYSTEM_CONFIGS_SYSLOG_NO_FILE:syslog daemon 正在執行, 但是無法發ç¾è¨­å®šæª”. SYSTEM_CONFIGS_SYSLOG_REMOTE:檢查是å¦å¯ä»¥ä½¿ç”¨ syslog é ç«¯è¨˜éŒ„ SYSTEM_CONFIGS_SYSLOG_REMOTE_FOUND:Syslog 設定檔å¯ä»¥é ç«¯ç™»å…¥: $1 SYSTEM_CONFIGS_SYSLOG_REMOTE_ALLOWED:Rkhunter 設定é¸é … 'ALLOW_SYSLOG_REMOTE_LOGGING' 已經生效. FILESYSTEM_START:執行檔案系統檢查中....è«‹ç¨å¾….... FILESYSTEM_DEV_CHECK:/dev å¯ç–‘檔案類型檢查 FILESYSTEM_DEV_CHECK_NO_DEV:/dev ä¸å­˜åœ¨. FILESYSTEM_DEV_FILE_WL:發ç¾æª”案 '$1': 它存在於白å單中. FILESYSTEM_DEV_FILE_FOUND:在 ${1}中發ç¾å¯ç–‘檔案: FILESYSTEM_HIDDEN_DIR_WL:發ç¾éš±è—的目錄'$1': 它存在於白å單中.å單中. FILESYSTEM_HIDDEN_FILE_WL:Found hidden file '$1': it is whitelisted. FILESYSTEM_HIDDEN_CHECK:檢查隱è—的檔案和目錄 FILESYSTEM_HIDDEN_DIR_FOUND:發ç¾éš±è—的目錄: $1 FILESYSTEM_HIDDEN_FILE_FOUND:發ç¾éš±è—的檔案: $1 CHECK_APPS:檢查應用程å¼çš„版本... APPS_NONE_FOUND:發ç¾æœªçŸ¥çš„æ‡‰ç”¨ç¨‹å¼ - è·³éŽæ‰€æœ‰çš„檢查. APPS_DAT_MISSING:è·³éŽæ‰€æœ‰çš„應用程å¼ç‰ˆæœ¬æª¢æŸ¥. APPS_DAT_MISSING:ä¸å®‰å…¨æ‡‰ç”¨ç¨‹å¼ç‰ˆæœ¬ (programs_bad.dat) éºå¤±æˆ–為空. APPS_DAT_MISSING:如果它已經被刪除, 你得執行 'rkhunter --update'. APPS_NOT_FOUND:沒發ç¾æ‡‰ç”¨ç¨‹å¼ '$1' . APPS_CHECK:檢查 $1 的版本 APPS_CHECK_VERSION_UNKNOWN:無法å–å¾— '$1'的版本編號. APPS_CHECK_VERSION_FOUND:發ç¾æ‡‰ç”¨ç¨‹å¼ '$1' 版本編號 '$2' . APPS_CHECK_VERSION_WL:發ç¾æ‡‰ç”¨ç¨‹å¼ '$1' 版本 '$2': 這個版本ä½æ–¼ç™½åå–®. APPS_CHECK_WHOLE_VERSION_USED:無法å–å¾— '$1'的版本編號: 版本é¸é …顯示: $2 APPS_CHECK_FOUND:æ‡‰ç”¨ç¨‹å¼ '$1', 版本編號 '$2', å·²éŽæ™‚, 有潛在的安全風險. APPS_TOTAL_COUNT:應用程å¼æª¢æŸ¥: 在 $2 個應用程å¼ä¸­, 有 $1 個è¦æ³¨æ„ CHECK_NETWORK:檢查網路... NETWORK_PORTS_START:執行後門通訊埠的檢查 NETWORK_PORTS_FILE_MISSING:è·³éŽæ‰€æœ‰å¾Œé–€é€šè¨ŠåŸ çš„檢查. NETWORK_PORTS_FILE_MISSING:已知後門通訊埠檔案 (backdoorports.dat) éºå¤±æˆ–為空白. NETWORK_PORTS_FILE_MISSING:如果它已被刪除,你必須執行命令 'rkhunter --update'. NETWORK_PORTS_FILE_NO_NETSTAT:è·³éŽæ‰€æœ‰å¾Œé–€é€šè¨ŠåŸ çš„檢查. NETWORK_PORTS_FILE_NO_NETSTAT:無法找到 'netstat' 命令 NETWORK_PORTS:檢查 $1 通訊埠 ${2} NETWORK_PORTS_FOUND:網路 $1 通訊埠 $2 已被使用. å¯èƒ½çš„rootkit: $3 NETWORK_PORTS_FOUND:執行 'netstat -an' 命令去檢查它. NETWORK_INTERFACE_START:執行網路介é¢çš„檢查 NETWORK_PROMISC_CHECK:檢查 promiscuous ä»‹é¢ NETWORK_PROMISC_NO_IFCONFIG:Promiscuous 網路介é¢è¢«è·³éŽ - 無法找到 'ifconfig' 命令. NETWORK_PROMISC_NO_IP:使用'ip' 命令檢查Promiscuous ç¶²è·¯ä»‹é¢ - 無法找到 'ip' 命令. NETWORK_PROMISC_IF:å¯èƒ½çš„promiscuous 介é¢: NETWORK_PROMISC_IF_1:'ifconfig' 命令輸出: $1 NETWORK_PROMISC_IF_2:'ip' 命令輸出: $1 NETWORK_PACKET_CAP_CHECK:檢查å°åŒ…æ””æˆªç¨‹å¼ NETWORK_PACKET_CAP_CHECK_NO_FILE:å°åŒ…攔截程å¼çš„æª¢æŸ¥è¢«è·³éŽ - 檔案 '$1' éºå¤±. NETWORK_PACKET_CAP_FOUND:行程 '$1' (PID $2) 正在網路上監è½. NETWORK_PACKET_CAP_WL:發ç¾è¡Œç¨‹ '$1': 它存在於白å單中. SHARED_LIBS_START:執行 '函å¼åº«' 的檢查 SHARED_LIBS_PRELOAD_VAR:檢查é å…ˆè¼‰å…¥çš„變數 SHARED_LIBS_PRELOAD_VAR_FOUND:發ç¾é å…ˆè¼‰å…¥çš„變數: $1 SHARED_LIBS_PRELOAD_FILE:檢查é å…ˆè¼‰å…¥çš„檔案 SHARED_LIBS_PRELOAD_FILE_FOUND:發ç¾library preload 檔案: $1 SHARED_LIBS_PATH:檢查 LD_LIBRARY_PATH 變數 SHARED_LIBS_PATH_BAD: LD_LIBRARY_PATH 環境變數被設置,它會影響二進ä½ç¨‹å¼: 被設置為: $1 SUSPSCAN_CHECK:檢查具有å¯ç–‘內容的檔案 SUSPSCAN_DIR_NOT_EXIST:目錄 '$1' ä¸å­˜åœ¨. SUSPSCAN_INSPECT:檔案 '$1' (score: $2) 套件å«æœ‰å¯ç–‘的內容,它將被檢查. SUSPSCAN_START:執行帶有å¯ç–‘內容檔案的檢查 SUSPSCAN_DIRS:待檢查的目錄是: $1 SUSPSCAN_NO_DIRS:沒有指定目錄: 使用用é è¨­ ($1) SUSPSCAN_TEMP:使用暫存檔目錄: $1 SUSPSCAN_NO_TEMP:沒指定暫存檔案目錄: 使用用é è¨­çš„ ($1) SUSPSCAN_TEMP_NOT_EXIST:The suspscan 暫存檔目錄ä¸å­˜åœ¨: $1 SUSPSCAN_TEMP_NO_WRITE:The suspscan 暫存目錄無寫入權: $1 SUSPSCAN_SIZE:å¯æª¢æŸ¥çš„æœ€å¤§æª”æ¡ˆå¤§å° (以ä½å…ƒçµ„為單ä½): '$1' SUSPSCAN_NO_SIZE:沒指定最大的檔案大å°: 使用é è¨­å€¼($1) SUSPSCAN_SIZE_INVALID:æ­¤Suspscan 最大的檔案大å°ç„¡æ•ˆ: $1 SUSPSCAN_THRESH:ç©åˆ†ä¸Šé™è¨­ç½®ç‚º: $1 SUSPSCAN_NO_THRESH:沒有指定ç©åˆ†ä¸Šé™: 使用é è¨­å€¼ ($1) SUSPSCAN_THRESH_INVALID:æ­¤ Suspscan ç©åˆ†ä¸Šé™æ˜¯ç„¡æ•ˆçš„: $1 SUSPSCAN_DIR_CHECK:檢查目錄: '$1' SUSPSCAN_DIR_CHECK_NO_FILES:沒有é©ç•¶çš„檔案檢查. SUSPSCAN_FILE_CHECK:檔案檢查: Name: '$1' Score: $2 SUSPSCAN_FILE_CHECK_DEBUG:檔案檢查: Name: '$1' Score: $2 Hitcount: $3 Hits: ($4) SUSPSCAN_FILE_SKIPPED_EMPTY:忽略檔案: 空白: '$1' SUSPSCAN_FILE_SKIPPED_LINK:忽略檔案: 符號連接檔: '$1' SUSPSCAN_FILE_SKIPPED_TYPE:忽略檔案: 錯誤類型: '$1': '$2' SUSPSCAN_FILE_SKIPPED_SIZE:忽略檔案: 太大: '$1' SUSPSCAN_FILE_LINK_CHANGE:發ç¾ç¬¦è™Ÿé€£æŽ¥æª”: '$1' -> '$2' LIST_TESTS:有效的測試å稱: LIST_GROUPED_TESTS:分組檢查å稱: LIST_LANGS:å¯ç”¨çš„語言: LIST_RTKTS:檢查rootkit # #If any problem related with this zh version message,please mail to #ols3@lxer.idv.tw. I will fix them as soon as possible. #如果有任何關於ç¹é«”中文版本翻譯的å•é¡Œï¼Œè«‹è¯ç¹« ols3@lxer.idv.tw #我將會盡快予以修正. # #本翻譯檔åƒè€ƒè‡ªlinux_fqh@yahoo.com.cn所譯的簡體版本,特此感è¬ä»–. # rkhunter-1.4.6/files/i18n/de0000644000000000000000000012440013207556312014263 0ustar rootrootVersion:2014010301 # # We start with the definitions of the message types and results. There # are very few of these, so including these and all the parts of each # message in one file makes sense and for easier translation. # # The message type MSG_TYPE_PLAIN is used for ordinary messages. It has # no specific value, and is intercepted in the display function. It is # included here for completeness. The index names of MSG_TYPE_ and # MSG_RESULT_ are reserved - no messages can use this as part of its index. # MSG_TYPE_PLAIN: MSG_TYPE_INFO:Information MSG_TYPE_WARNING:Warnung # # This is the list of message results. # MSG_RESULT_OK:OK MSG_RESULT_SKIPPED:Ãœbersprungen MSG_RESULT_WARNING:Warnung MSG_RESULT_FOUND:Gefunden MSG_RESULT_NOT_FOUND:Nicht gefunden MSG_RESULT_NONE_FOUND:Nichts gefunden MSG_RESULT_ALLOWED:Erlaubt MSG_RESULT_NOT_ALLOWED:Nicht erlaubt MSG_RESULT_UNSET:Nicht gesetzt MSG_RESULT_UPD:aktualisiert MSG_RESULT_NO_UPD:Keine Aktualisierung MSG_RESULT_UPD_FAILED:Aktualisierung fehlgeschlagen MSG_RESULT_VCHK_FAILED:Versions-Ãœberprüfung fehlgeschlagen # # The messages. # VERSIONLINE:[ $1 Version $2 ] VERSIONLINE2:Running $1 in Version $2 auf $3 VERSIONLINE3:Running $1 in Version $2 RKH_STARTDATE:Start Datum ist $1 RKH_ENDDATE:Enddatum ist $1 OPSYS:Erkanntes Betriebssystem ist '$1' UNAME:Ausgabe des Befehls uname ist '$1' CONFIG_CHECK_START:Ãœberprüfe Konfigurationsdatei und Kommandozeilen-Optionen... CONFIG_CMDLINE:Kommandozeile ist $1 CONFIG_DEBUGFILE:Debug-Datei ist $1 CONFIG_ENVSHELL:Umgebungsshell ist $1; rkhunter verwendet $2 CONFIG_CONFIGFILE:Verwende Konfigurationsdatei '$1' CONFIG_INSTALLDIR:Installationsverzeichnis ist '$1' CONFIG_LANGUAGE:Verwende die Sprache '$1' CONFIG_DBDIR:Verwende '$1' als Datenbank-Verzeichnis CONFIG_SCRIPTDIR:Verwende '$1' als Script-Verzeichnis CONFIG_BINDIR:Verwende '$1' als Kommando-Verzeichnis CONFIG_ROOTDIR:Verwende '$1' als Root-Verzeichnis CONFIG_ROOTDIR_DFLT:Verwende '/' standardmäßig als Root-Verzeichnis CONFIG_TMPDIR:Verwende '$1' als temporäres Verzeichnis CONFIG_NO_MAIL_ON_WARN:Keine E-Mail-Adresse für Benachrichtigungen konfiguriert CONFIG_MOW_DISABLED:Deaktiviere das Versenden von Benachrichtigungs-E-Mails aufgrund von Benutzer-Vorgaben CONFIG_MAIL_ON_WARN:Versenden von Benachrichtigungen von '$1' mittels dem Kommando '$2' CONFIG_SSH_ROOT:Rkhunter Option ALLOW_SSH_ROOT_USER wurde auf '$1' geändert. CONFIG_SSH_PROTV1:Rkhunter Option ALLOW_SSH_PROT_V1 wurde auf '$1' geändert. CONFIG_X_AUTO:X wird automatisch erkannt CONFIG_CLRSET2:Verwende zweites Farbset CONFIG_NO_SHOW_SUMMARY:Deaktiviere die Zusammenfassung der System-Ãœberprüfung aufgrund von Benutzer-Vorgaben CONFIG_SCAN_MODE_DEV:SCAN_MODE_DEV gesetzt auf '$1' CONFIG_NO_VL:Deaktiviere erweiterte Ausgaben aufgrund von Benutzer-Vorgaben CONFIG_XINETD_PATH:Verwende $1 Konfigurations-Datei '$2' CONFIG_SOL10_INETD:Verwende Solaris 10 und spätere Inetd-Mechanismen CONFIG_STARTUP_PATHS:Verwende System-Pfade: $1 CONFIG_ROTATE_MIRRORS:Die Liste der Spiegel-Server wird rotiert CONFIG_NO_ROTATE_MIRRORS:Die Liste der Spiegel-Server wird nicht rotiert CONFIG_UPDATE_MIRRORS:Die Liste der Spiegel-Server wird upgedatet CONFIG_NO_UPDATE_MIRRORS:Die Liste der Spiegel-Server wird nicht upgedatet CONFIG_MIRRORS_MODE0:Sowohl lokale als auch entfernte Spiegel-Server werden verwendet CONFIG_MIRRORS_MODE1:Nur lokale Spiegel-Server werden verwendet CONFIG_MIRRORS_MODE2:Nur entfernte Spiegel-Server werden verwendet FOUND_CMD:Das Kommando '$1' wurde gefunden: $2 NOT_FOUND_CMD:Das Kommando '$1' konnte nicht gefunden werden CMD_ERROR:Das Kommando '$1' gab den Fehlercode '$2' zurück. SYS_PRELINK:System verwendet prelinking SYS_NO_PRELINK:System verwendet kein prelinking SYS_SELINUX:SELinux ist aktiviert SYS_NO_SELINUX:SELinux ist deaktiviert HASH_FUNC_PRELINK:Verwende prelink-Kommando (mit $1) für Datei-Hash Ãœberprüfungen HASH_FUNC_PERL:Verwende das Perl-Modul $1 für Datei-Hash Ãœberprüfungen HASH_FUNC:Verwende das Kommando '$1' für Datei-Hash Ãœberprüfungen HASH_FUNC_NONE:Datei-Hash Ãœberprüfungen deaktiviert: NONE konfiguriert HASH_FUNC_NONE_PKGMGR:Datei-Hash Ãœberprüfungen mit NONE konfiguriert: es wird nur der Paketmanager verwendet HASH_FUNC_DISABLED:Hash-Funktion auf 'NONE' gesetzt: Datei-Hash Ãœberprüfungen automatisch deaktiviert HASH_FUNC_OLD:Gespeicherte Hash-Werte erzeugt mit der Hash-Funktion '$1' HASH_FUNC_OLD_DISABLED:Vorangegangene Hash-Funktion wurde deaktiviert: keine Hash-Werte gespeichert HASH_PKGMGR_OLD:Gespeicherte Hash-Werte verwendeten den Paketmanager '$1' (md5-Funktion) HASH_PKGMGR_OLD_UNSET:Gespeicherte Hash-Werte verwendeten nicht den Paketmanager HASH_PKGMGR:Verwende den Paketmanager '$1' für die Ãœberprüfung der Dateieigenschaften HASH_PKGMGR_MD5:Verwende MD5 Hash-Funktion mit dem Kommando '$1' zur Unterstützung der Paketmanager-Ãœberprüfung HASH_PKGMGR_NOT_SPEC:Kein Paketmanager koniguriert: verwende die Hash-Funktion '$1' HASH_PKGMGR_NOT_SPEC_PRELINKED:Kein Paketmanager konfiguriert: verwende das prelink-Kommando mit '$1' HASH_FIELD_INDEX: Der Index der Hash-Funktion wurde auf $1 gesetzt HASHUPD_DISABLED:Hash-Ãœberprüfung deaktiviert: Hash-Werte der aktuellen Dateien werden nicht gespeichert HASHUPD_PKGMGR:Verwende den Paketmanager '$1' zum Erneuern der Hash-Werte HASHUPD_PKGMGR_NOT_SPEC:Keine Hash-Update-Funktion für Dateien via Paketmanager konfiguriert: verwende die Hash-Funktion '$1' HASHUPD_PKGMGR_NOT_SPEC_PRELINKED:Keine Hash-Update-Funktion für Dateien via Paketmanager konfiguriert: verwende prelink-Kommando mit '$1' ATTRUPD_DISABLED:Ãœberprüfung der Datei-Attribute deaktiviert: aktuelle Datei-Attribute werden nicht gespeichert ATTRUPD_NOSTATCMD:Ãœberprüfung der Datei-Attribute deaktiviert: kein 'stat'-Kommando gefunden: aktuelle Datei-Attribute werden nicht gespeichert ATTRUPD_OK:aktuelle Datei-Attribute werden gespeichert ATTRUPD_OLD_DISABLED:Vorherige Datei-Attribute waren deaktiviert: keine Speicherung der Attribute ATTRUPD_OLD_NOSTATCMD:Vorherige Datei-Attribute waren deaktiviert: kein 'stat'-Kommando gefunden: keine Speicherung der Attribute ATTRUPD_OLD_OK:Vorherige Datei-Attribute wurden gespeichert GRSECINSTALLED:Installation von grsecurity gefunden SYSLOG_ENABLED:Verwende syslog für das Logging - Prioritätsebene ist '$1'. SYSLOG_DISABLED:Deaktiviere die Benutzung von syslog aufgrund von Benutzer-Vorgaben SYSLOG_NO_LOGGER:Deaktiviere die Benutzung von syslog - das 'logger'-Kommando kann nicht gefunden werden. NAME:$1 PRESSENTER:[ um fortzufahren] TEST_SKIPPED_OS:Test '$1' übersprungen wegen des Betriebssystems: $2 SUMMARY_TITLE1:Zusammenfassung der Systemüberprüfung SUMMARY_TITLE2:===================================== SUMMARY_PROP_SCAN:Dateieigenschaften-Ãœberprüfung... SUMMARY_PROP_REQCMDS:Ãœberprüfung der erforderlichen Befehle fehlgeschlagen SUMMARY_PROP_COUNT:Dateien überprüft: $1 SUMMARY_PROP_FAILED:Verdächtige Dateien: $1 SUMMARY_CHKS_SKIPPED:Alle Ãœberprüfungen übersprungen SUMMARY_RKT_SCAN:Rootkit-Ãœberprüfungen... SUMMARY_RKT_COUNT:Rootkits überprüft : $1 SUMMARY_RKT_FAILED:Mögliche Rootkits: $1 SUMMARY_RKT_NAMES:Rootkit Namen : $1 SUMMARY_APPS_SCAN:Anwendungs-Ãœberprüfungen... SUMMARY_APPS_COUNT:Anwendungen überprüft: $1 SUMMARY_APPS_FAILED:Verdächtige Anwendungen: $1 SUMMARY_SCAN_TIME:Dauer der System-Ãœberprüfung: $1 SUMMARY_NO_SCAN_TIME:Dauer der System-Ãœberprüfung: auslesen der Uhrzeit nicht möglich SUMMARY_LOGFILE:Alle Ergebnisse wurden in die Log-Datei geschrieben ($1) SUMMARY_NO_LOGFILE:Keine Log-Datei erstellt. CREATED_TEMP_FILE:Temporäre Datei '$1' erstellt MIRRORS_NO_FILE:Die Datei '$1' (Liste der Spiegel-Server) existiert nicht. MIRRORS_NO_MIRRORS:Die Datei '$1' enthält keine benötigten Spiegel-Server. MIRRORS_NO_VERSION:Die Datei '$1' (Liste der Spiegel-Server) enthält keine Versionsnummer - zurück gesetzt auf null. MIRRORS_ROTATED:Die Datei '$1' (Liste der Spiegel-Server) wurde rotiert. MIRRORS_SF_DEFAULT:Verwende den Sourceforge-Spiegel-Server: $1 DOWNLOAD_CMD:Ausführen des Download-Kommandos '$1' DOWNLOAD_FAIL:Download fehlgeschlagen - $1 Spiegel-Server übrig. VERSIONCHECK_START:Ãœberprüfung der Version von rkhunter... VERSIONCHECK_FAIL_ALL:Download fehlgeschlagen: die neueste Versionsnummer des Programms kann nicht bestimmt werden. VERSIONCHECK_CURRENT:This version : $1 VERSIONCHECK_LATEST:Latest version: $1 VERSIONCHECK_LATEST_FAIL:Neueste Version: Download fehlgeschlagen VERSIONCHECK_UPDT_AVAIL:Update verfügbar VERSIONCHECK_CONV_FAIL:Vergleich der Versionsnummern nicht möglich: Programm: '$1' Neueste: '$2' UPDATE_START:Ãœberprüfung der Daten-Dateien von rkhunter... UPDATE_CHECKING_FILE:Ãœberprüfe Datei $1 UPDATE_FILE_NO_VERS:Datei '$1' enthält keine gültige Versionsnummer. Lade eine neue Kopie herunter. UPDATE_FILE_MISSING:Datei '$1' ist nicht vorhanden oder leer. Lade eine neue Kopie herunter. UPDATE_DOWNLOAD_FAIL:Download von '$1' fehlgeschlagen: die neueste Versionsnummer kann nicht bestimmt werden. UPDATE_I18N_NO_VERS:Keine Versionsnummern einer i18n-Sprachdatei gefunden. OSINFO_START:Ãœberprüfung, ob sich das Betriebssystem seit der letzten Ãœberprüfung geändert hat... OSINFO_END:Anscheinend hat sich nichts geändert OSINFO_HOST_CHANGE1:Der Hostname hat sich seit der letzten Ãœberprüfung geändert: OSINFO_HOST_CHANGE2:ehemaliger Hostname: $1 neuer Hostname: $2 OSINFO_OSVER_CHANGE1:Das Betriebssystem hat sich seit der letzten Ãœberprüfung geändert: OSINFO_OSVER_CHANGE2:ehemaliges Betriebssystem: $1 neues Betriebssystem: $2 OSINFO_PRELINK_CHANGE:Das System änderte sich zu ${1}using prelinking seit der letzten Ãœberprüfung. OSINFO_ARCH_CHANGE1:Anscheinend hat sich der Prozessor-Typ geändert: OSINFO_ARCH_CHANGE2:ehemaliger Prozessor-Wert: $1 neuer Wert: $2 OSINFO_MSG1:Aufgrund der Änderung(en) kann die Dateieigenschaften-Ãœberprüfung einige fehlerhafte Warnungsmeldungen erzeugen. OSINFO_MSG2:Eventuell müssen Sie rkhunter mit der Option '--propupd' erneut starten. SET_FILE_PROP_START:Auslesen der Datei-Eigenschaften... SET_FILE_PROP_DIR_FILE_COUNT:$1 Dateien in $2 gefunden SET_FILE_PROP_FILE_COUNT:Datei aktualisiert: gesucht wurden $2 Dateien, gefunden wurden $3 SET_FILE_PROP_FILE_COUNT_PROPOPT:Datei $1: gesucht nach $2 Dateien, gefunden wurden $3 von $4 SET_FILE_PROP_FILE_COUNT_NOHASH:Datei $1: gesucht nach $2 Dateien, gefunden wurden $3, keine Hash-Wert für $4 SET_FILE_PROP_FILE_COUNT_NOHASH_PROPOPT:Datei $1: gesucht nach $2 Dateien, gefunden wurden $3 von $4, keine Hash-Werte für $5 PROPUPD_START:Starte update der Dateieigenschaften... PROPUPD_OSINFO_START:Sammle Informationen zum Betriebsystem... PROPUPD_ARCH_FOUND:System-Architektur gefunden: $1 PROPUPD_REL_FILE:Release-Datei gefunden: $1 PROPUPD_NO_REL_FILE:Release-Datei konnte nicht gefunden werden: LS-Ausgabe zeigt: PROPUPD_OSNAME_FOUND:Name des Betriebssystems gefunden: $1 PROPUPD_ERROR:Fehler bei der Installation der neuen rkhunter.dat-Datei. Code $1 PROPUPD_NEW_DAT_FILE:Neue rkhunter.dat-Datei installiert in '$1' PROPUPD_WARN:WARNUNG! Es liegt in der Verantwortung des Benutzers, dafür zu sorgen, dass, wenn die '--propupd' Option PROPUPD_WARN:genutzt wird, alle Dateien auf dem System authentisch sind und aus einer verlässlichen Quelle PROPUPD_WARN:installiert wurden. Die rkhunter '--check' Option wird die Dateieigenschaften der derzeitigen Dateien PROPUPD_WARN:mit vorher gespeicherten Werten vergleichen und Unterschiede melden. Rkhunter kann nicht heraus PROPUPD_WARN:finden, was die Ursache für den Unterschied ist, dies liegt im Aufgabenbereich des Benutzers. ENABLED_TESTS:Aktivierte Tests: $1 DISABLED_TESTS:Deaktivierte Tests: $1 KSYMS_FOUND:ksym-Datei gefunden '$1' KSYMS_MISSING:Alle ksyms und kallsyms Ãœberprüfungen werden übersprungen - keine der Dateien exisitert auf dem System. STARTING_TEST:Beginne mit dem Test '$1' USER_DISABLED_TEST:Test '$1' deaktiviert aufgrund von Benutzer-Vorgaben CHECK_START:Starte System-Ãœberprüfungen... CHECK_WARNINGS_NOT_FOUND:Keine Warnungen während der System-Ãœberprüfung gefunden. CHECK_WARNINGS_FOUND:Eine oder mehrere Warnungen während der System-Ãœberprüfung gefunden. CHECK_WARNINGS_FOUND_RERUN:Bitte starten Sie rkhunter erneut, um sicherzustellen, dass die Log-Datei erstellt wird. CHECK_WARNINGS_FOUND_CHK_LOG:Bitte überprüfen Sie die Log-Datei ($1) CHECK_SYS_COMMANDS:Ãœberprüfen der System-Kommandos... STRINGS_CHECK_START:Ãœberprüfung des 'strings'-Kommando STRINGS_SCANNING_OK:Suche nach der Zeichenkette $1 STRINGS_SCANNING_BAD:Suche nach der Zeichenkette $1 STRINGS_SCANNING_BAD:Zeichenkette nicht gefunden im 'strings'-Kommando STRINGS_CHECK:Ãœberprüfen des 'strings'-Kommando STRINGS_CHECK:Ãœberprüfung übersprungen - kein 'strings'-Kommando gefunden. FILE_PROP_START:Ãœberprüfung der Dateieigenschaften FILE_PROP_CMDS:Ãœberprüfen der Abhängigkeiten FILE_PROP_IMMUT_OS:Ãœberspringe alle immutable-bit Ãœberprüfungen. Diese Ãœberprüfung ist nur für Linux-Systeme verfügbar. FILE_PROP_SKIP_ATTR:'stat'-Kommando nicht gefunden - alle Ãœberprüfungen der Dateieigenschaften werden übersprungen. FILE_PROP_SKIP_HASH:Alle Ãœberprüfungen der Hash-Werte werden übersprungen weil: FILE_PROP_SKIP_HASH_FUNC:Die derzeitige Hash-Funktion ($1) oder der Paketmanager ($2) sind nicht kompatibel mit der Hash-Funktion ($3) oder dem Paketmananger ($4), die benutzt wurden um die Werte zu speichern. FILE_PROP_SKIP_HASH_PRELINK:'prelink'-Kommando wurde nicht gefunden. FILE_PROP_SKIP_HASH_SHA1:Dieses System benutzt prelinking, aber die das Kommando für die Hash-Funktion sieht nicht nach SHA1 oder MD5 aus. FILE_PROP_SKIP_HASH_LIBSAFE:Libsafe wurde gefunden, dies kann Fehler verursachen. Deaktivieren Sie, sofern möglich, libsafe und starten das prelink-Kommando erneut. Abschließend die Hash-Werte erneuern mittels 'rkhunter --propupd'. FILE_PROP_SKIP_IMMUT:'lsattr'-Kommando wurde nicht gefunden - alle immutable-bit Ãœberprüfungen werden übersprungen. FILE_PROP_SKIP_SCRIPT:'file'-Kommando wurde nicht gefunden - Alle Skript-Ersetzungs-Ãœberprüfungen werden übersprungen. FILE_PROP_OS_CHANGED:Die lokale Host-Konfiguration oder das Betriebssystem hat sich geändert. FILE_PROP_DAT_MISSING:Die Datei mit den gespeicherten Dateieigenschaften (rkhunter.dat) existiert nicht und muss erstellt werden. Um dies zu veranlassen führen Sie 'rkhunter --propupd' aus. FILE_PROP_DAT_EMPTY:Die Datei mit den gespeicherten Dateieigenschaften (rkhunter.dat) ist leer und muss erstellt werden. Um dies zu veranlassen führen Sie 'rkhunter --propupd' aus. FILE_PROP_SKIP_ALL:Alle Ãœberprüfungen der Dateieigenschaften werden von nun an übersprungen. FILE_PROP_FILE_NOT_EXIST:Die Datei '$1' existiert nicht auf dem System, ist jedoch in der Datei rkhunter.dat erfasst. FILE_PROP_WL:Datei '$1' gefunden: diese ist mittels Whitelist freigegeben für '$2' Ãœberprüfung. FILE_PROP_WL_DIR:Verzeichnis '$1' gefunden: dieses ist mittels Whitelist freigegeben für '$2' Ãœberprüfung. FILE_PROP_NO_RKH_REC:Die Datei '$1' existiert auf dem System, aber nicht in der rkhunter.dat Datei. FILE_PROP_CHANGED:Dateieigenschaften haben sich geändert: FILE_PROP_CHANGED2:Datei: $1 FILE_PROP_NO_PKGMGR_FILE:Datei '$1' Hash-Wert übersprungen: Datei gehört nicht zum Paket FILE_PROP_NO_SYSHASH:Kein Hash-Wert für Datei '$1' gefunden FILE_PROP_NO_SYSHASH_CMD:Hash-Kommando Ausgabe: $1 FILE_PROP_NO_SYSHASH_DEPENDENCY:Versuche das 'prelink'-Kommando auszuführen um Abhängigkeits-Fehler zu aufzulösen. FILE_PROP_SYSHASH_UNAVAIL:Aktueller Hash-Wert: nicht verfügbar FILE_PROP_SYSHASH:Aktueller Hash-Wert: $1 FILE_PROP_RKHHASH:Gespeicherter Hash-Wert: $1 FILE_PROP_NO_RKHHASH:Kein Hash-Wert gefunden für die Datei '$1' in der rkhunter.dat Datei. FILE_PROP_NO_RKHPERM:Keinen Wert für die Dateiberechtigungen der Datei '$1' in der Datei rkhunter.dat gefunden. FILE_PROP_PERM_UNAVAIL:Aktuelle Dateiberechtigungen: nicht verfügbar Gespeicherte Berechtigungen: $1 FILE_PROP_PERM:Aktuelle Dateiberechtigungen: $1 Gespeicherte Berechtigungen: $2 FILE_PROP_UID_UNAVAIL:Aktuelle UID: nicht verfügbar Gespeicherte UID: $1 FILE_PROP_UID:Aktuelle UID: $1 Gespeicherte UID: $2 FILE_PROP_NO_RKHUID:Kein Wert für die Benutzer-ID (UID) der Datei '$1' in der Datei rkhunter.dat gefunden. FILE_PROP_GID_UNAVAIL:Aktuelle GID: nicht verfügbar Gespeicherte GID: $1 FILE_PROP_GID:Aktuelle GID: $1 Gespeicherte GID: $2 FILE_PROP_NO_RKHGID:Kein Wert für die Gruppen-ID (GID) der Datei '$1' in der Datei rkhunter.dat gefunden. FILE_PROP_INODE_UNAVAIL:Aktueller Knoten (inode): nicht verfügbar Gespeicherter Knoten (inode): $1 FILE_PROP_INODE:Aktueller Knoten (inode): $1 Gespeicherter Knoten (inode): $2 FILE_PROP_NO_RKHINODE:Kein Wert für den Knoten (inode) der Datei '$1' in der Datei rkhunter.dat gefunden. FILE_PROP_SIZE_UNAVAIL:Aktuelle Dateigröße: nicht verfügbar Gespeicherte Dateigröße: $1 FILE_PROP_SIZE:Aktuelle Dateigröße: $1 Gespeicherte Dateigröße: $2 FILE_PROP_NO_RKHSIZE:Keinen Wert für die Größe der Datei '$1' in der Datei rkhunter.dat gefunden. FILE_PROP_SYSDTM_UNAVAIL:Aktuelle Zeit der letzten Dateiänderung: nicht verfügbar FILE_PROP_SYSDTM:Aktuelle Zeit der letzten Dateiänderung: $1 FILE_PROP_RKHDTM:Gespeicherte Zeit der letzten Dateiänderung : $1 FILE_PROP_NO_RKHDTM:Keinen Wert für die Zeit der letzten Dateiänderung in der Datei rkhunter.dat gefunden. FILE_PROP_NO_SYSATTR:Aktuelle Dateieigenschaften der Datei '$1' konnten nicht ausgelesen werden FILE_PROP_WRITE:Schreibberechtigung der Datei '$1' gilt für alle Benutzer. FILE_PROP_SYSPERM_UNAVAIL:Aktuelle Schreibberechtigung der Datei '$1' konnte nicht ausgelesen werden FILE_PROP_IMMUT:Die Datei '$1' hat das immutable-bit gesetzt. FILE_PROP_SCRIPT:Das Kommando '$1' wurde durch ein Skript ersetzt: $2 FILE_PROP_SCRIPT_RKH:Das Kommando '$1' wurde ersetzt und ist kein Skript: $2 FILE_PROP_VRFY:Prüfung mittels Paketmanager fehlgeschlagen: FILE_PROP_VRFY_HASH:Der Hash-Wert der Datei hat sich geändert FILE_PROP_VRFY_PERM:Die Dateiberechtigungen haben sich geändert FILE_PROP_VRFY_UID:Der Besitzer der Datei hat sich geändert FILE_PROP_VRFY_GID:Die Gruppe der Datei hat sich verändert FILE_PROP_VRFY_DTM:Zeit des letzten Zugriffs hat sich geändert FILE_PROP_VRFY_SIZE:Dateigröße hat sich geändert CHECK_ROOTKITS:Ãœberprüfe auf Rootkits... ROOTKIT_FILES_DIRS_START:Führe die Ãœberprüfung auf bekannte Rootkit-Dateien und -Verzeichnisse aus ROOTKIT_FILES_DIRS_NAME_LOG:Ãœberprüfe auf ${1}... ROOTKIT_FILES_DIRS_FILE:Ãœberprüfe auf Datei '$1' ROOTKIT_FILES_DIRS_DIR:Ãœberprüfe auf Verzeichnis '$1' ROOTKIT_FILES_DIRS_KSYM:Ãœberprüfe auf Kernel-Symbol '$1' ROOTKIT_FILES_DIRS_FILE_FOUND:Datei'$1' gefunden ROOTKIT_FILES_DIRS_DIR_FOUND:Verzeichnis '$1' gefunden ROOTKIT_FILES_DIRS_KSYM_FOUND:Kernel-Symbol '$1' gefunden ROOTKIT_FILES_DIRS_STR:Ãœberprüfe auf Zeichenkette '$1' ROOTKIT_FILES_DIRS_STR_FOUND:Zeichenkette '$1' in Datei '$2' gefunden ROOTKIT_FILES_DIRS_NOFILE:Die Datei '$1' existiert nicht! ROOTKIT_FILES_DIRS_SINAR_DIR:Ãœberprüfe in '$1' ROOTKIT_FILES_DIRS_SINAR:SInAR gefunden in: $1 ROOTKIT_LINK_COUNT:Ãœberprüfung des "hard link"-Zählers von '$1' ROOTKIT_LINK_COUNT_FAIL:"Hard link"-Zähler von '$1' Kommando: $2 ROOTKIT_LINK_COUNT_CMDERR:Fehler von '$1' Kommando während der Ãœberprüfung '$2' ROOTKIT_PHALANX2_LINK_COUNT_FAIL:"Hard link"-Ãœberprüfung von '$1' fehlgeschlagen ROOTKIT_ADD_START:Führe zusätzliche Rootkit-Tests aus ROOTKIT_ADD_SUCKIT: erweiterte "Suckit Rookit"-Tests ROOTKIT_ADD_SUCKIT_LOG:Führe erweiterte "Suckit Rookit"-Tests ROOTKIT_ADD_SUCKIT_LINK_NOCMD:Ãœberprüfe '/sbin/init' link-Anzahl: kein 'stat'-Kommando gefunden ROOTKIT_ADD_SUCKIT_LINK_FOUND:Ãœberprüfe '/sbin/init' link-Anzahl: Anzahl ist $1, sollte aber 1 sein ROOTKIT_ADD_SUCKIT_EXT:Ãœberprüfung auf versteckte Datei-Erweiterung ROOTKIT_ADD_SUCKIT_EXT_FOUND:Ãœberprüfe auf versteckte Datei-Erweiterungen: $1 gefunden ROOTKIT_ADD_SUCKIT_SKDET:Führe skdet-Kommando aus ROOTKIT_ADD_SUCKIT_SKDET_FOUND:Führe skdet-Kommando aus: $1 gefunden ROOTKIT_ADD_SUCKIT_SKDET_VER:Führe skdet-Kommando aus: unbekannte Version: $1 ROOTKIT_POSS_FILES_DIRS:Ãœberprüfe auf mögliche Rootkit-Dateien und -Verzeichnisse ROOTKIT_POSS_FILES_DIRS_LOG:Führe Ãœberprüfung auf mögliche Rootkit-Dateien und -Verzeichnisse aus ROOTKIT_POSS_FILES_FILE_FOUND:Datei '$1' gefunden. Mögliches Rootkit: $2 ROOTKIT_POSS_FILES_DIR_FOUND:Verzeichnis '$1' gefunden. Mögliches Rootkit: $2 ROOTKIT_POSS_STRINGS:Ãœberprüfe auf mögliche Rootkit-Zeichenketten ROOTKIT_POSS_STRINGS_LOG:Führe Ãœberprüfung auf mögliche Rootkit-Zeichenketten aus ROOTKIT_POSS_STRINGS_FOUND:Zeichenkette '$1' gefunden in Datei '$2'. Mögliches Rootkit: $3 ROOTKIT_MALWARE_START:Führe Ãœberprüfung auf Malware aus ROOTKIT_MALWARE_SUSP_FILES:Ãœberprüfe laufende Prozesse auf verdächtige Dateien ROOTKIT_MALWARE_SUSP_FILES_FOUND:Eine oder mehrere Datei(en) wurden gefunden: $1 ROOTKIT_MALWARE_SUSP_FILES_FOUND:Ãœberprüfen Sie die Ausgabe des lsof-Kommandos 'lsof -F n -w -n' ROOTKIT_MALWARE_HIDDEN_PROCS:Ãœberprüfe auf versteckte Prozesse ROOTKIT_MALWARE_HIDDEN_PROCS_FOUND:Versteckte Prozesse gefunden: $1 ROOTKIT_MALWARE_DELETED_FILES:Ãœberprüfe laufende Prozesse auf gelöschte Dateien ROOTKIT_MALWARE_DELETED_FILES_FOUND:Die folgenden Prozesse nutzen gelöschte Dateien: ROOTKIT_MALWARE_DELETED_FILES_FOUND_DATA:Prozess: $1 PID: $2 Datei: $3 ROOTKIT_MALWARE_DELETED_FILES_WL:Prozess '$1' benutzt Datei '$2': erlaubt mittels Whitelist. ROOTKIT_MALWARE_LOGIN_BDOOR:Ãœberprüfung auf Backdoors, die der Anmeldung dienen ROOTKIT_MALWARE_LOGIN_BDOOR_LOG:Führe Ãœberprüfungen auf Backdoors für die Anmeldung aus ROOTKIT_MALWARE_LOGIN_BDOOR_CHK:Ãœberprüfe auf '$1' ROOTKIT_MALWARE_LOGIN_BDOOR_FOUND:Backdoor-Datei für Anmeldung gefunden: $1 ROOTKIT_MALWARE_SUSP_DIR:Ãœberprüfung auf verdächtige Verzeichnisse ROOTKIT_MALWARE_SUSP_DIR_LOG:Führe Ãœberprüfung auf verdächtige Verzeichnisse aus ROOTKIT_MALWARE_SUSP_DIR_FOUND:Verdächtiges Verzeichnis gefunden: $1 ROOTKIT_MALWARE_SFW_INTRUSION:Ãœberprüfung auf Eingriff in Software ROOTKIT_MALWARE_SFW_INTRUSION_FOUND:Die Datei '$1' enthält die Zeichenkette '$2'. Mögliches Rootkit: SHV5 ROOTKIT_MALWARE_SFW_INTRUSION_SKIP:Ãœberprüfung übersprungen - tripwire ist nicht installiert ROOTKIT_MALWARE_SNIFFER:Ãœberprüfung auf Log-Files von Sniffern ROOTKIT_MALWARE_SNIFFER_LOG:Führe Ãœberprüfung auf Log-Files von Sniffern aus ROOTKIT_MALWARE_SNIFFER_FOUND:Mögliche Sniffer-Log-Datei gefunden: $1 ROOTKIT_TROJAN_START:Führe Ãœberprüfung auf Trojaner aus ROOTKIT_TROJAN_INETD:Ãœberprüfe auf aktivierte Inetd-Dienste ROOTKIT_TROJAN_INETD_SKIP:Ãœberprüfung übersprungen - Datei '$1' existiert nicht. ROOTKIT_TROJAN_INETD_FOUND:Aktivierten Inetd-Dienst gefunden: $1 ROOTKIT_TROJAN_XINETD:Ãœberprüfe auf aktivierte Xinetd-Dienste ROOTKIT_TROJAN_XINETD_LOG:Ãœberprüfe auf aktivierte Xinetd-Dienste ROOTKIT_TROJAN_XINETD_ENABLED:Ãœberprüfe '$1' auf aktivierte Dienste ROOTKIT_TROJAN_XINETD_INCLUDE:'include $1'-Anweisung gefunden ROOTKIT_TROJAN_XINETD_INCLUDEDIR:'includedir $1'-Anweisung gefunden ROOTKIT_TROJAN_XINETD_ENABLED_FOUND:Aktivierten Xinetd-Dienst gefunden: $1 ROOTKIT_TROJAN_XINETD_WHITELIST:Dienst '$1' gefunden: erlaubt in $2 mittels Whitelist. ROOTKIT_TROJAN_APACHE:Ãœberprüfe auf Apache-Backdoor ROOTKIT_TROJAN_APACHE_SKIPPED:Ãœberprüfung auf Apache-Backdoor übersprungen: Apache-Module und Konfigurations-Verzeichnis nicht gefunden. ROOTKIT_TROJAN_APACHE_FOUND:Apache-Backdoor Modul 'mod_rootme' gefunden: $1 ROOTKIT_OS_START:Führe $1 Ãœberprüfungen aus ROOTKIT_OS_SKIPPED:Keine speziellen Test verfügbar ROOTKIT_OS_BSD_SOCKNET:Ãœberprüfe sockstat und netstat Kommandos ROOTKIT_OS_BSD_SOCKNET_FOUND:Unterschiede zwischen sockstat und netstat Ausgaben: ROOTKIT_OS_BSD_SOCKNET_OUTPUT:$1 Ausgabe: $2 ROOTKIT_OS_FREEBSD_KLD:Ãœberprüfe auf KLD-Backdoors ROOTKIT_OS_FREEBSD_KLD_FOUND:Mögliche FreeBSD KLD-Backdoor gefunden. 'kldstat -v' Kommando zeigt Zeichenkette '$1' ROOTKIT_OS_FREEBSD_PKGDB:Ãœberprüfe Paketdatenbank ROOTKIT_OS_FREEBSD_PKGDB_NOTOK:Die Paketdatenbank enthält möglicherweise widersprüchliche Daten. ROOTKIT_OS_FREEBSD_PKGDB_NOTOK:Dies könnte kein Sicherheitsproblem sein, aber das Ausführen von 'pkgdb -F' könnte bei der Diagnose helfen. ROOTKIT_OS_LINUX_LKM:Ãœberprüfe geladene Kernel-Module ROOTKIT_OS_LINUX_LKM_FOUND:Unterschiede zwischen dem lsmod-Kommando und der Datei /proc/modules: ROOTKIT_OS_LINUX_LKM_OUTPUT:$1 Ausgabe: $2 ROOTKIT_OS_LINUX_LKM_EMPTY:Keine Ausgabe des lsmod-Kommandos oder aus der Datei /proc/modules erhalten: ROOTKIT_OS_LINUX_LKM_MOD_MISSING:Die Modul-Datei '$1' fehlt. ROOTKIT_OS_LINUX_LKMNAMES:Ãœberprüfe Namen der Kernel-Module ROOTKIT_OS_LINUX_LKMNAMES_PATH:Verwende Modul-Pfadname von '$1' ROOTKIT_OS_LINUX_LKMNAMES_FOUND:Als schädlich bekanntes Kernel-Modul gefunden in '$1': $2 ROOTKIT_OS_LINUX_LKMNAMES_PATH_MISSING:Das Kernel-Modul-Verzeichnis '$1' fehlt oder ist leer. CHECK_LOCALHOST:Ãœberprüfe lokalen Host... STARTUP_FILES_START:Führe Ãœberprüfung des System-Boot aus STARTUP_HOSTNAME:Ãœberprüfe auf lokalen Hostnamen STARTUP_NO_HOSTNAME:Kein Hostname gefunden. STARTUP_CHECK_FILES_EXIST:Ãœberprüfung der System-Start-Dateien STARTUP_NONE_GIVEN:Benutzer-Vorgabe 'NONE' für System-Start Pfadnamen STARTUP_CHECK_FILES_MALWARE:Ãœberprüfe System-Start-Dateien auf Malware STARTUP_CHECK_NO_RC_FILES:Keine System-Start-Dateien gefunden. ACCOUNTS_START:Führe Ãœberprüfungen auf Gruppen und Konten aus ACCOUNTS_PWD_FILE_CHECK:Ãœberprüfe auf passwd-Datei ACCOUNTS_FOUND_PWD_FILE:password-Datei gefunden: $1 ACCOUNTS_NO_PWD_FILE:Passwort-Datei $1 existiert nicht. ACCOUNTS_UID0:Ãœberprüfung auf root-ähnliche (UID 0) Konten ACCOUNTS_UID0_WL:root-ähnliches Konto '$1' gefunden: erlaubt mittels Whitelist. ACCOUNTS_UID0_FOUND:Konto '$1' ist root-ähnlich (UID = 0) ACCOUNTS_SHADOW_FILE:Shadow-Datei gefunden: $1 ACCOUNTS_SHADOW_TCB:TCB-Shadow-Datei Verzeichnis: $1 ACCOUNTS_PWDLESS:Ãœberprüfung auf Konten ohne Passwort ACCOUNTS_PWDLESS_WL:Konto '$1' ohne Passwort gefunden: erlaubt mittels Whitelist. ACCOUNTS_PWDLESS_FOUND:Konto ohne Passwort gefunden: $1 ACCOUNTS_NO_SHADOW_FILE:Keine shadow/passwd-Datei gefunden. PASSWD_CHANGES:Checking for passwd file changes PASSWD_CHANGES_NO_TMP:Ãœberprüfung auf Unterschiede in der passwd-Datei nicht möglich: es existiert keine Kopie der Datei. PASSWD_CHANGES_ADDED:Konten wurden der passwd-Datei hinzugefügt: PASSWD_CHANGES_REMOVED:Konten wurden aus der passwd-Datei entfernt: GROUP_CHANGES:Ãœberprüfung auf Änderungen der Gruppen-Datei GROUP_CHANGES_NO_FILE:Gruppen-Datei $1 existiert nicht. GROUP_CHANGES_NO_TMP:Ãœberprüfung auf Unterschiede in der group-Datei nicht möglich: es existiert keine Kopie der Datei. GROUP_CHANGES_ADDED:Gruppen wurden der group-Datei hinzugefügt: GROUP_CHANGES_REMOVED:Gruppen wurden aus der group-Datei entfernt: HISTORY_CHECK:Ãœberprüfung der Historie der Shell des Root-Kontos HISTORY_CHECK_FOUND:Historie der Shell des Root-Kontos $1 ist ein symbolischer Link: $2 SYSTEM_CONFIGS_START:Führe Ãœberprüfung der System-Konfigurations-Dateien aus SYSTEM_CONFIGS_FILE:Ãœberprüfung auf Konfigurations-Datei von $1 SYSTEM_CONFIGS_FILE_FOUND:$1 Konfigurations-Datei gefunden: $2 SYSTEM_CONFIGS_SSH_ROOT:Ãœberprüfung ob Zugang des Root-Kontos mittels SSH erlaubt ist SYSTEM_CONFIGS_SSH_ROOT_FOUND:Die SSH- und rkhunter-Konfigurationvariablen sollten übereinstimmen: SYSTEM_CONFIGS_SSH_ROOT_FOUND1:SSH-Konfigurationvariable 'PermitRootLogin': $1 SYSTEM_CONFIGS_SSH_ROOT_FOUND2:Rkhunter-Konfigurationvariable 'ALLOW_SSH_ROOT_USER': $1 SYSTEM_CONFIGS_SSH_ROOT_NOTFOUND:Die SSH-Konfigurationsvariable 'PermitRootLogin' has not been set. SYSTEM_CONFIGS_SSH_ROOT_NOTFOUND:Der Standard-Wert kann 'yes' enthalten, um Root-Zugang zu erlauben. SYSTEM_CONFIGS_SSH_PROTO:Ãœberprüfung, ob das SSH-Protokoll Version 1 erlaubt ist SYSTEM_CONFIGS_SSH_PROTO_FOUND:SSH-Protokoll Version 1 ist aktiviert in der SSH-Konfiguration ($1). SYSTEM_CONFIGS_SSH_PROTO_NOTFOUND:Die SSH-Konfigurationsvariable 'Protocol' wurde nicht gesetzt. SYSTEM_CONFIGS_SSH_PROTO_NOTFOUND:Der Standard-Wert kann '2,1' enthalten, um die Benutzung des Protokolls in Version 1 zu nutzen. SYSTEM_CONFIGS_SYSLOG:Ãœberprüfung, ob der syslog-Daemon asugeführt wird SYSTEM_CONFIGS_SYSLOG_NOT_RUNNING:Der syslog-Daemon wird nicht ausgeführt nicht. SYSTEM_CONFIGS_SYSLOG_METALOG_RUNNING:Der syslog-Daemon wird nicht ausgeführt, aber ein Metalog-Daemon wurde gefunden. SYSTEM_CONFIGS_SYSLOG_SOCKLOG_RUNNING:Der syslog-Daemon wird nicht ausgeführt, aer ein socklog-Daemon wurde gefunden. SYSTEM_CONFIGS_SYSLOG_NO_FILE:Der syslog-Daemon wird ausgeführt, aber es kann keine Konfigurations-Datei gefunden werden. SYSTEM_CONFIGS_SYSLOG_REMOTE:Ãœberprüfung, ob entferntes Logging via syslog erlaubt ist SYSTEM_CONFIGS_SYSLOG_REMOTE_FOUND:Syslog-Konfiguration erlaubt entferntes Logging: $1 SYSTEM_CONFIGS_SYSLOG_REMOTE_ALLOWED:Rkhunter-Konfigurationsvariable 'ALLOW_SYSLOG_REMOTE_LOGGING' ist aktiviert. FILESYSTEM_START:Führe Dateisystem-Tests aus FILESYSTEM_DEV_CHECK:Ãœberprüfe /dev auf verdächtige Dateien FILESYSTEM_DEV_CHECK_NO_DEV:/dev existiert nicht. FILESYSTEM_DEV_FILE_WL:Datei '$1' gefunden: erlaubt mittels Whitelist. FILESYSTEM_DEV_FILE_FOUND:Verdächtige Dateitypen in ${1} gefunden: FILESYSTEM_HIDDEN_DIR_WL:Verstecktes Verzeichnis '$1' gefunden: erlaubt mittels Whitelist. FILESYSTEM_HIDDEN_FILE_WL:Versteckte Datei '$1' gefunden: erlaubt mittels Whitelist. FILESYSTEM_HIDDEN_CHECK:Ãœberprüfe auf versteckte Dateien und Verzeichnisse FILESYSTEM_HIDDEN_DIR_FOUND:Verstecktes Verzeichnis gefunden: $1 FILESYSTEM_HIDDEN_FILE_FOUND:Versteckte Datei gefunden: $1 CHECK_APPS:Ãœberprüfe Versionsnummern der Anwendungen... APPS_NONE_FOUND:Keine bekannten Anwendungen gefunden - alle Tests übersprungen. APPS_DAT_MISSING:Alle Anwendungs-Tests übersprungen. APPS_DAT_MISSING:Die Datei mit der Liste der unsicheren Anwendungsversionen (programs_bad.dat) fehlt oder ist leer. APPS_DAT_MISSING:Wenn diese Datei gelöscht wurde müssen Sie 'rkhunter --update' ausführen. APPS_NOT_FOUND:Anwendung '$1' nicht gefunden. APPS_CHECK:Ãœberprüfe Version von $1 APPS_CHECK_WL:Anwendung '$1' gefunden: erlaubt mittels Whitelist. APPS_CHECK_VERSION_UNKNOWN:Versionsnummer kann nicht ausgelesen werden für '$1'. APPS_CHECK_VERSION_FOUND:Anwendung '$1' in Version '$2' gefunden. APPS_CHECK_VERSION_WL:Anwendung '$1' in Version '$2' gefunden: diese Version ist erlaubt mittels Whitelist. APPS_CHECK_WHOLE_VERSION_USED:Versionsnummer kann nicht ausgelesen werden für '$1': Versions-Option gibt folgendes zurück: $2 APPS_CHECK_FOUND:Anwendung '$1', Version '$2', ist veraltet und ein mögliches Sicherheitsrisiko. APPS_TOTAL_COUNT:Anwendungen überprüft: $1 von $2 CHECK_NETWORK:Ãœberprüfe das Netzwerk... NETWORK_PORTS_START:Führe Ãœberprüfungen auf Backdoor-Ports aus NETWORK_PORTS_FILE_MISSING:Alle Backdoor-Port-Test übersprungen. NETWORK_PORTS_FILE_MISSING:Die Datei mit den bekannten Backdoor-Ports (backdoorports.dat) fehlt oder ist leer. NETWORK_PORTS_FILE_MISSING:Wenn diese Datei gelöscht wurde müssen Sie 'rkhunter --update' ausführen. NETWORK_PORTS_UNKNOWN_NETSTAT:Alle Ãœberprüfungen auf Backdoor-Ports übersprungen. NETWORK_PORTS_UNKNOWN_NETSTAT:Unbekannte netstat-Kommando Formatierung in diesem Betriebssystem. NETWORK_PORTS_DISABLE_PATHS:Deaktiviere Pfadnamen und '*' in Port-Whitelist-Einstellungen: kein 'lsof'-Kommando verfügbar NETWORK_PORTS_ENABLE_TRUSTED:Vertrauenswürdige Pfadnamen sind aktiviert für Port-Whitelisting. NETWORK_PORTS:Ãœberprüfe auf $1 Port $2 NETWORK_PORTS_PATH_WHITELIST:Netzwerk $1 Port $2 wird verwendet von $3: der Pfadname ist erlaubt mittels Whitelist. NETWORK_PORTS_TRUSTED_WHITELIST:Netzwerk $1 Port $2 wird verwendet von $3: der Pfadname ist vertrauenswürdig. NETWORK_PORTS_PORT_WHITELIST:Netzwerk $1 Port $2 wird verwendet: der Port ist erlaubt mittels Whitelist. NETWORK_PORTS_FOUND:Netzwerk $1 Port $2 wird verwendet ${3}. Mögliches Rootkit: $4 NETWORK_PORTS_FOUND:Verwenden Sie das 'lsof -i' oder 'netstat -an'-Kommando um dies zu überprüfen. NETWORK_INTERFACE_START:Führe Ãœberprüfungen der Netzwerk-Schnittstellen durch NETWORK_PROMISC_CHECK:Ãœberprüfe auf Netzwerk-Schnittstellen im promiscuous-Modus NETWORK_PROMISC_NO_IFCONFIG:Ãœberprüfung auf Netzwerk-Schnittstellen im promiscuous-Modus übersprungen - 'ifconfig'-Kommando wurde nicht gefunden. NETWORK_PROMISC_NO_IP:Ãœberprüfung der Netzwerk-Schnittstelle im promiscuous-Modus mit dem 'ip'-Kommando übersprungen - 'ip'-Kommando wurde nicht gefunden. NETWORK_PROMISC_IF:Mögliche Netzwerk-Schnittstellen im promiscuous-Modus: NETWORK_PROMISC_IF_1:'ifconfig'-Kommando Ausgabe: $1 NETWORK_PROMISC_IF_2:'ip'-Kommando Ausgabe: $1 NETWORK_PACKET_CAP_CHECK:Ãœberprüfe auf Anwendungen, die Pakete abfangen NETWORK_PACKET_CAP_CHECK_NO_FILE:Ãœberprüfung auf Anwendungen, die Pakete abfangen, übersprungen - die Datei '$1' fehlt. NETWORK_PACKET_CAP_FOUND:Prozess '$1' (PID $2) ist in offen in das Netzwerk. NETWORK_PACKET_CAP_WL:Prozess '$1' gefunden: erlaubt mittels Whitelist. SHARED_LIBS_START:Führe 'shared libraries' Ãœberprüfung aus SHARED_LIBS_PRELOAD_VAR:Ãœberprüfe auf 'preloading' Variablen SHARED_LIBS_PRELOAD_VAR_FOUND:Bibliothek gefunden die Variablen vorlädt: $1 SHARED_LIBS_PRELOAD_FILE:Ãœberprüfe Dateien, die vorgeladen werden SHARED_LIBS_PRELOAD_FILE_FOUND:Bibliothek gefunden die Datei(en) vorlädt: $1 SHARED_LIBS_PATH:Ãœberprüfe LD_LIBRARY_PATH Variable SHARED_LIBS_PATH_BAD:Die LD_LIBRARY_PATH Umgebungs-Variable ist gesetzt und beinflusst ausführbare Dateien: gesetzt auf: $1 SUSPSCAN_CHECK:Ãœberprüfe auf Dateien mit verdächtigem Inhalt SUSPSCAN_DIR_NOT_EXIST:Das Verzeichnis '$1' existiert nicht. SUSPSCAN_INSPECT:Datei '$1' (Wertung: $2) enthält einigen verdächtigen Inhalt und sollte überprüft werden. SUSPSCAN_START:Führe Ãœberprüfung auf Dateien mit verdächtigem Inhalt aus SUSPSCAN_DIRS:Zu überprüfende Verzeichnisse: $1 SUSPSCAN_NO_DIRS:Keine Verzeichnisse angegeben: verwende Standard-Einstellungen ($1) SUSPSCAN_TEMP:Verwende temporäres Verzeichnis: $1 SUSPSCAN_NO_TEMP:Kein temporäres Verzeichnis angegeben: verwende Standard-Einstellungen ($1) SUSPSCAN_TEMP_NOT_EXIST:Das zu nutzende temporäre Verzeichnis existiert nicht: $1 SUSPSCAN_TEMP_NO_WRITE:In das zu nutzende temporäre Verzeichnis kann nicht geschrieben werden: $1 SUSPSCAN_SIZE:Maximale Größe für Dateien, die zu überprüfen sind (in Bytes): '$1' SUSPSCAN_NO_SIZE:Keine maximale Größe für zu untersuchende Dateien angegeben: verwende Standard-Einstellungen ($1) SUSPSCAN_SIZE_INVALID:Die konfigurierte maximale Größe für Dateien ist fehlerhaft: $1 SUSPSCAN_THRESH:Grenzwert für Bewertung ist gesetzt auf: $1 SUSPSCAN_NO_THRESH:Kein Grenzwert für Bewertungen konfiguriert: verwende Standard-Einstellungen ($1) SUSPSCAN_THRESH_INVALID:Der konfigurierte Grenzwert für Bewertungen ist fehlerhaft: $1 SUSPSCAN_DIR_CHECK:Ãœberprüfe Verzeichnis: '$1' SUSPSCAN_DIR_CHECK_NO_FILES:Keine passenden Dateien für die Ãœberprüfung gefunden. SUSPSCAN_FILE_CHECK:Datei überprüft: Name: '$1' Bewertung: $2 SUSPSCAN_FILE_CHECK_DEBUG:Datei überprüft: Name: '$1' Bewertung: $2 Treffersumme: $3 Treffer: ($4) SUSPSCAN_FILE_SKIPPED_EMPTY:Datei ignoriert: leer: '$1' SUSPSCAN_FILE_SKIPPED_LINK:Datei ignoriert: symbolischer Link: '$1' SUSPSCAN_FILE_SKIPPED_TYPE:Datei ignoriert: falscher Typ: '$1': '$2' SUSPSCAN_FILE_SKIPPED_SIZE:Datei ignoriert: zu groß: '$1' SUSPSCAN_FILE_LINK_CHANGE:Symbolischer Link wurde nicht gefunden: '$1' -> '$2' LIST_TESTS:Verfügbare Ãœberprüfungen lauten: LIST_GROUPED_TESTS:Gruppierte Ãœberprüfungen lauten: LIST_LANGS:Verfügbare Sprachen: LIST_RTKTS:Rootkits überprüft für: APPS_DAT_NOTAFILE:Die Datei der unsicheren Anwendungsversionen ist keine Datei: $1 CONFIG_LOCALCONFIGFILE:Verwende lokale Konfigurationsdatei '$1' FILE_PROP_BROKEN_LINK_WL_TGT:Gebrochene Verknüpfung gefunden, aber die Existenz des Ziels ist mittels Whitelist freigegeben: '$1' FILE_PROP_DAT_MISSING_INFO:Die Dateieigenschaften-Prüfung wird ausgeführt da Prüfungen auch ohne die rkhunter.dat Datei ausgeführt werden können. FILE_PROP_EPOCH_DATE_CMD:Benutze '$1' um Epochen-Zeitstempel umzurechnen. FILE_PROP_IGNORE_PRELINK_DEP_ERR:Ignoriere Prelink-Abhängigkeit für Datei '$1' FILE_PROP_IMMUT_NOT_SET:Datei '$1' hat das immutable-bit nicht gesetzt. FILE_PROP_IMMUT_SET:Die immutable-bit Prüfung wird invertiert. FILE_PROP_NO_OS_WARNING:Warnungen über Betriebssystem-Änderungen wurden deaktiviert nach Anwenderwunsch. FILE_PROP_NO_SYSHASH_BL:Die Datei ist eine gebrochene Verknüpfung: $1 FILE_PROP_SKIP_FILE_CMD:Keine Ausgabe vom 'file' Kommando - alle Skript-Ersetzungs-Ãœberprüfungen werden übersprungen. FILE_PROP_SKIP_IMMUT_CMD:Keine Ausgabe vom '$1' Kommando - alle immutable-bit Ãœberprüfungen werden übersprungen. FILE_PROP_SYSHASH_UNAVAIL_BL:derzeitiger Hash-Wert: nicht verfügbar (mögliche gebrochene Verknüpfung) FILE_PROP_WL_STR:Datei '$1' und Zeichenkette '$2' gefunden: sie sind mittels Whitelist freigegeben für '$3' Ãœberprüfung. GROUP_CHANGES_FOUND:Änderungen gefunden in ger group-Datei für Gruppe '$1': GROUP_CHANGES_GID:Die Gruppen-Nummer wurde geändert von '$1' nach '$2' GROUP_CHANGES_GRPADD:Benutzer '$1' wurde der Gruppe hinzugefügt GROUP_CHANGES_GRPREM:Benutzer '$1' wurde aus der Gruppe entfernt GROUP_CHANGES_IDADD:Gruppe '$1' wurde der group-Datei hinzugefügt. GROUP_CHANGES_IDREM:Gruppe '$1' wurde aus der group-Datei entfernt. GROUP_CHANGES_PWD:Der Gruppen-Name wurde geändert von '$1' nach '$2' HASH_FUNC_PERL_SHA:Benutze das perl-Modul $1 (mit $2) für die Datei-Hash Prüfungen HASH_PKGMGR_SUM:Benutze die gespeicherten 16-bit Prüfsummen für die Paketverifikation KSYMS_UNAVAIL:Alle ksyms und kallsyms Prüfungen werden übersprüngen - die Datei ist nicht lesbar. LIST_PERL:Perl Modul Installations Status: LOCK_FAIL:Unfähig die Sperrdatei zu sperren: rkhunter ist nicht gelaufen! LOCK_UNUSED:Sperrungen werden nicht verwendet LOCK_USED:Sperren wird verwendet: timeout beträgt $1 Sekunden LOCK_WAIT:Warte auf Sperrdatei MSG_RESULT_WHITELISTED:durch Whitelisting erlaubt NETWORK_HIDDEN_PORTS_CHK_NAME:Tor Nummer: $1:$2 wird benutzt von $3 NETWORK_HIDDEN_PORTS_CHK:Tor Nummer: $1:$2 NETWORK_HIDDEN_PORTS_FOUND:Versteckte Tore gefunden: NETWORK_HIDDEN_PORTS_PATH_WHITELIST:Verstecktes $1 port $2 wird benutzt von $3: der Pfadname ist mittels Whitelist erlaubt. NETWORK_HIDDEN_PORTS_PORT_WHITELIST:Verstecktes $1 port $2 gefunden: das Tor ist mittels Whitelist erlaubt. NETWORK_HIDDEN_PORTS:Prüfe auf versteckte ports NETWORK_HIDDEN_PORTS_TRUSTED_WHITELIST:Verstecktes $1 Tor $2 wird benutzt von $3: der Pfadname ist vertrauenswürdig. NETWORK_PORTS_BACKDOOR_CHK:Prüfe auf $1 Tor $2 NETWORK_PORTS_BACKDOOR_LOG:Führe Prüfung auf Hintertüren-ports aus NETWORK_PORTS_BACKDOOR:Prüfe auf Hintertüren-ports NETWORK_PORTS_BKDOOR_FOUND:Netzwerk $1 Tor $2 wird benutzt${3}. Mögliches Rootkit: $4 NETWORK_PORTS_BKDOOR_FOUND:Nutzen Sie das 'lsof -i' oder 'netstat -an' Kommando um dies zu prüfen. NETWORK_PORTS_FILE_NOTAFILE:Die Datei der bekannten Hintertüren-ports ist keine Datei: $1 NETWORK_PROMISC_WLIST:Netzwerk-Schnittstellen, die im promiscuous-Modus betrieben werden dürfen: $1 OSINFO_DO_UPDT:Die Dateieigenschaften-Datei wird automatisch auf den neuesten Stand gebracht. PWD_CHANGES_COMM:Der Konto-Kommentar wurde von '$1' nach '$2' geändert. PWD_CHANGES_FOUND:Änderungen gefunden in der passwd Datei für Benutzer '$1': PWD_CHANGES_GID:Die GID wurde geändert von '$1' nach '$2' PWD_CHANGES_HOME:Das Heimatverzeichnis wurde geändert von '$1' nach '$2' PWD_CHANGES_IDADD:Benutzer '$1' wurde der passwd-Datei hinzugefügt. PWD_CHANGES_IDREM:Benutzer '$1' wurde aus der passwd-Datei entfernt. PWD_CHANGES_PWD:Das Passwort wurde geändert von '$1' nach '$2' PWD_CHANGES_SHL:Die login shell wurde geändert von '$1' nach '$2' PWD_CHANGES_UID:Die UID wurde geändert von '$1' nach '$2' PWDGRP_CHANGES_UNK:Unbekanntes Feld gefunden in der $1 Datei: altes Feld: '$2', neues Feld: '$3' RKHDAT_ADD_NEW_ENTRY:Füge neuen Dateieintrag zur 'rkhunter.dat' Datei hinzu: $1 RKHDAT_DEL_OLD_ENTRY:Lösche nicht existierenden Dateieintrag aus der 'rkhunter.dat' Datei: $1 ROOTKIT_MALWARE_HIDDEN_PROCS_NOUNHIDE:Die Nutzung von '$1' wurde unterdrückt auf Benutzerwunsch. ROOTKIT_MALWARE_HIDDEN_PROCS_RUBY_ERR:Das 'unhide.rb' Kommand ergab einen Fehler: ROOTKIT_MALWARE_HIDDEN_PROCS_UNH_ERR:'unhide' nicht ausgeführt: ungültiger konfigurierter Testname: $1 ROOTKIT_MALWARE_HIDDEN_PROCS_UNHIDE_CMD:Benutze Kommando '$1' ROOTKIT_MALWARE_HIDDEN_PROCS_UNHIDE_VERS:Gefundene 'unhide' Kommando-Version: $1 ROOTKIT_MALWARE_SUSP_FILES_FOUND_CMD:Kommando: $1 ROOTKIT_MALWARE_SUSP_FILES_FOUND_PATH:Pfadname: $1 ROOTKIT_MALWARE_SUSP_FILES_FOUND_RTKT:Mögliches Rootkit: $1 ROOTKIT_MALWARE_SUSP_FILES_FOUND_UID:UID: $1 PID: $2 ROOTKIT_OS_DFLY_PKGDB_NOTOK:Die Paketdatenbank scheint inkonsistent zu sein. ROOTKIT_OS_DFLY_PKGDB_NOTOK:Dies mag kein Sicherheitsproblem sein, aber 'pkg_admin check' auszuführen könnte helfen, das Problem zu diagnostizieren. ROOTKIT_PHALANX2_PROC_FOUND:Laufenden Prozess 'ata/0' gefunden ROOTKIT_PHALANX2_PROC_PPID:Erwarte 'kthread' Eltern-PID '$1', fand Eltern-PID '$2' ROOTKIT_PHALANX2_PROC:Prüfe Prozessliste auf Prozess 'ata/0' ROOTKIT_PHALANX2_PROC_PS_ERR:Ausführung von 'ps' ergab unerwartete Ergebnisse: möglicherweise nicht unterstützte Kommandozeilen-Argumente. SET_FILE_PROP_FILE_COUNT_BL:Datei $1: suchte nach $2 Dateien, fand $3, gebrochene Verknüpfungen $4 SET_FILE_PROP_FILE_COUNT_NOHASH_BL:Datei $1: suchte nach $2 Dateien, fand $3, fehlende Hashwerte $4, gebrochene Verknüpfungen $5 SET_FILE_PROP_FILE_COUNT_NOHASH_PROPOPT_BL:Datei $1: suchte nach $2 Dateien, fand $3 von $4, fehlende Hashwerte $5, gebrochene Verknüpfungen $6 SET_FILE_PROP_FILE_COUNT_PROPOPT_BL:Datei $1: suchte nach $2 Dateien, fand $3 von $4, gebrochene Verknüpfungen $5 SHARED_LIBS_PRELOAD_LIB_FOUND:Fand vorabgeladene geteilte Bibliothek: $1 SHARED_LIBS_PRELOAD_LIB_WLIST:Fand vorabgeladene geteilte Bibliothek '$1': sie ist mittels Whitelist erlaubt. SUMMARY_LOGFILE_COPIED:Logdatei kopiert nach $1 SUSPSCAN_DAT_MISSING:Die Datendatei der verdächtigen Inhalte fehlt oder ist leer: $1 SUSPSCAN_DAT_MISSING:Führen Sie 'rkhunter --update' aus, um die Vorgabe-Datei wieder herzustellen. SUSPSCAN_DAT_NOTAFILE:Die Datendatei der verdächtigen Inhalte ist keine Datei: $1 SYSTEM_CONFIGS_SSH_PROTO_DIFF1:SSH Konfigurations-Option 'Protocol': $1 SYSTEM_CONFIGS_SSH_PROTO_DIFF2:Rkhunter Konfigurations-Option 'ALLOW_SSH_PROT_V1': $1 SYSTEM_CONFIGS_SYSLOG_REMOTE_LOG:Konfigurationsdatei erlaubt Logging über das Netzwerk: $1 UPDATE_SKIPPED:Sprachdateien-Update übersprungen auf Benutzerwunsch. USER_CMD_LIST:Schliesse Benutzer-Kommandos für Dateieigenschaften-Prüfung ein: USER_DIR_LIST:Schliesse Benutzer-Verzeichnisse für Dateieigenschaften-Prüfung ein: USER_EXCLUDE_PROP:Schliesse von Dateieigenschaften-Prüfung aus: USER_FILE_LIST:Schliesse Benutzer-Dateien für Dateieigenschaften-Prüfung ein: rkhunter-1.4.6/files/i18n/zh0000644000000000000000000005730113207556312014321 0ustar rootrootVersion:2009091601 # # We start with the definitions of the message types and results. There # are very few of these, so including these and all the parts of each # message in one file makes sense and for easier translation. # # The message type MSG_TYPE_PLAIN is used for ordinary messages. It has # no specific value, and is intercepted in the display function. It is # included here for completeness. The index names of MSG_TYPE_ and # MSG_RESULT_ are reserved - no messages can use this as part of its index. # MSG_TYPE_PLAIN: MSG_TYPE_INFO:°T®§ MSG_TYPE_WARNING:ĵ§i # # This is the list of message results. # MSG_RESULT_OK:¥¿±` MSG_RESULT_BAD:·lÃa MSG_RESULT_SKIPPED:¸õ¹L MSG_RESULT_WARNING:!ª`·N! MSG_RESULT_FOUND:µo²{ MSG_RESULT_NOT_FOUND:¨Sµo²{ MSG_RESULT_NONE_FOUND:¨Sµo²{ MSG_RESULT_ALLOWED:¥i¥H MSG_RESULT_NOT_ALLOWED:¤£¥i¥H MSG_RESULT_UPD: §ó·sªº MSG_RESULT_NO_UPD: ¨S§ó·s MSG_RESULT_UPD_FAILED: §ó·s¥¢±Ñ MSG_RESULT_VCHK_FAILED: ª©¥»Àˬd¥¢±Ñ # # The messages. # VERSIONLINE:[ $1 ª©¥» $2 ] VERSIONLINE2:¦b¥D¾÷ $3 °õ¦æ $1 ª©¥» $2 VERSIONLINE3:°õ¦æ $1 ª©¥» $2 RKH_STARTDATE:¶}©l®É¶¡¬O $1 RKH_ENDDATE:µ²§ô®É¶¡¬O $1 OPSYS:°»´ú¨ìªº¨t²Î¬O '$1' UNAME:Uname ¿é¥X¬O '$1' CONFIG_CHECK_START:Àˬd³]©wÀɤΩR¥O¦C¿ï¶µ... CONFIG_CMDLINE:©R¥O¦C¬O $1 CONFIG_ENVSHELL:SHELLµ{¦¡¬O $1; rkhunter ¥¿¦b¨Ï¥Î $2 CONFIG_CONFIGFILE:rkhunter³]©wÀɬO '$1' CONFIG_INSTALLDIR:¦w¸Ë¥Ø¿ý¬O'$1' CONFIG_LANGUAGE:¨Ï¥Îªº»y¨¥¬O '$1' CONFIG_DBDIR:¸ê®Æ®w¥Ø¿ý '$1' CONFIG_SCRIPTDIR:script¥Ø¿ý '$1' CONFIG_BINDIR:°õ¦æÀɥؿý '$1' CONFIG_ROOTDIR:®Ú¥Ø¿ý '$1' CONFIG_TMPDIR:¼È¦sÀɥؿý '$1' CONFIG_NO_MAIL_ON_WARN:¨S¦³³]¸mĵ§i«Hªº¶l¥ó¦ì§} CONFIG_MOW_DISABLED:®Ú¾Ú¨Ï¥ÎªÌ³]©w¡A¤£¨Ï¥Îĵ§i«H CONFIG_MAIL_ON_WARN:¨Ï¥Î©R¥O'$2'µ¹ '$1' µoĵ§i«H CONFIG_SSH_ROOT:Rkhunter ªº¿ï¶µ ALLOW_SSH_ROOT_USER³Q³]¸m¦¨ '$1'. CONFIG_SSH_PROTV1:Rkhunter ¿ï¶µ³Q³]¸m¦¨¥i¥H¨Ï¥Îª©¥»1ªºSSH¨ó©w CONFIG_X_AUTO:¦Û°ÊÀˬdX CONFIG_CLRSET2:¨Ï¥Î²Ä¤G­Ó°t¦â¤èªk CONFIG_NO_SHOW_SUMMARY:®Ú¾Ú¨Ï¥ÎªÌ³]©w¡A¤£Åã¥Ü¨t²ÎÁ`µ²³ø§i CONFIG_SCAN_MODE_DEV:SCAN_MODE_DEV³Q³]¸m¬°'$1' CONFIG_NO_VL:®Ú¾Ú¨Ï¥ÎªÌ³]©w¡A¤£¸Ô²Ó°O¿ý CONFIG_XINETD_PATH:¨Ï¥Î $1 ³]©wÀÉ '$2' CONFIG_SOL10_INETD:¨Ï¥ÎSolaris 10 ¤Î¥H«áªºinetd¾÷¨î CONFIG_LOCAL_RC_DIR:¨Ï¥Î¨t²Îªº±Ò°Ê¥Ø¿ý: $1 CONFIG_LOCAL_RC_FILE:¨Ï¥Î¥»¦aªº±Ò°Ê¥Ø¿ýÀÉ®×: $1 CONFIG_ROTATE_MIRRORS:³Æ´©ÀÉ®×±N¤©¥HÂà¸m ONFIG_NO_ROTATE_MIRRORS:³Æ´©ÀÉ®×±N¤£³QÂà¸m CONFIG_UPDATE_MIRRORS:³Æ´©ÀÉ®×±N³Q§ó·s CONFIG_NO_UPDATE_MIRRORS:³Æ´©ÀÉ®×±N¤£³Q§ó·s CONFIG_MIRRORS_MODE0:¥»¦a©M»·ºÝ³Æ´©ÀÉ®×±N³£³Q¨Ï¥Î CONFIG_MIRRORS_MODE1:¥u¨Ï¥Î¥»¦a³Æ´©ÀÉ®× CONFIG_MIRRORS_MODE2:¥u¨Ï¥Î»·ºÝ³Æ´©ÀÉ®× FOUND_CMD:§ä¨ì '$1' ©R¥O: $2 NOT_FOUND_CMD:µLªk§ä¨ì'$1' ©R¥O SYS_PRELINK:¨t²Î¥¿¦b¨Ï¥Îprelinking SYS_NO_PRELINK:¨t²Î¤£¨Ï¥Îprelinking HASH_FUNC_PRELINK:¬°¤FÀɮתº hash Àˬd¦Ó¨Ï¥Î prelink ©R¥O (±a $1) HASH_FUNC_PERL:¨Ï¥Î perl $1 ¼Ò²Õ¨ÓÀˬdÀÉ®×hash HASH_FUNC:checksumµ{¦¡ '$1' HASH_FUNC_NONE:µLªkÀˬdÀÉ®×hash : ¨S¦³«ü©w HASH_FUNC_NONE_PKGMGR:¨S¦³«ü©wÀÉ®×hash¨ç¼Æ: ¥u¯à¨Ï¥Î®M¥óºÞ²zµ{¦¡ HASH_FUNC_DISABLED:Hash¨ç¼Æ³]¸m¬°'NONE': ¦Û°Ê¨ÏÀÉ®×hashÀˬdµL®Ä HASH_FUNC_OLD:¨Ï¥Îhash¨ç¼Æ '$1'Àx¦shash­È HASH_FUNC_OLD_DISABLED:ªºªºhash¨ç¼ÆµL®Ä: ¨S¦³hash­È³QÀx¦s HASH_PKGMGR_OLD::¨Ï¥Î®M¥óºÞ²zµ{¦¡'$1'Àx¦shash­È HASH_PKGMGR_OLD_NONMD5:¨Ï¥Î®M¥óºÞ²zµ{¦¡'$1'(md5 function)Àx¦shash­È HASH_PKGMGR_OLD_UNSET:¤£¨Ï¥Î®M¥óºÞ²zµ{¦¡¦ÓÀx¦shash­È HASH_PKGMGR:¨Ï¥Î®M¥óºÞ²zµ{¦¡ '$1' ÀˬdÀÉ®×ÄÝ©Ê HASH_PKGMGR_MD5:¨Ï¥Î MD5 hash ¨ç¼Æ©R¥O '$1' À°§U®M¥óºÞ²zµ{¦¡¶i¦æÅçÃÒ HASH_PKGMGR_NOT_SPEC:¨S¦³«ü©w®M¥óºÞ²zµ{¦¡: ¨Ï¥Î hash ¨ç¼Æ '$1' HASH_PKGMGR_NOT_SPEC_PRELINKED:¨S¦³«ü©w®M¥óºÞ²zµ{¦¡: ¨Ï¥Î±a '$1' ªº prelink ©R¥O HASH_PKGMGR_USE_VRFY:®M¥óºÞ²zµ{¦¡ÅçÃÒ±N¥Î©óÀÉ®×ÄݩʪºÀˬdµ²ªG HASH_PKGMGR_NO_USE_VRFY:®M¥óºÞ²zµ{¦¡ÅçÃÒ±N¤£¥Î©óÀÉ®×ÄݩʪºÀˬdµ²ªG HASH_FIELD_INDEX:hash ¨ç¼ÆªºÄæ¦ì¯Á¤Þ³Q³]¸m¬° $1 HASHUPD_DISABLED:Hash Àˬd¥¢®Ä: ¥Ø«eªºÀÉ®×hash­È±N¤£·|Àx¦s HASHUPD_PKGMGR:¨Ï¥Î®M¥óºÞ²zµ{¦¡ '$1' ¨Ó§ó·sÀÉ®×hash­È HASHUPD_PKGMGR_NONE:¨S¦³«ü©w®M¥óºÞ²zµ{¦¡: ¨Ï¥Îhash¨ç¼Æ '$1' HASHUPD_PKGMGR_NONE_PRELINKED:¨S¦³«ü©w®M¥óºÞ²zµ{¦¡: ¨Ï¥Î±a'$1'ªºprelink©R¥O HASHUPD_PKGMGR_NOT_SPEC:¨S¦³«ü©wÀÉ®× hash §ó·s®M¥óºÞ²zµ{¦¡: ¨Ï¥Î hash ¨ç¼Æ '$1' HASHUPD_PKGMGR_NOT_SPEC_PRELINKED:¨S¦³«ü©wÀÉ®× hash §ó·s®M¥óºÞ²zµ{¦¡: ¨Ï¥Î±a '$1'ªº prelink ©R¥O HASHUPD_PKGMGR_MD5:¨Ï¥ÎMD5 hash¨ç¼Æ©R¥O'$1'§@¬°®M¥óºÞ²zµ{¦¡ HASHUPD_PKGMGR_MD5_PRELINK:¨Ï¥Îprelink©R¥O (±a $1)§@¬°®M¥óºÞ²zµ{¦¡ ATTRUPD_DISABLED:ÀÉ®×ÄÝ©ÊÀˬd¥¢®Ä: ¥Ø«eªºÀÉ®×ÄݩʱN¤£·|Àx¦s ATTRUPD_NOSTAT:ÀÉ®×ÄÝ©ÊÀˬd¥¢®Ä: ¨S¦³µo²{'stat'©R¥O:¥Ø«eªºÀÉ®×ÄݩʱN¤£·|Àx¦s ATTRUPD_OK:¥Ø«eªºÀÉ®×ÄݩʱN³QÀx¦s ATTRUPD_OLD_DISABLED:ªºÀÉ®×ÄݩʵL®Ä: ¨S¦³ÀÉ®×ÄÝ©ÊÀx¦s ATTRUPD_OLD_NOSTAT:ªºÀÉ®×ÄݩʵL®Ä: ¨S¦³µo²{'stat'©R¥O: ¨S¦³ÀÉ®×ÄݩʳQÀx¦s ATTRUPD_OLD_OK:Àx¦sªºÀÉ®×ÄÝ©Ê GRSECINSTALLED:µo²{¦³¦w¸ËGRSEC SYSLOG_ENABLED:±Ò¥Î syslog - facility/priority µ¥¯Å¬O '$1'. SYSLOG_DISABLED:®Ú¾Ú¨Ï¥ÎªÌ³]©w¡A¤£¨Ï¥Î syslog . SYSLOG_NO_LOGGER:µLªk¨Ï¥Î syslog - µLªk§ä¨ì 'logger' ©R¥O. NAME:$1 PRESSENTER:[«ö ÁäÄ~Äò] TEST_SKIPPED_OS:¦]¬° OS: $2¡A¸õ¹LÀˬd '$1' SUMMARY_TITLE1:¨t²ÎÀˬdµ²ªG SUMMARY_TITLE2:===================== SUMMARY_PROP_SCAN:ÀˬdÀÉ®×ÄÝ©Ê... SUMMARY_PROP_REQCMDS:­n¨DªºÀˬd©R¥O¥¢±Ñ SUMMARY_PROP_COUNT:ÀˬdÀÉ®×: $1 SUMMARY_PROP_FAILED:¥iºÃÀÉ®×: $1 SUMMARY_CHKS_SKIPPED:¸õ¹L©Ò¦³Àˬd SUMMARY_RKT_SCAN:ÀˬdRootkit... SUMMARY_RKT_COUNT:ÀˬdRootkits : $1 SUMMARY_RKT_FAILED:¥i¯à¦s¦b rootkits: $1 SUMMARY_RKT_NAMES:Rootkit ¦WºÙ : $1 SUMMARY_APPS_SCAN:À³¥Îµ{¦¡Àˬd... SUMMARY_APPS_COUNT:À³¥Îµ{¦¡Àˬd: $1 SUMMARY_APPS_FAILED:¥iºÃªºÀ³¥Îµ{¦¡: $1 SUMMARY_SCAN_TIME:Àˬd¨t²Î®É¶¡: $1 SUMMARY_NO_SCAN_TIME:Àˬd¨t²Î®É¶¡: µLªk­pºâ¨t²Î®É¶¡ SUMMARY_LOGFILE:©Ò¦³µ²ªG¤w³Q¼g¤J¨ì¨t²Î°O¿ýÀÉ($1) SUMMARY_NO_LOGFILE:¨S¦³«Ø¥ß¨t²Î°O¿ýÀÉ. CREATED_TEMP_FILE:«Ø¥ß¼È¦sÀɥؿý '$1' MIRRORS_NO_FILE:³Æ´©ÀÉ®×'$1'¤£¦s¦b MIRRORS_NO_MIRRORS:³Æ´©ÀÉ®× '$1' ¤¤¨S¦³»Ý­nªº³Æ´©. MIRRORS_NO_VERSION:³Æ´©ÀÉ®× '$1'¤¤¨S¦³ª©¥»½s¸¹ - ­«·s³]¸m¬°0. MIRRORS_ROTATED:³Æ´©ÀÉ®× '$1' ¤w³Q§ó·s. MIRRORS_SF_DEFAULT:¨Ï¥Î SourceForge ³Æ´©: $1 DOWNLOAD_CMD:°õ¦æ¤U¸ü©R¥O '$1' DOWNLOAD_FAIL:¤U¸ü¥¢±Ñ - $1 ³Æ´©ÀÉ®×µL®Ä. VERSIONCHECK_START:¥¿¦bÀˬd rkhunter ª©¥»... VERSIONCHECK_FAIL_ALL:¤U¸ü¥¢±Ñ: µLªk½T©w³Ì·sªºµ{¦¡ª©¥». VERSIONCHECK_CURRENT:¥Ø«eªºª©¥» : $1 VERSIONCHECK_LATEST:³Ì·sªºª©¥»: $1 VERSIONCHECK_LATEST_FAIL:³Ì·sª©¥»: ¤U¸ü¥¢±Ñ VERSIONCHECK_UPDT_AVAIL:§ó·s¦³®Ä VERSIONCHECK_CONV_FAIL:µLªk¤ñ¸ûª©¥»½s¸¹: µ{¦¡: '$1' Latest: '$2' UPDATE_START:¥¿¦bÀˬdrkhunter ªº¸ê®ÆÀÉ®×... UPDATE_CHECKING_FILE:¥¿¦bÀˬdÀÉ®×$1 UPDATE_FILE_NO_VERS:ÀÉ®× '$1' ¨S¦³¦³®Äªºª©¥»½s¸¹. ¥¿¤U¸ü¤@­Ó·sªº°Æ¥». UPDATE_FILE_MISSING:ÀÉ®× '$1' ¿ò¥¢©Î¬°ªÅÀÉ. ¥¿¤U¸ü¤@­Ó·sªº°Æ¥». UPDATE_DOWNLOAD_FAIL:'$1'¤U¸ü¥¢±Ñ: µLªk½T©w³Ì·sªºª©¥»½s¸¹. UPDATE_I18N_NO_VERS:µLªkµo²{i18n»y¨¥Àɮת©¥»½s¸¹. OSINFO_START:Àˬd¦Û¤W¦¸Àˬd«á¨t²Î¬O§_¦³³QÅܧó... OSINFO_END:¨S¦³µo²{¥ô¦óÅܧó OSINFO_HOST_CHANGE1:¦Û±q¤W¦¸Àˬd«á¡A¥D¾÷¦WºÙ¤w§ïÅÜ OSINFO_HOST_CHANGE2:ªº¥D¾÷¦WºÙ: $1 ·sªº¥D¾÷¦WºÙ: $2 OSINFO_OSVER_CHANGE1:¦Û¤W¦¸Àˬd«á¡A¨t²Î¦WºÙ©Îª©¥»¤w§ïÅÜ OSINFO_OSVER_CHANGE2:ªº§@·~¨t²Î: $1 ·sªº§@·~¨t²Î: $2 OSINFO_PRELINK_CHANGE:¦Û¤W¦¸Àˬd«á¡A¨Ï¥Îprelinking¨t²Î¥i¯à¤w§ïÅܬ°${1} OSINFO_ARCH_CHANGE1:¨t²ÎªºCPUÃþ«¬¥i¯à¤w§ïÅÜ OSINFO_ARCH_CHANGE2:ªºCPU: $1 ·sªºCPU: $2 OSINFO_MSG1:¦]¬°³o¨Ç§ïÅÜ¡AÀÉ®×ÄÝ©ÊÀˬd¥i¯à¦³¿ù»~ªºµ²ªG. OSINFO_MSG2:§A¥i¯à»Ý­n¥Î'--propupd' ¿ï¶µ­«·s°õ¦ærkhunter SET_FILE_PROP_START: file properties¥¿¦b¨ú±oÀÉ®×ÄÝ©Ê... SET_FILE_PROP_DIR_FILE_COUNT:¦b$2µo²{$1 ­ÓÀÉ®× SET_FILE_PROP_FILE_COUNT:ÀÉ®× $1: ·j´M¤F $2 ­ÓÀÉ®×, µo²{ $3 SET_FILE_PROP_FILE_COUNT_NOHASH:FÀÉ®× $1: ·j´M¤F $2 ­ÓÀÉ®×, µo²{ $3, ¿ò¥¢ hashes $4 PROPUPD_START:¶}©l§ó·sÀÉ®×Äݩʸê®Æ... PROPUPD_OSINFO_START:¥¿¦b¦¬¶°§@·~¨t²Îªº°T®§... PROPUPD_ARCH_FOUND:µo²{¨t²Î¬[ºc: $1 PROPUPD_REL_FILE:µo²{ release ÀÉ®×: $1 PROPUPD_NO_REL_FILE:¤£¯à§ä¨ìrelease ÀÉ®×: LS ¿é¥XÅã¥Ü: PROPUPD_OSNAME_FOUND:µo²{§@·~¨t²Î¦WºÙ: $1 PROPUPD_ERROR:¦w¸Ë·sªº rkhunter.dat ÀÉ®×µo¥Í¿ù»~. ¥N½X $1 PROPUPD_NEW_DAT_FILE:·sªº rkhunter.dat Àɮפw¦w¸Ë¦b '$1' PROPUPD_WARN:ĵ§i! ·í¨Ï¥Î '--propupd' ¿ï¶µ®É¡A¨Ï¥ÎªÌ¥²¶·¦Û¦æ½T©w PROPUPD_WARN:¨t²Î¤¤©Ò¦³ªºÀɮ׬O¯u¹êªº¡B¦w¸ËªºÀɮרӷ½¬O¥i¾aªº. PROPUPD_WARN:rkhunter '--check' ¿ï¶µ±N¥Ø«eªºÀÉ®×ÄÝ©Ê»P¥ý«e PROPUPD_WARN:Àx¦sªº­È¶i¦æ¹ï¤ñ,¨Ã¥B³ø§i¥ô¦óªºÅÜ°Ê. µM¦Ó, rkhunter PROPUPD_WARN:µLªk½T©w¬O¤°»ò­ì¦]³y¦¨¤F³o¨ÇÅÜ°Ê¡A»Ý«Ý¨Ï¥ÎªÌ¥h½T»{. ENABLED_TESTS:±Ò¥Îªº´ú¸Õ¬O: $1 DISABLED_TESTS:¤£±Ò¥Îªº´ú¸Õ¬O: $1 KSYMS_FOUND:µo²{ ksym ÀÉ®× '$1' KSYMS_MISSING:©Ò¦³ªº ksyms ©M kallsyms Àˬd¤w³Q¨ú®ø - ³o¨âºØÀɮצb¨t²Î¤¤³£¤£¦s¦b. STARTING_TEST:¶}©l '$1' Àˬd USER_DISABLED_TEST:¨Ï¥ÎªÌ¤w¨ú®ø '$1' Àˬd. CHECK_START:¶}©lÀˬd¨t²Î... CHECK_WARNINGS_NOT_FOUND:¦bÀˬd¨t²Î¹Lµ{¤¤¨S¦³Äµ§i²£¥Í. CHECK_WARNINGS_FOUND:Àˬd¨t²Î¹Lµ{¤¤µo²{¤@­Ó©Î¦h­Óĵ§i. CHECK_WARNINGS_FOUND_RERUN:½Ð­«·s°õ¦ærkhunter¡A½T»{¨t²Î°O¿ýÀɤw«Ø¥ß. CHECK_WARNINGS_FOUND_CHK_LOG:½ÐÀˬd¨t²Î°O¿ýÀÉ ($1) CHECK_SYS_COMMANDS:Àˬd¨t²Î©R¥O... STRINGS_CHECK_START:°õ¦æ '¦r¦ê' ©R¥OÀˬd STRINGS_SCANNING_OK:±½ºË¦r¦ê $1 STRINGS_SCANNING_BAD:±½ºË¦r¦ê $1 STRINGS_SCANNING_BAD:'¦r¦ê' ©R¥O¤¤µLªkµo²{¦r¦ê STRINGS_CHECK:Àˬd '¦r¦ê' ©R¥O STRINGS_CHECK:¸õ¹LÀˬd - ¨S¦³µo²{ '¦r¦ê' ©R¥O. FILE_PROP_START:°õ¦æÀÉ®×ÄÝ©ÊÀˬd FILE_PROP_CMDS:Àˬd­«­nªº°ò¥»µ{¦¡ FILE_PROP_IMMUT_OS:¸õ¹L©Ò¦³ªº immutable-bit Àˬd. ¸ÓÀˬd¶È¦b Linux ¨t²Î¤U¦³®Ä. FILE_PROP_SKIP_ATTR:µLªk§ä¨ì 'stat' ©R¥O - ©Ò¦³ªºÀÉ®×ÄÝ©ÊÀˬd±N³Q¸õ¹L. FILE_PROP_SKIP_HASH:©Ò¦³ªºÀÉ®× hash Àˬd±N³Q¸õ¹L¡A¦]¬° : FILE_PROP_SKIP_HASH_FUNC:¥Ø«eªºªº hash ¨ç¼Æ ($1) ©ÎªÌ®M¥óºÞ²zµ{¦¡ ($2) »P hash ¨ç¼Æ ($3)¤£¬Û®e©Î®M¥óºÞ²zµ{¦¡ ($4) ³Q¥Î©óÀx¦s³o¨Ç­È. FILE_PROP_SKIP_HASH_PRELINK:µLªk§ä¨ì 'prelink' ©R¥O. FILE_PROP_SKIP_HASH_SHA1:³o­Ó¨t²Î¨Ï¥Î prelinking, ¦ý¬O hash ¨ç¼Æ©R¥O ¤£¹³¬O SHA1 or MD5. FILE_PROP_SKIP_HASH_LIBSAFE:¨Sµo²{ Libsafe , ³o¥i¯à¾É­P¿ù»~. ¦pªG¥i¯à, Ãö³¬ libsafe ¨Ã°õ¦æ prelink ©R¥O. ³Ì«á, ¨Ï¥Î 'rkhunter --propupd'­«·s«Ø¥ß hash ­È. FILE_PROP_SKIP_IMMUT:µLªk§ä¨ì 'lsattr' ©R¥O - ©Ò¦³ªºÀÉ®× immutable-bit Àˬd±N³Q¸õ¹L. FILE_PROP_SKIP_SCRIPT:µLªk§ä¨ì 'file' ©R¥O - ©Ò¦³script¥N´ÀÀˬd±N³Q¸õ¹L. FILE_PROP_DAT_MISSING:Àx¦sÀÉ®×ÄݩʪºÀÉ®× (rkhunter.dat) ¤£¦s¦b, ©Ò¥H¥²¶·«Ø¥ß¥¦. ¿é¤J©R¥O 'rkhunter --propupd'«Ø¥ß. FILE_PROP_DAT_EMPTY:Àx¦sÀÉ®×ÄݩʪºÀÉ®× (rkhunter.dat) ¬OªÅªº, ©Ò¥H¥²¶·«Ø¥ß¥¦. ¿é¤J©R¥O 'rkhunter --propupd'«Ø¥ß. FILE_PROP_SKIP_ALL:¥Ø«e©¿²¤©Ò¦³ÀÉ®×ÄݩʪºÀˬd. FILE_PROP_FILE_NOT_EXIST:¨t²Î¤¤¤£¦s¦b '$1' ÀÉ®×, ¦ý¬O¥¦¦s¦b©ó rkhunter.dat ÀÉ®×. FILE_PROP_WL:µo²{ÀÉ®× '$1': ¥¦¦s¦b©ó¥Õ¦W³æ¤¤¡A¥Î©ó '$2' Àˬd. FILE_PROP_NO_RKH_REC:¨t²Î¤¤¦s¦bÀÉ®× '$1' , ¦ý¬O¥¦¤£¦s¦b©ó the rkhunter.dat ÀÉ®×. FILE_PROP_HASH_WL_INVALID:µo²{ÀÉ®× '$1': ¥Õ¦W³æªº hash ­È ($2) »P¥Ø«eªºªº hash ­È¤£¬Û²Å. FILE_PROP_CHANGED:ÀÉ®×Äݩʤw§ïÅÜ: FILE_PROP_CHANGED2:ÀÉ®×: $1 FILE_PROP_NO_PKGMGR_FILE:¸õ¹LÀÉ®× '$1' hash ­È: Àɮפ£ÄÝ©ó¸Ó®M¥ó FILE_PROP_NO_SYSHASH:¨Sµo²{ÀÉ®× '$1'ªºhash­È FILE_PROP_NO_SYSHASH_CMD:Hash ©R¥O¿é¥X: $1 FILE_PROP_NO_SYSHASH_DEPENDENCY:¹Á¸Õ¨Ï¥Î©R¥O 'prelink $1' ­×´_¬Û¨Ì©Ê¿ù»~. FILE_PROP_SYSHASH_UNAVAIL:¥Ø«eªº hash: µLªk¨ú±o FILE_PROP_SYSHASH:¥Ø«eªº hash: $1 FILE_PROP_RKHHASH:Àx¦s hash : $1 FILE_PROP_NO_RKHHASH:¤£¯à§ä¨ìrkhunter.dat¤¤ÀÉ®×'$1' ªºhash­È. FILE_PROP_NO_RKHPERM:¤£¯à§ä¨ìrkhunter.dat¤¤ÀÉ®×'$1' ªºÅv­­­È. FILE_PROP_PERM_UNAVAIL:¥Ø«eªºÅv­­: µLªk¨ú±o cvs -d:pserver:anonymous@rkhunter.cvs.sourceforge.net:/cvsroot/rkhunter Àx¦sªºÅv­­: $1 FILE_PROP_PERM:¥Ø«eªºÅv­­: $1 Àx¦sªºÅv­­: $2 FILE_PROP_UID_UNAVAIL:¥Ø«eªº uid: µLªk¨ú±o Àx¦sªº uid: $1 FILE_PROP_UID:¥Ø«eªº uid: $1 Àx¦sªº uid: $2 FILE_PROP_NO_RKHUID:¦bÀÉ®×rkhunter.dat¤¤¨S¦³§ä¨ìÀÉ®× '$1' ªºuser-id­È. FILE_PROP_GID_UNAVAIL:¥Ø«eªºªº gid: µLªk¨ú±o Àx¦sªº gid: $1 FILE_PROP_GID:¥Ø«eªºªº gid: $1 Àx¦sªº gid: $2 FILE_PROP_NO_RKHGID:¦bÀÉ®×rkhunter.dat¤¤¨S¦³§ä¨ìÀÉ®× '$1' ªºgroup-id­È. FILE_PROP_INODE_UNAVAIL:¥Ø«eªºªº inode: µLªk¨ú±o Àx¦sªº inode: $1 FILE_PROP_INODE:¥Ø«eªºªº inode: $1 Àx¦sªº inode: $2 FILE_PROP_NO_RKHINODE:¦bÀÉ®×rkhunter.dat¤¤¨S¦³§ä¨ìÀÉ®× '$1' ªºinode­È. FILE_PROP_SYSDTM_UNAVAIL:¥Ø«eªºªºÀɮ׭קï®É¶¡: µLªk¨ú±o FILE_PROP_SYSDTM:¥Ø«eªºÀɮ׭קï®É¶¡: $1 FILE_PROP_RKHDTM:Àx¦sªºÀɮ׭קï®É¶¡ : $1 FILE_PROP_NO_RKHDTM:¦bÀÉ®×rkhunter.dat¤¤¨S¦³§ä¨ìÀÉ®× '$1' ªº­×§ï®É¶¡­È. FILE_PROP_NO_SYSATTR:µLªk¨ú±o '$1' ªº¥Ø«eªºÄÝ©Ê FILE_PROP_WRITE:ÀÉ®× '$1'³Q³]¸m¬°¹ï©Ò¦³¨Ï¥ÎªÌ¥i¼g. FILE_PROP_SYSPERM_UNAVAIL:µLªk¨ú±oÀÉ®× '$1' ªº¥Ø«eªº¼gÅv­­ FILE_PROP_IMMUT:ÀÉ®× '$1' ³Q³]¸m¤F immutable-bit . FILE_PROP_SCRIPT:©R¥O '$1' ¤w¸g³Qscript: $2 ¥N´À FILE_PROP_VRFY:®M¥óºÞ²zµ{¦¡ÅçÃÒ¤w¥¢®Ä: FILE_PROP_VRFY_HASH:ÀÉ®×hash­È¤w§ïÅÜ FILE_PROP_VRFY_PERM:ÀÉ®×Åv­­¤w§ïÅÜ FILE_PROP_VRFY_UID:Àɮתº¾Ö¦³ªÌÄݩʤw§ïÅÜ FILE_PROP_VRFY_GID:ÀɮײÕÄݩʤw§ïÅÜ FILE_PROP_VRFY_DTM:Àɮתº­×§ï®É¶¡¤w§ïÅÜ CHECK_ROOTKITS:¥¿¦bÀˬdrootkit... ROOTKIT_FILES_DIRS_START:¶}©lÀˬd¥Ø«e¤wª¾ªºrootkitºØÃþ©M¬ÛÃö¥Ø¿ý ROOTKIT_FILES_DIRS_NAME_LOG:Àˬd ${1}... ROOTKIT_FILES_DIRS_FILE:ÀˬdÀÉ®× '$1' ROOTKIT_FILES_DIRS_DIR:Àˬd¥Ø¿ý '$1' ROOTKIT_FILES_DIRS_KSYM:Àˬd®Ö¤ß²Å¸¹ '$1' ROOTKIT_FILES_DIRS_FILE_FOUND:µo²{ÀÉ®× '$1' ROOTKIT_FILES_DIRS_DIR_FOUND:µo²{¥Ø¿ý '$1' ROOTKIT_FILES_DIRS_KSYM_FOUND:µo²{®Ö¤ß²Å¸¹ '$1' ROOTKIT_FILES_DIRS_STR:Àˬd¦r¦ê '$1' ROOTKIT_FILES_DIRS_STR_FOUND:¦bÀÉ®× '$2'¤¤µo²{¦r¦ê'$1' ROOTKIT_FILES_DIRS_NOFILE:ÀÉ®× '$1' ¤£¦s¦b! ROOTKIT_FILES_DIRS_SINAR_DIR:Àˬd '$1' ROOTKIT_FILES_DIRS_SINAR:¦b: $1¤¤µo²{SInAR ROOTKIT_ADD_START:°õ¦æ¨ä¥¦ªºrootkitÀˬd ROOTKIT_ADD_SUCKIT:Suckit Rookit ÃB¥~ªºÀˬd ROOTKIT_ADD_SUCKIT_LOG:°õ¦æSuckit Rookit ÃB¥~ªºÀˬd ROOTKIT_ADD_SUCKIT_LINK:Àˬd/sbin/init ³sµ²¼Æ¶q ROOTKIT_ADD_SUCKIT_LINK_NOCMD:Àˬd /sbin/init ³sµ²¼Æ¶q: ¨Sµo²{ 'stat' ©R¥O ROOTKIT_ADD_SUCKIT_LINK_ERR:Àˬd /sbin/init ³sµ²¼Æ¶q: 'stat' ©R¥O¿ù»~ ROOTKIT_ADD_SUCKIT_LINK_FOUND:Àˬd /sbin/init ³sµ²¼Æ¶q: ¼Æ¶q¬O $1, ¥¦À³·í¬O 1 ROOTKIT_ADD_SUCKIT_EXT:ÀˬdÁôÂÃÀÉ®× ROOTKIT_ADD_SUCKIT_EXT_FOUND:ÀˬdÁôÂÃÀÉ®×: µo²{: $1 ROOTKIT_ADD_SUCKIT_SKDET:°õ¦æ skdet ©R¥O ROOTKIT_ADD_SUCKIT_SKDET_FOUND:°õ¦æ skdet ©R¥O: µo²{: $1 ROOTKIT_ADD_SUCKIT_SKDET_VER:°õ¦æ skdet ©R¥O: ¥¼ª¾ª©¥»: $1 ROOTKIT_POSS_FILES_DIRS:Àˬd¥i¯à¦s¦bªºrootkit¤Î¨ä¥Ø¿ý ROOTKIT_POSS_FILES_DIRS_LOG:°õ¦æÀˬd¥i¯à¦s¦bªºrootkitÀɮפΨä¥Ø¿ý ROOTKIT_POSS_FILES_FILE_FOUND:µo²{ÀÉ®× '$1'. ¥i¯à¦s¦brootkit: $2 ROOTKIT_POSS_FILES_DIR_FOUND:µo²{¥Ø¿ý '$1'. ¥i¯à¦s¦brootkit: $2 ROOTKIT_POSS_STRINGS:Àˬd§P©wrootkit¥i¯à¦s¦bªº¦r¦ê ROOTKIT_POSS_STRINGS_LOG:°õ¦æÀˬd§P©wrootkit¥i¯à¦s¦bªº¦r¦ê ROOTKIT_POSS_STRINGS_FOUND:¦bÀÉ®× '$2'¤¤µo²{¦r¦ê'$1' . ¥i¯àÁÙ¦brootkit: $3 ROOTKIT_MALWARE_START:°õ¦æ´c·N³nÅéÀˬd ROOTKIT_MALWARE_SUSP_FILES:Àˬd°õ¦æ¤¤ªº¦æµ{¬O§_¬°¥iºÃªºÀÉ®× ROOTKIT_MALWARE_SUSP_FILES_FOUND:µo²{¤@­Ó©Î¦h­Ó³o¼ËªºÀÉ®×: $1 ROOTKIT_MALWARE_SUSP_FILES_FOUND:Àˬd lsof ©R¥O 'lsof -F n -w -n' ªº¿é¥X ROOTKIT_MALWARE_HIDDEN_PROCS:ÀˬdÁôÂææµ{ ROOTKIT_MALWARE_HIDDEN_PROCS_FOUND:µo²{ÁôÂ꺦æµ{: $1 ROOTKIT_MALWARE_DELETED_FILES:¦b¥¿°õ¦æ¦æµ{¤¤Àˬd deleted ÀÉ®× ROOTKIT_MALWARE_DELETED_FILES_FOUND:¥H¤U¦æµ{¥¿¦b¨Ï¥Î deleted ÀÉ®×: ROOTKIT_MALWARE_DELETED_FILES_FOUND_DATA:¦æµ{: $1 PID: $2 ÀÉ®×: $3 ROOTKIT_MALWARE_LOGIN_BDOOR:Àˬd login «áªù ROOTKIT_MALWARE_LOGIN_BDOOR_LOG:°õ¦æÀˬd login «áªù ROOTKIT_MALWARE_LOGIN_BDOOR_CHK:Àˬd '$1' ROOTKIT_MALWARE_LOGIN_BDOOR_FOUND:µo²{ login «áªùÀÉ®×: $1 ROOTKIT_MALWARE_SUSP_DIR:Àˬd¥iºÃ¥Ø¿ý ROOTKIT_MALWARE_SUSP_DIR_LOG:°õ¦æ¥iºÃ¥Ø¿ýªºÀˬd ROOTKIT_MALWARE_SUSP_DIR_FOUND:µo²{¥iºÃªº¥Ø¿ý: $1 ROOTKIT_MALWARE_SFW_INTRUSION:Àˬd³nÅé¤J«I ROOTKIT_MALWARE_SFW_INTRUSION_FOUND:ÀÉ®× '$1' ¤¤®M¥ó§t¦³¦r¦ê '$2'. ¥i¯à¦s¦brootkit: SHV5 ROOTKIT_MALWARE_SFW_INTRUSION_SKIP:¸õ¹LÀˬd - tripwire ¨S¦³¦w¸Ë ROOTKIT_MALWARE_SNIFFER:Àˬd sniffer ¨t²Î°O¿ýÀÉ ROOTKIT_MALWARE_SNIFFER_LOG:°õ¦æ sniffer ¨t²Î°O¿ýÀɪºÀˬd ROOTKIT_MALWARE_SNIFFER_FOUND:µo²{¥iºÃªºsniffer ¨t²Î°O¿ýÀÉ: $1 ROOTKIT_TROJAN_START:°õ¦æ¤ì°¨µ{¦¡ªºÀˬd ROOTKIT_TROJAN_INETD:Àˬd±Ò°Êªº inetd ªA°È ROOTKIT_TROJAN_INETD_SKIP:¸õ¹LÀˬd - ÀÉ®× '$1' ¤£¦s¦b. ROOTKIT_TROJAN_INETD_FOUND:µo²{¤w±Ò°Êªº inetd ªA°È: $1 ROOTKIT_TROJAN_XINETD:Àˬd±Ò°Êªº xinetd ªA°È ROOTKIT_TROJAN_XINETD_LOG:°õ¦æ¤w±Ò°Êªº xinetd ªA°ÈªºÀˬd ROOTKIT_TROJAN_XINETD_ENABLED:¦b '$1' ¤¤Àˬd¤w±Ò°ÊªºªA°È ROOTKIT_TROJAN_XINETD_INCLUDE:µo²{ 'include $1' «ü¥O ROOTKIT_TROJAN_XINETD_INCLUDEDIR:µo²{ 'includedir $1' «ü¥O ROOTKIT_TROJAN_XINETD_ENABLED_FOUND:µo²{±Ò°Êªº xinetd ªA°È: $1 ROOTKIT_TROJAN_XINETD_WHITELIST:µo²{ªA°È '$1': ¥¦¦ì©ó $2 ¥Õ¦W³æ. ROOTKIT_TROJAN_APACHE:Àˬd Apache ªº«áªù ROOTKIT_TROJAN_APACHE_SKIPPED:¸õ¹LApache «áªùªºÀˬd: ¨Sµo²{Apache ¼Ò²Õ©M³]¸m¥Ø¿ý. ROOTKIT_TROJAN_APACHE_FOUND:µo²{Apache «áªù¼Ò²Õ 'mod_rootme' : $1 ROOTKIT_OS_START:°õ¦æ $1 ²`¤JªºÀˬd ROOTKIT_OS_SKIPPED:¨S¦³¥i¥Îªº²`¤JÀˬd ROOTKIT_OS_BSD_SOCKNET:Àˬd sockstat ©M netstat ©R¥O ROOTKIT_OS_BSD_SOCKNET_FOUND: sockstat ©M netstat ªº¿é¥Xµo²{¤£¦P: ROOTKIT_OS_BSD_SOCKNET_OUTPUT:$1 ¿é¥X: $2 ROOTKIT_OS_FREEBSD_KLD:Àˬd KLD «áªù ROOTKIT_OS_FREEBSD_KLD_FOUND:µo²{¥iºÃªº FreeBSD KLD «áªù. 'kldstat -v' ©R¥OÅã¥Ü¦r¦ê '$1' ROOTKIT_OS_FREEBSD_PKGDB:Àˬd®M¥ó¸ê®Æ®w ROOTKIT_OS_FREEBSD_PKGDB_NOTOK:®M¥ó¸ê®Æ®w¦ü¥G¦³°ÝÃD. ROOTKIT_OS_FREEBSD_PKGDB_NOTOK:³o¥i¯à¤£¬O¦w¥þ°ÝÃD, ¦ý¬O°õ¦æ 'pkgdb -F' ¥i¯à¦³§U©ó¶EÂ_°ÝÃD. ROOTKIT_OS_LINUX_LKM:Àˬd®Ö¤ß¼Ò²Õ©R¥O ROOTKIT_OS_LINUX_LKM_FOUND: lsmod ©R¥O ©M /proc/modules Àɮפ§¶¡µo²{¤£¦Pªº¦a¤è: ROOTKIT_OS_LINUX_LKM_OUTPUT:$1 ¿é¥X: $2 ROOTKIT_OS_LINUX_LKM_EMPTY: ¨S¦³µo²{ lsmod ©R¥O ©M©Î /proc/modules Àɮתº¿é¥X: ROOTKIT_OS_LINUX_LKM_MOD_MISSING:¼Ò²ÕÀÉ®× '$1' ¤w¿ò¥¢. ROOTKIT_OS_LINUX_LKMNAMES:Àˬd®Ö¤ß¼Ò²Õ¦WºÙ ROOTKIT_OS_LINUX_LKMNAMES_PATH:¨Ï¥Î¼Ò²Õ¸ô®|¦W '$1' ROOTKIT_OS_LINUX_LKMNAMES_FOUND:¦b '$1'¤¤µo²{¤wª¾ªº´c·N®Ö¤ß¼Ò²Õ: $2 ROOTKIT_OS_LINUX_LKMNAMES_PATH_MISSING:®Ö¤ß¼Ò²Õ¥Ø¿ý '$1' ¿ò¥¢ CHECK_LOCALHOST:Àˬd¥»¦a¥D¾÷... STARTUP_FILES_START:°õ¦æ¨t²Î¶}¾÷Àˬd STARTUP_HOSTNAME:Àˬd¥»¦a¥D¾÷¦WºÙ STARTUP_NO_HOSTNAME:¨Sµo²{¥D¾÷¦WºÙ. STARTUP_LOCAL_RC_FILE:Àˬd¥»¦a±Ò°ÊÀÉ®× STARTUP_FOUND_LOCAL_RC_FILE:µo²{¥»¦a±Ò°ÊÀÉ®×: $1 STARTUP_NO_LOCAL_RC_FILE:¨Sµo²{¥»¦a±Ò°ÊÀÉ®×. STARTUP_CHECK_LOCAL_RC:Àˬd¥»¦a±Ò°ÊÀɮ׬O§_¯A¤Î¦³®`µ{¦¡ STARTUP_CHECK_SYSTEM_RC:Àˬd¨t²Î±Ò°ÊÀɮ׬O§_¯A¤Î¦³®`µ{¦¡ STARTUP_CHECK_SYSTEM_RC_FOUND:µo²{¨t²Î±Ò°Ê¥Ø¿ý: $1 STARTUP_CHECK_SYSTEM_RC_NONE:¨Sµo²{¨t²Î±Ò°ÊÀÉ®×. ACCOUNTS_START:°õ¦æ¨Ï¥ÎªÌ¸s²Õ©M±b¸¹Àˬd ACCOUNTS_PWD_FILE_CHECK:Àˬd±K½XÀÉ®× ACCOUNTS_FOUND_PWD_FILE:µo²{±K½XÀÉ®×: $1 ACCOUNTS_NO_PWD_FILE:±K½XÀÉ®× $1 ¤£¦s¦b. ACCOUNTS_UID0:Àˬdµ¥¦P©óroot (UID 0) ±b¸¹ ACCOUNTS_UID0_WL:µo²{µ¥¦P©óroot ±b¸¹ '$1': ¥¦¦ì©ó¥Õ¦W³æ¤¤. ACCOUNTS_UID0_FOUND:±b¸¹ '$1' ¬Oµ¥¦P©óroot (UID = 0) ACCOUNTS_SHADOW_FILE:µo²{ shadow ÀÉ®×: $1 ACCOUNTS_PWDLESS:ÀˬdªÅ±K½Xªº±b¸¹ ACCOUNTS_PWDLESS_FOUND:µo²{ªÅ±K½X±b¸¹: $1 ACCOUNTS_NO_SHADOW_FILE:¨Sµo²{ shadow/password ÀÉ®×. PASSWD_CHANGES:Àˬd±K½XÀɮתºÅÜ¤Æ PASSWD_CHANGES_NO_TMP:µLªkÀˬd±K½XÀɮתº²§±`: ±K½XÀɮתº°Æ¥»¤£¦s¦b. PASSWD_CHANGES_ADDED:¦³¨Ï¥ÎªÌ³Q¥[¨ì±K½XÀɮפ¤: PASSWD_CHANGES_REMOVED:¦³¨Ï¥ÎªÌ±q±K½XÀɮפ¤²¾°£: GROUP_CHANGES:Àˬd¨Ï¥ÎªÌ¸s²ÕÀɮתºÅÜ¤Æ GROUP_CHANGES_NO_FILE:¨Ï¥ÎªÌ¸s²ÕÀÉ®× $1 ¤£¦s¦b. GROUP_CHANGES_NO_TMP:µLªkÀˬd¨Ï¥ÎªÌ¸s²ÕÀɮתºÅܤÆ: ¨Ï¥ÎªÌ¸s²ÕÀɮתº°Æ¥»¤£¦s¦b. GROUP_CHANGES_ADDED:¦³¨Ï¥ÎªÌ³Q¥[¶i¥Î¨Ï¥ÎªÌ¸s²ÕÀÉ®×: GROUP_CHANGES_REMOVED:²Õ¤w³Q±q¨Ï¥ÎªÌ¸s²ÕÀɮפ¤§R°£: HISTORY_CHECK:Àˬdroot±b¸¹ªºshell¾ú¥v°O¿ý HISTORY_CHECK_FOUND:Root ±b¸¹ $1 shell ¾ú¥v°O¿ý¬O¤@­Ó²Å¸¹³sµ²: $2 SYSTEM_CONFIGS_START:°õ¦æ¨t²Î³]©wÀÉÀˬd SYSTEM_CONFIGS_FILE:Àˬd $1 ³]©wÀÉ SYSTEM_CONFIGS_FILE_FOUND:µo²{ $1 ³]©wÀÉ: $2 SYSTEM_CONFIGS_SSH_ROOT:ÀˬdSSH¬O§_¥i¥Îrootµn¤J SYSTEM_CONFIGS_SSH_ROOT_FOUND: SSH ©M rkhunter ªº³]©w¿ï³»À³·í¬Û¦P: SYSTEM_CONFIGS_SSH_ROOT_FOUND1:SSH ³]©w¿ï¶µ 'PermitRootLogin': $1 SYSTEM_CONFIGS_SSH_ROOT_FOUND2:Rkhunter ³]©w¿ï¶µ 'ALLOW_SSH_ROOT_USER': $1 SYSTEM_CONFIGS_SSH_ROOT_NOTFOUND: ÁÙ¨S³]¸mSSH ³]©w¿ï¶µ 'PermitRootLogin' . SYSTEM_CONFIGS_SSH_ROOT_NOTFOUND:¹w³]­È¥i¯à¬O 'yes', ¥i¥Îrootµn¤J. SYSTEM_CONFIGS_SSH_PROTO:Àˬd¬O§_¨Ï¥Î SSH v1ª©¨ó©w SYSTEM_CONFIGS_SSH_PROTO_FOUND:SSHªº³]©wÀÉSSH ($1)¤w¨Ï¥ÎSSH v1¨ó©w¥Í®Ä. SYSTEM_CONFIGS_SSH_PROTO_NOTFOUND: SSH ³]©w¿ï¶µ 'Protocol' ÁÙ¨S³]¸m. SYSTEM_CONFIGS_SSH_PROTO_NOTFOUND:¹w³]­È¥i¯à¬O '2,1', ¥i¥H¨Ï¥Î v1¨ó©w. SYSTEM_CONFIGS_SYSLOG:Àˬd¬O§_°õ¦æsyslog daemon SYSTEM_CONFIGS_SYSLOG_NOT_RUNNING:syslog daemon ¨S¦³°õ¦æ. SYSTEM_CONFIGS_SYSLOG_METALOG_RUNNING:The syslog daemon ¨S¦³°õ¦æ, ¦ý¬O¤w¸gµo²{¤@­Ómetalog daemon. SYSTEM_CONFIGS_SYSLOG_NO_FILE:syslog daemon ¥¿¦b°õ¦æ, ¦ý¬OµLªkµo²{³]©wÀÉ. SYSTEM_CONFIGS_SYSLOG_REMOTE:Àˬd¬O§_¥i¥H¨Ï¥Î syslog »·ºÝ°O¿ý SYSTEM_CONFIGS_SYSLOG_REMOTE_FOUND:Syslog ³]©wÀÉ¥i¥H»·ºÝµn¤J: $1 SYSTEM_CONFIGS_SYSLOG_REMOTE_ALLOWED:Rkhunter ³]©w¿ï¶µ 'ALLOW_SYSLOG_REMOTE_LOGGING' ¤w¸g¥Í®Ä. FILESYSTEM_START:°õ¦æÀɮרt²ÎÀˬd¤¤....½Ðµy«Ý.... FILESYSTEM_DEV_CHECK:/dev ¥iºÃÀÉ®×Ãþ«¬Àˬd FILESYSTEM_DEV_CHECK_NO_DEV:/dev ¤£¦s¦b. FILESYSTEM_DEV_FILE_WL:µo²{ÀÉ®× '$1': ¥¦¦s¦b©ó¥Õ¦W³æ¤¤. FILESYSTEM_DEV_FILE_FOUND:¦b ${1}¤¤µo²{¥iºÃÀÉ®×: FILESYSTEM_HIDDEN_DIR_WL:µo²{ÁôÂ꺥ؿý'$1': ¥¦¦s¦b©ó¥Õ¦W³æ¤¤.¦W³æ¤¤. FILESYSTEM_HIDDEN_FILE_WL:Found hidden file '$1': it is whitelisted. FILESYSTEM_HIDDEN_CHECK:ÀˬdÁôÂêºÀɮשM¥Ø¿ý FILESYSTEM_HIDDEN_DIR_FOUND:µo²{ÁôÂ꺥ؿý: $1 FILESYSTEM_HIDDEN_FILE_FOUND:µo²{ÁôÂêºÀÉ®×: $1 CHECK_APPS:ÀˬdÀ³¥Îµ{¦¡ªºª©¥»... APPS_NONE_FOUND:µo²{¥¼ª¾ªºÀ³¥Îµ{¦¡ - ¸õ¹L©Ò¦³ªºÀˬd. APPS_DAT_MISSING:¸õ¹L©Ò¦³ªºÀ³¥Îµ{¦¡ª©¥»Àˬd. APPS_DAT_MISSING:¤£¦w¥þÀ³¥Îµ{¦¡ª©¥» (programs_bad.dat) ¿ò¥¢©Î¬°ªÅ. APPS_DAT_MISSING:¦pªG¥¦¤w¸g³Q§R°£, §A±o°õ¦æ 'rkhunter --update'. APPS_NOT_FOUND:¨Sµo²{À³¥Îµ{¦¡ '$1' . APPS_CHECK:Àˬd $1 ªºª©¥» APPS_CHECK_VERSION_UNKNOWN:µLªk¨ú±o '$1'ªºª©¥»½s¸¹. APPS_CHECK_VERSION_FOUND:µo²{À³¥Îµ{¦¡ '$1' ª©¥»½s¸¹ '$2' . APPS_CHECK_VERSION_WL:µo²{À³¥Îµ{¦¡ '$1' ª©¥» '$2': ³o­Óª©¥»¦ì©ó¥Õ¦W³æ. APPS_CHECK_WHOLE_VERSION_USED:µLªk¨ú±o '$1'ªºª©¥»½s¸¹: ª©¥»¿ï¶µÅã¥Ü: $2 APPS_CHECK_FOUND:À³¥Îµ{¦¡ '$1', ª©¥»½s¸¹ '$2', ¤w¹L®É, ¦³¼ç¦bªº¦w¥þ­·ÀI. APPS_TOTAL_COUNT:À³¥Îµ{¦¡Àˬd: ¦b $2 ­ÓÀ³¥Îµ{¦¡¤¤, ¦³ $1 ­Ó­nª`·N CHECK_NETWORK:Àˬdºô¸ô... NETWORK_PORTS_START:°õ¦æ«áªù³q°T°ðªºÀˬd NETWORK_PORTS_FILE_MISSING:¸õ¹L©Ò¦³«áªù³q°T°ðªºÀˬd. NETWORK_PORTS_FILE_MISSING:¤wª¾«áªù³q°T°ðÀÉ®× (backdoorports.dat) ¿ò¥¢©Î¬°ªÅ¥Õ. NETWORK_PORTS_FILE_MISSING:¦pªG¥¦¤w³Q§R°£¡A§A¥²¶·°õ¦æ©R¥O 'rkhunter --update'. NETWORK_PORTS_FILE_NO_NETSTAT:¸õ¹L©Ò¦³«áªù³q°T°ðªºÀˬd. NETWORK_PORTS_FILE_NO_NETSTAT:µLªk§ä¨ì 'netstat' ©R¥O NETWORK_PORTS:Àˬd $1 ³q°T°ð ${2} NETWORK_PORTS_FOUND:ºô¸ô $1 ³q°T°ð $2 ¤w³Q¨Ï¥Î. ¥i¯àªºrootkit: $3 NETWORK_PORTS_FOUND:°õ¦æ 'netstat -an' ©R¥O¥hÀˬd¥¦. NETWORK_INTERFACE_START:°õ¦æºô¸ô¤¶­±ªºÀˬd NETWORK_PROMISC_CHECK:Àˬd promiscuous ¤¶­± NETWORK_PROMISC_NO_IFCONFIG:Promiscuous ºô¸ô¤¶­±³Q¸õ¹L - µLªk§ä¨ì 'ifconfig' ©R¥O. NETWORK_PROMISC_NO_IP:¨Ï¥Î'ip' ©R¥OÀˬdPromiscuous ºô¸ô¤¶­± - µLªk§ä¨ì 'ip' ©R¥O. NETWORK_PROMISC_IF:¥i¯àªºpromiscuous ¤¶­±: NETWORK_PROMISC_IF_1:'ifconfig' ©R¥O¿é¥X: $1 NETWORK_PROMISC_IF_2:'ip' ©R¥O¿é¥X: $1 NETWORK_PACKET_CAP_CHECK:Àˬd«Ê¥]ÄdºIµ{¦¡ NETWORK_PACKET_CAP_CHECK_NO_FILE:«Ê¥]ÄdºIµ{¦¡ªºÀˬd³Q¸õ¹L - ÀÉ®× '$1' ¿ò¥¢. NETWORK_PACKET_CAP_FOUND:¦æµ{ '$1' (PID $2) ¥¿¦bºô¸ô¤WºÊÅ¥. NETWORK_PACKET_CAP_WL:µo²{¦æµ{ '$1': ¥¦¦s¦b©ó¥Õ¦W³æ¤¤. SHARED_LIBS_START:°õ¦æ '¨ç¦¡®w' ªºÀˬd SHARED_LIBS_PRELOAD_VAR:Àˬd¹w¥ý¸ü¤JªºÅÜ¼Æ SHARED_LIBS_PRELOAD_VAR_FOUND:µo²{¹w¥ý¸ü¤JªºÅܼÆ: $1 SHARED_LIBS_PRELOAD_FILE:Àˬd¹w¥ý¸ü¤JªºÀÉ®× SHARED_LIBS_PRELOAD_FILE_FOUND:µo²{library preload ÀÉ®×: $1 SHARED_LIBS_PATH:Àˬd LD_LIBRARY_PATH ÅÜ¼Æ SHARED_LIBS_PATH_BAD: LD_LIBRARY_PATH Àô¹ÒÅܼƳQ³]¸m¡A¥¦·|¼vÅT¤G¶i¦ìµ{¦¡: ³Q³]¸m¬°: $1 SUSPSCAN_CHECK:Àˬd¨ã¦³¥iºÃ¤º®eªºÀÉ®× SUSPSCAN_DIR_NOT_EXIST:¥Ø¿ý '$1' ¤£¦s¦b. SUSPSCAN_INSPECT:ÀÉ®× '$1' (score: $2) ®M¥ó§t¦³¥iºÃªº¤º®e¡A¥¦±N³QÀˬd. SUSPSCAN_START:°õ¦æ±a¦³¥iºÃ¤º®eÀɮתºÀˬd SUSPSCAN_DIRS:«ÝÀˬdªº¥Ø¿ý¬O: $1 SUSPSCAN_NO_DIRS:¨S¦³«ü©w¥Ø¿ý: ¨Ï¥Î¥Î¹w³] ($1) SUSPSCAN_TEMP:¨Ï¥Î¼È¦sÀɥؿý: $1 SUSPSCAN_NO_TEMP:¨S«ü©w¼È¦sÀɮץؿý: ¨Ï¥Î¥Î¹w³]ªº ($1) SUSPSCAN_TEMP_NOT_EXIST:The suspscan ¼È¦sÀɥؿý¤£¦s¦b: $1 SUSPSCAN_TEMP_NO_WRITE:The suspscan ¼È¦s¥Ø¿ýµL¼g¤JÅv: $1 SUSPSCAN_SIZE:¥iÀˬdªº³Ì¤jÀɮפj¤p (¥H¦ì¤¸²Õ¬°³æ¦ì): '$1' SUSPSCAN_NO_SIZE:¨S«ü©w³Ì¤jªºÀɮפj¤p: ¨Ï¥Î¹w³]­È($1) SUSPSCAN_SIZE_INVALID:¦¹Suspscan ³Ì¤jªºÀɮפj¤pµL®Ä: $1 SUSPSCAN_THRESH:¿n¤À¤W­­³]¸m¬°: $1 SUSPSCAN_NO_THRESH:¨S¦³«ü©w¿n¤À¤W­­: ¨Ï¥Î¹w³]­È ($1) SUSPSCAN_THRESH_INVALID:¦¹ Suspscan ¿n¤À¤W­­¬OµL®Äªº: $1 SUSPSCAN_DIR_CHECK:Àˬd¥Ø¿ý: '$1' SUSPSCAN_DIR_CHECK_NO_FILES:¨S¦³¾A·íªºÀÉ®×Àˬd. SUSPSCAN_FILE_CHECK:ÀÉ®×Àˬd: Name: '$1' Score: $2 SUSPSCAN_FILE_CHECK_DEBUG:ÀÉ®×Àˬd: Name: '$1' Score: $2 Hitcount: $3 Hits: ($4) SUSPSCAN_FILE_SKIPPED_EMPTY:©¿²¤ÀÉ®×: ªÅ¥Õ: '$1' SUSPSCAN_FILE_SKIPPED_LINK:©¿²¤ÀÉ®×: ²Å¸¹³s±µÀÉ: '$1' SUSPSCAN_FILE_SKIPPED_TYPE:©¿²¤ÀÉ®×: ¿ù»~Ãþ«¬: '$1': '$2' SUSPSCAN_FILE_SKIPPED_SIZE:©¿²¤ÀÉ®×: ¤Ó¤j: '$1' SUSPSCAN_FILE_LINK_CHANGE:µo²{²Å¸¹³s±µÀÉ: '$1' -> '$2' LIST_TESTS:¦³®Äªº´ú¸Õ¦WºÙ: LIST_GROUPED_TESTS:¤À²ÕÀˬd¦WºÙ: LIST_LANGS:¥i¥Îªº»y¨¥: LIST_RTKTS:Àˬdrootkit # #If any problem related with this zh version message,please mail to #ols3@lxer.idv.tw. I will fix them as soon as possible. #¦pªG¦³¥ô¦óÃö©óÁcÅ餤¤åª©¥»Â½Ä¶ªº°ÝÃD¡A½ÐÁpô ols3@lxer.idv.tw #§Ú±N·|ºÉ§Ö¤©¥H­×¥¿. # #¥»Â½Ä¶ÀɰѦҦÛlinux_fqh@yahoo.com.cn©ÒĶªºÂ²Å骩¥»,¯S¦¹·PÁÂ¥L. # rkhunter-1.4.6/files/i18n/ja0000644000000000000000000014751313207556312014277 0ustar rootrootVersion:2013112401 # # We start with the definitions of the message types and results. There # are very few of these, so including these and all the parts of each # message in one file makes sense and for easier translation. # # The message type MSG_TYPE_PLAIN is used for ordinary messages. It has # no specific value, and is intercepted in the display function. It is # included here for completeness. The index names of MSG_TYPE_ and # MSG_RESULT_ are reserved - no messages can use this as part of its index. # # Translator Mitsuhiro Yoshida (http://mitstek.com/) # Started 2017-01-11 00:12:00 UTC # Updated 0000-00-00 00:00:00 UTC # MSG_TYPE_PLAIN: MSG_TYPE_INFO:情報 MSG_TYPE_WARNING:警告 # # This is the list of message results. # MSG_RESULT_OK:OK MSG_RESULT_SKIPPED:スキップ MSG_RESULT_WARNING:警告 MSG_RESULT_FOUND:発見 MSG_RESULT_NOT_FOUND:未発見 MSG_RESULT_NONE_FOUND:発見ãªã— MSG_RESULT_ALLOWED:è¨±å¯ MSG_RESULT_NOT_ALLOWED:ä¸è¨±å¯ MSG_RESULT_UNSET:未設定 MSG_RESULT_WHITELISTED:ホワイトリスト MSG_RESULT_NONE_MISSING:ä¸æ˜Žãªã— MSG_RESULT_UPD:更新済㿠MSG_RESULT_NO_UPD:No æ›´æ–° MSG_RESULT_UPD_FAILED:更新失敗 MSG_RESULT_VCHK_FAILED:ãƒãƒ¼ã‚¸ãƒ§ãƒ³ãƒã‚§ãƒƒã‚¯å¤±æ•— # # The messages. # VERSIONLINE:[ $1 ãƒãƒ¼ã‚¸ãƒ§ãƒ³ $2 ] VERSIONLINE2:Running $1 ãƒãƒ¼ã‚¸ãƒ§ãƒ³ $2 on $3 VERSIONLINE3:Running $1 ãƒãƒ¼ã‚¸ãƒ§ãƒ³ $2 RKH_STARTDATE:開始日: $1 RKH_ENDDATE:終了日: $1 OPSYS:検出ã•ã‚ŒãŸã‚ªãƒšãƒ¬ãƒ¼ãƒ†ã‚£ãƒ³ã‚°ã‚·ã‚¹ãƒ†ãƒ : 「 $1 〠UNAME:uname出力: 「 $1 〠CONFIG_CHECK_START:設定ファイルãŠã‚ˆã³ã‚³ãƒžãƒ³ãƒ‰ãƒ©ã‚¤ãƒ³ã‚ªãƒ—ションをãƒã‚§ãƒƒã‚¯ã™ã‚‹ ... CONFIG_CMDLINE:コマンドライン: $1 CONFIG_DEBUGFILE:デãƒãƒƒã‚°ãƒ•ã‚¡ã‚¤ãƒ«: $1 CONFIG_ENVSHELL:環境シェル: $1 rkhunter㯠$2 を使用ã—ã¦ã„ã¾ã™ã€‚ CONFIG_CONFIGFILE:設定ファイル「 $1 ã€ã‚’使用ã—ã¦ã„ã¾ã™ã€‚ CONFIG_LOCALCONFIGFILE:ローカル設定ファイル「 $1 ã€ã‚’使用ã—ã¦ã„ã¾ã™ã€‚ CONFIG_LOCALCONFIGDIR:ローカル設定ディレクトリ「 $1 ã€ã‚’使用ã—ã¦ã„ã¾ã™: $2 ファイル $3 ãŒè¦‹ã¤ã‹ã‚Šã¾ã—ãŸã€‚ CONFIG_INSTALLDIR:インストレーションディレクトリã¯ã€Œ $1 ã€ã§ã™ã€‚ CONFIG_LANGUAGE:利用言語 「 $1 〠CONFIG_DBDIR:データベースディレクトリã¨ã—ã¦ã€Œ $1 ã€ã‚’使用ã—ã¦ã„ã¾ã™ã€‚ CONFIG_SCRIPTDIR:サãƒãƒ¼ãƒˆã‚¹ã‚¯ãƒªãƒ—トディレクトリã¨ã—ã¦ã€Œ $1 ã€ã‚’使用ã—ã¦ã„ã¾ã™ã€‚ CONFIG_BINDIR:コマンドディレクトリã¨ã—ã¦ã€Œ $1 ã€ã‚’使用ã—ã¦ã„ã¾ã™ã€‚ CONFIG_TMPDIR:一時ディレクトリã¨ã—ã¦ã€Œ $1 ã€ã‚’使用ã—ã¦ã„ã¾ã™ã€‚ CONFIG_NO_MAIL_ON_WARN:「mail-on-warningã€ã‚¢ãƒ‰ãƒ¬ã‚¹ãŒè¨­å®šã•ã‚Œã¦ã„ã¾ã›ã‚“。 CONFIG_MOW_DISABLED:ユーザã®ãƒªã‚¯ã‚¨ã‚¹ãƒˆã«ã‚ˆã‚Šã€Œmail-on-warningã€ã®ä½¿ç”¨ã‚’無効ã«ã—ã¾ã—ãŸã€‚ CONFIG_MAIL_ON_WARN:コマンド「 $2 ã€ã‚’使用ã—ã¦ã€Œ $1 ã€ã«è­¦å‘Šã‚’メールé€ä¿¡ã™ã‚‹ CONFIG_SSH_ROOT:Rkhunterオプション「ALLOW_SSH_ROOT_USERã€ã‚’「 $1 ã€ã«è¨­å®šã—ã¾ã—ãŸã€‚ CONFIG_SSH_PROTV1:Rkhunterオプション「ALLOW_SSH_PROT_V1ã€ã‚’「 $1 ã€ã«è¨­å®šã—ã¾ã—ãŸã€‚ CONFIG_X_AUTO:Xã¯è‡ªå‹•çš„ã«æ¤œå‡ºã•ã‚Œã¾ã™ã€‚ CONFIG_CLRSET2:第2カラーセットを使用ã™ã‚‹ CONFIG_NO_SHOW_SUMMARY:ユーザã®ãƒªã‚¯ã‚¨ã‚¹ãƒˆã«ã‚ˆã‚Šã‚·ã‚¹ãƒ†ãƒ ãƒã‚§ãƒƒã‚¯æ¦‚è¦ã‚’無効ã«ã—ã¾ã—ãŸã€‚ CONFIG_SCAN_MODE_DEV:「SCAN_MODE_DEVã€ã‚’「 $1 ã€ã«è¨­å®šã—ã¾ã—ãŸã€‚ CONFIG_LOG_FILE:ログファイルã«ãƒ­ã‚®ãƒ³ã‚°ã™ã‚‹: $1 CONFIG_NO_VL:ユーザã®ãƒªã‚¯ã‚¨ã‚¹ãƒˆã«ã‚ˆã‚Šå†—長ロギングを無効ã«ã—ã¾ã—ãŸã€‚ CONFIG_APPEND_LOG:ç¾åœ¨ã®ãƒ­ã‚®ãƒ³ã‚°ã¯ãƒ­ã‚°ãƒ•ã‚¡ã‚¤ãƒ«ã«è¿½åŠ ã•ã‚Œã¾ã™ã€‚ CONFIG_COPY_LOG:エラーãŒã‚ã‚‹å ´åˆã€ãƒ­ã‚°ãƒ•ã‚¡ã‚¤ãƒ«ã¯ã‚³ãƒ”ーã•ã‚Œã¾ã™ã€‚ CONFIG_XINETD_PATH:設定ファイル「 $2 ã€ã« $1 を使用ã™ã‚‹ CONFIG_SOL10_INETD:inetdメカニズムã«Solaris 10ã¾ãŸã¯ãれ以上を使用ã™ã‚‹ CONFIG_STARTUP_PATHS:システムスタートアップパスを使用ã™ã‚‹: $1 CONFIG_ROTATE_MIRRORS:ミラーファイルãŒãƒ­ãƒ¼ãƒ†ãƒ¼ãƒˆã•ã‚Œã¾ã™ã€‚ CONFIG_NO_ROTATE_MIRRORS:ミラーファイルã¯ãƒ­ãƒ¼ãƒ†ãƒ¼ãƒˆã•ã‚Œã¾ã›ã‚“。 CONFIG_UPDATE_MIRRORS:ミラーファイルãŒæ›´æ–°ã•ã‚Œã¾ã™ã€‚ CONFIG_NO_UPDATE_MIRRORS:ミラーファイルã¯æ›´æ–°ã•ã‚Œã¾ã›ã‚“。 CONFIG_MIRRORS_MODE0:ローカルãŠã‚ˆã³ãƒªãƒ¢ãƒ¼ãƒˆãƒŸãƒ©ãƒ¼ã®ä¸¡æ–¹ã‚’使用ã™ã‚‹ CONFIG_MIRRORS_MODE1:ローカルミラーã®ã¿ä½¿ç”¨ã™ã‚‹ CONFIG_MIRRORS_MODE2:リモートミラーã®ã¿ä½¿ç”¨ã™ã‚‹ FOUND_CMD:「 $1 ã€ã‚³ãƒžãƒ³ãƒ‰ãŒè¦‹ã¤ã‹ã‚Šã¾ã—ãŸ: $2 NOT_FOUND_CMD:「 $1 ã€ã‚³ãƒžãƒ³ãƒ‰ãŒè¦‹ã¤ã‹ã‚Šã¾ã›ã‚“ã§ã—ãŸã€‚ CMD_ERROR:コマンド「 $1 ã€ã«ã‚¨ãƒ©ãƒ¼ã‚³ãƒ¼ãƒ‰ $2 ãŒç™ºç”Ÿã—ã¾ã—ãŸã€‚ SYS_PRELINK:システムãŒprelinkを使用ã™ã‚‹ SYS_NO_PRELINK:システムã¯prelinkを使用ã—ãªã„ SYS_SELINUX:SELinux有効 SYS_NO_SELINUX:SELinux無効 HASH_FUNC_PRELINK:ファイルãƒãƒƒã‚·ãƒ¥ãƒã‚§ãƒƒã‚¯ã«prelinkコマンド ($1) を使用ã™ã‚‹ HASH_FUNC_PERL:ファイルãƒãƒƒã‚·ãƒ¥ãƒã‚§ãƒƒã‚¯ã«perl $1 モジュールを使用ã™ã‚‹ HASH_FUNC_PERL_SHA:ファイルãƒãƒƒã‚·ãƒ¥ãƒã‚§ãƒƒã‚¯ã«perl $1 モジュール ($2) を使用ã™ã‚‹ HASH_FUNC:ファイルãƒãƒƒã‚·ãƒ¥ãƒã‚§ãƒƒã‚¯ã«ã€Œ $1 ã€ã‚³ãƒžãƒ³ãƒ‰ã‚’使用ã™ã‚‹ HASH_FUNC_NONE:ファイルãƒãƒƒã‚·ãƒ¥ã¯ç„¡åŠ¹ã«ã•ã‚Œã¦ã„ã¾ã™: NONEãŒæŒ‡å®šã•ã‚Œã¾ã—ãŸã€‚ HASH_FUNC_NONE_PKGMGR:ファイルãƒãƒƒã‚·ãƒ¥é–¢æ•°ã«ã€ŒNONEã€ãŒè¨­å®šã•ã‚Œã¾ã—ãŸ: パッケージマãƒãƒ¼ã‚¸ãƒ£ã®ã¿ä½¿ç”¨ã•ã‚Œã¾ã™ã€‚ HASH_FUNC_DISABLED:ãƒãƒƒã‚·ãƒ¥é–¢æ•°ã«ã€ŒNONEã€ãŒè¨­å®šã•ã‚Œã¾ã—ãŸ: ファイルãƒãƒƒã‚·ãƒ¥ãƒã‚§ãƒƒã‚¯ã‚’自動的ã«ç„¡åŠ¹ã«ã—ã¾ã™ã€‚ HASH_FUNC_OLD:ãƒãƒƒã‚·ãƒ¥é–¢æ•°ã«ä½¿ç”¨ã•ã‚Œã‚‹ä¿å­˜æ¸ˆã¿ãƒãƒƒã‚·ãƒ¥å€¤ã€Œ $1 〠HASH_FUNC_OLD_DISABLED:å‰å›žãƒãƒƒã‚·ãƒ¥é–¢æ•°ã¯ç„¡åŠ¹ã«ã•ã‚Œã¾ã—ãŸ: ä¿å­˜ã•ã‚ŒãŸãƒãƒƒã‚·ãƒ¥å€¤ã¯ã‚ã‚Šã¾ã›ã‚“。 HASH_PKGMGR_OLD:パッケージマãƒãƒ¼ã‚¸ãƒ£ã«ä½¿ç”¨ã•ã‚Œã‚‹ä¿å­˜æ¸ˆã¿ãƒãƒƒã‚·ãƒ¥å€¤ã€Œ $1 〠HASH_PKGMGR_OLD_UNSET:ä¿å­˜æ¸ˆã¿ãƒãƒƒã‚·ãƒ¥å€¤ã¯ãƒ‘ッケージマãƒãƒ¼ã‚¸ãƒ£ã‚’使用ã—ã¾ã›ã‚“ã§ã—ãŸã€‚ HASH_PKGMGR:ファイルプロパティãƒã‚§ãƒƒã‚¯ã«ãƒ‘ッケージマãƒãƒ¼ã‚¸ãƒ£ã€Œ $1 ã€ã‚’使用ã™ã‚‹ HASH_PKGMGR_MD5:パッケージマãƒãƒ¼ã‚¸ãƒ£ç…§åˆæ”¯æ´ã«ä½¿ç”¨ã™ã‚‹MD5ãƒãƒƒã‚·ãƒ¥é–¢æ•°ã‚³ãƒžãƒ³ãƒ‰ã€Œ $1 〠HASH_PKGMGR_SUM:パッケージ照åˆã«ä¿å­˜æ¸ˆã¿16ビットãƒã‚§ãƒƒã‚¯ã‚µãƒ ã‚’使用ã™ã‚‹ HASH_PKGMGR_NOT_SPEC:指定ã•ã‚ŒãŸãƒ‘ッケージマãƒãƒ¼ã‚¸ãƒ£ã¯ã‚ã‚Šã¾ã›ã‚“: ãƒãƒƒã‚·ãƒ¥é–¢æ•°ã€Œ $1 ã€ã‚’使用ã™ã‚‹ HASH_PKGMGR_NOT_SPEC_PRELINKED:指定ã•ã‚ŒãŸãƒ‘ッケージマãƒãƒ¼ã‚¸ãƒ£ã¯ã‚ã‚Šã¾ã›ã‚“: 「 $1 ã€ã§prelinkコマンドを使用ã™ã‚‹ HASH_FIELD_INDEX:ãƒãƒƒã‚·ãƒ¥é–¢æ•°ãƒ•ã‚£ãƒ¼ãƒ«ãƒ‰ã‚¤ãƒ³ãƒ‡ãƒƒã‚¯ã‚¹ãŒ $1 ã«è¨­å®šã•ã‚Œã¾ã—ãŸã€‚ HASHUPD_DISABLED:ãƒãƒƒã‚·ãƒ¥ãƒã‚§ãƒƒã‚¯ãŒç„¡åŠ¹ã«ã•ã‚Œã¦ã„ã¾ã™: ç¾åœ¨ã€ãƒ•ã‚¡ã‚¤ãƒ«ãƒãƒƒã‚·ãƒ¥å€¤ã¯ä¿å­˜ã•ã‚Œã¾ã›ã‚“。 HASHUPD_PKGMGR:ファイルãƒãƒƒã‚·ãƒ¥å€¤ã‚’æ›´æ–°ã™ã‚‹ãŸã‚パッケージマãƒãƒ¼ã‚¸ãƒ£ã€Œ $1 ã€ã‚’使用ã™ã‚‹ HASHUPD_PKGMGR_NOT_SPEC:指定ã•ã‚ŒãŸãƒ•ã‚¡ã‚¤ãƒ«ãƒãƒƒã‚·ãƒ¥æ›´æ–°ãƒ‘ッケージマãƒãƒ¼ã‚¸ãƒ£ã¯ã‚ã‚Šã¾ã›ã‚“: ãƒãƒƒã‚·ãƒ¥é–¢æ•°ã€Œ $1 ã€ã‚’使用ã™ã‚‹ HASHUPD_PKGMGR_NOT_SPEC_PRELINKED:指定ã•ã‚ŒãŸãƒ•ã‚¡ã‚¤ãƒ«ãƒãƒƒã‚·ãƒ¥æ›´æ–°ãƒ‘ッケージマãƒãƒ¼ã‚¸ãƒ£ã¯ã‚ã‚Šã¾ã›ã‚“: 「 $1 ã€ã§prelinkコマンドを使用ã™ã‚‹ ATTRUPD_DISABLED:ファイル属性ãƒã‚§ãƒƒã‚¯ã¯ç„¡åŠ¹ã«ã•ã‚Œã¦ã„ã¾ã™: ç¾åœ¨ã®ãƒ•ã‚¡ã‚¤ãƒ«å±žæ€§ã¯ä¿å­˜ã•ã‚Œã¾ã›ã‚“。 ATTRUPD_NOSTATCMD:ファイル属性ãƒã‚§ãƒƒã‚¯ã¯ç„¡åŠ¹ã«ã•ã‚Œã¦ã„ã¾ã™: 「statã€ã‚³ãƒžãƒ³ãƒ‰ã¯è¦‹ã¤ã‹ã‚Šã¾ã›ã‚“ã§ã—ãŸ: ç¾åœ¨ã®ãƒ•ã‚¡ã‚¤ãƒ«å±žæ€§ã¯ä¿å­˜ã•ã‚Œã¾ã›ã‚“。 ATTRUPD_OK:ç¾åœ¨ã®ãƒ•ã‚¡ã‚¤ãƒ«å±žæ€§ã¯ä¿å­˜ã•ã‚Œã¾ã™ã€‚ ATTRUPD_OLD_DISABLED:å‰å›žãƒ•ã‚¡ã‚¤ãƒ«å±žæ€§ã¯ç„¡åŠ¹ã«ã•ã‚Œã¾ã—ãŸ: ä¿å­˜ã•ã‚ŒãŸãƒ•ã‚¡ã‚¤ãƒ«å±žæ€§ã¯ã‚ã‚Šã¾ã›ã‚“。 ATTRUPD_OLD_NOSTATCMD:å‰å›žãƒ•ã‚¡ã‚¤ãƒ«å±žæ€§ã¯ç„¡åŠ¹ã«ã•ã‚Œã¾ã—ãŸ: 「statã€ã‚³ãƒžãƒ³ãƒ‰ã¯è¦‹ã¤ã‹ã‚Šã¾ã›ã‚“ã§ã—ãŸ: ä¿å­˜ã•ã‚ŒãŸãƒ•ã‚¡ã‚¤ãƒ«å±žæ€§ã¯ã‚ã‚Šã¾ã›ã‚“。 ATTRUPD_OLD_OK:å‰å›žãƒ•ã‚¡ã‚¤ãƒ«å±žæ€§ã¯ä¿å­˜ã•ã‚Œã¾ã—ãŸã€‚ RKHDAT_ADD_NEW_ENTRY:ファイルエントリを「rkhunter.datã€ãƒ•ã‚¡ã‚¤ãƒ«ã«è¿½åŠ ã™ã‚‹: $1 RKHDAT_DEL_OLD_ENTRY:存在ã—ãªã„ファイルエントリを「rkhunter.datã€ãƒ•ã‚¡ã‚¤ãƒ«ã‚ˆã‚Šå‰Šé™¤ã™ã‚‹: $1 SYSLOG_ENABLED:ロギングã«syslogを使用ã™ã‚‹ - ファシリティ/プライオリティレベルã¯ã€Œ $1 ã€ã§ã™ã€‚ SYSLOG_DISABLED:ユーザã®ãƒªã‚¯ã‚¨ã‚¹ãƒˆã«ã‚ˆã‚Šsyslogã®ä½¿ç”¨ã‚’無効ã«ã—ã¾ã—ãŸã€‚ SYSLOG_NO_LOGGER:syslogã®ä½¿ç”¨ã‚’無効ã«ã™ã‚‹ - 「loggerã€ã‚³ãƒžãƒ³ãƒ‰ã‚’見ã¤ã‘ã‚‹ã“ã¨ãŒã§ãã¾ã›ã‚“。 NAME:$1 PRESSENTER:[続ã‘ã‚‹ã«ã¯ キーを押ã—ã¦ãã ã•ã„] TEST_SKIPPED_OS:O/Sを原因ã¨ã—ã¦ãƒ†ã‚¹ãƒˆã€Œ $1 ã€ãŒã‚¹ã‚­ãƒƒãƒ—ã•ã‚Œã¾ã—ãŸ: $2 SUMMARY_TITLE1:システムãƒã‚§ãƒƒã‚¯æ¦‚è¦ SUMMARY_TITLE2:===================== SUMMARY_PROP_SCAN:ファイルプロパティãƒã‚§ãƒƒã‚¯ ... SUMMARY_PROP_REQCMDS:必須コマンドãƒã‚§ãƒƒã‚¯ã«å¤±æ•—ã—ã¾ã—ãŸã€‚ SUMMARY_PROP_COUNT:ファイルãƒã‚§ãƒƒã‚¯: $1 SUMMARY_PROP_FAILED:ç–‘ã‚ã—ã„ファイル: $1 SUMMARY_CHKS_SKIPPED:ã™ã¹ã¦ã®ãƒã‚§ãƒƒã‚¯ãŒã‚¹ã‚­ãƒƒãƒ—ã•ã‚Œã¾ã—ãŸã€‚ SUMMARY_RKT_SCAN:Rootkitãƒã‚§ãƒƒã‚¯ ... SUMMARY_RKT_COUNT:Rootkitãƒã‚§ãƒƒã‚¯æ¸ˆã¿ : $1 SUMMARY_RKT_FAILED:rootkitã®å¯èƒ½æ€§: $1 SUMMARY_RKT_NAMES:Rootkitå: $1 SUMMARY_APPS_SCAN:アプリケーションãƒã‚§ãƒƒã‚¯ ... SUMMARY_APPS_COUNT:アプリケーションãƒã‚§ãƒƒã‚¯æ¸ˆã¿ : $1 SUMMARY_APPS_FAILED:ç–‘ã‚ã—ã„アプリケーション: $1 SUMMARY_SCAN_TIME:システムãƒã‚§ãƒƒã‚¯ãƒ„ール: $1 SUMMARY_NO_SCAN_TIME:システムãƒã‚§ãƒƒã‚¯ãƒ„ール: クロックタイムをå–å¾—ã§ãã¾ã›ã‚“。 SUMMARY_LOGFILE:ã™ã¹ã¦ã®çµæžœãŒãƒ­ã‚°ãƒ•ã‚¡ã‚¤ãƒ«ã«æ›¸ãè¾¼ã¾ã‚Œã¾ã—ãŸ: $1 SUMMARY_NO_LOGFILE:ログファイルã¯ä½œæˆã•ã‚Œã¾ã›ã‚“ã§ã—ãŸã€‚ SUMMARY_LOGFILE_COPIED:ログファイル㌠$1 ã«ã‚³ãƒ”ーã•ã‚Œã¾ã—ãŸã€‚ CREATED_TEMP_FILE:一次ファイルを作æˆã—ã¾ã—ãŸ:「 $1 〠MIRRORS_NO_FILE:ミラーファイルãŒå­˜åœ¨ã—ã¾ã›ã‚“: $1 MIRRORS_NO_MIRRORS:ミラーファイル内ã«å¿…é ˆã®ãƒŸãƒ©ãƒ¼ãŒã‚ã‚Šã¾ã›ã‚“: $1 MIRRORS_NO_VERSION:ミラーファイルã«ãƒãƒ¼ã‚¸ãƒ§ãƒ³ãƒŠãƒ³ãƒãƒ¼ãŒã‚ã‚Šã¾ã›ã‚“ - ゼロã«ãƒªã‚»ãƒƒãƒˆã—ã¾ã™: $1 MIRRORS_ROTATED:ミラーファイルãŒãƒ­ãƒ¼ãƒ†ãƒ¼ãƒˆã•ã‚Œã¾ã—ãŸ: $1 MIRRORS_SF_DEFAULT:SourceForgeミラーを使用ã™ã‚‹: $1 DOWNLOAD_CMD:ダウンロードコマンド「 $1 ã€ã‚’実行中 DOWNLOAD_FAIL:ダウンロード失敗 - $1 ã®ãƒŸãƒ©ãƒ¼ãŒã‚ã‚Šã¾ã™ã€‚ VERSIONCHECK_START:rkhunterã®ãƒãƒ¼ã‚¸ãƒ§ãƒ³ã‚’ãƒã‚§ãƒƒã‚¯ã™ã‚‹ ... VERSIONCHECK_FAIL_ALL:ダウンロードã«å¤±æ•—ã—ã¾ã—ãŸ: 最新プログラムãƒãƒ¼ã‚¸ãƒ§ãƒ³ãƒŠãƒ³ãƒãƒ¼ã‚’å–å¾—ã§ãã¾ã›ã‚“。 VERSIONCHECK_CURRENT:ã“ã®ãƒãƒ¼ã‚¸ãƒ§ãƒ³: $1 VERSIONCHECK_LATEST:最新ãƒãƒ¼ã‚¸ãƒ§ãƒ³: $1 VERSIONCHECK_LATEST_FAIL:最新ãƒãƒ¼ã‚¸ãƒ§ãƒ³: ダウンロード失敗 VERSIONCHECK_UPDT_AVAIL:更新利用å¯èƒ½ VERSIONCHECK_CONV_FAIL:ãƒãƒ¼ã‚¸ãƒ§ãƒ³ãƒŠãƒ³ãƒãƒ¼ã‚’比較ã§ãã¾ã›ã‚“: プログラム: 「 $1 〠最新: 「 $2 〠UPDATE_START:rkhunterデータファイルをãƒã‚§ãƒƒã‚¯ã™ã‚‹ ... UPDATE_CHECKING_FILE:ファイル $1 ã‚’ãƒã‚§ãƒƒã‚¯ã™ã‚‹ UPDATE_FILE_NO_VERS:ファイル「 $1 ã€ã«ã¯æœ‰åŠ¹ãªãƒãƒ¼ã‚¸ãƒ§ãƒ³ãƒŠãƒ³ãƒãƒ¼ãŒã‚ã‚Šã¾ã›ã‚“。新ã—ã„コピーをダウンロードã—ã¾ã™ã€‚ UPDATE_FILE_MISSING:ファイル「 $1 ã€ãŒå­˜åœ¨ã—ãªã„ã¾ãŸã¯ç©ºã§ã™ã€‚æ–°ã—ã„コピーをダウンロードã—ã¾ã™ã€‚ UPDATE_DOWNLOAD_FAIL:「 $1 ã€ã®ãƒ€ã‚¦ãƒ³ãƒ­ãƒ¼ãƒ‰ã«å¤±æ•—ã—ã¾ã—ãŸ: 最新ãƒãƒ¼ã‚¸ãƒ§ãƒ³ãƒŠãƒ³ãƒãƒ¼ã‚’å–å¾—ã§ãã¾ã›ã‚“。 UPDATE_I18N_NO_VERS:i18n言語ファイルã®ãƒãƒ¼ã‚¸ãƒ§ãƒ³ãƒŠãƒ³ãƒãƒ¼ãŒè¦‹ã¤ã‹ã‚Šã¾ã›ã‚“。 UPDATE_SKIPPED:ユーザã®ãƒªã‚¯ã‚¨ã‚¹ãƒˆã«ã‚ˆã‚Šè¨€èªžãƒ•ã‚¡ã‚¤ãƒ«ã®æ›´æ–°ã‚’スキップã—ã¾ã—ãŸã€‚ OSINFO_START:å‰å›žã‚ˆã‚ŠO/SãŒå¤‰æ›´ã•ã‚ŒãŸã‹ç¢ºèªã™ã‚‹ ... OSINFO_END:変更ã•ã‚ŒãŸã‚‚ã®ã¯ã‚ã‚Šã¾ã›ã‚“。 OSINFO_HOST_CHANGE1:å‰å›žã®å®Ÿè¡Œã‚ˆã‚Šãƒ›ã‚¹ãƒˆåãŒå¤‰æ›´ã•ã‚Œã¾ã—ãŸ: OSINFO_HOST_CHANGE2:å¤ã„ホスト値: $1 æ–°ã—ã„値: $2 OSINFO_OSVER_CHANGE1:å‰å›žã®å®Ÿè¡Œã‚ˆã‚ŠO/Såã¾ãŸã¯ãƒãƒ¼ã‚¸ãƒ§ãƒ³ãŒå¤‰æ›´ã•ã‚Œã¾ã—ãŸ: OSINFO_OSVER_CHANGE2:å¤ã„O/S値: $1 æ–°ã—ã„値: $2 OSINFO_PRELINK_CHANGE:å‰å›žã®å®Ÿè¡Œã‚ˆã‚Šã‚·ã‚¹ãƒ†ãƒ ãŒprelinkを使用ã™ã‚‹ã‚ˆã† $1 ã«å¤‰æ›´ã•ã‚Œã¾ã—ãŸã€‚ OSINFO_ARCH_CHANGE1:システムãŒCPUタイプを変更ã—ãŸã‚ˆã†ã§ã™: OSINFO_ARCH_CHANGE2:å¤ã„CPU値: $1 æ–°ã—ã„値: $2 OSINFO_MSG1:変更ã«ã‚ˆã‚Šãƒ•ã‚¡ã‚¤ãƒ«ãƒ—ロパティãƒã‚§ãƒƒã‚¯ã¯èª¤æ¤œå‡ºã•ã‚Œã‚‹å¯èƒ½æ€§ãŒã‚ã‚Šã¾ã™ã€‚ OSINFO_MSG2:ã‚ãªãŸã¯ã€Œ--propupdã€ã‚ªãƒ—ションを使用ã—ã¦rkhunterã‚’å†åº¦å®Ÿè¡Œã™ã‚‹å¿…è¦ãŒã‚ã‚Šã¾ã™ã€‚ OSINFO_DO_UPDT:ファイルプロパティファイルã¯è‡ªå‹•çš„ã«æ›´æ–°ã•ã‚Œã¾ã™ã€‚ SET_FILE_PROP_START:ファイルプロパティをå–å¾—ã™ã‚‹ ... SET_FILE_PROP_DIR_FILE_COUNT:$2 ã« $1 ファイルãŒè¦‹ã¤ã‹ã‚Šã¾ã—ãŸã€‚ SET_FILE_PROP_FILE_COUNT:ファイル $1: ファイル調査数:$2 / 発見:$3 SET_FILE_PROP_FILE_COUNT_BL:ファイル $1: ファイル調査数:$2 / 発見:$3 / リンク破æ:$4 SET_FILE_PROP_FILE_COUNT_PROPOPT:ファイル $1: ファイル調査数:$2 / 発見:$3/$4 SET_FILE_PROP_FILE_COUNT_PROPOPT_BL:ファイル $1: ファイル調査数:$2 / 発見:$3/$4 / リンク破æ:$5 SET_FILE_PROP_FILE_COUNT_NOHASH:ファイル $1: ファイル調査数:$2 / 発見:$3 / ãƒãƒƒã‚·ãƒ¥ãªã—:$4 SET_FILE_PROP_FILE_COUNT_NOHASH_BL:ファイル $1: ファイル調査数:$2 / 発見:$3 / ãƒãƒƒã‚·ãƒ¥ãªã—:$4 / リンク破æ:$5 SET_FILE_PROP_FILE_COUNT_NOHASH_PROPOPT:ファイル $1: ファイル調査数:$2 / 発見:$3/$4 / ãƒãƒƒã‚·ãƒ¥ãªã—:$5 SET_FILE_PROP_FILE_COUNT_NOHASH_PROPOPT_BL:ファイル $1: ファイル調査数:$2 / 発見:$3/$4 / ãƒãƒƒã‚·ãƒ¥ãªã—:$5 / リンク破æ:$6 PROPUPD_START:ファイルプロパティファイル更新を開始ã™ã‚‹ ... PROPUPD_OSINFO_START:O/S情報をåŽé›†ã™ã‚‹ ... PROPUPD_ARCH_FOUND:システムアーキテクãƒãƒ£ãŒè¦‹ã¤ã‹ã‚Šã¾ã—ãŸ: $1 PROPUPD_REL_FILE:リリースファイルãŒè¦‹ã¤ã‹ã‚Šã¾ã—ãŸ: $1 PROPUPD_NO_REL_FILE:リリースファイルãŒè¦‹ã¤ã‹ã‚Šã¾ã›ã‚“: LSアウトプット表示: PROPUPD_OSNAME_FOUND:O/SåãŒè¦‹ã¤ã‹ã‚Šã¾ã—ãŸ: $1 PROPUPD_ERROR:æ–°ã—ã„「rkhunter.datã€ãƒ•ã‚¡ã‚¤ãƒ«ã®ã‚¤ãƒ³ã‚¹ãƒˆãƒ¼ãƒ«ä¸­ã«ã‚¨ãƒ©ãƒ¼ãŒç™ºç”Ÿã—ã¾ã—ãŸã€‚コード $1 PROPUPD_NEW_DAT_FILE::æ–°ã—ã„「rkhunter.datã€ãƒ•ã‚¡ã‚¤ãƒ«ãŒã€Œ $1 ã€ã«ã‚¤ãƒ³ã‚¹ãƒˆãƒ¼ãƒ«ã•ã‚Œã¾ã—ãŸã€‚ PROPUPD_WARN:警告! 「--propupdã€ã‚ªãƒ—ションを使用ã™ã‚‹å ´åˆã€ãƒ¦ãƒ¼ã‚¶ã®è²¬ä»»ã«ãŠã„ã¦ã‚·ã‚¹ãƒ†ãƒ å†…ã®ãƒ•ã‚¡ã‚¤ãƒ«ã™ã¹ã¦ã®çœŸæ­£æ€§ãŠã‚ˆã³ PROPUPD_WARN:ä¿¡é ¼ã•ã‚Œã‚‹ã‚½ãƒ¼ã‚¹ã‹ã‚‰ã®ã‚¤ãƒ³ã‚¹ãƒˆãƒ¼ãƒ«ã‚’確èªã—ã¦ãã ã•ã„。 PROPUPD_WARN:rkhunterã®ã€Œ--checkã€ã‚ªãƒ—ションã§ã¯ç¾åœ¨ã®ãƒ•ã‚¡ã‚¤ãƒ«ãƒ—ロパティã¨å‰å›žä¿å­˜ã•ã‚ŒãŸå€¤ã‚’比較ã—ã¦å€¤ã®å·®ç•°ã‚’報告ã—ã¾ã™ã€‚ PROPUPD_WARN:ã—ã‹ã—ã€ãƒ¦ãƒ¼ã‚¶ã«ã‚ˆã‚‹å¤‰æ›´ã«é–¢ã—ã¦rkhunter㯠PROPUPD_WARN:何ãŒå¤‰æ›´ã‚’発生ã•ã›ãŸã®ã‹åŽŸå› ç©¶æ˜Žã™ã‚‹ã“ã¨ã¯ã§ãã¾ã›ã‚“。 ENABLED_TESTS:有効ã«ã•ã‚Œã¦ã„るテストã¯æ¬¡ã®ã¨ãŠã‚Šã§ã™: $1 DISABLED_TESTS:無効ã«ã•ã‚Œã¦ã„るテストã¯æ¬¡ã®ã¨ãŠã‚Šã§ã™: $1 USER_FILE_LIST:ファイルプロパティãƒã‚§ãƒƒã‚¯ã«ãƒ¦ãƒ¼ã‚¶ãƒ•ã‚¡ã‚¤ãƒ«ã‚’å«ã‚€: USER_CMD_LIST:ファイルプロパティãƒã‚§ãƒƒã‚¯ã«ãƒ¦ãƒ¼ã‚¶ã‚³ãƒžãƒ³ãƒ‰ã‚’å«ã‚€: USER_DIR_LIST:ファイルプロパティãƒã‚§ãƒƒã‚¯ã«ãƒ¦ãƒ¼ã‚¶ãƒ‡ã‚£ãƒ¬ã‚¯ãƒˆãƒªã‚’å«ã‚€: USER_EXCLUDE_PROP:ファイルプロパティãƒã‚§ãƒƒã‚¯ã‹ã‚‰é™¤å¤–ã™ã‚‹: KSYMS_FOUND:ksymファイル「 $1 ã€ãŒè¦‹ã¤ã‹ã‚Šã¾ã—ãŸã€‚ KSYMS_UNAVAIL:ã™ã¹ã¦ã®ksymãŠã‚ˆã³kallsymsãƒã‚§ãƒƒã‚¯ã¯ã‚¹ã‚­ãƒƒãƒ—ã•ã‚Œã¾ã™ - ファイルを読ã¿å–ã‚‹ã“ã¨ãŒã§ãã¾ã›ã‚“。 KSYMS_MISSING:ã™ã¹ã¦ã®ksymãŠã‚ˆã³kallsymsãƒã‚§ãƒƒã‚¯ã¯ã‚¹ã‚­ãƒƒãƒ—ã•ã‚Œã¾ã™ - ã©ã¡ã‚‰ã®ãƒ•ã‚¡ã‚¤ãƒ«ã‚‚システム内ã«ã‚ã‚Šã¾ã›ã‚“。 STARTING_TEST:開始テストå「 $1 〠USER_DISABLED_TEST:ユーザã®ãƒªã‚¯ã‚¨ã‚¹ãƒˆã«ã‚ˆã‚Šãƒ†ã‚¹ãƒˆã€Œ $1 ã€ãŒç„¡åŠ¹ã«ã•ã‚Œã¾ã—ãŸã€‚ CHECK_START:システムãƒã‚§ãƒƒã‚¯é–‹å§‹ ... CHECK_WARNINGS_NOT_FOUND:システムãƒã‚§ãƒƒã‚¯ä¸­ã«è­¦å‘Šã¯è¦‹ã¤ã‹ã‚Šã¾ã›ã‚“ã§ã—ãŸã€‚ CHECK_WARNINGS_NOT_FOUND0:システムãƒã‚§ãƒƒã‚¯ä¸­ã« 0 件ã®è­¦å‘ŠãŒè¦‹ã¤ã‹ã‚Šã¾ã—ãŸã€‚ CHECK_WARNINGS_FOUND:システムãƒã‚§ãƒƒã‚¯ä¸­ã«1ã¤ã¾ãŸã¯ãれ以上ã®è­¦å‘ŠãŒè¦‹ã¤ã‹ã‚Šã¾ã—ãŸã€‚ CHECK_WARNINGS_FOUND_NUMBER:システムãƒã‚§ãƒƒã‚¯ä¸­ã« $1 件ã®è­¦å‘ŠãŒè¦‹ã¤ã‹ã‚Šã¾ã—ãŸã€‚ CHECK_WARNINGS_FOUND_NUMBER1:システムãƒã‚§ãƒƒã‚¯ä¸­ã« 1 件ã®è­¦å‘ŠãŒè¦‹ã¤ã‹ã‚Šã¾ã—ãŸã€‚ CHECK_WARNINGS_FOUND_RERUN:rkhunterã‚’å†åº¦å®Ÿè¡Œã—ã¦ãƒ­ã‚°ãƒ•ã‚¡ã‚¤ãƒ«ãŒä½œæˆã•ã‚Œã‚‹ã“ã¨ã‚’確èªã—ã¦ãã ã•ã„。 CHECK_WARNINGS_FOUND_CHK_LOG:ログファイル ($1) ã‚’ãƒã‚§ãƒƒã‚¯ã—ã¦ããã ã•ã„。 CHECK_SYS_COMMANDS:システムコマンドをãƒã‚§ãƒƒã‚¯ã™ã‚‹ ... STRINGS_CHECK_START:「stringsã€ã‚³ãƒžãƒ³ãƒ‰ãƒã‚§ãƒƒã‚¯ã‚’実行ã™ã‚‹ STRINGS_SCANNING_OK:ストリング $1 をスキャンã™ã‚‹ STRINGS_SCANNING_BAD:ストリング $1 をスキャンã™ã‚‹ STRINGS_SCANNING_BAD:「stringsã€ã‚³ãƒžãƒ³ãƒ‰ã«ã‚¹ãƒˆãƒªãƒ³ã‚°ã¯è¦‹ã¤ã‹ã‚Šã¾ã›ã‚“ã§ã—ãŸã€‚ STRINGS_CHECK:「stringsã€ã‚³ãƒžãƒ³ãƒ‰ã‚’ãƒã‚§ãƒƒã‚¯ã™ã‚‹ STRINGS_CHECK:ãƒã‚§ãƒƒã‚¯ãŒã‚¹ã‚­ãƒƒãƒ—ã•ã‚Œã¾ã—㟠- 「stringsã€ã‚³ãƒžãƒ³ãƒ‰ãŒè¦‹ã¤ã‹ã‚Šã¾ã›ã‚“ã§ã—ãŸã€‚ FILE_PROP_START:ファイルプロパティãƒã‚§ãƒƒã‚¯ã‚’実行ã™ã‚‹ FILE_PROP_CMDS:å‰ææ¡ä»¶ã‚’ãƒã‚§ãƒƒã‚¯ã™ã‚‹ FILE_PROP_IMMUT_OS:ã™ã¹ã¦ã®ä¸å¤‰ãƒ“ットãƒã‚§ãƒƒã‚¯ã‚’スキップã—ã¾ã™ã€‚ã“ã®ãƒã‚§ãƒƒã‚¯ã¯Linuxシステムã§ã®ã¿åˆ©ç”¨ã§ãã¾ã™ã€‚ FILE_PROP_IMMUT_SET:ä¸å¤‰ãƒ“ットãƒã‚§ãƒƒã‚¯ã¯ç ´æ£„ã•ã‚Œã¾ã™ã€‚ FILE_PROP_SKIP_ATTR:コマンド「statã€ãŒè¦‹ã¤ã‹ã‚Šã¾ã›ã‚“ã§ã—㟠- ã™ã¹ã¦ã®å±žæ€§ãƒã‚§ãƒƒã‚¯ã¯ã‚¹ã‚­ãƒƒãƒ—ã•ã‚Œã¾ã™ã€‚ FILE_PROP_SKIP_HASH:次ã®ç†ç”±ã«ã‚ˆã‚Šã™ã¹ã¦ã®ãƒ•ã‚¡ã‚¤ãƒ«ãƒãƒƒã‚·ãƒ¥ãƒã‚§ãƒƒã‚¯ã¯ã‚¹ã‚­ãƒƒãƒ—ã•ã‚Œã¾ã™: FILE_PROP_SKIP_HASH_FUNC:値ã®ä¿å­˜ã«ä½¿ç”¨ã•ã‚Œã¦ã„ã‚‹ç¾åœ¨ã®ãƒãƒƒã‚·ãƒ¥é–¢æ•° ($1) ã¾ãŸã¯ãƒ‘ッケージマãƒãƒ¼ã‚¸ãƒ£ ($2) ã¯ãƒãƒƒã‚·ãƒ¥é–¢æ•° ($3) ã¾ãŸã¯ãƒ‘ッケージマãƒãƒ¼ã‚¸ãƒ£ ($4) ã¨äº’æ›æ€§ãŒã‚ã‚Šã¾ã›ã‚“。 FILE_PROP_SKIP_HASH_PRELINK:「prelinkã€ã‚³ãƒžãƒ³ãƒ‰ãŒè¦‹ã¤ã‹ã‚Šã¾ã›ã‚“ã§ã—ãŸã€‚ FILE_PROP_SKIP_HASH_SHA1:システムã¯prelinkを使用ã—ã¦ã„ã¾ã™ãŒãƒãƒƒã‚·ãƒ¥é–¢æ•°ã‚³ãƒžãƒ³ãƒ‰ã¯SHA1ã¾ãŸã¯MD5ã§ã¯ãªã„よã†ã§ã™ã€‚ FILE_PROP_SKIP_HASH_LIBSAFE:エラーã®åŽŸå› ã¨ãªã‚‹libsafeãŒè¦‹ã¤ã‹ã‚Šã¾ã—ãŸã€‚å¯èƒ½ã§ã‚ã‚Œã°libsafeを無効ã«ã—ã¦prelinkコマンドを実行ã—ã¦ãã ã•ã„。最後ã«ã€Œrkhunter --propupdã€ã‚’実行ã—ã¦ãƒãƒƒã‚·ãƒ¥å€¤ã‚’å†ä½œæˆã—ã¦ãã ã•ã„。 FILE_PROP_SKIP_IMMUT:「lsattrã€ã‚³ãƒžãƒ³ãƒ‰ãŒè¦‹ã¤ã‹ã‚Šã¾ã›ã‚“ã§ã—㟠- ã™ã¹ã¦ã®ãƒ•ã‚¡ã‚¤ãƒ«ä¸å¤‰ãƒ“ットãƒã‚§ãƒƒã‚¯ã¯ã‚¹ã‚­ãƒƒãƒ—ã•ã‚Œã¾ã™ã€‚ FILE_PROP_SKIP_IMMUT_CMD:「 $1 ã€ã‚³ãƒžãƒ³ãƒ‰ã®ã‚¢ã‚¦ãƒˆãƒ—ットã¯ã‚ã‚Šã¾ã›ã‚“ - ã™ã¹ã¦ã®ãƒ•ã‚¡ã‚¤ãƒ«ä¸å¤‰ãƒ“ットãƒã‚§ãƒƒã‚¯ã¯ã‚¹ã‚­ãƒƒãƒ—ã•ã‚Œã¾ã™ã€‚ FILE_PROP_SKIP_SCRIPT:「fileã€ã‚³ãƒžãƒ³ãƒ‰ãŒè¦‹ã¤ã‹ã‚Šã¾ã›ã‚“ã§ã—㟠- ã™ã¹ã¦ã®ã‚¹ã‚¯ãƒªãƒ—ト置æ›ãƒã‚§ãƒƒã‚¯ã¯ã‚¹ã‚­ãƒƒãƒ—ã•ã‚Œã¾ã™ã€‚ FILE_PROP_SKIP_FILE_CMD:「fileã€ã‚³ãƒžãƒ³ãƒ‰ã«ã‚ˆã‚‹ã‚¢ã‚¦ãƒˆãƒ—ットã¯ã‚ã‚Šã¾ã›ã‚“ - ã™ã¹ã¦ã®ã‚¹ã‚¯ãƒªãƒ—ト置æ›ãƒã‚§ãƒƒã‚¯ã¯ã‚¹ã‚­ãƒƒãƒ—ã•ã‚Œã¾ã™ã€‚ FILE_PROP_NO_OS_WARNING:ユーザã®ãƒªã‚¯ã‚¨ã‚¹ãƒˆã«ã‚ˆã‚Šã™ã¹ã¦ã®O/S変更ã«é–¢ã™ã‚‹è­¦å‘Šã¯ç„¡åŠ¹ã«ã•ã‚Œã¾ã—ãŸã€‚ FILE_PROP_OS_CHANGED:ローカルホスト設定ã¾ãŸã¯ã‚ªãƒšãƒ¬ãƒ¼ãƒ†ã‚£ãƒ³ã‚°ã‚·ã‚¹ãƒ†ãƒ ãŒå¤‰æ›´ã•ã‚Œã¾ã—ãŸã€‚ FILE_PROP_DAT_MISSING:ä¿å­˜æ¸ˆã¿ãƒ•ã‚¡ã‚¤ãƒ«ãƒ—ロパティã®ãƒ•ã‚¡ã‚¤ãƒ« (rkhunter.dat) ãŒå­˜åœ¨ã—ãªã„ãŸã‚作æˆã™ã‚‹å¿…è¦ãŒã‚ã‚Šã¾ã™ã€‚作æˆã™ã‚‹ã«ã¯ã€Œrkhunter --propupdã€ã¨å…¥åŠ›ã—ã¦ãã ã•ã„。 FILE_PROP_DAT_EMPTY:ä¿å­˜æ¸ˆã¿ãƒ•ã‚¡ã‚¤ãƒ«ãƒ—ロパティã®ãƒ•ã‚¡ã‚¤ãƒ« (rkhunter.dat) ãŒç©ºã®ãŸã‚作æˆã™ã‚‹å¿…è¦ãŒã‚ã‚Šã¾ã™ã€‚作æˆã™ã‚‹ã«ã¯ã€Œrkhunter --propupdã€ã¨å…¥åŠ›ã—ã¦ãã ã•ã„。 FILE_PROP_SKIP_ALL:ã™ã¹ã¦ã®ãƒ•ã‚¡ã‚¤ãƒ«ãƒ—ロパティãƒã‚§ãƒƒã‚¯ã¯ã‚¹ã‚­ãƒƒãƒ—ã•ã‚Œã¾ã—ãŸã€‚ FILE_PROP_DAT_MISSING_INFO:「rkhunter.datã€ãƒ•ã‚¡ã‚¤ãƒ«ãªã—ã§å®Ÿè¡Œã§ãã‚‹ãƒã‚§ãƒƒã‚¯ãŒã‚ã‚‹ãŸã‚ã€ãƒ•ã‚¡ã‚¤ãƒ«ãƒ—ロパティãƒã‚§ãƒƒã‚¯ã¯å®Ÿè¡Œã•ã‚Œã¾ã™ã€‚ FILE_PROP_FILE_NOT_EXIST:ファイル「 $1 ã€ã¯ã‚·ã‚¹ãƒ†ãƒ å†…ã«å­˜åœ¨ã—ã¾ã›ã‚“ãŒã€Œrkhunter.datã€ãƒ•ã‚¡ã‚¤ãƒ«å†…ã«ã¯å­˜åœ¨ã—ã¾ã™ã€‚ FILE_PROP_WL:ファイル「 $1 ã€ãŒè¦‹ã¤ã‹ã‚Šã¾ã—ãŸ: 「 $2 ã€ãƒã‚§ãƒƒã‚¯ã®ãŸã‚ホワイトリストã«è¿½åŠ ã•ã‚Œã¾ã™ã€‚ FILE_PROP_WL_STR:ファイル「 $1 ã€ãŠã‚ˆã³ã‚¹ãƒˆãƒªãƒ³ã‚°ã€Œ $2 ã€ãŒè¦‹ã¤ã‹ã‚Šã¾ã—ãŸ: 「 $3 ã€ãƒã‚§ãƒƒã‚¯ã®ãŸã‚ホワイトリストã«è¿½åŠ ã•ã‚Œã¾ã™ã€‚ FILE_PROP_WL_DIR:ディレクトリ「 $1 ã€ãŒè¦‹ã¤ã‹ã‚Šã¾ã—ãŸ: 「 $2 ã€ãƒã‚§ãƒƒã‚¯ã®ãŸã‚ホワイトリストã«è¿½åŠ ã•ã‚Œã¾ã™ã€‚ FILE_PROP_NO_RKH_REC:ファイル「 $1 ã€ã¯ã‚·ã‚¹ãƒ†ãƒ å†…ã«å­˜åœ¨ã—ã¾ã™ãŒã€Œrkhunter.datã€ãƒ•ã‚¡ã‚¤ãƒ«å†…ã«ã¯å­˜åœ¨ã—ã¾ã›ã‚“。 FILE_PROP_CHANGED:ファイルプロパティãŒå¤‰æ›´ã•ã‚Œã¾ã—ãŸ: FILE_PROP_CHANGED2:ファイル: $1 FILE_PROP_NO_PKGMGR_FILE:ファイル「 $1 ã€ã®ãƒãƒƒã‚·ãƒ¥å€¤ã‚’スキップã—ã¾ã—ãŸ: ファイルãŒãƒ‘ッケージã«å±žã—ã¦ã„ã¾ã›ã‚“。 FILE_PROP_NO_SYSHASH:「 $1 ã€ãƒ•ã‚¡ã‚¤ãƒ«ã®ãƒãƒƒã‚·ãƒ¥å€¤ã¯è¦‹ã¤ã‹ã‚Šã¾ã›ã‚“ã§ã—ãŸã€‚ FILE_PROP_NO_SYSHASH_BL:ファイルã¯ãƒªãƒ³ã‚¯ç ´æã—ã¦ã„ã¾ã™: $1 -> $2 FILE_PROP_BROKEN_LINK_WL_TGT:ç ´æリンクãŒè¦‹ã¤ã‹ã‚Šã¾ã—ãŸãŒã‚¿ãƒ¼ã‚²ãƒƒãƒˆã®å­˜åœ¨ã¯ãƒ›ãƒ¯ã‚¤ãƒˆãƒªã‚¹ãƒˆã«è¿½åŠ ã•ã‚Œã¾ã™: $1 -> $2 FILE_PROP_NO_SYSHASH_CMD:Hashコマンド出力: $1 FILE_PROP_NO_SYSHASH_DEPENDENCY:ä¾å­˜ã‚¨ãƒ©ãƒ¼ã‚’解決ã™ã‚‹ã«ã¯ã€Œprelink $1ã€ã‚³ãƒžãƒ³ãƒ‰ã®å®Ÿè¡Œã‚’ãŠè©¦ã—ãã ã•ã„。 FILE_PROP_IGNORE_PRELINK_DEP_ERR:ファイル「 $1 ã€ã®prelinkä¾å­˜ã‚¨ãƒ©ãƒ¼ã‚’無視ã™ã‚‹ FILE_PROP_SYSHASH_UNAVAIL:ç¾åœ¨ã®ãƒãƒƒã‚·ãƒ¥: å–å¾—ä¸å¯ FILE_PROP_SYSHASH_UNAVAIL_BL:ç¾åœ¨ã®ãƒãƒƒã‚·ãƒ¥: å–å¾—ä¸å¯ (リンク切れã®å¯èƒ½æ€§) FILE_PROP_SYSHASH:ç¾åœ¨ã®ãƒãƒƒã‚·ãƒ¥: $1 FILE_PROP_RKHHASH:ä¿å­˜æ¸ˆã¿ãƒãƒƒã‚·ãƒ¥ : $1 FILE_PROP_NO_RKHHASH:「rkhunter.datã€ãƒ•ã‚¡ã‚¤ãƒ«å†…ã®ãƒ•ã‚¡ã‚¤ãƒ«ã€Œ $1 ã€ã®ãƒãƒƒã‚·ãƒ¥å€¤ãŒã‚ã‚Šã¾ã›ã‚“。 FILE_PROP_NO_RKHPERM:「rkhunter.datã€ãƒ•ã‚¡ã‚¤ãƒ«å†…ã®ãƒ•ã‚¡ã‚¤ãƒ«ã€Œ $1 ã€ã®ãƒ•ã‚¡ã‚¤ãƒ«ãƒ‘ーミッション値ãŒã‚ã‚Šã¾ã›ã‚“。 FILE_PROP_PERM_UNAVAIL:ç¾åœ¨ã®ãƒ‘ーミッション: å–å¾—ä¸å¯ ä¿å­˜æ¸ˆã¿ãƒ‘ーミッション: $1 FILE_PROP_PERM:ç¾åœ¨ã®ãƒ‘ーミッション: $1 ä¿å­˜æ¸ˆã¿ãƒ‘ーミッション: $2 FILE_PROP_UID_UNAVAIL:ç¾åœ¨ã®uid: å–å¾—ä¸å¯ ä¿å­˜æ¸ˆã¿uid: $1 FILE_PROP_UID:ç¾åœ¨ã®uid: $1 ä¿å­˜æ¸ˆã¿uid: $2 FILE_PROP_NO_RKHUID:「rkhunter.datã€ãƒ•ã‚¡ã‚¤ãƒ«å†…ã®ãƒ•ã‚¡ã‚¤ãƒ«ã€Œ $1 ã€ã®user-id値ãŒã‚ã‚Šã¾ã›ã‚“。 FILE_PROP_GID_UNAVAIL:ç¾åœ¨ã®gid: å–å¾—ä¸å¯ ä¿å­˜æ¸ˆã¿gid: $1 FILE_PROP_GID:ç¾åœ¨ã®gid: $1 ä¿å­˜æ¸ˆã¿gid: $2 FILE_PROP_NO_RKHGID:「rkhunter.datã€ãƒ•ã‚¡ã‚¤ãƒ«å†…ã®ãƒ•ã‚¡ã‚¤ãƒ«ã€Œ $1 ã€ã®group-id値ãŒã‚ã‚Šã¾ã›ã‚“。 FILE_PROP_INODE_UNAVAIL:ç¾åœ¨ã®inode: å–å¾—ä¸å¯ ä¿å­˜æ¸ˆã¿inode: $1 FILE_PROP_INODE:ç¾åœ¨ã®inode: $1 ä¿å­˜æ¸ˆã¿inode: $2 FILE_PROP_NO_RKHINODE:「rkhunter.datã€ãƒ•ã‚¡ã‚¤ãƒ«å†…ã®ãƒ•ã‚¡ã‚¤ãƒ«ã€Œ $1 ã€ã®inode値ãŒã‚ã‚Šã¾ã›ã‚“。 FILE_PROP_SIZE_UNAVAIL:ç¾åœ¨ã®ã‚µã‚¤ã‚º: å–å¾—ä¸å¯ ä¿å­˜æ¸ˆã¿ã‚µã‚¤ã‚º: $1 FILE_PROP_SIZE:ç¾åœ¨ã®ã‚µã‚¤ã‚º: $1 ä¿å­˜æ¸ˆã¿ã‚µã‚¤ã‚º: $2 FILE_PROP_NO_RKHSIZE:「rkhunter.datã€ãƒ•ã‚¡ã‚¤ãƒ«å†…ã®ãƒ•ã‚¡ã‚¤ãƒ«ã€Œ $1 ã€ã®ã‚µã‚¤ã‚ºå€¤ãŒã‚ã‚Šã¾ã›ã‚“。 FILE_PROP_SYSDTM_UNAVAIL:ç¾åœ¨ã®ãƒ•ã‚¡ã‚¤ãƒ«ä¿®æ­£æ—¥æ™‚: FILE_PROP_SYSDTM:ç¾åœ¨ã®ãƒ•ã‚¡ã‚¤ãƒ«ä¿®æ­£æ—¥æ™‚: $1 FILE_PROP_RKHDTM:ä¿å­˜æ¸ˆã¿ãƒ•ã‚¡ã‚¤ãƒ«ä¿®æ­£æ—¥æ™‚: $1 FILE_PROP_NO_RKHDTM:「rkhunter.datã€ãƒ•ã‚¡ã‚¤ãƒ«å†…ã®ãƒ•ã‚¡ã‚¤ãƒ«ã€Œ $1 ã€ã®ãƒ•ã‚¡ã‚¤ãƒ«ä¿®æ­£æ—¥æ™‚値ãŒã‚ã‚Šã¾ã›ã‚“。 FILE_PROP_SYSLNK:ç¾åœ¨ã®ã‚·ãƒ³ãƒœãƒªãƒƒã‚¯ãƒªãƒ³ã‚¯ã‚¿ãƒ¼ã‚²ãƒƒãƒˆ: 「 $1 〠-> 「 $2 〠FILE_PROP_RKHLNK:ä¿å­˜æ¸ˆã¿ã‚·ãƒ³ãƒœãƒªãƒƒã‚¯ãƒªãƒ³ã‚¯ã‚¿ãƒ¼ã‚²ãƒƒãƒˆ : 「 $1 〠-> 「 $2 〠FILE_PROP_NO_RKHLNK:「rkhunter.datã€ãƒ•ã‚¡ã‚¤ãƒ«å†…ã®ãƒ•ã‚¡ã‚¤ãƒ«ã€Œ $1 ã€ã¸ã®ã‚·ãƒ³ãƒœãƒªãƒƒã‚¯ãƒªãƒ³ã‚¯ã‚¿ãƒ¼ã‚²ãƒƒãƒˆã¯è¦‹ã¤ã‹ã‚Šã¾ã›ã‚“ã§ã—ãŸã€‚ FILE_PROP_LINK_WL:The シンボリックリンクターゲットãŒå¤‰æ›´ã•ã‚Œã¾ã—ãŸãŒãƒ›ãƒ¯ã‚¤ãƒˆãƒªã‚¹ãƒˆã«è¿½åŠ ã•ã‚Œã¾ã™: 「 $1 〠-> 「 $2 〠FILE_PROP_NO_SYSATTR:ファイル「 $1 ã€ã®ç¾åœ¨ã®ãƒ—ロパティをå–å¾—ã§ãã¾ã›ã‚“。' FILE_PROP_WRITE:ã™ã¹ã¦ã®ãƒ¦ãƒ¼ã‚¶ã«ãƒ•ã‚¡ã‚¤ãƒ«ã€Œ $1 ã€ã®æ›¸ãè¾¼ã¿æ¨©é™ãŒè¨­å®šã•ã‚Œã¦ã„ã¾ã™ã€‚ FILE_PROP_SYSPERM_UNAVAIL:ファイル「 $1 ã€ã®ç¾åœ¨ã®æ›¸ãè¾¼ã¿æ¨©é™ã‚’å–å¾—ã§ãã¾ã›ã‚“。' FILE_PROP_IMMUT:ファイル「 $1 ã€ã«ã¯ä¸å¤‰ãƒ“ットセットãŒã‚ã‚Šã¾ã™ã€‚ FILE_PROP_IMMUT_NOT_SET:ファイル「 $1 ã€ã«ã¯ä¸å¤‰ãƒ“ットセットãŒã‚ã‚Šã¾ã›ã‚“。 FILE_PROP_SCRIPT:コマンド「 $1 ã€ã¯ã‚¹ã‚¯ãƒªãƒ—トã«ç½®æ›ã•ã‚Œã¾ã—ãŸ: $2 FILE_PROP_SCRIPT_RKH:コマンド「 $1 ã€ã¯ç½®æ›ã•ã‚ŒãŸãŸã‚スクリプトã§ã¯ã‚ã‚Šã¾ã›ã‚“: $2 FILE_PROP_VRFY:パッケージマãƒãƒ¼ã‚¸ãƒ£ç…§åˆã«å¤±æ•—ã—ã¾ã—㟠FILE_PROP_VRFY_HASH:ファイルãƒãƒƒã‚·ãƒ¥å€¤ãŒå¤‰æ›´ã•ã‚Œã¾ã—ãŸã€‚ FILE_PROP_VRFY_PERM:ファイルパーミッションãŒå¤‰æ›´ã•ã‚Œã¾ã—ãŸã€‚ FILE_PROP_VRFY_UID:ファイルオーナーãŒå¤‰æ›´ã•ã‚Œã¾ã—ãŸã€‚ FILE_PROP_VRFY_GID:ファイルグループãŒå¤‰æ›´ã•ã‚Œã¾ã—ãŸã€‚ FILE_PROP_VRFY_DTM:ファイル修正日時ãŒå¤‰æ›´ã•ã‚Œã¾ã—ãŸã€‚ FILE_PROP_VRFY_LNK:シンボリックリンクターゲットãŒå¤‰æ›´ã•ã‚Œã¾ã—ãŸã€‚ FILE_PROP_VRFY_SIZE:ファイルサイズãŒå¤‰æ›´ã•ã‚Œã¾ã—ãŸã€‚ FILE_PROP_EPOCH_DATE_CMD:UNIX時間ã®å‡¦ç†ã«ã€Œ $1 ã€ã‚’使用ã™ã‚‹ CHECK_ROOTKITS:rootkitsã‚’ãƒã‚§ãƒƒã‚¯ã™ã‚‹ ... ROOTKIT_FILES_DIRS_START:既知ã®rootkitファイルãŠã‚ˆã³ãƒ‡ã‚£ãƒ¬ã‚¯ãƒˆãƒªã®ãƒã‚§ãƒƒã‚¯ã‚’実行ã™ã‚‹ ROOTKIT_FILES_DIRS_NAME_LOG: ${1} ã‚’ãƒã‚§ãƒƒã‚¯ã™ã‚‹ ... ROOTKIT_FILES_DIRS_FILE:ファイル「 $1 ã€ã‚’ãƒã‚§ãƒƒã‚¯ã™ã‚‹ ROOTKIT_FILES_DIRS_DIR:ディレクトリ「 $1 ã€ã‚’ãƒã‚§ãƒƒã‚¯ã™ã‚‹ ROOTKIT_FILES_DIRS_KSYM:「 $1 ã€ã‚«ãƒ¼ãƒãƒ«ã‚·ãƒ³ãƒœãƒ«ã€Œ $1 ã€ã‚’ãƒã‚§ãƒƒã‚¯ã™ã‚‹ ROOTKIT_FILES_DIRS_FILE_FOUND:ファイル「 $1 ã€ãŒè¦‹ã¤ã‹ã‚Šã¾ã—ãŸã€‚ ROOTKIT_FILES_DIRS_DIR_FOUND:ディレクトリ「 $1 ã€ãŒè¦‹ã¤ã‹ã‚Šã¾ã—ãŸã€‚ ROOTKIT_FILES_DIRS_KSYM_FOUND:カーãƒãƒ«ã‚·ãƒ³ãƒœãƒ«ã€Œ $1 ã€ãŒè¦‹ã¤ã‹ã‚Šã¾ã—ãŸã€‚ ROOTKIT_FILES_DIRS_STR:ストリング「 $1 ã€ã‚’ãƒã‚§ãƒƒã‚¯ã™ã‚‹ ROOTKIT_FILES_DIRS_STR_FOUND:ファイル「 $2 ã€ã«ã‚¹ãƒˆãƒªã‚°ã€Œ $1 ã€ãŒè¦‹ã¤ã‹ã‚Šã¾ã—ãŸã€‚ ROOTKIT_FILES_DIRS_NOFILE:ファイル「 $1ã€ã¯å­˜åœ¨ã—ã¾ã›ã‚“。 ROOTKIT_FILES_DIRS_SINAR_DIR:「 $1 ã€ã‚’ãƒã‚§ãƒƒã‚¯ã™ã‚‹ ROOTKIT_FILES_DIRS_SINAR:SInARãŒè¦‹ã¤ã‹ã‚Šã¾ã—ãŸ: $1 ROOTKIT_LINK_COUNT:「 $1 ã€ã®ãƒãƒ¼ãƒ‰ãƒªãƒ³ã‚¯ã‚«ã‚¦ãƒ³ãƒˆã‚’ãƒã‚§ãƒƒã‚¯ã™ã‚‹ ROOTKIT_LINK_COUNT_FAIL:「 $1 ã€ã‚³ãƒžãƒ³ãƒ‰ã‹ã‚‰ã®ãƒãƒ¼ãƒ‰ãƒªãƒ³ã‚¯ã‚«ã‚¦ãƒ³ãƒˆ: $2 ROOTKIT_LINK_COUNT_CMDERR:「 $2 ã€ã®ãƒã‚§ãƒƒã‚¯ä¸­ã«ã€Œ $1 ã€ã‚³ãƒžãƒ³ãƒ‰ã«ã‚¨ãƒ©ãƒ¼ãŒç™ºç”Ÿã—ã¾ã—ãŸã€‚ ROOTKIT_PHALANX2_LINK_COUNT_FAIL:「 $1 ã€ã®ãƒãƒ¼ãƒ‰ãƒªãƒ³ã‚¯ã®ãƒã‚§ãƒƒã‚¯ã«å¤±æ•—ã—ã¾ã—ãŸã€‚ ROOTKIT_PHALANX2_PROC:プロセス「ata/0ã€ã®ãƒ—ロセスリストをãƒã‚§ãƒƒã‚¯ã™ã‚‹ ROOTKIT_PHALANX2_PROC_FOUND:実行中プロセス「ata/0ã€ãŒè¦‹ã¤ã‹ã‚Šã¾ã—ãŸã€‚ ROOTKIT_PHALANX2_PROC_PPID:予期ã•ã‚ŒãŸã€Œkthreadã€è¦ªPID「 $1 ã€ã«è¦ªPID「 $2 ã€ãŒè¦‹ã¤ã‹ã‚Šã¾ã—ãŸã€‚' ROOTKIT_PHALANX2_PROC_PS_ERR:「psã€ã®å®Ÿè¡ŒãŒäºˆæœŸã—ãªã„çµæžœã‚’戻ã—ã¾ã—ãŸ: コマンドライン変数ãŒã‚µãƒãƒ¼ãƒˆã•ã‚Œã¦ã„ãªã„å¯èƒ½æ€§ãŒã‚ã‚Šã¾ã™ã€‚ ROOTKIT_ADD_START:追加rootkitãƒã‚§ãƒƒã‚¯ã‚’実行ã™ã‚‹ ROOTKIT_ADD_SUCKIT:Suckit Rookit追加ãƒã‚§ãƒƒã‚¯ ROOTKIT_ADD_SUCKIT_LOG:Suckit Rookit追加ãƒã‚§ãƒƒã‚¯ã‚’実行ã™ã‚‹ ROOTKIT_ADD_SUCKIT_LINK_NOCMD:「/sbin/initã€ãƒªãƒ³ã‚¯ã‚«ã‚¦ãƒ³ãƒˆã‚’ãƒã‚§ãƒƒã‚¯ã™ã‚‹: 「statã€ã‚³ãƒžãƒ³ãƒ‰ãŒè¦‹ã¤ã‹ã‚Šã¾ã›ã‚“ã§ã—ãŸã€‚ ROOTKIT_ADD_SUCKIT_LINK_FOUND:「/sbin/initã€ãƒªãƒ³ã‚¯ã‚«ã‚¦ãƒ³ãƒˆã‚’ãƒã‚§ãƒƒã‚¯ã™ã‚‹: カウント㯠$1 ã§ã™ã€‚「1ã€ã«ã—ã¦ãã ã•ã„。 ROOTKIT_ADD_SUCKIT_EXT:éš ã—ファイル拡張å­ã‚’ãƒã‚§ãƒƒã‚¯ã™ã‚‹ ROOTKIT_ADD_SUCKIT_EXT_FOUND:éš ã—ファイル拡張å­ã‚’ãƒã‚§ãƒƒã‚¯ã™ã‚‹: 発見: $1 ROOTKIT_ADD_SUCKIT_SKDET:skdetコマンドを実行ã™ã‚‹ ROOTKIT_ADD_SUCKIT_SKDET_FOUND:skdetコマンドを実行ã™ã‚‹: 発見: $1 ROOTKIT_ADD_SUCKIT_SKDET_VER:skdetコマンドを実行ã™ã‚‹: ä¸æ˜Žãªãƒãƒ¼ã‚¸ãƒ§ãƒ³: $1 ROOTKIT_POSS_FILES_DIRS:å¯èƒ½æ€§ã®ã‚ã‚‹rootkitファイルãŠã‚ˆã³ãƒ‡ã‚£ãƒ¬ã‚¯ãƒˆãƒªã‚’ãƒã‚§ãƒƒã‚¯ã™ã‚‹ ROOTKIT_POSS_FILES_DIRS_LOG:å¯èƒ½æ€§ã®ã‚ã‚‹rootkitファイルãŠã‚ˆã³ãƒ‡ã‚£ãƒ¬ã‚¯ãƒˆãƒªã®ãƒã‚§ãƒƒã‚¯ã‚’実行ã™ã‚‹ ROOTKIT_POSS_FILES_FILE_FOUND:ファイル「 $1 ã€ãŒè¦‹ã¤ã‹ã‚Šã¾ã—ãŸã€‚å¯èƒ½æ€§ã®ã‚ã‚‹rootkit: $2 ROOTKIT_POSS_FILES_DIR_FOUND:ディレクトリ「 $1 ã€ãŒè¦‹ã¤ã‹ã‚Šã¾ã—ãŸã€‚å¯èƒ½æ€§ã®ã‚ã‚‹rootkit: $2 ROOTKIT_POSS_STRINGS:å¯èƒ½æ€§ã®ã‚ã‚‹rootkitストリングをãƒã‚§ãƒƒã‚¯ã™ã‚‹ ROOTKIT_POSS_STRINGS_LOG:å¯èƒ½æ€§ã®ã‚ã‚‹rootkitストリングã®ãƒã‚§ãƒƒã‚¯ã‚’実行ã™ã‚‹ ROOTKIT_POSS_STRINGS_FOUND:ファイル「 $2 ã€å†…ã«ã‚¹ãƒˆãƒªãƒ³ã‚°ã€Œ $1 ã€ãŒè¦‹ã¤ã‹ã‚Šã¾ã—ãŸã€‚rootkitã®å¯èƒ½æ€§: $3 ROOTKIT_MALWARE_START:マルウェアãƒã‚§ãƒƒã‚¯ã‚’実行ã™ã‚‹ ROOTKIT_MALWARE_SUSP_FILES:ç–‘ã‚ã—ã„ファイルã®ãƒ—ロセス実行をãƒã‚§ãƒƒã‚¯ã™ã‚‹ ROOTKIT_MALWARE_SUSP_FILES_FOUND:次ã®ãƒ—ロセスã¯ç–‘ã‚ã—ã„ファイルを使用ã—ã¦ã„ã¾ã™: ROOTKIT_MALWARE_SUSP_FILES_FOUND_UID:UID: $1 PID: $2 ROOTKIT_MALWARE_SUSP_FILES_FOUND_CMD:コマンド: $1 ROOTKIT_MALWARE_SUSP_FILES_FOUND_PATH:パスå: $1 ROOTKIT_MALWARE_SUSP_FILES_FOUND_RTKT:Rootkitã®å¯èƒ½æ€§: $1 ROOTKIT_MALWARE_HIDDEN_PROCS:éš ã—プロセスをãƒã‚§ãƒƒã‚¯ã™ã‚‹ ROOTKIT_MALWARE_HIDDEN_PROCS_NOUNHIDE:ユーザã®ãƒªã‚¯ã‚¨ã‚¹ãƒˆã«ã‚ˆã‚Šã€Œ $1 ã€ã®ä½¿ç”¨ãŒç„¡åŠ¹ã«ã•ã‚Œã¾ã—ãŸã€‚ ROOTKIT_MALWARE_HIDDEN_PROCS_UNHIDE_VERS:「unhideã€ã‚³ãƒžãƒ³ãƒ‰ãƒãƒ¼ã‚¸ãƒ§ãƒ³ãŒè¦‹ã¤ã‹ã‚Šã¾ã—ãŸ: $1 ROOTKIT_MALWARE_HIDDEN_PROCS_UNHIDE_CMD:コマンド「 $1 ã€ã‚’使用ã™ã‚‹ ROOTKIT_MALWARE_HIDDEN_PROCS_UNH_ERR:「unhideã€ã¯å®Ÿè¡Œã•ã‚Œã¾ã›ã‚“ã§ã—ãŸã€‚無効ãªãƒ†ã‚¹ãƒˆãƒ•ã‚¡ã‚¤ãƒ«å: $1 ROOTKIT_MALWARE_HIDDEN_PROCS_RUBY_ERR:「unhide.rbã€ã‚³ãƒžãƒ³ãƒ‰ã«ã‚¨ãƒ©ãƒ¼ãŒç™ºç”Ÿã—ã¾ã—ãŸ: ROOTKIT_MALWARE_HIDDEN_PROCS_FOUND:éš ã—プロセスãŒè¦‹ã¤ã‹ã‚Šã¾ã—ãŸ: ROOTKIT_MALWARE_DELETED_FILES:削除済ã¿ãƒ•ã‚¡ã‚¤ãƒ«ã®å®Ÿè¡Œãƒ—ロセスをãƒã‚§ãƒƒã‚¯ã™ã‚‹ ROOTKIT_MALWARE_DELETED_FILES_FOUND:次ã®ãƒ—ロセスã¯å‰Šé™¤æ¸ˆã¿ãƒ•ã‚¡ã‚¤ãƒ«ã‚’使用ã—ã¦ã„ã¾ã™: ROOTKIT_MALWARE_DELETED_FILES_FOUND_DATA:プロセス: $1 PID: $2 ファイル: $3 ROOTKIT_MALWARE_DELETED_FILES_WL:プロセス「 $1 ã€ã«ã‚ˆã‚‹ãƒ•ã‚¡ã‚¤ãƒ«ã€Œ $2 ã€ã®ä½¿ç”¨ã‚’発見ã—ã¾ã—ãŸ: ホワイトリストã«è¿½åŠ ã•ã‚Œã¾ã™ã€‚ ROOTKIT_MALWARE_LOGIN_BDOOR:ログインãƒãƒƒã‚¯ãƒ‰ã‚¢ã‚’ãƒã‚§ãƒƒã‚¯ã™ã‚‹ ROOTKIT_MALWARE_LOGIN_BDOOR_LOG:ログインãƒãƒƒã‚¯ãƒ‰ã‚¢ã®ãƒã‚§ãƒƒã‚¯ã‚’実行ã™ã‚‹ ROOTKIT_MALWARE_LOGIN_BDOOR_CHK:「 $1 ã€ã‚’ãƒã‚§ãƒƒã‚¯ã™ã‚‹ ROOTKIT_MALWARE_LOGIN_BDOOR_FOUND:ログインãƒãƒƒã‚¯ãƒ‰ã‚¢ãƒ•ã‚¡ã‚¤ãƒ«ãŒè¦‹ã¤ã‹ã‚Šã¾ã—ãŸ: $1 ROOTKIT_MALWARE_SUSP_DIR:ç–‘ã‚ã—ã„ディレクトリをãƒã‚§ãƒƒã‚¯ã™ã‚‹ ROOTKIT_MALWARE_SUSP_DIR_LOG:ç–‘ã‚ã—ã„ディレクトリã®ãƒã‚§ãƒƒã‚¯ã‚’実行ã™ã‚‹ ROOTKIT_MALWARE_SUSP_DIR_FOUND:ç–‘ã‚ã—ã„ディレクトリãŒè¦‹ã¤ã‹ã‚Šã¾ã—ãŸ: $1 ROOTKIT_MALWARE_SFW_INTRUSION:ソフトウェア侵入をãƒã‚§ãƒƒã‚¯ã™ã‚‹ ROOTKIT_MALWARE_SFW_INTRUSION_FOUND:「 $1 ã€ã«ã‚¹ãƒˆãƒªãƒ³ã‚°ã€Œ $2 ã€ãŒå«ã¾ã‚Œã¦ã„ã¾ã™ã€‚rootkitã®å¯èƒ½æ€§: SHV5 ROOTKIT_MALWARE_SFW_INTRUSION_SKIP:ãƒã‚§ãƒƒã‚¯ã‚’スキップã—ã¾ã—㟠- tripwireãŒã‚¤ãƒ³ã‚¹ãƒˆãƒ¼ãƒ«ã•ã‚Œã¦ã„ã¾ã›ã‚“。 ROOTKIT_MALWARE_SNIFFER:スニファログファイルをãƒã‚§ãƒƒã‚¯ã™ã‚‹ ROOTKIT_MALWARE_SNIFFER_LOG:スニファログファイルã®ãƒã‚§ãƒƒã‚¯ã‚’実行ã™ã‚‹ ROOTKIT_MALWARE_SNIFFER_FOUND:å¯èƒ½æ€§ã®ã‚るスニファログファイルãŒè¦‹ã¤ã‹ã‚Šã¾ã—ãŸ: $1 ROOTKIT_MALWARE_IPCS:ç–‘ã‚ã—ã„共有メモリセグメント ROOTKIT_MALWARE_IPCS_DETAILS:プロセス: $1 PID: $2 オーナー: $3 ROOTKIT_TROJAN_START:トロイã®æœ¨é¦¬å›ºæœ‰ãƒã‚§ãƒƒã‚¯ã‚’実行ã™ã‚‹ ROOTKIT_TROJAN_INETD:inetdサービスã®æœ‰åŠ¹åŒ–ã‚’ãƒã‚§ãƒƒã‚¯ã™ã‚‹ ROOTKIT_TROJAN_INETD_SKIP:ãƒã‚§ãƒƒã‚¯ã‚’スキップã—ã¾ã—㟠- ファイル「 $1 ã€ãŒè¦‹ã¤ã‹ã‚Šã¾ã›ã‚“。 ROOTKIT_TROJAN_INETD_FOUND:有効ãªinetdサービスãŒè¦‹ã¤ã‹ã‚Šã¾ã—ãŸ: $1 ROOTKIT_TROJAN_XINETD:xinetdサービスã®æœ‰åŠ¹åŒ–ã‚’ãƒã‚§ãƒƒã‚¯ã™ã‚‹ ROOTKIT_TROJAN_XINETD_LOG:有効ãªxinetdサービスã®ãƒã‚§ãƒƒã‚¯ã‚’実行ã™ã‚‹ ROOTKIT_TROJAN_XINETD_ENABLED:「 $1 ã€ã®æœ‰åŠ¹ãªã‚µãƒ¼ãƒ“スをãƒã‚§ãƒƒã‚¯ã™ã‚‹ ROOTKIT_TROJAN_XINETD_INCLUDE:「include $1ã€ãƒ‡ã‚£ãƒ¬ã‚¯ãƒ†ã‚£ãƒ–ãŒè¦‹ã¤ã‹ã‚Šã¾ã—ãŸã€‚ ROOTKIT_TROJAN_XINETD_INCLUDEDIR:「includedir $1ã€ãƒ‡ã‚£ãƒ¬ã‚¯ãƒ†ã‚£ãƒ–ãŒè¦‹ã¤ã‹ã‚Šã¾ã—ãŸã€‚ ROOTKIT_TROJAN_XINETD_ENABLED_FOUND:有効ãªxinetdサービスãŒè¦‹ã¤ã‹ã‚Šã¾ã—㟠: $1 ROOTKIT_TROJAN_XINETD_WHITELIST:サービス「 $1 ã€ãŒè¦‹ã¤ã‹ã‚Šã¾ã—ãŸã€‚: $2 ãŒãƒ›ãƒ¯ã‚¤ãƒˆãƒªã‚¹ãƒˆã«è¿½åŠ ã•ã‚Œã¾ã™ã€‚ ROOTKIT_TROJAN_APACHE:Apacheãƒãƒƒã‚¯ãƒ‰ã‚¢ã‚’ãƒã‚§ãƒƒã‚¯ã™ã‚‹ ROOTKIT_TROJAN_APACHE_SKIPPED:Apacheãƒãƒƒã‚¯ãƒ‰ã‚¢ãƒã‚§ãƒƒã‚¯ã‚’スキップã—ã¾ã—ãŸ: ApacheモジュールãŠã‚ˆã³è¨­å®šãƒ‡ã‚£ãƒ¬ã‚¯ãƒˆãƒªãŒè¦‹ã¤ã‹ã‚Šã¾ã›ã‚“ã§ã—ãŸã€‚ ROOTKIT_TROJAN_APACHE_FOUND:Apacheãƒãƒƒã‚°ãƒ‰ã‚¢ãƒ¢ã‚¸ãƒ¥ãƒ¼ãƒ«ã€Œmod_rootmeã€ãŒè¦‹ã¤ã‹ã‚Šã¾ã—ãŸ: $1 ROOTKIT_OS_START:$1 固有ãƒã‚§ãƒƒã‚¯ã‚’実行ã™ã‚‹ ROOTKIT_OS_SKIPPED:利用ã§ãる固有テストã¯ã‚ã‚Šã¾ã›ã‚“。 ROOTKIT_OS_BSD_SOCKNET:sockstatãŠã‚ˆã³netstatコマンドをãƒã‚§ãƒƒã‚¯ã™ã‚‹ ROOTKIT_OS_BSD_SOCKNET_FOUND:sockstatãŠã‚ˆã³netstatアウトプットã«å·®ç•°ãŒç™ºè¦‹ã•ã‚Œã¾ã—ãŸ: ROOTKIT_OS_BSD_SOCKNET_OUTPUT:$1 アウトプット (使用中ãƒãƒ¼ãƒˆ): $2 ROOTKIT_OS_FREEBSD_KLD:KLDãƒãƒƒã‚¯ãƒ‰ã‚¢ã‚’ãƒã‚§ãƒƒã‚¯ã™ã‚‹ ROOTKIT_OS_FREEBSD_KLD_FOUND:FreeBSD KLDãƒãƒƒã‚°ãƒ‰ã‚¢ã®å¯èƒ½æ€§ãŒç™ºè¦‹ã•ã‚Œã¾ã—ãŸã€‚ストリング「 $1 ã€ã‚’表示ã™ã‚‹ã«ã¯ã€Œkldstat -vã€ã‚³ãƒžãƒ³ãƒ‰ã‚’実行ã—ã¦ãã ã•ã„。 ROOTKIT_OS_FREEBSD_PKGDB:パッケージデータベースをãƒã‚§ãƒƒã‚¯ã™ã‚‹ ROOTKIT_OS_FREEBSD_PKGDB_NOTOK:パッケージデータベースã«çŸ›ç›¾ãŒå­˜åœ¨ã—ã¾ã™ã€‚ ROOTKIT_OS_FREEBSD_PKGDB_NOTOK:ã“ã‚Œã¯ã‚»ã‚­ãƒ¥ãƒªãƒ†ã‚£å•é¡Œã§ã¯ã‚ã‚Šã¾ã›ã‚“ãŒã€Œpkgdb -Fkã€ã‚’実行ã™ã‚‹ã“ã¨ã«ã‚ˆã‚Šå•é¡Œã‚’診断ã™ã‚‹ã“ã¨ãŒã§ãã¾ã™ã€‚ ROOTKIT_OS_DFLY_PKGDB_NOTOK:パッケージデータベースã«çŸ›ç›¾ãŒå­˜åœ¨ã—ã¾ã™ã€‚ ROOTKIT_OS_DFLY_PKGDB_NOTOK:ã“ã‚Œã¯ã‚»ã‚­ãƒ¥ãƒªãƒ†ã‚£å•é¡Œã§ã¯ã‚ã‚Šã¾ã›ã‚“ãŒã€Œpkg_admin checkã€ã‚’実行ã™ã‚‹ã“ã¨ã«ã‚ˆã‚Šå•é¡Œã‚’診断ã™ã‚‹ã“ã¨ãŒã§ãã¾ã™ã€‚ ROOTKIT_OS_LINUX_LKM:読ã¿è¾¼ã¿æ¸ˆã¿ã‚«ãƒ¼ãƒãƒ«ãƒ¢ã‚¸ãƒ¥ãƒ¼ãƒ«ã‚’ãƒã‚§ãƒƒã‚¯ã™ã‚‹ ROOTKIT_OS_LINUX_LKM_FOUND:lsmodコマンドã¨ã€Œ/proc/modulesã€ãƒ•ã‚¡ã‚¤ãƒ«ã«å·®ç•°ãŒè¦‹ã¤ã‹ã‚Šã¾ã—ãŸ: ROOTKIT_OS_LINUX_LKM_OUTPUT:$1 アウトプット: $2 ROOTKIT_OS_LINUX_LKM_EMPTY:lsmodコマンドã¾ãŸã¯ã€Œ/proc/modulesã€ãƒ•ã‚¡ã‚¤ãƒ«ã‹ã‚‰ã‚¢ã‚¦ãƒˆãƒ—ットã¯è¦‹ã¤ã‹ã‚Šã¾ã›ã‚“ã§ã—ãŸ: ROOTKIT_OS_LINUX_LKM_MOD_MISSING:モジュールファイル「 $1 ã€ãŒã‚ã‚Šã¾ã›ã‚“。 ROOTKIT_OS_LINUX_LKMNAMES:カーãƒãƒ«ãƒ¢ã‚¸ãƒ¥ãƒ¼ãƒ«åã‚’ãƒã‚§ãƒƒã‚¯ã™ã‚‹ ROOTKIT_OS_LINUX_LKMNAMES_PATH:「 $1 ã€ã®ãƒ¢ã‚¸ãƒ¥ãƒ¼ãƒ«ãƒ‘スを使用ã™ã‚‹ ROOTKIT_OS_LINUX_LKMNAMES_FOUND:「 $1 ã€ã«æ—¢çŸ¥ã®å•é¡Œã®ã‚るカーãƒãƒ«ãƒ¢ã‚¸ãƒ¥ãƒ¼ãƒ«ãŒè¦‹ã¤ã‹ã‚Šã¾ã—ãŸ: $2 ROOTKIT_OS_LINUX_LKMNAMES_PATH_MISSING:カーãƒãƒ«ãƒ¢ã‚¸ãƒ¥ãƒ¼ãƒ«ãƒ‡ã‚£ãƒ¬ã‚¯ãƒˆãƒªã€Œ $1 ã€ãŒå­˜åœ¨ã—ãªã„ã¾ãŸã¯ç©ºã§ã™ã€‚ CHECK_LOCALHOST:ローカルホストをãƒã‚§ãƒƒã‚¯ã™ã‚‹ ... STARTUP_FILES_START:システムブートãƒã‚§ãƒƒã‚¯ã‚’実行ã™ã‚‹ STARTUP_HOSTNAME:ローカルホストåã‚’ãƒã‚§ãƒƒã‚¯ã™ã‚‹ STARTUP_NO_HOSTNAME:ホストåã¯è¦‹ã¤ã‹ã‚Šã¾ã›ã‚“ã§ã—ãŸã€‚ STARTUP_CHECK_FILES_EXIST:システムスタートアップファイルをãƒã‚§ãƒƒã‚¯ã™ã‚‹ STARTUP_NONE_GIVEN:ユーザãŒã‚¹ã‚¿ãƒ¼ãƒˆã‚¢ãƒƒãƒ—ファイルパスåã«ã€ŒNONEã€ã‚’指定ã—ã¾ã—ãŸã€‚ STARTUP_CHECK_FILES_MALWARE:マルウェアã®ã‚·ã‚¹ãƒ†ãƒ ã‚¹ã‚¿ãƒ¼ãƒˆã‚¢ãƒƒãƒ—ファイルをãƒã‚§ãƒƒã‚¯ã™ã‚‹ STARTUP_CHECK_NO_RC_FILES:システムスタートアップファイルã¯è¦‹ã¤ã‹ã‚Šã¾ã›ã‚“ã§ã—ãŸã€‚ ACCOUNTS_START:グループãŠã‚ˆã³ã‚¢ã‚«ã‚¦ãƒ³ãƒˆã®ãƒã‚§ãƒƒã‚¯ã‚’実行ã™ã‚‹ ACCOUNTS_PWD_FILE_CHECK:パスワードファイルをãƒã‚§ãƒƒã‚¯ã™ã‚‹ ACCOUNTS_FOUND_PWD_FILE:パスワードファイルãŒè¦‹ã¤ã‹ã‚Šã¾ã—ãŸ: $1 ACCOUNTS_NO_PWD_FILE:パスワードファイル $1 ã¯å­˜åœ¨ã—ã¾ã›ã‚“。 ACCOUNTS_UID0:rootåŒç­‰ (UID 0) アカウントをãƒã‚§ãƒƒã‚¯ã™ã‚‹ ACCOUNTS_UID0_WL:rootåŒç­‰ã‚¢ã‚«ã‚¦ãƒ³ãƒˆã€Œ $1 ã€ãŒè¦‹ã¤ã‹ã‚Šã¾ã—ãŸ: ホワイトリストã«è¿½åŠ ã•ã‚Œã¾ã™ã€‚ ACCOUNTS_UID0_FOUND:アカウント「 $1 ã€ã¯rootåŒç­‰ã‚¢ã‚«ã‚¦ãƒ³ãƒˆ (UID = 0) ã§ã™ã€‚ ACCOUNTS_SHADOW_FILE:シャドウファイルãŒè¦‹ã¤ã‹ã‚Šã¾ã—ãŸ: $1 ACCOUNTS_SHADOW_TCB:TCBシャドウファイルディレクトリãŒè¦‹ã¤ã‹ã‚Šã¾ã—ãŸ: $1 ACCOUNTS_PWDLESS:パスワードãªã—アカウントをãƒã‚§ãƒƒã‚¯ã™ã‚‹ ACCOUNTS_PWDLESS_WL:パスワードãªã—アカウント「 $1 ã€ãŒè¦‹ã¤ã‹ã‚Šã¾ã—ãŸ: ホワイトリストã«è¿½åŠ ã•ã‚Œã¾ã™ã€‚ ACCOUNTS_PWDLESS_FOUND:パスワードãªã—アカウント㌠$1 ファイル内ã«è¦‹ã¤ã‹ã‚Šã¾ã—ãŸ: $2 ACCOUNTS_NO_SHADOW_FILE:シャドウ/パスワードファイルãŒè¦‹ã¤ã‹ã‚Šã¾ã›ã‚“ã§ã—ãŸã€‚ PASSWD_CHANGES:パスワードファイル変更をãƒã‚§ãƒƒã‚¯ã™ã‚‹ PASSWD_CHANGES_NO_TMP:パスワードファイルã®å·®ç•°ã‚’確èªã§ãã¾ã›ã‚“: パスワードファイルã®ã‚³ãƒ”ーã¯å­˜åœ¨ã—ã¾ã›ã‚“。 PWD_CHANGES_IDADD:ユーザ「 $1 ã€ãŒãƒ‘スワードファイルã«è¿½åŠ ã•ã‚Œã¾ã—ãŸã€‚ PWD_CHANGES_IDREM:ユーザ「 $1 ã€ãŒãƒ‘スワードファイルã‹ã‚‰å‰Šé™¤ã•ã‚Œã¾ã—ãŸã€‚ PWD_CHANGES_FOUND:ユーザ「 $1 ã€ã®å¤‰æ›´ãŒãƒ‘スワードファイルã«è¦‹ã¤ã‹ã‚Šã¾ã—ãŸ: PWDGRP_CHANGES_UNK:ä¸æ˜Žãªãƒ•ã‚£ãƒ¼ãƒ«ãƒ‰ãŒ $1 ファイルã«è¦‹ã¤ã‹ã‚Šã¾ã—ãŸ: å¤ã„フィールド: 「 $2 〠新ã—ã„フィールド: 「 $3 〠PWD_CHANGES_PWD:パスワードãŒã€Œ $1 〠ã‹ã‚‰ã€Œ $2 〠ã«å¤‰æ›´ã•ã‚Œã¾ã—ãŸã€‚ PWD_CHANGES_UID:UIDãŒã€Œ $1 〠ã‹ã‚‰ã€Œ $2 〠ã«å¤‰æ›´ã•ã‚Œã¾ã—ãŸã€‚ PWD_CHANGES_GID:GIDãŒã€Œ $1 〠ã‹ã‚‰ã€Œ $2 〠ã«å¤‰æ›´ã•ã‚Œã¾ã—ãŸã€‚ PWD_CHANGES_COMM:アカウントコメントãŒã€Œ $1 〠ã‹ã‚‰ã€Œ $2 〠ã«å¤‰æ›´ã•ã‚Œã¾ã—ãŸã€‚ PWD_CHANGES_HOME:ホームディレクトリãŒã€Œ $1 〠ã‹ã‚‰ã€Œ $2 〠ã«å¤‰æ›´ã•ã‚Œã¾ã—ãŸã€‚ PWD_CHANGES_SHL:ログインシェルスクリプトãŒã€Œ $1 〠ã‹ã‚‰ã€Œ $2 〠ã«å¤‰æ›´ã•ã‚Œã¾ã—ãŸã€‚ GROUP_CHANGES:グループファイル変更ãƒã‚§ãƒƒã‚¯ GROUP_CHANGES_NO_FILE:グループファイル $1 ã¯å­˜åœ¨ã—ã¾ã›ã‚“。 GROUP_CHANGES_NO_TMP:グループファイルã®å·®ç•°ã‚’確èªã§ãã¾ã›ã‚“: グループファイルã®ã‚³ãƒ”ーã¯å­˜åœ¨ã—ã¾ã›ã‚“。 GROUP_CHANGES_FOUND:グループ「 $1 ã€ã®ã‚°ãƒ«ãƒ¼ãƒ—ファイルã«å¤‰æ›´ãŒè¦‹ã¤ã‹ã‚Šã¾ã—ãŸ: GROUP_CHANGES_IDADD:グループ「 $1 ã€ãŒã‚°ãƒ«ãƒ¼ãƒ—ファイルã«è¿½åŠ ã•ã‚Œã¾ã—ãŸã€‚ GROUP_CHANGES_IDREM:グループ「 $1 ã€ãŒã‚°ãƒ«ãƒ¼ãƒ—ファイルã‹ã‚‰å‰Šé™¤ã•ã‚Œã¾ã—ãŸã€‚ GROUP_CHANGES_PWD:グループパスワードãŒã€Œ $1 ã€ã‹ã‚‰ã€Œ $2 ã€ã«å¤‰æ›´ã•ã‚Œã¾ã—ãŸã€‚ GROUP_CHANGES_GID:グループナンãƒãƒ¼ãŒã€Œ $1 ã€ã‹ã‚‰ã€Œ $2 ã€ã«å¤‰æ›´ã•ã‚Œã¾ã—ãŸã€‚ GROUP_CHANGES_GRPREM:ユーザ「 $1 ã€ãŒã‚°ãƒ«ãƒ¼ãƒ—ã‹ã‚‰å‰Šé™¤ã•ã‚Œã¾ã—ãŸã€‚ GROUP_CHANGES_GRPADD:ユーザ「 $1 ã€ãŒã‚°ãƒ«ãƒ¼ãƒ—ã«è¿½åŠ ã•ã‚Œã¾ã—ãŸã€‚ HISTORY_CHECK:ルートアカウントã®ã‚·ã‚§ãƒ«å±¥æ­´ãƒ•ã‚¡ã‚¤ãƒ«ã‚’ãƒã‚§ãƒƒã‚¯ã™ã‚‹ HISTORY_CHECK_FOUND:ルートアカウント $1 ã®ã‚·ã‚§ãƒ«ã‚¹ã‚¯ãƒªãƒ—トファイルã¯ã‚·ãƒ³ãƒœãƒªãƒƒã‚¯ãƒªãƒ³ã‚¯ã§ã™: $2 SYSTEM_CONFIGS_START:システム設定ファイルã®ãƒã‚§ãƒƒã‚¯ã‚’実行ã™ã‚‹ SYSTEM_CONFIGS_FILE:システムロギング設定ファイルをãƒã‚§ãƒƒã‚¯ã™ã‚‹ SYSTEM_CONFIGS_FILE_SSH:SSH設定ファイルをãƒã‚§ãƒƒã‚¯ã™ã‚‹ SYSTEM_CONFIGS_FILE_FOUND:$1 $2 設定ファイルãŒè¦‹ã¤ã‹ã‚Šã¾ã—ãŸ: $3 SYSTEM_CONFIGS_SSH_ROOT:SSHルートアクセスã®è¨±å¯ã‚’ãƒã‚§ãƒƒã‚¯ã™ã‚‹ SYSTEM_CONFIGS_SSH_ROOT_FOUND:SSHãŠã‚ˆã³rkhunter設定オプションをåŒã˜ã«ã™ã‚‹å¿…è¦ãŒã‚ã‚Šã¾ã™: SYSTEM_CONFIGS_SSH_ROOT_FOUND1:SSH設定オプション「PermitRootLoginã€: $1 SYSTEM_CONFIGS_SSH_ROOT_FOUND2:Rkhunter設定オプション「ALLOW_SSH_ROOT_USERã€: $1 SYSTEM_CONFIGS_SSH_ROOT_NOTFOUND:SSH設定オプション「PermitRootLoginã€ãŒè¨­å®šã•ã‚Œã¦ã„ã¾ã›ã‚“。 SYSTEM_CONFIGS_SSH_ROOT_NOTFOUND:rootアクセスを許å¯ã™ã‚‹ãŸã‚ã«ã¯ãƒ‡ãƒ•ã‚©ãƒ«ãƒˆå€¤ã‚’「yesã€ã«ã—ã¦ãã ã•ã„。 SYSTEM_CONFIGS_SSH_PROTO:SSHプロトコルv1ã®è¨±å¯ã‚’ãƒã‚§ãƒƒã‚¯ã™ã‚‹ SYSTEM_CONFIGS_SSH_PROTO_DIFF1:SSH設定オプション「Protocolã€: $1 SYSTEM_CONFIGS_SSH_PROTO_DIFF2:Rkhunter設定オプション「ALLOW_SSH_PROT_V1ã€: $1 SYSTEM_CONFIGS_SSH_PROTO_NOTFOUND:SSH設定オプション「Protocolã€ãŒè¨­å®šã•ã‚Œã¦ã„ã¾ã›ã‚“。 SYSTEM_CONFIGS_SSH_PROTO_NOTFOUND:プロトコルãƒãƒ¼ã‚¸ãƒ§ãƒ³1ã®ä½¿ç”¨ã‚’許å¯ã™ã‚‹ã«ã¯ãƒ‡ãƒ•ã‚©ãƒ«ãƒˆå€¤ã‚’「2,1ã€ã«ã—ã¦ãã ã•ã„。 SYSTEM_CONFIGS_SYSLOG:実行中ã®ã‚·ã‚¹ãƒ†ãƒ ãƒ­ã‚®ãƒ³ã‚°ãƒ‡ãƒ¼ãƒ¢ãƒ³ã‚’ãƒã‚§ãƒƒã‚¯ã™ã‚‹ SYSTEM_CONFIGS_SYSLOG_NOT_RUNNING:システムロギングデーモンã¯è¦‹ã¤ã‹ã‚Šã¾ã›ã‚“ã§ã—ãŸã€‚ SYSTEM_CONFIGS_SYSLOG_DAEMON:実行中ã®ã€Œ $1 ã€ãƒ‡ãƒ¼ãƒ¢ãƒ³ãŒè¦‹ã¤ã‹ã‚Šã¾ã—ãŸã€‚ SYSTEM_CONFIGS_SYSLOG_NO_FILE:「 $1 ã€ãƒ‡ãƒ¼ãƒ¢ãƒ³ã¯å®Ÿè¡Œã•ã‚Œã¦ã„ã¾ã™ãŒè¨­å®šãƒ•ã‚¡ã‚¤ãƒ«ãŒè¦‹ã¤ã‹ã‚Šã¾ã›ã‚“ã§ã—ãŸã€‚ SYSTEM_CONFIGS_SYSLOG_REMOTE:syslogリモートロギングãŒè¨±å¯ã•ã‚Œã¦ã„ã‚‹ã‹ãƒã‚§ãƒƒã‚¯ã™ã‚‹ SYSTEM_CONFIGS_SYSLOG_REMOTE_LOG:「 $1 ã€è¨­å®šãƒ•ã‚¡ã‚¤ãƒ«ã¯ãƒªãƒ¢ãƒ¼ãƒˆãƒ­ã‚®ãƒ³ã‚°ã‚’許å¯ã—ã¾ã™: $2 SYSTEM_CONFIGS_SYSLOG_REMOTE_ALLOWED:Rkhunter設定オプション「ALLOW_SYSLOG_REMOTE_LOGGINGã€ãŒæœ‰åŠ¹ã«ã•ã‚Œã¾ã—ãŸã€‚ FILESYSTEM_START:ファイルシステムãƒã‚§ãƒƒã‚¯ã‚’実行ã™ã‚‹ FILESYSTEM_DEV_CHECK:「/devã€ã®ç–‘ã‚ã—ã„ファイルタイプをãƒã‚§ãƒƒã‚¯ã™ã‚‹ FILESYSTEM_DEV_CHECK_NO_DEV:「/devã€ãŒå­˜åœ¨ã—ã¾ã›ã‚“。 FILESYSTEM_DEV_FILE_WL:ファイル「 $1 ã€ãŒè¦‹ã¤ã‹ã‚Šã¾ã—ãŸ: ホワイトリストã«è¿½åŠ ã•ã‚Œã¾ã™ã€‚ FILESYSTEM_DEV_FILE_FOUND:$1 ã«ç–‘ã‚ã—ã„ファイルタイプãŒè¦‹ã¤ã‹ã‚Šã¾ã—ãŸ: FILESYSTEM_HIDDEN_DIR_WL:éš ã—ディレクトリ「 $1 ã€ãŒè¦‹ã¤ã‹ã‚Šã¾ã—ãŸ: ホワイトリストã«è¿½åŠ ã•ã‚Œã¾ã™ã€‚ FILESYSTEM_HIDDEN_FILE_WL:éš ã—ファイル「 $1 ã€ãŒè¦‹ã¤ã‹ã‚Šã¾ã—ãŸ: ホワイトリストã«è¿½åŠ ã•ã‚Œã¾ã™ã€‚ FILESYSTEM_HIDDEN_CHECK:éš ã—ファイルãŠã‚ˆã³ãƒ‡ã‚£ãƒ¬ã‚¯ãƒˆãƒªã‚’ãƒã‚§ãƒƒã‚¯ã™ã‚‹ FILESYSTEM_HIDDEN_DIR_FOUND:éš ã—ディレクトリãŒè¦‹ã¤ã‹ã‚Šã¾ã—ãŸ: $1 FILESYSTEM_HIDDEN_FILE_FOUND:éš ã—ファイルãŒè¦‹ã¤ã‹ã‚Šã¾ã—ãŸ: $1 FILESYSTEM_LOGFILE_MISSING:ログファイルã®å­˜åœ¨ã‚’ãƒã‚§ãƒƒã‚¯ã™ã‚‹ FILESYSTEM_LOGFILE_MISSING_FOUND:ログファイル「 $1 ã€ãŒã‚ã‚Šã¾ã›ã‚“。 FILESYSTEM_LOGFILE_EMPTY:空ã®ãƒ­ã‚°ãƒ•ã‚¡ã‚¤ãƒ«ã‚’ãƒã‚§ãƒƒã‚¯ã™ã‚‹ FILESYSTEM_LOGFILE_EMPTY_FOUND:ログファイル「 $1 ã€ã¯ç©ºã§ã™ã€‚ CHECK_APPS:アプリケーションãƒãƒ¼ã‚¸ãƒ§ãƒ³ã‚’ãƒã‚§ãƒƒã‚¯ã™ã‚‹ ... APPS_NONE_FOUND:ä¸æ˜Žãªã‚¢ãƒ—リケーションã¯è¦‹ã¤ã‹ã‚Šã¾ã›ã‚“ã§ã—㟠- ã™ã¹ã¦ã®ãƒãƒ¼ã‚¸ãƒ§ãƒ³ãƒã‚§ãƒƒã‚¯ã¯ã‚¹ã‚­ãƒƒãƒ—ã•ã‚Œã¾ã—ãŸã€‚ APPS_DAT_MISSING::安全ã§ã¯ãªã„アプリケーションãƒãƒ¼ã‚¸ãƒ§ãƒ³ã®ãƒ•ã‚¡ã‚¤ãƒ«ã¯å­˜åœ¨ã—ãªã„ã¾ãŸã¯ç©ºã§ã™: $1 APPS_DAT_MISSING:デフォルトファイルをリストアã™ã‚‹ã«ã¯ã€Œrkhunter --updateã€ã‚’実行ã—ã¦ãã ã•ã„。 APPS_DAT_NOTAFILE:安全ã§ã¯ãªã„アプリケーションãƒãƒ¼ã‚¸ãƒ§ãƒ³ã®ãƒ•ã‚¡ã‚¤ãƒ«ã¯ãƒ•ã‚¡ã‚¤ãƒ«ã§ã¯ã‚ã‚Šã¾ã›ã‚“: $1 APPS_NOT_FOUND:アプリケーション「 $1 ã€ã¯è¦‹ã¤ã‹ã‚Šã¾ã›ã‚“ã§ã—ãŸã€‚ APPS_CHECK:$1 ã®ãƒãƒ¼ã‚¸ãƒ§ãƒ³ãƒã‚§ãƒƒã‚¯ APPS_CHECK_WL:アプリケーション「 $1 ã€ãŒè¦‹ã¤ã‹ã‚Šã¾ã—ãŸ: ホワイトリストã«è¿½åŠ ã•ã‚Œã¾ã™ã€‚ APPS_CHECK_VERSION_UNKNOWN:「 $1 ã€ã®ãƒãƒ¼ã‚¸ãƒ§ãƒ³ãƒŠãƒ³ãƒãƒ¼ã‚’å–å¾—ã§ãã¾ã›ã‚“。 APPS_CHECK_VERSION_FOUND:アプリケーション「 $1 〠ãƒãƒ¼ã‚¸ãƒ§ãƒ³ã€Œ $2 ã€ãŒè¦‹ã¤ã‹ã‚Šã¾ã—ãŸã€‚ APPS_CHECK_VERSION_WL:アプリケーション「 $1 〠ãƒãƒ¼ã‚¸ãƒ§ãƒ³ã€Œ $2 ã€ãŒè¦‹ã¤ã‹ã‚Šã¾ã—ãŸ: ã“ã®ãƒãƒ¼ã‚¸ãƒ§ãƒ³ã¯ãƒ›ãƒ¯ã‚¤ãƒˆãƒªã‚¹ãƒˆã«è¿½åŠ ã•ã‚Œã¾ã™ã€‚ APPS_CHECK_WHOLE_VERSION_USED:「 $1 ã€ã®ãƒãƒ¼ã‚¸ãƒ§ãƒ³ãƒŠãƒ³ãƒãƒ¼ã‚’å–å¾—ã§ãã¾ã›ã‚“: ãƒãƒ¼ã‚¸ãƒ§ãƒ³ã‚ªãƒ—ション: $2 APPS_CHECK_FOUND:アプリケーション「 $1 〠ãƒãƒ¼ã‚¸ãƒ§ãƒ³ã€Œ $2 ã€ã®æœ‰åŠ¹æœŸé™ãŒåˆ‡ã‚Œã¦ã„ã¾ã™ã€‚セキュリティリスクã®å¯èƒ½æ€§ãŒã‚ã‚Šã¾ã™ã€‚ APPS_TOTAL_COUNT:アプリケーションãƒã‚§ãƒƒã‚¯: $1 / $2 CHECK_NETWORK:ãƒãƒƒãƒˆãƒ¯ãƒ¼ã‚¯ãƒã‚§ãƒƒã‚¯ ... NETWORK_PORTS_START:ãƒãƒƒãƒˆãƒ¯ãƒ¼ã‚¯ãƒãƒ¼ãƒˆã®ãƒã‚§ãƒƒã‚¯ã‚’実行ã™ã‚‹ NETWORK_PORTS_BACKDOOR:ãƒãƒƒã‚¯ãƒ‰ã‚¢ãƒãƒ¼ãƒˆã‚’ãƒã‚§ãƒƒã‚¯ã™ã‚‹ NETWORK_PORTS_BACKDOOR_LOG:ãƒãƒƒã‚¯ãƒ‰ã‚¢ãƒãƒ¼ãƒˆã®ãƒã‚§ãƒƒã‚¯ã‚’実行ã™ã‚‹ NETWORK_PORTS_FILE_MISSING:既知ã®ãƒãƒƒã‚¯ãƒ‰ã‚¢ãƒãƒ¼ãƒˆã®ãƒ•ã‚¡ã‚¤ãƒ«ãŒå­˜åœ¨ã—ãªã„ã‹ç©ºã§ã™: $1 NETWORK_PORTS_FILE_MISSING:デフォルトファイルをリストアã™ã‚‹ã«ã¯ã€Œrkhunter --updateã€ã‚’実行ã—ã¦ãã ã•ã„。 NETWORK_PORTS_FILE_NOTAFILE:既知ã®ãƒãƒƒã‚°ãƒ‰ã‚¢ãƒãƒ¼ãƒˆã®ãƒ•ã‚¡ã‚¤ãƒ«ã¯ãƒ•ã‚¡ã‚¤ãƒ«ã§ã¯ã‚ã‚Šã¾ã›ã‚“: $1 NETWORK_PORTS_UNKNOWN_NETSTAT:ã™ã¹ã¦ã®ãƒãƒƒã‚¯ãƒ‰ã‚¢ãƒãƒ¼ãƒˆãƒã‚§ãƒƒã‚¯ã¯ã‚¹ã‚­ãƒƒãƒ—ã•ã‚Œã¾ã—ãŸã€‚ NETWORK_PORTS_UNKNOWN_NETSTAT:ã“ã®O/Sã§ã¯ä¸æ˜Žãªnetstatコマンドフォーマットã§ã™ã€‚ NETWORK_PORTS_ENABLE_TRUSTED:信用済ã¿ãƒ‘スåã¯ãƒãƒ¼ãƒˆãƒ›ãƒ¯ã‚¤ãƒˆãƒªã‚¹ãƒ†ã‚£ãƒ³ã‚°ã«æœ‰åŠ¹ã«ã•ã‚Œã¾ã™ã€‚ NETWORK_PORTS_BACKDOOR_CHK:$1 ãƒãƒ¼ãƒˆ $2 ã‚’ãƒã‚§ãƒƒã‚¯ã™ã‚‹ NETWORK_PORTS_PATH_WHITELIST:ãƒãƒƒãƒˆãƒ¯ãƒ¼ã‚¯ $1 ãƒãƒ¼ãƒˆ $2 㯠$3 ã«ã‚ˆã£ã¦ä½¿ç”¨ã•ã‚Œã¦ã„ã¾ã™: パスã¯ãƒ›ãƒ¯ã‚¤ãƒˆãƒªã‚¹ãƒˆã«è¿½åŠ ã•ã‚Œã¾ã™ã€‚ NETWORK_PORTS_TRUSTED_WHITELIST:ãƒãƒƒãƒˆãƒ¯ãƒ¼ã‚¯ $1 ãƒãƒ¼ãƒˆ $2 㯠$3 ã«ã‚ˆã£ã¦ä½¿ç”¨ã•ã‚Œã¦ã„ã¾ã™: パスã¯ä¿¡ç”¨ã•ã‚Œã¾ã™ã€‚ NETWORK_PORTS_PORT_WHITELIST:ãƒãƒƒãƒˆãƒ¯ãƒ¼ã‚¯ $1 ãƒãƒ¼ãƒˆ $2 ãŒè¦‹ã¤ã‹ã‚Šã¾ã—ãŸ: ãƒãƒ¼ãƒˆã¯ãƒ›ãƒ¯ã‚¤ãƒˆãƒªã‚¹ãƒˆã«è¿½åŠ ã•ã‚Œã¾ã™ã€‚ NETWORK_PORTS_BKDOOR_FOUND:ãƒãƒƒãƒˆãƒ¯ãƒ¼ã‚¯ $1 ãƒãƒ¼ãƒˆ $2 㯠$3 ã«ã‚ˆã£ã¦ä½¿ç”¨ã•ã‚Œã¦ã„ã¾ã™: rootkitå¯èƒ½æ€§: $4 NETWORK_PORTS_BKDOOR_FOUND:ã“れをãƒã‚§ãƒƒã‚¯ã™ã‚‹ã«ã¯ã€Œlsof -iã€ã¾ãŸã¯ã€Œnetstat -anã€ã‚³ãƒžãƒ³ãƒ‰ã‚’実行ã—ã¦ãã ã•ã„。 NETWORK_HIDDEN_PORTS:éš ã—ãƒãƒ¼ãƒˆã‚’ãƒã‚§ãƒƒã‚¯ã™ã‚‹ NETWORK_HIDDEN_PORTS_FOUND:éš ã—ãƒãƒ¼ãƒˆãŒè¦‹ã¤ã‹ã‚Šã¾ã—ãŸ: NETWORK_HIDDEN_PORTS_CHK:ãƒãƒ¼ãƒˆç•ªå·: $1:$2 NETWORK_HIDDEN_PORTS_CHK_NAME:ãƒãƒ¼ãƒˆç•ªå·: $1:$2 㯠$3 ã«ã‚ˆã£ã¦ä½¿ç”¨ã•ã‚Œã¦ã„ã¾ã™ã€‚ NETWORK_HIDDEN_PORTS_PATH_WHITELIST:éš ã— $1 ãƒãƒ¼ãƒˆ $2 㯠$3 ã«ã‚ˆã£ã¦ä½¿ç”¨ã•ã‚Œã¦ã„ã¾ã™: パスã¯ãƒ›ãƒ¯ã‚¤ãƒˆãƒªã‚¹ãƒˆã«è¿½åŠ ã•ã‚Œã¾ã™ã€‚ NETWORK_HIDDEN_PORTS_TRUSTED_WHITELIST:éš ã— $1 ãƒãƒ¼ãƒˆ $2 㯠$3 ã«ã‚ˆã£ã¦ä½¿ç”¨ã•ã‚Œã¦ã„ã¾ã™: パスã¯ä¿¡ç”¨ã•ã‚Œã¾ã™ã€‚ NETWORK_HIDDEN_PORTS_PORT_WHITELIST:éš ã— $1 ãƒãƒ¼ãƒˆ $2 ãŒè¦‹ã¤ã‹ã‚Šã¾ã—ãŸ: ãƒãƒ¼ãƒˆã¯ãƒ›ãƒ¯ã‚¤ãƒˆãƒªã‚¹ãƒˆã«è¿½åŠ ã•ã‚Œã¾ã™ã€‚ NETWORK_INTERFACE_START:ãƒãƒƒãƒˆãƒ¯ãƒ¼ã‚¯ã‚¤ãƒ³ã‚¿ãƒ¼ãƒ•ã‚§ãƒ¼ã‚¹ã®ãƒã‚§ãƒƒã‚¯ã‚’実行ã™ã‚‹ NETWORK_PROMISC_WLIST:プロミスキャスモードãŒè¨±å¯ã•ã‚ŒãŸãƒãƒƒãƒˆãƒ¯ãƒ¼ã‚¯ã‚¤ãƒ³ã‚¿ãƒ¼ãƒ•ã‚§ãƒ¼ã‚¹: $1 NETWORK_PROMISC_CHECK:プロミスキャスインターフェースをãƒã‚§ãƒƒã‚¯ã™ã‚‹ NETWORK_PROMISC_NO_IFCONF_IP:プロミスキャスインターフェースã®ãƒã‚§ãƒƒã‚¯ã‚’スキップã—ã¾ã—㟠- 「ifconfigã€ã¾ãŸã¯ã€Œipã€ã‚³ãƒžãƒ³ãƒ‰ãŒè¦‹ã¤ã‹ã‚Šã¾ã›ã‚“ã§ã—ãŸã€‚ NETWORK_PROMISC_NO_CMD:「 $1 ã€ã‚³ãƒžãƒ³ãƒ‰ã‚’使用ã—ãŸãƒ—ロミスキャスインターフェースã®ãƒã‚§ãƒƒã‚¯ã‚’スキップã—ã¾ã—㟠- 「 $1 ã€ã‚³ãƒžãƒ³ãƒ‰ãŒè¦‹ã¤ã‹ã‚Šã¾ã›ã‚“ã§ã—ãŸã€‚「 $2 ã€ã‚³ãƒžãƒ³ãƒ‰ã‚’使用ã—ã¾ã™ã€‚ NETWORK_PROMISC_IF:プロミスキャスインターフェースã®å¯èƒ½æ€§: NETWORK_PROMISC_IF_1:「ifconfigã€ã‚³ãƒžãƒ³ãƒ‰å‡ºåŠ›: NETWORK_PROMISC_IF_2:「ipã€ã‚³ãƒžãƒ³ãƒ‰å‡ºåŠ›: NETWORK_PACKET_CAP_CHECK:パケットキャプãƒãƒ£ã‚¢ãƒ—リケーションをãƒã‚§ãƒƒã‚¯ã™ã‚‹ NETWORK_PACKET_CAP_CHECK_NO_FILE:パケットキャプãƒãƒ£ã‚¢ãƒ—リケーションã®ãƒã‚§ãƒƒã‚¯ã‚’スキップã—ã¾ã—㟠- 「 $1 ã€ãƒ•ã‚¡ã‚¤ãƒ«ãŒã‚ã‚Šã¾ã›ã‚“。 NETWORK_PACKET_CAP_FOUND:プロセス「 $1 ã€(PID $2) ã¯ãƒãƒƒãƒˆãƒ¯ãƒ¼ã‚¯ã‚’å¾…ã¡å—ã‘ã¦ã„ã¾ã™ã€‚ NETWORK_PACKET_CAP_WL:プロセス「 $1 ã€ãŒè¦‹ã¤ã‹ã‚Šã¾ã—ãŸ: ホワイトリストã«è¿½åŠ ã•ã‚Œã¾ã™ã€‚ SHARED_LIBS_START:「共有ライブラリã€ãƒã‚§ãƒƒã‚¯ã‚’実行ã™ã‚‹ SHARED_LIBS_PRELOAD_VAR:プリロード変数をãƒã‚§ãƒƒã‚¯ã™ã‚‹ SHARED_LIBS_PRELOAD_VAR_FOUND:ライブラリプリロード変数ãŒè¦‹ã¤ã‹ã‚Šã¾ã—ãŸ: $1 SHARED_LIBS_PRELOAD_FILE:プリロードライブラリをãƒã‚§ãƒƒã‚¯ã™ã‚‹ SHARED_LIBS_PRELOAD_LIB_FOUND:プリロード共有ライブラリãŒè¦‹ã¤ã‹ã‚Šã¾ã—ãŸ: $1 SHARED_LIBS_PRELOAD_FILE_FOUND:ライブラリプリロードãŒè¦‹ã¤ã‹ã‚Šã¾ã—ãŸ: $1 SHARED_LIBS_PRELOAD_LIB_WLIST:プリロード共有ライブラリ「 $1 ã€ãŒè¦‹ã¤ã‹ã‚Šã¾ã—ãŸ: ホワイトリストã«è¿½åŠ ã•ã‚Œã¾ã™ã€‚ SHARED_LIBS_PATH:「LD_LIBRARY_PATHã€å¤‰æ•°ã‚’ãƒã‚§ãƒƒã‚¯ã™ã‚‹ SHARED_LIBS_PATH_BAD:「LD_LIBRARY_PATHã€ç’°å¢ƒå¤‰æ•°ãŒè¨­å®šã•ã‚ŒãŸãŸã‚ãƒã‚¤ãƒŠãƒªã«å½±éŸ¿ã‚’与ãˆã‚‹ã“ã¨ãŒã§ãã¾ã™: 設定: $1 SUSPSCAN_CHECK:ç–‘ã‚ã—ã„コンテンツã®ãƒ•ã‚¡ã‚¤ãƒ«ã‚’ãƒã‚§ãƒƒã‚¯ã™ã‚‹ SUSPSCAN_DIR_NOT_EXIST:ディレクトリ「 $1 ã€ãŒå­˜åœ¨ã—ã¾ã›ã‚“。 SUSPSCAN_INSPECT:ファイル「 $1 ã€(スコア: $2) ã«ã¯ç–‘ã‚ã—ã„コンテンツãŒå«ã¾ã‚Œã¦ã„ã‚‹ãŸã‚ãƒã‚§ãƒƒã‚¯ã™ã¹ãã§ã™ã€‚ SUSPSCAN_START:ç–‘ã‚ã—ã„コンテンツã®ãƒ•ã‚¡ã‚¤ãƒ«ã‚’ãƒã‚§ãƒƒã‚¯ã™ã‚‹ SUSPSCAN_DIRS:確èªã™ã‚‹ãƒ‡ã‚£ãƒ¬ã‚¯ãƒˆãƒªã¯æ¬¡ã®ã¨ãŠã‚Šã§ã™: $1 SUSPSCAN_NO_DIRS:ディレクトリãŒæŒ‡å®šã•ã‚Œã¦ã„ã¾ã›ã‚“: デフォルトを使用ã—ã¾ã™ ($1) SUSPSCAN_TEMP:使用ã™ã‚‹ä¸€æ™‚ディレクトリ: $1 SUSPSCAN_NO_TEMP:一時ディレクトリãŒæŒ‡å®šã•ã‚Œã¦ã„ã¾ã›ã‚“:デフォルトを使用ã—ã¾ã™ ($1) SUSPSCAN_SIZE:ãƒã‚§ãƒƒã‚¯ã™ã‚‹æœ€å¤§ãƒ•ã‚¡ã‚¤ãƒ«ã‚µã‚¤ã‚º (ãƒã‚¤ãƒˆ): $1 SUSPSCAN_NO_SIZE:最大ファイルサイズãŒæŒ‡å®šã•ã‚Œã¦ã„ã¾ã›ã‚“: デフォルトを使用ã—ã¾ã™ ($1) SUSPSCAN_THRESH:スコア閾値ãŒè¨­å®šã•ã‚Œã¾ã—ãŸ: $1 SUSPSCAN_NO_THRESH:スコア閾値ãŒæŒ‡å®šã•ã‚Œã¦ã„ã¾ã›ã‚“: デフォルトを使用ã—ã¾ã™ ($1) SUSPSCAN_DIR_CHECK:ディレクトリãƒã‚§ãƒƒã‚¯: $1 SUSPSCAN_FILE_CHECK:ファイルãƒã‚§ãƒƒã‚¯: å称:「 $1 ã€ã‚¹ã‚³ã‚¢: $2 SUSPSCAN_FILE_CHECK_DEBUG:ファイルãƒã‚§ãƒƒã‚¯: å称:「 $1 ã€ã‚¹ã‚³ã‚¢: $2 ヒットカウント: $3 ヒット: ($4) SUSPSCAN_FILE_SKIPPED_EMPTY:ファイルãŒç„¡è¦–ã•ã‚Œã¾ã—ãŸ: 空ã§ã™: $1 SUSPSCAN_FILE_SKIPPED_LINK:ファイルãŒç„¡è¦–ã•ã‚Œã¾ã—ãŸ: シンボリックリンク: $1 SUSPSCAN_FILE_SKIPPED_TYPE:ファイルãŒç„¡è¦–ã•ã‚Œã¾ã—ãŸ: æ­£ã—ããªã„タイプ: 「 $1 ã€: 「 $2 〠SUSPSCAN_FILE_SKIPPED_SIZE:ファイルãŒç„¡è¦–ã•ã‚Œã¾ã—ãŸ: 大ãã™ãŽã¾ã™: $1 SUSPSCAN_FILE_LINK_CHANGE:シンボリックリンクãŒè¦‹ã¤ã‹ã‚Šã¾ã—ãŸ: 「 $1 〠-> 「 $2 〠SUSPSCAN_DAT_MISSING:ç–‘ã‚ã—ã„コンテンツã®ãƒ‡ãƒ¼ã‚¿ãƒ•ã‚¡ã‚¤ãƒ«ãŒè¦‹å½“ãŸã‚‰ãªã„ã¾ãŸã¯ç©ºã§ã™: $1 SUSPSCAN_DAT_MISSING:デフォルトファイルをリストアã™ã‚‹ã«ã¯ã€Œrkhunter --updateã€ã‚’実行ã—ã¦ãã ã•ã„。 SUSPSCAN_DAT_NOTAFILE:ç–‘ã‚ã—ã„コンテンツã®ãƒ‡ãƒ¼ã‚¿ãƒ•ã‚¡ã‚¤ãƒ«ã¯ãƒ•ã‚¡ã‚¤ãƒ«ã§ã¯ã‚ã‚Šã¾ã›ã‚“: $1 LIST_TESTS:ç¾åœ¨ã®ãƒ†ã‚¹ãƒˆå: LIST_GROUPED_TESTS:グループテストå: LIST_LANGS:ç¾åœ¨ã®è¨€èªž: LIST_PERL:Perlモジュールインストールステータス: LIST_RTKTS:Rootkitsãƒã‚§ãƒƒã‚¯: LOCK_USED:ロッキングãŒä½¿ç”¨ã•ã‚Œã¦ã„ã¾ã™: タイムアウト㯠$1 秒ã§ã™ã€‚ LOCK_UNUSED:ロッキングã¯ä½¿ç”¨ã•ã‚Œã¦ã„ã¾ã›ã‚“。 LOCK_WAIT:ロックファイル応答待㡠LOCK_FAIL:ロックファイルを見ã¤ã‘ã‚‹ã“ã¨ãŒã§ãã¾ã›ã‚“ã§ã—ãŸ: rkhunterã¯å‹•ä½œã—ã¦ã„ã¾ã›ã‚“! rkhunter-1.4.6/files/i18n/tr0000644000000000000000000011524313207556312014325 0ustar rootrootVersion:2017080401 # # We start with the definitions of the message types and results. There # are very few of these, so including these and all the parts of each # message in one file makes sense and for easier translation. # # The message type MSG_TYPE_PLAIN is used for ordinary messages. It has # no specific value, and is intercepted in the display function. It is # included here for completeness. The index names of MSG_TYPE_ and # MSG_RESULT_ are reserved - no messages can use this as part of its index. # MSG_TYPE_PLAIN: MSG_TYPE_INFO:Bilgilendirme MSG_TYPE_WARNING:Uyarý # # This is the list of message results. # MSG_RESULT_OK:Tamam MSG_RESULT_SKIPPED:Atlandý MSG_RESULT_WARNING:Uyarý MSG_RESULT_FOUND:Bulundu MSG_RESULT_NOT_FOUND:Bulunamadý MSG_RESULT_NONE_FOUND:Bulunamadý MSG_RESULT_ALLOWED:Ýzin verildi MSG_RESULT_NOT_ALLOWED:Ýzin verilmedi MSG_RESULT_UNSET:Ayarlanmadý MSG_RESULT_WHITELISTED:Beyaz listeye alýndý MSG_RESULT_NONE_MISSING:Eksik yok MSG_RESULT_UPD:Güncellendi MSG_RESULT_NO_UPD:Güncelleme yok MSG_RESULT_UPD_FAILED:Güncelleme hatasý MSG_RESULT_VCHK_FAILED:Sürüm kontrol hatasý # # The messages. # VERSIONLINE:[ $1 sürüm $2 ] VERSIONLINE2:$3 üzerinde $1 $2 sürümü çalýþýyor VERSIONLINE3:$1 $2 sürümü çalýþýyor RKH_STARTDATE:Baþlama tarihi $1 RKH_ENDDATE:Bitiþ tarihi $1 OPSYS:Tespit edilen iþletim sistemi: '$1' UNAME:Uname çýktýsý: '$1' CONFIG_CHECK_START:Yapýlandýrma dosyasý ve komut-satýrý seçenekleri kontrol ediliyor... CONFIG_CMDLINE:Komut satýrý: $1 CONFIG_DEBUGFILE:Hata ayýklama dosyasý: $1 CONFIG_ENVSHELL:Çevre deðiþkeni kabuðu $1; rkhunter, $2 kullanýyor CONFIG_CONFIGFILE:'$1' yapýlandýrma dosyasý kullanýlýyor CONFIG_LOCALCONFIGFILE:'$1' yerel yapýlandýrma dosyasý kullanýlýyor CONFIG_LOCALCONFIGDIR:'$1' yerel yapýlandýrma dizini kullanýlýyor: $2 dosya bulundu CONFIG_INSTALLDIR:Kurulum dizini '$1' CONFIG_LANGUAGE:'$1' Dili kullanýlýyor CONFIG_DBDIR:Veritabaný dizini olarak '$1' kullanýlýyor CONFIG_SCRIPTDIR:Destek eklentileri dizini olarak '$1' kullanýlýyor CONFIG_BINDIR:Komut dizinleri olarak '$1' kullanýlýyor CONFIG_TMPDIR:Geçici dizin olarak '$1' kullanýlýyor CONFIG_NO_MAIL_ON_WARN:Uyarýlarda postalama adresi yapýlandýrýlmadý CONFIG_MOW_DISABLED:Uyarýlarda postalama, kullanýcý isteði üzerine devre dýþý býrakýlýyor CONFIG_MAIL_ON_WARN:Uyarýlar, '$2' komutuyla, '$1' adresine postalanýyor CONFIG_SSH_ROOT:Rkhunter yapýlandýrmasýndaki ALLOW_SSH_ROOT_USER seçeneðini '$1' olarak ayarlayýn. CONFIG_SSH_PROTV1:Rkhunter yapýlandýrmasýndaki ALLOW_SSH_PROT_V1 seçeneðini '$1' olarak ayarlayýn. CONFIG_X_AUTO:X otomatik olarak algýlanacaktýr CONFIG_CLRSET2:Ýkinci renk ayarý kullanýlýyor CONFIG_NO_SHOW_SUMMARY:Sistem kontrol özeti, kullanýcý isteði üzerine devre dýþý býrakýlýyor CONFIG_SCAN_MODE_DEV:SCAN_MODE_DEV özelliðini '$1' olarak ayarlayýn CONFIG_LOG_FILE:$1 günlük/kayýt dosyasýna kayýtlanýyor CONFIG_NO_VL:Ayrýntýlý günlük, kullanýcý isteði üzerine devre dýþý býrakýlýyor CONFIG_APPEND_LOG:Geçerli günlük, günlük/kayýt dosyasýna eklenecek CONFIG_COPY_LOG:Herhangi bir hata varsa günlük dosyasý kopyalanacak CONFIG_XINETD_PATH:$1 yapýlandýrma dosyasý olarak '$2' kullanýlýyor CONFIG_SOL10_INETD:Solaris 10 veya üstü bir inetd mekanizmasý kullanýlýyor CONFIG_STARTUP_PATHS:Sistem baþlangýç yolu olarak þunlar kullanýlýyor: $1 CONFIG_ROTATE_MIRRORS:Yansý dosyasý döndürülecek CONFIG_NO_ROTATE_MIRRORS:Yansý dosyasý döndürülmeyecek CONFIG_UPDATE_MIRRORS:Yansý dosyasý güncellenecek CONFIG_NO_UPDATE_MIRRORS:Yansý dosyasý güncellenmeyecek CONFIG_MIRRORS_MODE0:Yerel ve uzak yansýlarýn her ikiside kullanýlacak CONFIG_MIRRORS_MODE1:Yalnýzca yerel yansýlar kullanýlacak CONFIG_MIRRORS_MODE2:Yalnýzca uzak yansýlar kullanýlacak FOUND_CMD:'$1' komutu bulundu: $2 NOT_FOUND_CMD:'$1' komutu bulunamýyor CMD_ERROR:'$1' komutu '$2' hata kodunu verdi. SYS_PRELINK:Sistem prelinking (önbaðlantý) kullanýyor SYS_NO_PRELINK:Sistem prelinking (önbaðlantý) kullanmýyor SYS_SELINUX:SELinux etkin SYS_NO_SELINUX:SELinux devredýþý HASH_FUNC_PRELINK:Dosya saðlama kontrolü için prelinking komutu ($1 ile) kullanýlýyor HASH_FUNC_PERL:Dosya saðlama kontrolü için perl $1 modülü kullanýlýyor HASH_FUNC_PERL_SHA:Dosya saðlama kontrolü için perl $1 modülü ($1 ile) kullanýlýyor HASH_FUNC:Dosya saðlama kontrolü için '$1' komutu kullanýlýyor HASH_FUNC_NONE:Dosya saðlama kontrolü devredýþý: NONE belirtilmiþ HASH_FUNC_NONE_PKGMGR:Dosya saðlama kontrolü NONE belirtilmiþ: yalnýzca paket yöneticisi kullanýlacak HASH_FUNC_DISABLED:Saðlama fonksiyonu 'NONE' olarak ayarlandý: dosya saðlama kontrolü otomatikman devredýþý HASH_FUNC_OLD:Depolanan saðlama verileri, '$1' saðlama fonksiyonunu kullandý HASH_FUNC_OLD_DISABLED:Önceki saðlama fonksiyonu devredýþý býrakýlmýþ: depolanan saðlama verisi yok HASH_PKGMGR_OLD:Depolan doðrulama verileri, '$1' paket yöneticisini kullandý HASH_PKGMGR_OLD_UNSET:Depolan doðrulama verileri, bir paket yöneticisi kullanmadý HASH_PKGMGR:Dosya özellikleri kontrolü için '$1' paket yöneticisi kullanýlýyor HASH_PKGMGR_MD5:Paket yöneticisi doðrulamasýna yardýmcý olmasý için MD5 saðlama fonksiyonu komutu '$1' kullanýlýyor HASH_PKGMGR_SHA:Paket yöneticisi doðrulamasýna yardýmcý olmasý için SHA saðlama fonksiyonu komutu '$1' kullanýlýyor HASH_PKGMGR_SUM:Paket doðrulamasý için depolanan 16-bit saðlama kullanýlýyor HASH_PKGMGR_NOT_SPEC:Paket yöneticisi belirtilmedi: '$1' saðlama fonksiyonu kullanýlýyor HASH_PKGMGR_NOT_SPEC_PRELINKED:Paket yöneticisi belirtilmedi: '$1' ile prelink komutu kullanýlýyor HASH_FIELD_INDEX:Saðlama fonksiyonu kýsým içeriði, $1 olarak ayarlandý HASHUPD_DISABLED:Saðlama kontrolü devredýþý: geçerli dosya saðlama verileri depolanmayacak HASHUPD_PKGMGR:Dosya saðlama deðerlerini güncellemek için, '$1' paket yöneticisi kullanýlýyor HASHUPD_PKGMGR_NOT_SPEC:Dosya saðlama deðerlerini güncellemek için paket yöneticisi belirtilmemiþ: saðlama fonksiyonu olarak '$1' kullanýlýyor HASHUPD_PKGMGR_NOT_SPEC_PRELINKED:Dosya saðlama deðerlerini güncellemek için paket yöneticisi belirtilmemiþ: '$1' ile prelink komutu kullanýlýyor ATTRUPD_DISABLED:Dosya özniteliklerinin kontrolü devredýþý: geçerli dosya öznitelikleri depolanmayacak ATTRUPD_NOSTATCMD:Dosya özniteliklerinin kontrolü devredýþý: 'stat' komutu bulunamýyor: geçerli dosya öznitelikleri depolanmayacak ATTRUPD_OK:Geçerli dosya öznitelikleri depolanacak ATTRUPD_OLD_DISABLED:Önceki dosya öznitelikleri devredýþý: depolanmýþ dosya özniteliði yok ATTRUPD_OLD_NOSTATCMD:Önceki dosya öznitelikleri devredýþý: 'stat' komutu bulunamýyor: depolanmýþ dosya özniteliði yok ATTRUPD_OLD_OK:Önceki dosya öznitelikleri depolandý RKHDAT_ADD_NEW_ENTRY:'rkhunter.dat' dosyasýna, $1 dosya girdisi eklendi RKHDAT_DEL_OLD_ENTRY:'rkhunter.dat' dosyasýndan, $1 varolmayan dosya girdisi silindi SYSLOG_ENABLED:Muhtelif günlük/kayýtlarý için 'syslog' kullanýlýyor - imkan/öncelik seviyesi '$1'. SYSLOG_DISABLED:Kullanýcýlarýn isteðiyle syslog devredýþý býrakýlýyor. SYSLOG_NO_LOGGER:syslog devredýþý býrakýlýyor - 'logger' komutu bulunamýyor. NAME:$1 PRESSENTER:[Devam etmek için a basýn] TEST_SKIPPED_OS:'$1' testi Ýþletim Sistemi: $2 nedeniyle atlandý SUMMARY_TITLE1:Sistem kontrol özeti SUMMARY_TITLE2:===================== SUMMARY_PROP_SCAN:Dosya özellik kontrolü... SUMMARY_PROP_REQCMDS:Gerekli komut kontrolü baþarýsýz SUMMARY_PROP_COUNT:Dosyalar kontrol edildi: $1 SUMMARY_PROP_FAILED:Þüpheli dosyalar: $1 SUMMARY_CHKS_SKIPPED:Tüm kontroller atlandý SUMMARY_RKT_SCAN:Rootkit kontrolü... SUMMARY_RKT_COUNT:Rootkitler kontrol edildi : $1 SUMMARY_RKT_FAILED:Olasý rootkitler: $1 SUMMARY_RKT_NAMES:Rootkit isimleri : $1 SUMMARY_APPS_SCAN:Uygulama kontrolü... SUMMARY_APPS_COUNT:Kontrol edilen uygulamalar: $1 SUMMARY_APPS_FAILED:Þüpheli uygulamalar: $1 SUMMARY_SCAN_TIME:Sistem kontrolleri alýndý: $1 SUMMARY_NO_SCAN_TIME:Sistem kontrolü alýndý: Saat zamaný belirlenemiyor SUMMARY_LOGFILE:Tüm sonuçlar günlük/kayýt dosyasýna yazýlmýþtýr: $1 SUMMARY_NO_LOGFILE:Oluþturulmuþ kayýt dosyasý yok. SUMMARY_LOGFILE_COPIED:Günlük/kayýt dosyasý $1 þeklinde kopyalandý CREATED_TEMP_FILE:Geçici dosya oluþturuldu '$1' MIRRORS_NO_FILE:Hedef dosya mevcut deðil: $1 MIRRORS_NO_MIRRORS:Yansý dosyasý için gerekli yansý içermiyor: $1 MIRRORS_NO_VERSION:Yansý dosyasý sürüm numarasý içermiyor - sýfýra resetleniyor: $1 MIRRORS_ROTATED:Yansý dosyasý döndürülmüþtür: $1 MIRRORS_SF_DEFAULT:SourceForge yansýsý kullanýlýyor: $1 DOWNLOAD_CMD:Ýndirme komutu iþletiliyor '$1' DOWNLOAD_FAIL:Ýndirme baþarýsýz - $1 mirror(s) left. VERSIONCHECK_START:Rkhunter sürümü kontrol ediliyor... VERSIONCHECK_FAIL_ALL:Ýndirme baþarýsýz: Programýn son sürüm numarasý belirlenemiyor. VERSIONCHECK_CURRENT:Bu sürüm : $1 VERSIONCHECK_LATEST:Son sürüm: $1 VERSIONCHECK_LATEST_FAIL:Son sürüm: Ýndirme baþarýsýz VERSIONCHECK_UPDT_AVAIL:Güncelleme mevcut VERSIONCHECK_CONV_FAIL:Sürüm numaralarý karþýlaþtýrýlamýyor: Program: '$1' Son: '$2' UPDATE_START:rkhunter veri dosyalarý kontrol ediliyor... UPDATE_CHECKING_FILE:Dosya kontrol ediliyor: $1 UPDATE_FILE_NO_VERS:'$1' dosyasýnýn geçerli sürüm numarasý yok. Yeni bir kopyasý indiriliyor. UPDATE_FILE_MISSING:'$1' dosyasý yok yada boþ. Yeni bir kopyasý indiriliyor. UPDATE_DOWNLOAD_FAIL:'$1' dosyasýnýn indirilmesi baþarýsýz: Son sürüm numarasý belirlenemiyor. UPDATE_I18N_NO_VERS:i18n dil dosyasý sürüm numaralarý bulunamadý. UPDATE_SKIPPED:Kullanýcýlarýn isteði üzerine dil dosyasý güncelleme iþlemi atlandý. OSINFO_START:Ýþletim Sisteminin en son ne zaman deðiþtiði kontrol ediliyor... OSINFO_END:Deðiþen birþey yok gibi görünüyor. OSINFO_HOST_CHANGE1:Son çalýþtýrmadan bu yana hostname deðiþmiþ gibi görünüyor: OSINFO_HOST_CHANGE2:Eski host deðeri: $1 Yeni host deðeri: $2 OSINFO_OSVER_CHANGE1:Son çalýþtýrmadan bu yana Ýþletim Sistemi adý veya sürümü deðiþmiþ gibi görünüyor: OSINFO_OSVER_CHANGE2:Eski Ý/S deðeri: $1 Yeni Ý/S deðeri: $2 OSINFO_PRELINK_CHANGE:Son çalýþtýrmadan bu yana prelinking olarak ${1} þeklinde deðiþtirilmiþ gibi görünüyor. OSINFO_ARCH_CHANGE1:Sistemin CPU türü deðiþmiþ gibi görünüyor: OSINFO_ARCH_CHANGE2:Eski CPU deðeri: $1 Yeni deðer: $2 OSINFO_MSG1:Çünkü dosya özelliði deðiþikliklerinin kontrolü bazý yanlýþ-olumlu sonuçlar verebilir. OSINFO_MSG2:'--propupd' seçeneði ile rkhunterý tekrar çalýþtýrmanýz gerekebilir. OSINFO_DO_UPDT:Dosya özellikleri dosyasý otomatik olarak güncellenecek. SET_FILE_PROP_START:Dosya özelliklerini alýnýyor... SET_FILE_PROP_DIR_FILE_COUNT:$2 dizininde $1 dosya bulundu SET_FILE_PROP_FILE_COUNT:Dosya $1: aranan $2 dosya, $3 tane bulundu SET_FILE_PROP_FILE_COUNT_BL:Dosya $1: aranan $2 dosya, $3 tane bulundu, kýrýk link: $4 SET_FILE_PROP_FILE_COUNT_PROPOPT:Dosya $1: aranan $2 dosya, $4 taneden $3 tanesi bulundu SET_FILE_PROP_FILE_COUNT_PROPOPT_BL:Dosya $1: aranan $2 dosya, $4 taneden $3 tanesi bulundu, kýrýk link: $5 SET_FILE_PROP_FILE_COUNT_NOHASH:Dosya $1: aranan $2 dosya, $3 tane bulundu, kayýp saðlama: $4 SET_FILE_PROP_FILE_COUNT_NOHASH_BL:Dosya $1: aranan $2 dosya, $3 tane bulundu, kayýp saðlama: $4, kýrýk link: $5 SET_FILE_PROP_FILE_COUNT_NOHASH_PROPOPT:Dosya $1: aranan $2 dosya, $4 taneden $3 tanesi bulundu, kayýp saðlama $5 SET_FILE_PROP_FILE_COUNT_NOHASH_PROPOPT_BL:Dosya $1: aranan $2 dosya, $4 taneden $3 tanesi bulundu, kayýp saðlama: $5, kýrýk link: $6 PROPUPD_START:Dosya özellikleri veri güncellemesi baþlatýlýyor... PROPUPD_OSINFO_START:Ýþletim Sistemi bilgisi toplanýyor... PROPUPD_ARCH_FOUND:Sistem mimarisi bulundu: $1 PROPUPD_REL_FILE:Sürüm dosyasý bulundu: $1 PROPUPD_NO_REL_FILE_NO_OUTPUT:Bir Ý/S sürüm dosyasý bulunamadý. PROPUPD_NO_REL_FILE:Bir Ý/S sürüm dosyasý bulunamadý: LS çýktýsý: PROPUPD_OSNAME_FOUND:Bulunan Ýþletim Sistemi: $1 PROPUPD_ERROR:Yeni rkhunter.dat dosyasý kurulurken hata. Kod $1 PROPUPD_NEW_DAT_FILE:Yeni rkhunter.dat dosyasý '$1' dizininde kuruldu PROPUPD_WARN:UYARI! Sistemlerindeki dosyalarýn doðru olup olmadýðýndan ve güvenilir bir kaynaktan yüklenip PROPUPD_WARN:yüklenmediðinden emin olmak için '--propupd' seçeneðini kullanmalarý, kullanýcýlarýn PROPUPD_WARN:sorumluluðundadýr. rkhunter geçerli dosya özelliklerini daha önceden depolanmýþ deðerlerle PROPUPD_WARN:karþýlaþtýrýr ve herhangi bir deðer farklýlýðýný rapor eder. Bununla birlikte rkhunter, PROPUPD_WARN:deðiþikliklere neyin sebep olduðunu belirleyemez, bunu sebepleri kullanýcý kendisi bulmalýdýr. ENABLED_TESTS:Etkin testler: $1 DISABLED_TESTS:Devredýþý testler: $1 USER_FILE_LIST:Dosya özellikleri kontrolüne kullanýcý dosyalarý dahil ediliyor: USER_CMD_LIST:Dosya özellikleri kontrolüne kullanýcý komutlarý dahil ediliyor: USER_DIR_LIST:Dosya özellikleri kontrolüne kullanýcý dizinleri dahil ediliyor: USER_EXCLUDE_PROP:Dosya özellikleri kontrolünden hariç tutulanlar: KSYMS_FOUND:'$1' kysm dosyasý bulundu KSYMS_UNAVAIL:Tüm ksym ve kallsym kontrolleri atlanacak - dosya okunabilir deðil. KSYMS_MISSING:Tüm ksym ve kallsym kontrolleri atlanacak - hiçbir dosya sistemde mevcut deðil. STARTING_TEST:'$1' testi baþlatýlýyor USER_DISABLED_TEST:Kullanýcý isteðiyle '$1' testi devredýþý býrakýldý. CHECK_START:Sistem kontrolleri baþlatýlýyor... CHECK_WARNINGS_NOT_FOUND:Sistem kontrol edilirken herhangi bir uyarý bulunamadý. CHECK_WARNINGS_NOT_FOUND0:Sistem kontrol edilirken 0 uyarý bulundu. CHECK_WARNINGS_FOUND:Sistem kontrol edilirken bir veya daha fazla uyarý bulundu. CHECK_WARNINGS_FOUND_NUMBER:Sistem kontrol edilirken $1 uyarý bulundu. CHECK_WARNINGS_FOUND_NUMBER1:Sistem kontrol edilirken 1 uyarý bulundu. CHECK_WARNINGS_FOUND_RERUN:Bir günlük/kayýt dosyasý oluþturmak için lütfen rkhunterý tekrar çalýþtýrýn. CHECK_WARNINGS_FOUND_CHK_LOG:Lütfen günlük/kayýt dosyasýný ($1) kontrol edin CHECK_SYS_COMMANDS:Sistem komutlarý kontrol ediliyor... STRINGS_CHECK_START:'strings' komut kontrolü iþletiliyor STRINGS_SCANNING_OK:Ýfade (OK) taranýyor: $1 STRINGS_SCANNING_BAD:Ýfade (BAD) taranýyor: $1 STRINGS_SCANNING_BAD:'strings' komut kontrolünde (BAD) ifade bulunamadý STRINGS_CHECK:'strings' komutu kontrol ediliyor STRINGS_CHECK:Kontrol atlandý - 'strings' komutu bulunamýyor. FILE_PROP_START:Dosya özelliklerinin kontrolleri gerçekleþtiriliyor FILE_PROP_CMDS:Ön koþullar kontrol ediliyor FILE_PROP_IMMUT_OS:Tüm immutable-bit kontrolleri atlanýyor.Bu kontrol sadece Linux sistemleri için kullanýlabilir. FILE_PROP_IMMUT_SET:Immutable-bit kontrolü tersine dönecek. FILE_PROP_SKIP_ATTR:'stat' komutu bulunamýyor - tüm dosya nitelik kontrolleri atlanacak. FILE_PROP_SKIP_HASH:Tüm dosya saðlama kontrolleri atlanacak, çünkü: FILE_PROP_SKIP_HASH_FUNC:Geçerli saðlama fonksiyonu ($1) ya da ($2) paket yöneticisi saðlama fonksiyonu, deðerleri saklamak için kullanýlan ($3) saðlama fonksiyonu veya ($4) paket yöneticisi ile uyumsuz. FILE_PROP_SKIP_HASH_PRELINK:'prelink' komutu bulunamýyor. FILE_PROP_SKIP_HASH_SHA1:Bu sistem prelinking kullanýyor, fakat saðlama fonksiyonu komutu SHA1 yada MD5 gibi görünmüyor. FILE_PROP_SKIP_HASH_LIBSAFE:Libsafe bulundu, bu durum hatalara neden olabilir. Mümkünse, libsafe'i devre dýþý býrakýn ve sonra prelink komutunu çalýþtýrýn. Son olarak, 'rkhunter --propupd' komutunu kullanarak saðlama deðerlerini tekrar oluþturun. FILE_PROP_SKIP_IMMUT:'lsattr' komutu bulunamýyor - tüm dosya immutable-bit kontrolleri atlanacak. FILE_PROP_SKIP_IMMUT_CMD:'$1' komutu sonrasý bir çýktý yok - tüm dosya immutable-bit kontrolleri atlanacak. FILE_PROP_SKIP_SCRIPT:'file' komutu bulunamýyor - Tüm komut dosyasý yedek kontrolleri atlanacak. FILE_PROP_SKIP_FILE_CMD:'file' komutu sonrasý bir çýktý yok - tüm script deðiþtirme kontrolleri atlanacak. FILE_PROP_NO_OS_WARNING:Ýþletim Sistemi deðiþiklik uyarýlarý kullanýcý isteði üzerine devredýþý býrakýlmýþ. FILE_PROP_OS_CHANGED:Yerel host yapýlandýrmasý yada iþletim sistemi deðiþmiþ. FILE_PROP_DAT_MISSING:Depolanan dosya özellikleri dosyasý (rkhunter.dat) mevcut deðil ve oluþturulmasý gerekiyor. Bunun için 'rkhunter --propupd' komutunu çalýþtýrýn. FILE_PROP_DAT_EMPTY:Depolanan dosya özellikleri dosyasý (rkhunter.dat) boþ ve oluþturulmasý gerekiyor. Bunun için 'rkhunter --propupd' komutunu çalýþtýrýn. FILE_PROP_SKIP_ALL:Tüm dosya özellikleri kontrolleri atlanýyor. FILE_PROP_DAT_MISSING_INFO:Dosya özellik kontrolleri, rkhunter.dat dosyasý olmadan da yapýlabilen kontrolleri yerine getirmek üzere yine de çalýþacaktýr. FILE_PROP_FILE_NOT_EXIST:'$1' dosyasý sistem üzerinde bulunamadý, ancak 'rkhunter.dat' dosyasýnda mevcut. FILE_PROP_WL:'$1' dosyasý bulundu: Bu dosya '$2' kontrolü için beyaz listede. FILE_PROP_WL_STR:'$1' dosyasý ve '$2' dizisi bulundu: Bunlar '$3' kontrolü için beyaz listedeler. FILE_PROP_WL_DIR:'$1' dizini bulundu: Bu dizin '$2' kontrolü için beyaz listede. FILE_PROP_NO_RKH_REC:'$1' dosyasý sistemde mevcut, fakat 'rkhunter.dat' dosyasýnda mevcut deðil. FILE_PROP_CHANGED:Dosya özellikleri deðiþti: FILE_PROP_CHANGED2:Dosya: $1 FILE_PROP_NO_PKGMGR_FILE:'$1' dosyasý saðlama deðeri atlandý: dosya bir pakete ait deðil FILE_PROP_NO_SYSHASH:'$1' dosyasý için saðlama deðeri yok FILE_PROP_NO_SYSHASH_BL:$1 dosyasý bir kýrýk link. FILE_PROP_BROKEN_LINK_WL_TGT:Kýrýk link bulundu, fakat sözkonusu hedeflerin varlýðý beyaz listede: '$1' FILE_PROP_NO_SYSHASH_CMD:Saðlama komutu çýktýsý: $1 FILE_PROP_NO_SYSHASH_DEPENDENCY:Baðýmlýlýk hatalarýný gidermek için 'prelink $1' komutunu deneyin. FILE_PROP_IGNORE_PRELINK_DEP_ERR:'$1' dosyasý için prelink baðýmlýlýk hatasý görmezden geliniyor FILE_PROP_SYSHASH_UNAVAIL:Geçerli saðlama: Mevcut deðil FILE_PROP_SYSHASH_UNAVAIL_BL:Geçerli saðlama: Mevcut deðil (muhtemelen kýrýk link) FILE_PROP_SYSHASH:Geçerli saðlama: $1 FILE_PROP_RKHHASH:Depolanan saðlama: $1 FILE_PROP_NO_RKHHASH:'rkhunter.dat' dosyasýnda '$1' dosyasý için saðlama deðeri yok. FILE_PROP_NO_RKHPERM:'rkhunter.dat' dosyasýnda '$1' dosyasý için dosya izni deðeri yok. FILE_PROP_PERM_UNAVAIL:Geçerli dosya izni: Mevcut deðil Depolanan dosya izni: $1 FILE_PROP_PERM:Geçerli dosya izni: $1 Depolanan dosya izni: $2 FILE_PROP_UID_UNAVAIL:Geçerli UID: Mevcut deðil Depolanan UID: $1 FILE_PROP_UID:Geçerli UID: $1 Depolanan UID: $2 FILE_PROP_NO_RKHUID:'rkhunter.dat' dosyasýnda '$1' dosyasý için UID deðeri yok. FILE_PROP_GID_UNAVAIL:Geçerli GID: Mevcut deðil Depolanan GID: $1 FILE_PROP_GID:Geçerli GID: $1 Depolanan UID: $2 FILE_PROP_NO_RKHGID:'rkhunter.dat' dosyasýnda '$1' dosyasý için GID deðeri yok. FILE_PROP_INODE_UNAVAIL:Geçerli inode: Mevcut deðil Depolanan inode: $1 FILE_PROP_INODE:Geçerli inode: $1 Depolanan inode: $2 FILE_PROP_NO_RKHINODE:'rkhunter.dat' dosyasýnda '$1' dosyasý için inode deðeri yok. FILE_PROP_SIZE_UNAVAIL:Geçerli boyut: Mevcut deðil Depolanan boyut: $1 FILE_PROP_SIZE:Geçerli boyut: $1 Depolanan boyut: $2 FILE_PROP_NO_RKHSIZE:'rkhunter.dat' dosyasýnda '$1' dosyasý için boyut deðeri yok. FILE_PROP_SYSDTM_UNAVAIL:Geçerli dosya deðiþiklik zamaný: Mevcut deðil FILE_PROP_SYSDTM:Geçerli dosya deðiþiklik zamaný: $1 FILE_PROP_RKHDTM:Depolanan dosya deðiþiklik zamaný: $1 FILE_PROP_NO_RKHDTM:'rkhunter.dat' dosyasýnda '$1' dosyasý için dosya deðiþiklik zamaný deðeri yok. FILE_PROP_SYSLNK:Geçerli sembolik link hedefi: '$1' -> '$2' FILE_PROP_RKHLNK:Depolanan sembolik link hedefi : '$1' -> '$2' FILE_PROP_NO_RKHLNK:'$1' dosyasý için 'rkhunter.dat' dosyasýnda sembolik link hedefi bulunamadý. FILE_PROP_LINK_WL:Sembolik link hedefi deðiþmiþ, fakat beyaz listede: '$1' -> '$2' FILE_PROP_NO_SYSATTR:'$1' dosyasýnýn geçerli dosya özellikleri elde edilemiyor FILE_PROP_WRITE:'$1' dosyasýnýn yazma izni tüm kullanýcýlar için ayarlandý. FILE_PROP_SYSPERM_UNAVAIL:'$1' dosyasýnýn geçerli yazma izni elde edilemiyor FILE_PROP_IMMUT:'$1' dosyasý immutable-bit ayarýna sahip. FILE_PROP_IMMUT_NOT_SET:'$1' dosyasý immutable-bit ayarýna sahip deðil. FILE_PROP_SCRIPT:'$1' komutu, '$2' scripti ile deðiþtirilmiþtir. FILE_PROP_SCRIPT_RKH:'$1' komutu, '$2' ile deðiþtirilmiþ olup bir script deðildir. FILE_PROP_VRFY:Paket yöneticisi doðrulamasý baþarýsýz oldu: FILE_PROP_VRFY_HASH:Dosya hash deðeri deðiþmiþ FILE_PROP_VRFY_PERM:Dosya izinleri deðiþmiþ FILE_PROP_VRFY_UID:Dosya sahibi deðiþmiþ FILE_PROP_VRFY_GID:Dosya grubu deðiþmiþ FILE_PROP_VRFY_DTM:Dosya deðiþiklik zamaný deðiþmiþ FILE_PROP_VRFY_LNK:Sembolik link hedefi deðiþmiþ FILE_PROP_VRFY_SIZE:Dosya boyutu deðiþmiþ FILE_PROP_EPOCH_DATE_CMD:Ýkinci tur iþlemi için '$1' kullanýlýyor. CHECK_ROOTKITS:Rootkitler kontrol ediliyor... ROOTKIT_FILES_DIRS_START:Bilinen rootkit dosyalarý ve dizinlerinin kontrolü çalýþtýrýlýyor ROOTKIT_FILES_DIRS_NAME_LOG:${1} için kontrol ediliyor... ROOTKIT_FILES_DIRS_FILE:Dosya kontrol ediliyor '$1' ROOTKIT_FILES_DIRS_DIR:Dizin kontrol ediliyor '$1' ROOTKIT_FILES_DIRS_KSYM:Kernel sembolü '$1' için kontrol ediliyor ROOTKIT_FILES_DIRS_FILE_FOUND:'$1' dosyasý bulundu ROOTKIT_FILES_DIRS_DIR_FOUND:'$1' dizini bulundu ROOTKIT_FILES_DIRS_KSYM_FOUND:Kernel sembolü '$1' bulundu ROOTKIT_FILES_DIRS_STR:'$1' dizisi için kontrol ediliyor ROOTKIT_FILES_DIRS_STR_FOUND:'$2' dosyasýnda '$1' dizisi bulundu ROOTKIT_FILES_DIRS_NOFILE:'$1' dosyasý mevcut deðil! ROOTKIT_FILES_DIRS_SINAR_DIR:'$1' dizininde kontrol ediliyor ROOTKIT_FILES_DIRS_SINAR:'$1' dizininde SInAR bulundu ROOTKIT_LINK_COUNT:'$1' dizininde hard link sayýsý kontrol ediliyor ROOTKIT_LINK_COUNT_FAIL:'$1' komutundan hard link sayýsý: $2 ROOTKIT_LINK_COUNT_CMDERR:'$2' kontrol edildiðinde '$2' komutundan hata döndürüldü ROOTKIT_PHALANX2_LINK_COUNT_FAIL:'$1' üzerinde hard link kontrolü baþarýsýz oldu ROOTKIT_PHALANX2_PROC:'ata/0' iþlemi için iþlem listesi kontrol ediliyor ROOTKIT_PHALANX2_PROC_FOUND:Çalýþan 'ata/0' iþlemi bulundu ROOTKIT_PHALANX2_PROC_PPID:Beklenen 'kthread' parent PID'si '$1', bulunan parent PID'si '$2' ROOTKIT_PHALANX2_PROC_PS_ERR:'ps' çalýþtýrýlýrken beklenmeyen sonuçlar döndürüldü: muhtemelen desteklenmeyen komut satýrý argümanlarý. ROOTKIT_ADD_START:Ek rootkit kontrolleri çalýþtýrýlýyor ROOTKIT_ADD_SUCKIT:Suckit Rookit ek kontrolleri ROOTKIT_ADD_SUCKIT_LOG:Suckit Rookit ek kontrolleri çalýþtýrýlýyor ROOTKIT_ADD_SUCKIT_LINK_NOCMD:'/sbin/init' link sayýsý kontrol ediliyor: 'stat' komutu bulunamadý ROOTKIT_ADD_SUCKIT_LINK_FOUND:'/sbin/init' link sayýsý kontrol ediliyor: sayý $1, 1 olmalýdýr ROOTKIT_ADD_SUCKIT_EXT:Gizli dosya uzantýlarý kontrol ediliyor ROOTKIT_ADD_SUCKIT_EXT_FOUND:Gizli dosya uzantýlarý kontrol ediliyor: $1 tane bulundu ROOTKIT_ADD_SUCKIT_SKDET:'skdet' komutu çalýþtýrýlýyor ROOTKIT_ADD_SUCKIT_SKDET_FOUND:'skdet' komutu çalýþtýrýlýyor: $1 tane bulundu ROOTKIT_ADD_SUCKIT_SKDET_VER:'skdet' komutu çalýþtýrýlýyor: bilinmeyen sürüm: $1 ROOTKIT_POSS_FILES_DIRS:Olasý rootkit dosya ve klasörleri kontrol ediliyor ROOTKIT_POSS_FILES_DIRS_LOG:Olasý rootkit dosya ve klasörlerinin kontrolü çalýþtýrýlýyor ROOTKIT_POSS_FILES_FILE_FOUND:'$1' dosyasý bulundu. Olasý rootkit: $2 ROOTKIT_POSS_FILES_DIR_FOUND:'$1' klasörü bulundu. Olasý rootkit: $2 ROOTKIT_POSS_STRINGS:Olasý rootkit dizileri kontrol ediliyor ROOTKIT_POSS_STRINGS_LOG:Olasý rootkit dizilerinin kontrolü çalýþtýrýlýyor ROOTKIT_POSS_STRINGS_FOUND:'$2' dosyasýnda '$1' dizisi bulundu. Olasý rootkit: $3 ROOTKIT_MALWARE_START:Zararlý yazýlým kontrolü çalýþtýrýlýyor ROOTKIT_MALWARE_SUSP_FILES:Þüpheli dosyalar için çalýþan iþlemler kontrol ediliyor ROOTKIT_MALWARE_SUSP_FILES_FOUND:Aþaðýdaki iþlemler þüpheli dosya(lar) kullanýyor: ROOTKIT_MALWARE_SUSP_FILES_FOUND_UID:UID: $1 PID: $2 ROOTKIT_MALWARE_SUSP_FILES_FOUND_CMD:Komut: $1 ROOTKIT_MALWARE_SUSP_FILES_FOUND_PATH:Yol ismi: $1 ROOTKIT_MALWARE_SUSP_FILES_FOUND_RTKT:Olasý Rootkit: $1 ROOTKIT_MALWARE_HIDDEN_PROCS:Gizli iþlemler kontrol ediliyor ROOTKIT_MALWARE_HIDDEN_PROCS_UNHIDE_VERS:'unhide' komut sürümü bulundu: $1 ROOTKIT_MALWARE_HIDDEN_PROCS_UNHIDE_CMD:'$1' komutu kullanýlýyor ROOTKIT_MALWARE_HIDDEN_PROCS_UNH_ERR:'unhide' çalýþtýrýlabilir deðil: geçersiz yapýlandýrýlmýþ testler: $1 ROOTKIT_MALWARE_HIDDEN_PROCS_FOUND:Gizli iþlemler bulundu: ROOTKIT_MALWARE_DELETED_FILES:Silinen dosyalar için çalýþan iþlemler kontrol ediliyor ROOTKIT_MALWARE_DELETED_FILES_FOUND:Aþaðýdaki iþlemler silinen dosya(lar) kullanýyor: ROOTKIT_MALWARE_DELETED_FILES_FOUND_DATA:Ýþlem: $1 PID: $2 Dosya: $3 ROOTKIT_MALWARE_DELETED_FILES_WL:Beyaz listedeki '$1' dosyasýný kullanan '$1' iþlemi bulundu. ROOTKIT_MALWARE_LOGIN_BDOOR:Arkakapý giriþleri kontrol ediliyor ROOTKIT_MALWARE_LOGIN_BDOOR_CHK:'$1' kontrol ediliyor ROOTKIT_MALWARE_LOGIN_BDOOR_FOUND:Arkakapý giriþ dosyasý bulundu: $1 ROOTKIT_MALWARE_SUSP_DIR:Þüpheli klasörler kontrol ediliyor ROOTKIT_MALWARE_SUSP_DIR_FOUND:Þüpheli klasör bulundu: $1 ROOTKIT_MALWARE_SFW_INTRUSION:Yazýlým ihlalleri kontrol ediliyor ROOTKIT_MALWARE_SFW_INTRUSION_FOUND:'$1' dosyasý '$2' dizisini içeriyor. Olasý rootkit: SHV5 ROOTKIT_MALWARE_SFW_INTRUSION_SKIP:Kontrol atlandý - tripwire yüklü deðil ROOTKIT_MALWARE_SNIFFER:Algýlayýcý günlük/kayýt dosyalarý kontrol ediliyor ROOTKIT_MALWARE_SNIFFER_FOUND:Algýlayýcý günlük/kayýt dosyasý bulundu: $1 ROOTKIT_MALWARE_IPCS:Þüpheli Paylaþýlan Bellek segmentleri ROOTKIT_MALWARE_IPCS_FOUND:Þu þüpheli paylaþým belleði segmentleri bulundu: ROOTKIT_MALWARE_IPCS_DETAILS:Ýþlem: $1 PID: $2 Sahibi: $3 ROOTKIT_MALWARE_IPCS_WL:Ýþlem yolu adý '$1': beyaz listeye alýndý. ROOTKIT_TROJAN_START:Spesifik trojan kontrolleri çalýþtýrýlýyor ROOTKIT_TROJAN_INETD:Etkin inetd servisleri kontrol ediliyor ROOTKIT_TROJAN_INETD_SKIP:Kontrol atlandý - '$1' dosyasý mevcut deðil. ROOTKIT_TROJAN_INETD_FOUND:Etkin inetd servisi bulundu: $1 ROOTKIT_TROJAN_XINETD:Etkin xinetd servisleri kontrol ediliyor ROOTKIT_TROJAN_XINETD_ENABLED:Etkin servisler için, '$1' çalýþtýrýlýyor ROOTKIT_TROJAN_XINETD_INCLUDE:'include $1' direktifi bulundu ROOTKIT_TROJAN_XINETD_INCLUDEDIR:'includedir $1' direktifi bulundu ROOTKIT_TROJAN_XINETD_ENABLED_FOUND:Etkin xinetd servisi bulundu: $1 ROOTKIT_TROJAN_XINETD_WHITELIST:'$1' servisi bulundu: $2 beyaz listesinde. ROOTKIT_TROJAN_APACHE:Apache arkakapýsý kontrol ediliyor ROOTKIT_TROJAN_APACHE_SKIPPED:Apache arkakapýsý kontrolü atlandý: Apache modül ve yapýlandýrma klasörleri bulunamadý. ROOTKIT_TROJAN_APACHE_FOUND:Apache arkakapý modülü 'mod_rootme' bulundu: $1 ROOTKIT_OS_START:Spesifik $1 kontrolleri çalýþtýrýlýyor ROOTKIT_OS_SKIPPED:Spesifik test yok ROOTKIT_OS_BSD_SOCKNET:'sockstat' ve 'netstat' komutlarý kontrol ediliyor ROOTKIT_OS_BSD_SOCKNET_FOUND:'sockstat' ve 'netstat' komutlarý arasýnda bulunan farklýlýklarýn çýktýsý: ROOTKIT_OS_BSD_SOCKNET_OUTPUT:$1 çýktýsý (port kullanýmda): $2 ROOTKIT_OS_FREEBSD_KLD:KLD arkakapýlarý kontrol ediliyor ROOTKIT_OS_FREEBSD_KLD_FOUND:Olasý FreeBSD KLD arkakapýsý bulundu. 'kldstat -v' komutu '$1' dizisini gösteriyor ROOTKIT_OS_FREEBSD_PKGDB:Paket veritabaný kontrol ediliyor ROOTKIT_OS_FREEBSD_PKGDB_NOTOK:Paket veritabanýnýn tutarsýzlýklarý var gibi görünüyor. ROOTKIT_OS_FREEBSD_PKGDB_NOTOK:Bu bir güvenlik sorunu olmayabilir, ama 'pkgdb -F' komutunu çalýþtýrmak sorunu teþhis etmeye yardýmcý olabilir. ROOTKIT_OS_DFLY_PKGDB_NOTOK:Paket veritabanýnýn tutarsýzlýklarý var gibi görünüyor. ROOTKIT_OS_DFLY_PKGDB_NOTOK:Bu bir güvenlik sorunu olmayabilir, ama 'pkg_admin check' komutunu çalýþtýrmak sorunu teþhis etmeye yardýmcý olabilir. ROOTKIT_OS_LINUX_LKM:Yüklü kernel modülleri kontrol ediliyor ROOTKIT_OS_LINUX_LKM_FOUND:'lsmod' komutu ve '/proc/modules' dosyasý arasýnda farklýlýklar bulundu: ROOTKIT_OS_LINUX_LKM_OUTPUT:$1 çýktýsý: $2 ROOTKIT_OS_LINUX_LKM_EMPTY:'lsmod' komutu ya da /proc/modules dosyasýndan bir çýktý bulunamadý: ROOTKIT_OS_LINUX_LKM_MOD_MISSING:'$1' modül dosyasý kayýp. ROOTKIT_OS_LINUX_LKMNAMES:Kernek çekirdek modülleri kontrol ediliyor ROOTKIT_OS_LINUX_LKMNAMES_PATH:Modüllerin yolu olarak '$1' kullanýlýyor ROOTKIT_OS_LINUX_LKMNAMES_FOUND:'$1' konumunda bilinen kötü kernel modülü bulundu: $2 ROOTKIT_OS_LINUX_LKMNAMES_PATH_MISSING:Kernel modül dizini '$1' kayýp yada boþ. CHECK_LOCALHOST:Yerel host kontrol ediliyor... STARTUP_FILES_START:Sistem boot kontrolleri çalýþtýrýlýyor STARTUP_HOSTNAME:Yerel host adý kontrol ediliyor STARTUP_NO_HOSTNAME:Host adý bulunamadý. STARTUP_CHECK_FILES_EXIST:Sistem baþlangýç dosyalarý kontrol ediliyor STARTUP_NONE_GIVEN:Baþlangýç dosya yollarý için kullanýcý tercihi 'NONE' STARTUP_CHECK_FILES_MALWARE:Sistem baþlangýç dosyalarý zararlý yazýlým için kontrol ediliyor STARTUP_CHECK_NO_RC_FILES:Sistem baþlangýç dosyalarý bulunamadý. ACCOUNTS_START:Grup ve hesap kontrolleri çalýþtýrýlýyor ACCOUNTS_PWD_FILE_CHECK:Þifre dosyasý kontrol ediliyor ACCOUNTS_FOUND_PWD_FILE:Þifre dosyasý bulundu: $1 ACCOUNTS_NO_PWD_FILE:Þifre dosyasý '$1' mevcut deðil. ACCOUNTS_UID0:Rootla (UID 0) eþdeðer hesaplar kontrol ediliyor ACCOUNTS_UID0_WL:Rootla (UID 0) eþdeðer hesap '$1' bulundu: Beyaz listede. ACCOUNTS_UID0_FOUND:'$1' hesabý rootla eþdeðer (UID = 0) ACCOUNTS_SHADOW_FILE:Gölge dosyasý bulundu: $1 ACCOUNTS_SHADOW_TCB:TCB gölge dosyasý dizini bulundu: $1 ACCOUNTS_PWDLESS:Þifresiz hesaplar kontrol ediliyor ACCOUNTS_PWDLESS_WL:Þifresiz hesap bulundu: '$1': Beyaz listede. ACCOUNTS_PWDLESS_FOUND:'$1' dosyasýnda þifresiz hesap bulundu: $2 ACCOUNTS_NO_SHADOW_FILE:Gölge/þifre dosyasý bulunamadý. PASSWD_CHANGES:Þifre dosyasý deðiþiklikleri kontrol ediliyor PASSWD_CHANGES_NO_TMP:Þifre dosyasý farklýlýklarý için kontrol yapýlamýyor: Varolan þifre dosyasýnýn kopyasý yok. PWD_CHANGES_IDADD:'$1' kullanýcýsý þifre dosyasýna eklenmiþtir. PWD_CHANGES_IDREM:'$1' kullanýcýsý þifre dosyasýndan kaldýrýlmýþtýr. PWD_CHANGES_FOUND:Þifre dosyasýnda '$1' kullanýcýsýna ait deðiþiklikler bulundu: PWDGRP_CHANGES_UNK:$1 dosyasýnda bilinmeyen alan bulundu: Eski alan: '$2' Yeni alan: '$3' PWD_CHANGES_PWD:Þifre '$1' iken, '$2' þeklinde deðiþtirildi PWD_CHANGES_UID:UID '$1' iken, '$2' þeklinde deðiþtirildi PWD_CHANGES_GID:GID '$1' iken, '$2' þeklinde deðiþtirildi PWD_CHANGES_COMM:Hesap açýklamasý '$1' iken, '$2' þeklinde deðiþtirildi PWD_CHANGES_HOME:Hesap kök dizini '$1' iken, '$2' þeklinde deðiþtirildi PWD_CHANGES_SHL:Varsayýlan kabuk '$1' iken, '$2' þeklinde deðiþtirildi GROUP_CHANGES:Grup dosyasý deðiþiklikleri kontrol ediliyor GROUP_CHANGES_NO_FILE:Grup dosyasý '$1' mevcut deðil. GROUP_CHANGES_NO_TMP:Grup dosyasý farklýlýklarý için kontrol yapýlamýyor: Varolan grup dosyasýnýn kopyasý yok. GROUP_CHANGES_FOUND:'$1' grubu için grup dosyasýnda deðiþiklikler bulundu: GROUP_CHANGES_IDADD:'$1' grubu, grup dosyasýna eklenmiþtir. GROUP_CHANGES_IDREM:'$1' grubu, grup dosyasýndan kaldýrýlmýþtýr. GROUP_CHANGES_PWD:Grup þifresi '$1' iken, '$2' þeklinde deðiþtirilmiþtir GROUP_CHANGES_GID:Grup numarasý '$1' iken, '$2' þeklinde deðiþtirilmiþtir GROUP_CHANGES_GRPREM:'$1' kullanýcýsý, grup dosyasýndan kaldýrýlmýþtýr GROUP_CHANGES_GRPADD:'$1' kullanýcýsý, grup dosyasýna eklenmiþtir HISTORY_CHECK:Root hesabý komut geçmiþi dosyalarý kontrol ediliyor HISTORY_CHECK_FOUND:Root hesabý komut geçmiþi dosyasý '$1', '$2' konumuna sembolik bir baðlantý SYSTEM_CONFIGS_START:Sistem yapýlandýrma dosyalarýnýn kontrolü çalýþtýrýlýyor SYSTEM_CONFIGS_FILE:$1 yapýlandýrma dosyasý kontrol ediliyor SYSTEM_CONFIGS_FILE_SSH:Bir SSH yapýlandýrma dosyasý kontrol ediliyor SYSTEM_CONFIGS_FILE_FOUND:$1 '$2' yapýlandýrma dosyasý bulundu: $3 SYSTEM_CONFIGS_SSH_ROOT:SSH root eriþim durumu kontrol ediliyor SYSTEM_CONFIGS_SSH_ROOT_FOUND:SSH ve rkhunter yapýlandýrma aþaðýdaki gibi olmalýdýr: SYSTEM_CONFIGS_SSH_ROOT_FOUND1:SSH yapýlandýrma seçeneði 'PermitRootLogin': $1 SYSTEM_CONFIGS_SSH_ROOT_FOUND2:Rkhunter yapýlandýrma seçeneði 'ALLOW_SSH_ROOT_USER': $1 SYSTEM_CONFIGS_SSH_ROOT_NOTFOUND:SSH yapýlandýrma seçeneði 'PermitRootLogin' ayarlanmamýþ. SYSTEM_CONFIGS_SSH_ROOT_NOTFOUND:Varsayýlan deðer root eriþimine izin vermek için, 'yes' olabilir. SYSTEM_CONFIGS_SSH_PROTO:SSH protokolü v1 durumu kontrol ediliyor SYSTEM_CONFIGS_SSH_PROTO_DIFF1:SSH yapýlandýrma seçeneði 'Protocol': $1 SYSTEM_CONFIGS_SSH_PROTO_DIFF2:Rkhunter yapýlandýrma seçeneði 'ALLOW_SSH_PROT_V1': $1 SYSTEM_CONFIGS_SSH_PROTO_NOTFOUND:SSH yapýlandýrma seçeneði 'Protocol' henüz ayarlanmamýþ. SYSTEM_CONFIGS_SSH_PROTO_NOTFOUND:Protokol sürüm 1'e izin vermek için, varsayýlan deðer '2,1' olabilir. SYSTEM_CONFIGS_SYSLOG:Çalýþan bir sistem kayýtlama süreci kontrol ediliyor SYSTEM_CONFIGS_SYSLOG_NOT_RUNNING:Çalýþan bir sistem kayýtlama süreci bulunamadý. SYSTEM_CONFIGS_SYSLOG_DAEMON:Çalýþan bir '$1' süreci bulundu. SYSTEM_CONFIGS_SYSLOG_NO_FILE:Syslog süreci çalýþýyor, fakat hiçbir yapýlandýrma dosyasý bulunamadý. SYSTEM_CONFIGS_SYSLOG_REMOTE:Syslog uzak günlük/kayýtlama durumu kontrol ediliyor SYSTEM_CONFIGS_SYSLOG_REMOTE_LOG:Yapýlandýrma dosyasý uzak günlük/kayýtlamaya izin veriyor: $1 SYSTEM_CONFIGS_SYSLOG_REMOTE_ALLOWED:Rkhunter yapýlandýrma seçeneði 'ALLOW_SYSLOG_REMOTE_LOGGING' etkinleþtirilmiþ. FILESYSTEM_START:Dosya sistemi kontrolü çalýþtýrýlýyor FILESYSTEM_DEV_CHECK:Þüpheli dosya tipleri için '/dev' kontrol ediliyor FILESYSTEM_DEV_CHECK_NO_DEV:'/dev' mevcut deðil. FILESYSTEM_DEV_FILE_WL:'$1' dosyasý bulundu: Beyaz listede. FILESYSTEM_DEV_FILE_FOUND:${1} dizininde þüpheli dosya türleri bulundu: FILESYSTEM_HIDDEN_DIR_WL:Gizli klasör bulundu: '$1': Beyaz listede. FILESYSTEM_HIDDEN_FILE_WL:Gizli dosya bulundu: '$1': Beyaz listede. FILESYSTEM_HIDDEN_CHECK:Gizli dosya ve klasörler kontrol ediliyor FILESYSTEM_HIDDEN_DIR_FOUND:Gizli klasör bulundu: '$1' FILESYSTEM_HIDDEN_FILE_FOUND:Gizli dosya bulundu: '$1' FILESYSTEM_LOGFILE_MISSING:Kayýp kayýt dosyalarý kontrol ediliyor FILESYSTEM_LOGFILE_MISSING_FOUND:'$1' kayýt dosyasý eksik. FILESYSTEM_LOGFILE_EMPTY:Boþ kayýt dosyalarý kontrol ediliyor FILESYSTEM_LOGFILE_EMPTY_FOUND:'$1' kayýt dosyasý boþ. CHECK_APPS:Uygulama sürümleri kontrol ediliyor... APPS_NONE_FOUND:Bilinen uygulamalar bulunamadý - tüm sürüm kontrolleri atlandý. APPS_DAT_MISSING:Güvensiz uygulama sürümleri dosyasý kayýp yada boþ: $1 APPS_DAT_MISSING:Varsayýlan dosyayý sýfýrlamak için 'rkhunter --update' komutunu çalýþtýrýn. APPS_DAT_NOTAFILE:Güvensiz uygulama sürümleri dosyasý bir dosya deðil: $1 APPS_NOT_FOUND:'$1' uygulamasý bulunamadý. APPS_CHECK:$1 sürümü kontrol ediliyor APPS_CHECK_WL:'$1' uygulamasý bulundu: Beyaz listede. APPS_CHECK_VERSION_UNKNOWN:'$1' sürüm numarasý alýnamadý. APPS_CHECK_VERSION_FOUND:'$1' uygulamasý (sürüm: '$2') bulundu. APPS_CHECK_VERSION_WL:'$1' uygulamasý (sürüm: '$2') bulundu: Bu sürüm beyaz listede. APPS_CHECK_WHOLE_VERSION_USED:'$1' sürüm numarasý alýnamadý: Sürüm seçeneði '$2' veriyor APPS_CHECK_FOUND:'$1' uygulamasý (sürüm: '$2'), güncel deðil ve bu muhtemel bir güvenlik riski. APPS_TOTAL_COUNT:Uygulamalar kontrol edildi: $1, $2 dýþýnda CHECK_NETWORK:Að kontrol ediliyor... NETWORK_PORTS_START:Aðýn portlarýnýn kontrolü çalýþtýrýlýyor NETWORK_PORTS_BACKDOOR:Arkakapý portlarý kontrol ediliyor NETWORK_PORTS_BACKDOOR_LOG:Arkakapý portlarýnýn kontrolü çalýþtýrýlýyor NETWORK_PORTS_FILE_MISSING:Arkakapý portlarý dosyasý kayýp yada boþ: $1 NETWORK_PORTS_FILE_MISSING:Varsayýlan dosyayý sýfýrlamak için 'rkhunter --update' komutunu çalýþtýrýn. NETWORK_PORTS_FILE_NOTAFILE:Bilinen arkakapý portlarý dosyasý bir dosya deðil: $1 NETWORK_PORTS_UNKNOWN_NETSTAT:Tüm arkakapý port kontrolleri atlandý. NETWORK_PORTS_UNKNOWN_NETSTAT:'netstat' komut biçimi bu Ý/S ile bilinmiyor. NETWORK_PORTS_ENABLE_TRUSTED:Port beyaz listesi için güvenilir yollar etkinleþtiriliyor. NETWORK_PORTS_BACKDOOR_CHK:$2 nolu $1 portu kontrol ediliyor NETWORK_PORTS_PATH_WHITELIST:Aðýn $2 nolu $1 portu '$3' tarafýndan kullanýlýyor: yol beyaz listede. NETWORK_PORTS_TRUSTED_WHITELIST:Aðýn $2 nolu $1 portu '$3' tarafýndan kullanýlýyor: yol güvenilir. NETWORK_PORTS_PORT_WHITELIST:Aðýn $2 nolu $1 portu bulundu: port beyaz listede. NETWORK_PORTS_BKDOOR_FOUND:Aðýn $2 nolu $1 portu, [$3] tarafýndan kullanýlýyor. Olasý rootkit: $4 NETWORK_PORTS_BKDOOR_FOUND:Kontrol etmek için 'lsof -i' ya da 'netstat -an' komutunu uygulayýn. NETWORK_HIDDEN_PORTS:Gizli portlar kontrol ediliyor NETWORK_HIDDEN_PORTS_FOUND:Gizli portlar bulundu: NETWORK_HIDDEN_PORTS_CHK:$2 nolu $1 portu NETWORK_HIDDEN_PORTS_CHK_NAME:$2 nolu $1 portu $3 tarafýndan kullanýlýyor NETWORK_HIDDEN_PORTS_PATH_WHITELIST:Gizli $2 nolu $1 portu $3 tarafýndan kullanýlýyor: yol beyaz listede. NETWORK_HIDDEN_PORTS_TRUSTED_WHITELIST:Gizli $2 nolu $1 portu '$3' tarafýndan kullanýlýyor: yol güvenilir. NETWORK_HIDDEN_PORTS_PORT_WHITELIST:Gizli $2 nolu $1 portu bulundu: port beyaz listede. NETWORK_INTERFACE_START:Að arayüzlerinin kontrolleri çalýþtýrýlýyor NETWORK_PROMISC_WLIST:Að arayüzleri karþýk modda kullanýma izinli: $1 NETWORK_PROMISC_CHECK:Karýþýk arayüzler kontrol ediliyor NETWORK_PROMISC_NO_IFCONF_IP:Karýþýk að arayüzü kontrolü atlandý - 'ifconfig' yada 'ip' komutu bulunamýyor. NETWORK_PROMISC_NO_CMD:'$1' komutu kullanýlarak yapýlan karýþýk að arayüzü kontrolü atlandý - '$1' komutu bulunamadý. '$2' komutu kullanýlýyor. NETWORK_PROMISC_IF:Olasý karýþýk arayüzler: NETWORK_PROMISC_IF_1:'ifconfig' komutu çýktýsý: NETWORK_PROMISC_IF_2:'ip' komutu çýktýsý: NETWORK_PACKET_CAP_CHECK:Paket yakalama uygulamalarý kontrol ediliyor NETWORK_PACKET_CAP_CHECK_NO_FILE:Paket yakalama uygulama kontrolü atlandý - '$1' dosyasý kayýp. NETWORK_PACKET_CAP_FOUND:'$1' iþlemi (PID $2) aðý dinliyor. NETWORK_PACKET_CAP_WL:'$1' iþlemi bulundu: Beyaz listede. SHARED_LIBS_START:'paylaþýlan kütüphaneler' kontrolü çalýþtýrýlýyor SHARED_LIBS_PRELOAD_VAR:Önceden yüklenmiþ deðiþkenler kontrol ediliyor SHARED_LIBS_PRELOAD_VAR_FOUND:Önceden yüklenmiþ deðiþken(ler) bulundu: $1 SHARED_LIBS_PRELOAD_FILE:Önceden yüklenmiþ kütüphaneler kontrol ediliyor SHARED_LIBS_PRELOAD_LIB_FOUND:Önceden yüklenmiþ paylaþýlan kütüphane bulundu: $1 SHARED_LIBS_PRELOAD_FILE_FOUND:Önceden yüklenmiþ dosya kütüphanesi bulundu: $1 SHARED_LIBS_PRELOAD_LIB_WLIST:FÖnceden yüklenmiþ paylaþýlan kütüphane bulundu '$1': Beyaz listede. SHARED_LIBS_PATH:LD_LIBRARY_PATH deðiþkeni kontrol ediliyor SHARED_LIBS_PATH_BAD:LD_LIBRARY_PATH çevre deðiþkeni ayarlandý ve bu durum ikili dosyalarý etkileyebilir: $1 þeklinde ayarlandý SUSPSCAN_CHECK:Þüpheli içerikli dosyalar kontrol ediliyor SUSPSCAN_DIR_NOT_EXIST:'$1' dizini mevcut deðil. SUSPSCAN_INSPECT:'$1' dosyasý (skor: $2) biraz þüheli içerik içeriyor ve kontrol edilmeli. SUSPSCAN_START:Þüpheli içerikli dosyalarýn kontrolü çalýþtýrýlýyor SUSPSCAN_DIRS:Kontrol dizinleri: $1 SUSPSCAN_NO_DIRS:Belirlenen dizin yok: varsayýlanlar kullanýlýyor ($1) SUSPSCAN_TEMP:Kullanýlan geçici dizin: $1 SUSPSCAN_NO_TEMP:Belirlenen geçici dizin yok: varsayýlan kullanýlýyor ($1) SUSPSCAN_SIZE:Kontrol için maksimum dosya boyutu (byte olarak): $1 SUSPSCAN_NO_SIZE:Maksimum dosya boyutu belirlenmedi: varsayýlan kullanýlýyor ($1) SUSPSCAN_THRESH:Skor eþiði $1 þeklinde ayarlandý SUSPSCAN_NO_THRESH:Skor eþiði belirlenmedi: varsayýlan kullanýlýyor ($1) SUSPSCAN_DIR_CHECK:Dizin kontrol ediliyor: '$1' SUSPSCAN_FILE_CHECK:Dosya kontrol edildi: Adý: '$1' Skor: $2 SUSPSCAN_FILE_CHECK_DEBUG:Dosya kontrol edildi: Adý: '$1' Skor: $2 Liste baþý: $3 Hit: ($4) SUSPSCAN_FILE_SKIPPED_EMPTY:Dosya yok sayýldý: boþ: '$1' SUSPSCAN_FILE_SKIPPED_LINK:Dosya yok sayýldý: sembolik baðlantý: '$1' SUSPSCAN_FILE_SKIPPED_TYPE:Dosya yok sayýldý: yanlýþ tip: '$1': '$2' SUSPSCAN_FILE_SKIPPED_SIZE:Dosya yok sayýldý: çok büyük: '$1' SUSPSCAN_FILE_LINK_CHANGE:Sembolik baðlantý bulundu: '$1' -> '$2' SUSPSCAN_DAT_MISSING:Þüpheli içeriðinin veri dosyasý eksik veya boþ: $1 SUSPSCAN_DAT_MISSING:Varsayýlan dosyayý onarmak için 'rkhunter --update' komutunu çalýþtýrýn. SUSPSCAN_DAT_NOTAFILE:Þüpheli içeriðinin veri dosyasý bir dosya deðil: $1 LIST_TESTS:Test isimleri: LIST_GROUPED_TESTS:Testlerin gruplanmýþ hali: LIST_LANGS:Geçerli diller: LIST_PERL:Perl modülü kurulum durumu: LIST_RTKTS:Kontrol edilen rootkitler: LOCK_USED:Kilitleme kullanýmda: zaman aþýmý $1 saniye LOCK_DIR:Kilitleme dizini olarak '$1' kullanýlýyor LOCK_UNUSED:Kilitleme kullanýmda deðil LOCK_WAIT:Kilit dosyasý bekleniyor LOCK_FAIL:Kilit dosyasý alýnamadý: rkhunter çalýþmadý! LINUX_ONLY:Kontrol atlandý - bu kontrol sadece Linux sistemler içindir. rkhunter-1.4.6/files/i18n/cn0000644000000000000000000007007713207556312014305 0ustar rootrootVersion:2009091601 # # We start with the definitions of the message types and results. There # are very few of these, so including these and all the parts of each # message in one file makes sense and for easier translation. # # The message type MSG_TYPE_PLAIN is used for ordinary messages. It has # no specific value, and is intercepted in the display function. It is # included here for completeness. The index names of MSG_TYPE_ and # MSG_RESULT_ are reserved - no messages can use this as part of its index. # MSG_TYPE_PLAIN: MSG_TYPE_INFO:ä¿¡æ¯ MSG_TYPE_WARNING:警告 # # This is the list of message results. # MSG_RESULT_OK:正常 MSG_RESULT_SKIPPED:跳过 MSG_RESULT_WARNING:警告 MSG_RESULT_FOUND:å‘现 MSG_RESULT_NOT_FOUND:没å‘现 MSG_RESULT_NONE_FOUND:没å‘现 MSG_RESULT_ALLOWED:å…许 MSG_RESULT_NOT_ALLOWED:ä¸å…许 MSG_RESULT_UNSET:没设置 MSG_RESULT_UPD: æ›´æ–°çš„ MSG_RESULT_NO_UPD: 没更新 MSG_RESULT_UPD_FAILED: 更新失败 MSG_RESULT_VCHK_FAILED: 版本检查失败 # # The messages. # VERSIONLINE:[ $1 版本 $2 ] VERSIONLINE2:è¿è¡Œ $1 版本 $2 在 $3 VERSIONLINE3:è¿è¡Œ $1 版本 $2 RKH_STARTDATE:开始时间是 $1 RKH_ENDDATE:结æŸæ—¶é—´æ˜¯ $1 OPSYS:探测到的系统是 '$1' UNAME:Uname 输出是 '$1' CONFIG_CHECK_START:检查é…置文件åŠå‘½ä»¤è¡Œé€‰é¡¹... CONFIG_CMDLINE:命令行是 $1 CONFIG_ENVSHELL:环境 shell 是 $1; rkhunter 正在使用 $2 CONFIG_CONFIGFILE:正在使用é…置文件 '$1' CONFIG_INSTALLDIR:安装目录是'$1' CONFIG_LANGUAGE:使用语言是 '$1' CONFIG_DBDIR:使用 '$1' 作为数æ®åº“目录 CONFIG_SCRIPTDIR:使用 '$1' 支æŒè„šæœ¬ç›®å½• CONFIG_BINDIR:使用 '$1' 作为命令目录 CONFIG_ROOTDIR:使用 '$1' 作为root 目录 CONFIG_TMPDIR:使用 '$1' 作为临时文件夹 CONFIG_NO_MAIL_ON_WARN:没有é…ç½®è­¦å‘Šä¿¡çš„åœ°å€ CONFIG_MOW_DISABLED:æ ¹æ®ç”¨æˆ·è¦æ±‚,ä¸ä½¿ç”¨è­¦å‘Šä¿¡ CONFIG_MAIL_ON_WARN:使用命令'$2'ç»™ '$1' å‘警告信 CONFIG_SSH_ROOT:Rkhunter 的选项 ALLOW_SSH_ROOT_USERè¢«è®¾ç½®æˆ '$1'. CONFIG_SSH_PROTV1:Rkhunter 选项 ALLOW_SSH_PROT_V1 设置为 '$1'. CONFIG_X_AUTO:自动检测X CONFIG_CLRSET2:使用第二é…色方案 CONFIG_NO_SHOW_SUMMARY:æ ¹æ®ç”¨æˆ·è¦æ±‚ä¸æ£€æµ‹ç³»ç»Ÿæ€»å†µ CONFIG_SCAN_MODE_DEV:SCAN_MODE_DEV被设置为'$1' CONFIG_NO_VL:æ ¹æ®ç”¨æˆ·è¦æ±‚ä¸è®°å½•è¯¦ç»†çš„日志 CONFIG_XINETD_PATH:使用 $1 é…置文件 '$2' CONFIG_SOL10_INETD:使用Solaris 10 åŠä»¥åŽçš„inetd机制 CONFIG_LOCAL_RC_DIR:使用系统的å¯åŠ¨ç›®å½•: $1 CONFIG_LOCAL_RC_FILE:使用本地的å¯åŠ¨ç›®å½•æ–‡ä»¶: $1 CONFIG_ROTATE_MIRRORS:é•œåƒæ–‡ä»¶å°†è¢« rotated ONFIG_NO_ROTATE_MIRRORS:é•œåƒæ–‡ä»¶å°†ä¸è¢«rotated CONFIG_UPDATE_MIRRORS:é•œåƒæ–‡ä»¶å°†è¢«æ›´æ–° CONFIG_NO_UPDATE_MIRRORS:é•œåƒæ–‡ä»¶å°†ä¸è¢«æ›´æ–° CONFIG_MIRRORS_MODE0:本地和远程镜åƒæ–‡ä»¶å°†éƒ½è¢«ä½¿ç”¨ CONFIG_MIRRORS_MODE1:åªä½¿ç”¨æœ¬åœ°é•œåƒæ–‡ä»¶ CONFIG_MIRRORS_MODE2:åªä½¿ç”¨è¿œç¨‹é•œåƒæ–‡ä»¶ FOUND_CMD:找到 '$1' 命令: $2 NOT_FOUND_CMD:无法找到'$1' 命令 CMD_ERROR:命令 '$1' é‡åˆ°é”™è¯¯ç  $2. SYS_PRELINK:系统正在使用prelinking SYS_NO_PRELINK:系统没用prelinking SYS_SELINUX:SELinux å·²å¯ç”¨ SYS_NO_SELINUX:SELinux 没å¯ç”¨ HASH_FUNC_PRELINK:为了文件的 hash 检测而使用 prelink 命令 (带 $1) HASH_FUNC_PERL:使用 perl $1 模å—æ¥æ£€æŸ¥æ–‡ä»¶hash HASH_FUNC:使用 '$1'命令检查文件hash HASH_FUNC_NONE:无法检查文件hash : 没指定 HASH_FUNC_NONE_PKGMGR:没有指定文件hash函数: åªèƒ½ä½¿ç”¨åŒ…管ç†å™¨ HASH_FUNC_DISABLED:Hash函数设置为'NONE': 自动使文件hash检查无效 HASH_FUNC_OLD:使用hash函数 '$1'储存hash值 HASH_FUNC_OLD_DISABLED:原先的hash函数无效: 没有hash值值被ä¿å­˜ HASH_PKGMGR_OLD:使用包管ç†å™¨'$1'(md5 function)存储hash值 HASH_PKGMGR_OLD_UNSET:没使用包管ç†å™¨å­˜å‚¨hash值 HASH_PKGMGR:使用包管ç†å™¨ '$1' 检查文件属性 HASH_PKGMGR_MD5:使用 MD5 hash 函数命令 '$1' 辅助包管ç†å™¨çš„éªŒè¯ HASH_PKGMGR_NOT_SPEC:没有指定包管ç†å™¨: 使用 hash 函数 '$1' HASH_PKGMGR_NOT_SPEC_PRELINKED:没有指定包管ç†å™¨: 使用带 '$1' çš„ prelink 命令 HASH_FIELD_INDEX:hash 函数的域索引被设置为 $1 HASHUPD_DISABLED:Hash 检测失效: 当å‰æ–‡ä»¶hash值将ä¸ä¼šä¿å­˜ HASHUPD_PKGMGR:使用包管ç†å™¨ '$1' æ¥æ›´æ–°æ–‡ä»¶hash值 HASHUPD_PKGMGR_NOT_SPEC:没有指定文件 hash 更新包管ç†å™¨: 使用 hash 函数 '$1' HASHUPD_PKGMGR_NOT_SPEC_PRELINKED:没有指定文件 hash 更新包管ç†å™¨: 使用带 '$1'çš„ prelink 命令 ATTRUPD_DISABLED:文件属性检测失效: 当å‰æ–‡ä»¶å±žæ€§å°†ä¸ä¼šä¿å­˜ ATTRUPD_NOSTATCMD:文件属性检测失效: 没有å‘现'stat'命令:当å‰æ–‡ä»¶å±žæ€§å°†ä¸ä¼šä¿å­˜ ATTRUPD_OK:当å‰æ–‡ä»¶å±žæ€§å°†è¢«ä¿å­˜ ATTRUPD_OLD_DISABLED:原先文件属性无效: 没有文件属性ä¿å­˜ ATTRUPD_OLD_NOSTATCMD:原先文件属性无效: 没有å‘现'stat'命令: 没有文件属性被ä¿å­˜ ATTRUPD_OLD_OK:原先文件属性被ä¿å­˜ GRSECINSTALLED:å‘现安装有grsecurity SYSLOG_ENABLED:因为一些logging使用 syslog - facility/priority 级别是 '$1'. SYSLOG_DISABLED:æ ¹æ®ç”¨æˆ·è¦æ±‚ä¸ä½¿ç”¨ syslog . SYSLOG_NO_LOGGER:无法使用 syslog - 无法找到 'logger' 命令. NAME:$1 PRESSENTER:[敲 键继续] TEST_SKIPPED_OS:因为 O/S: $2,检测 '$1' 被跳过 SUMMARY_TITLE1:ç³»ç»Ÿæ£€æµ‹æ¦‚è¦ SUMMARY_TITLE2:===================== SUMMARY_PROP_SCAN:检测文件属性... SUMMARY_PROP_REQCMDS:请求的检测命令失败 SUMMARY_PROP_COUNT:检测文件: $1 SUMMARY_PROP_FAILED:å¯ç–‘文件: $1 SUMMARY_CHKS_SKIPPED:跳过所有检测 SUMMARY_RKT_SCAN:检测Rootkit... SUMMARY_RKT_COUNT:检测Rootkits : $1 SUMMARY_RKT_FAILED:å¯èƒ½å­˜åœ¨ rootkits: $1 SUMMARY_RKT_NAMES:Rootkit å称 : $1 SUMMARY_APPS_SCAN:应用程åºæ£€æµ‹... SUMMARY_APPS_COUNT:应用程åºæ£€æµ‹: $1 SUMMARY_APPS_FAILED:å¯ç–‘的应用程åº: $1 SUMMARY_SCAN_TIME:检查系统用时: $1 SUMMARY_NO_SCAN_TIME:检查系统用时: 无法计算时钟时间 SUMMARY_LOGFILE:所有结果已被写入到日志文件($1) SUMMARY_NO_LOGFILE:没有创建日志文件. CREATED_TEMP_FILE:创建临时文件夹 '$1' MIRRORS_NO_FILE:镜象文件'$1'ä¸å­˜åœ¨ MIRRORS_NO_MIRRORS:é•œåƒæ–‡ä»¶ '$1' 中没有需è¦çš„é•œåƒ. MIRRORS_NO_VERSION:镜象文件 '$1'ä¸­æ²¡æœ‰ç‰ˆæœ¬å· - é‡æ–°è®¾ç½®ä¸º0. MIRRORS_ROTATED:镜象文件 '$1' 已被更新. MIRRORS_SF_DEFAULT:使用 SourceForge é•œåƒ: $1 DOWNLOAD_CMD:执行下载命令 '$1' DOWNLOAD_FAIL:下载失败 - $1 镜象文件无效. VERSIONCHECK_START:正在检查 rkhunter 版本... VERSIONCHECK_FAIL_ALL:下载失败: 无法确定最新的程åºç‰ˆæœ¬. VERSIONCHECK_CURRENT:本版本 : $1 VERSIONCHECK_LATEST:最新的版本: $1 VERSIONCHECK_LATEST_FAIL:最新版本: 下载失败 VERSIONCHECK_UPDT_AVAIL:更新有效 VERSIONCHECK_CONV_FAIL:无法比较版本å·: 程åº: '$1' Latest: '$2' UPDATE_START:正在检查rkhunter çš„æ•°æ®æ–‡ä»¶... UPDATE_CHECKING_FILE:正在检查文件$1 UPDATE_FILE_NO_VERS:文件 '$1' 没有有效的版本å·. 正下载一个新的副本. UPDATE_FILE_MISSING:文件 '$1' 丢失或为空. 正下载一个新的副本. UPDATE_DOWNLOAD_FAIL:'$1'下载失败: 无法确定最新的版本å·. UPDATE_I18N_NO_VERS:无法å‘现i18n语言文件版本å·. OSINFO_START:检查自上次检测åŽç³»ç»Ÿæ˜¯å¦å·²æ”¹å˜... OSINFO_END:没å‘现任何东西已å˜åŒ– OSINFO_HOST_CHANGE1:自上检测åŽï¼Œhostå称已改å˜: OSINFO_HOST_CHANGE2:旧的host值: $1 新的值: $2 OSINFO_OSVER_CHANGE1:自上次检测åŽï¼Œç³»ç»Ÿå称或版本已改å˜: OSINFO_OSVER_CHANGE2:旧的O/S值: $1 新的值: $2 OSINFO_PRELINK_CHANGE:自上次检测åŽï¼Œä½¿ç”¨prelinking系统å¯èƒ½å·²æ”¹å˜ä¸º${1}: OSINFO_ARCH_CHANGE1:系统的CPU类型å¯èƒ½å·²å˜åŒ–: OSINFO_ARCH_CHANGE2:旧的CPU值: $1 新的值: $2 OSINFO_MSG1:因为这些改å˜ï¼Œæ–‡ä»¶å±žæ€§æ£€æµ‹å¯èƒ½å¾—出错误的结果. OSINFO_MSG2:ä½ å¯èƒ½éœ€è¦ç”¨'--propupd' 选项é‡æ–°è¿è¡Œrkhunter SET_FILE_PROP_START: file properties正在获å–文件属性... SET_FILE_PROP_DIR_FILE_COUNT:在$2å‘现$1 个文件 SET_FILE_PROP_FILE_COUNT:文件 $1: æœç´¢äº† $2 个文件, å‘现 $3 SET_FILE_PROP_FILE_COUNT_NOHASH:F文件 $1: æœç´¢äº† $2 个文件, å‘现 $3, 丢失 hashes $4 PROPUPD_START:开始更新文件属性数æ®... PROPUPD_OSINFO_START:正在收集 O/S ä¿¡æ¯... PROPUPD_ARCH_FOUND:å‘现系统体系: $1 PROPUPD_REL_FILE:å‘现 release 文件: $1 PROPUPD_NO_REL_FILE:ä¸èƒ½æ‰¾åˆ°release 文件: LS output shows: PROPUPD_OSNAME_FOUND:å‘现 O/S å称: $1 PROPUPD_ERROR:安装新的 rkhunter.dat 文件å‘生错误. ä»£ç  $1 PROPUPD_NEW_DAT_FILE:æ–°çš„ rkhunter.dat 文件已安装在 '$1' PROPUPD_WARN:警告! 当使用 '--propupd' é€‰é¡¹æ—¶ç”¨æˆ·å¿…é¡»è´Ÿè´£ç¡®ä¿ PROPUPD_WARN:系统中所有的文件已知是真实的, 并且是安装于å¯é çš„ PROPUPD_WARN:æºæ–‡ä»¶. rkhunter '--check' 选项将当å‰æ–‡ä»¶å±žæ€§ä¸Žå…ˆå‰ PROPUPD_WARN:ä¿å­˜çš„值进行对比,并且报告任何å˜åŒ–的值. 然而, rkhunter PROPUPD_WARN:无法确定是什么导致了这个å˜åŒ–,它有待用户去确认. ENABLED_TESTS:生效的测试是: $1 DISABLED_TESTS:失效的测试是: $1 KSYMS_FOUND:å‘现 ksym 文件 '$1' KSYMS_MISSING:所有的 ksyms å’Œ kallsyms 检测已被å–消 - 这两ç§æ–‡ä»¶åœ¨ç³»ç»Ÿä¸­éƒ½ä¸å­˜åœ¨. STARTING_TEST:开始 '$1' 检测 USER_DISABLED_TEST:用户已å–消 '$1' 检测t. CHECK_START:开始检测系统... CHECK_WARNINGS_NOT_FOUND:在检测系统过程中没有报警产生. CHECK_WARNINGS_FOUND:检测系统过程中å‘现一个或多个报警. CHECK_WARNINGS_FOUND_RERUN:请é‡æ–°è¿è¡Œrkhunter,确认日志文件已创建. CHECK_WARNINGS_FOUND_CHK_LOG:请检查日志文件 ($1) CHECK_SYS_COMMANDS:检查系统命令... STRINGS_CHECK_START:执行 '字符串' 命令检测 STRINGS_SCANNING_OK:扫æ字符串 $1 STRINGS_SCANNING_BAD:扫æ字符串 $1 STRINGS_SCANNING_BAD:'字符串' 命令中无法å‘现字符串 STRINGS_CHECK:检测 '字符串' 命令 STRINGS_CHECK:跳过检测 - 没有å‘现 '字符串' 命令. FILE_PROP_START:执行文件属性检测 FILE_PROP_CMDS:检测先决æ¡ä»¶ FILE_PROP_IMMUT_OS:跳过所有的 immutable-bit 检测. 该检测仅仅在 Linux 系统下有效. FILE_PROP_SKIP_ATTR:无法找到 'stat' 命令 - 所有的文件属性检测将被跳过. FILE_PROP_SKIP_HASH:所有的文件 hash 检测将被跳过,因为 : FILE_PROP_SKIP_HASH_FUNC:当å‰çš„ hash 函数 ($1) 或者包管ç†å™¨ ($2) 与 hash 函数 ($3)ä¸å…¼å®¹æˆ–包管ç†å™¨ ($4) 被用于ä¿å­˜è¿™äº›å€¼. FILE_PROP_SKIP_HASH_PRELINK:无法找到 'prelink' 命令. FILE_PROP_SKIP_HASH_SHA1:这个系统使用 prelinking, 但是 hash 函数命令 ä¸åƒæ˜¯ SHA1 or MD5. FILE_PROP_SKIP_HASH_LIBSAFE:没å‘现 Libsafe , è¿™å¯èƒ½å¯¼è‡´é”™è¯¯. 如果å¯èƒ½, 让 libsafe 失效并è¿è¡Œ prelink 命令. 最åŽ, 使用 'rkhunter --propupd'é‡æ–°åˆ›å»º hash 值. FILE_PROP_SKIP_IMMUT:无法找到 'lsattr' 命令 - 所有的文件 immutable-bit 检测将被跳过. FILE_PROP_SKIP_SCRIPT:无法找到 'file' 命令 - 所有脚本代替检测将被跳过. FILE_PROP_OS_CHANGED:本地hosté…置或æ“作系统已ç»æ”¹å˜. FILE_PROP_DAT_MISSING:ä¿å­˜æ–‡ä»¶å±žæ€§çš„文件 (rkhunter.dat) ä¸å­˜åœ¨, 所以必须创建它. 输入命令 'rkhunter --propupd'创建. FILE_PROP_DAT_EMPTY:ä¿å­˜æ–‡ä»¶å±žæ€§çš„文件 (rkhunter.dat) 是空的, 所以必须创建它. 输入命令 'rkhunter --propupd'创建. FILE_PROP_SKIP_ALL:现忽略所有文件属性的检测. FILE_PROP_FILE_NOT_EXIST:系统中ä¸å­˜åœ¨ '$1' 文件, 但是它列于 rkhunter.dat 文件. FILE_PROP_WL:å‘现文件 '$1': 它列于白åå•ä¸­ç”¨äºŽ '$2' 检测. FILE_PROP_WL_DIR:å‘现目录 '$1': 针对于 '$2' 检测,它列于白åå•. FILE_PROP_NO_RKH_REC:系统中存在文件 '$1' , 但是它ä¸åˆ—于 the rkhunter.dat 文件. FILE_PROP_CHANGED:文件属性已改å˜: FILE_PROP_CHANGED2:文件: $1 FILE_PROP_NO_PKGMGR_FILE:跳过文件 '$1' hash 值: 文件ä¸å±žäºŽè¯¥åŒ… FILE_PROP_NO_SYSHASH:没å‘现文件 '$1'çš„hash值 FILE_PROP_NO_SYSHASH_CMD:Hash 命令输出: $1 FILE_PROP_NO_SYSHASH_DEPENDENCY:å°è¯•ä½¿ç”¨å‘½ä»¤ 'prelink $1' ä¿®å¤ä¾èµ–错误. FILE_PROP_SYSHASH_UNAVAIL:å½“å‰ hash: æ— æ³•èŽ·å– FILE_PROP_SYSHASH:å½“å‰ hash: $1 FILE_PROP_RKHHASH:ä¿å­˜ hash : $1 FILE_PROP_NO_RKHHASH:ä¸èƒ½æ‰¾åˆ°rkhunter.dat中文件'$1' çš„hash值. FILE_PROP_NO_RKHPERM:ä¸èƒ½æ‰¾åˆ°rkhunter.dat中文件'$1' çš„æƒé™å€¼. FILE_PROP_PERM_UNAVAIL:当å‰æƒé™: æ— æ³•èŽ·å– å‚¨å­˜çš„æƒé™: $1 FILE_PROP_PERM:当å‰æƒé™: $1 储存的æƒé™: $2 FILE_PROP_UID_UNAVAIL:å½“å‰ uid: æ— æ³•èŽ·å– å‚¨å­˜çš„ uid: $1 FILE_PROP_UID:å½“å‰ uid: $1 储存的 uid: $2 FILE_PROP_NO_RKHUID:在文件rkhunter.dat中没有找到文件 '$1' çš„user-id值. FILE_PROP_GID_UNAVAIL:当å‰çš„ gid: æ— æ³•èŽ·å– ä¿å­˜çš„ gid: $1 FILE_PROP_GID:当å‰çš„ gid: $1 ä¿å­˜çš„ gid: $2 FILE_PROP_NO_RKHGID:在文件rkhunter.dat中没有找到文件 '$1' çš„group-id值. FILE_PROP_INODE_UNAVAIL:当å‰çš„ inode: æ— æ³•èŽ·å– ä¿å­˜çš„ inode: $1 FILE_PROP_INODE:当å‰çš„ inode: $1 ä¿å­˜çš„ inode: $2 FILE_PROP_NO_RKHINODE:在文件rkhunter.dat中没有找到文件 '$1' çš„inode值. FILE_PROP_SIZE_UNAVAIL:当å‰å¤§å°: æ— æ³•èŽ·å– å­˜å‚¨çš„å¤§å°: $1 FILE_PROP_SIZE:当å‰å¤§å°: $1 存储的大å°: $2 FILE_PROP_NO_RKHSIZE:在 rkhunter.dat 文件中没å‘现文件 '$1' 的大å°å€¼. FILE_PROP_SYSDTM_UNAVAIL:当å‰çš„文件修改时间: æ— æ³•èŽ·å– FILE_PROP_SYSDTM:当å‰æ–‡ä»¶ä¿®æ”¹æ—¶é—´: $1 FILE_PROP_RKHDTM:ä¿å­˜çš„文件修改时间 : $1 FILE_PROP_NO_RKHDTM:在文件rkhunter.dat中没有找到文件 '$1' 的修改时间值. FILE_PROP_NO_SYSATTR:æ— æ³•èŽ·å– '$1' 的当å‰å±žæ€§ FILE_PROP_WRITE:文件 '$1'被设置为对所有用户å¯å†™. FILE_PROP_SYSPERM_UNAVAIL:无法获å–文件 '$1' 的当å‰å†™æƒé™ FILE_PROP_IMMUT:文件 '$1' 被设置了 immutable-bit . FILE_PROP_SCRIPT:命令 '$1' å·²ç»è¢«è„šæœ¬: $2 代替 FILE_PROP_SCRIPT_RKH:命令 '$1' 已被替æ¢, ä¸æ˜¯è„šæœ¬: $2 FILE_PROP_VRFY:包管ç†å™¨éªŒè¯å·²å¤±æ•ˆ: FILE_PROP_VRFY_HASH:文件hashå€¼å·²æ”¹å˜ FILE_PROP_VRFY_PERM:文件æƒé™å·²æ”¹å˜ FILE_PROP_VRFY_UID:æ–‡ä»¶çš„æ‹¥æœ‰è€…å±žæ€§å·²æ”¹å˜ FILE_PROP_VRFY_GID:æ–‡ä»¶ç»„å±žæ€§å·²æ”¹å˜ FILE_PROP_VRFY_DTM:æ–‡ä»¶çš„ä¿®æ”¹æ—¶é—´å·²æ”¹å˜ FILE_PROP_VRFY_SIZE:文件大å°å·²ç»æ”¹å˜ CHECK_ROOTKITS:正在检查rootkit... ROOTKIT_FILES_DIRS_START:执行已知rootkit和目录的检查 ROOTKIT_FILES_DIRS_NAME_LOG:检查 ${1}... ROOTKIT_FILES_DIRS_FILE:检查文件 '$1' ROOTKIT_FILES_DIRS_DIR:检查目录 '$1' ROOTKIT_FILES_DIRS_KSYM:æ£€æŸ¥å†…æ ¸ç¬¦å· '$1' ROOTKIT_FILES_DIRS_FILE_FOUND:å‘现文件 '$1' ROOTKIT_FILES_DIRS_DIR_FOUND:å‘现目录 '$1' ROOTKIT_FILES_DIRS_KSYM_FOUND:å‘çŽ°å†…æ ¸ç¬¦å· '$1' ROOTKIT_FILES_DIRS_STR:检查字符串 '$1' ROOTKIT_FILES_DIRS_STR_FOUND:在文件 '$2'中å‘现字符串'$1' ROOTKIT_FILES_DIRS_NOFILE:文件 '$1' ä¸å­˜åœ¨! ROOTKIT_FILES_DIRS_SINAR_DIR:检查 '$1' ROOTKIT_FILES_DIRS_SINAR:在: $1中å‘现SInAR ROOTKIT_ADD_START:执行辅助的rootkit检测 ROOTKIT_ADD_SUCKIT:Suckit Rookit 辅助检测 ROOTKIT_ADD_SUCKIT_LOG:执行Suckit Rookit 辅助检测 ROOTKIT_ADD_SUCKIT_LINK:检测/sbin/init é“¾æŽ¥æ•°é‡ ROOTKIT_ADD_SUCKIT_LINK_NOCMD:检测 /sbin/init 链接数é‡: 没å‘现 'stat' 命令 ROOTKIT_ADD_SUCKIT_LINK_ERR:检测 /sbin/init 链接数é‡: 'stat' 命令错误 ROOTKIT_ADD_SUCKIT_LINK_FOUND:检测 /sbin/init 链接数é‡: æ•°é‡æ˜¯ $1, 它应当是 1 ROOTKIT_ADD_SUCKIT_EXT:检测éšè—文件扩展 ROOTKIT_ADD_SUCKIT_EXT_FOUND:检测éšè—文件扩展: å‘现: $1 ROOTKIT_ADD_SUCKIT_SKDET:è¿è¡Œ skdet 命令 ROOTKIT_ADD_SUCKIT_SKDET_FOUND:è¿è¡Œ skdet 命令: å‘现: $1 ROOTKIT_ADD_SUCKIT_SKDET_VER:è¿è¡Œ skdet 命令: 未知版本: $1 ROOTKIT_POSS_FILES_DIRS:检查å¯èƒ½å­˜åœ¨çš„rootkitåŠå…¶ç›®å½• ROOTKIT_POSS_FILES_DIRS_LOG:执行检查å¯èƒ½å­˜åœ¨çš„rootkit文件åŠå…¶ç›®å½• ROOTKIT_POSS_FILES_FILE_FOUND:å‘现文件 '$1'. å¯èƒ½å­˜åœ¨rootkit: $2 ROOTKIT_POSS_FILES_DIR_FOUND:å‘现目录 '$1'. å¯èƒ½å­˜åœ¨rootkit: $2 ROOTKIT_POSS_STRINGS:检测判定rootkitå¯èƒ½å­˜åœ¨çš„字符串 ROOTKIT_POSS_STRINGS_LOG:执行检测判定rootkitå¯èƒ½å­˜åœ¨çš„字符串 ROOTKIT_POSS_STRINGS_FOUND:在文件 '$2'中å‘现字符串'$1' . å¯èƒ½è¿˜åœ¨rootkit: $3 ROOTKIT_MALWARE_START:执行æ¶æ„软件检测 ROOTKIT_MALWARE_SUSP_FILES:检测正在è¿è¡Œè¿›ç¨‹çš„å¯ç–‘文件 ROOTKIT_MALWARE_SUSP_FILES_FOUND:å‘现一个或多个这样的文件: $1 ROOTKIT_MALWARE_SUSP_FILES_FOUND:检测 lsof 命令 'lsof -F n -w -n' 的输出 ROOTKIT_MALWARE_HIDDEN_PROCS:检测éšè—进程 ROOTKIT_MALWARE_HIDDEN_PROCS_FOUND:å‘现éšè—的进程: $1 ROOTKIT_MALWARE_DELETED_FILES:在正è¿è¡Œè¿›ç¨‹ä¸­æ£€æµ‹ deleted 文件 ROOTKIT_MALWARE_DELETED_FILES_FOUND:以下进程正在使用 deleted 文件: ROOTKIT_MALWARE_DELETED_FILES_FOUND_DATA:进程: $1 PID: $2 文件: $3 ROOTKIT_MALWARE_LOGIN_BDOOR:检测 login åŽé—¨ ROOTKIT_MALWARE_LOGIN_BDOOR_LOG:执行检测 login åŽé—¨ ROOTKIT_MALWARE_LOGIN_BDOOR_CHK:检测 '$1' ROOTKIT_MALWARE_LOGIN_BDOOR_FOUND:å‘现 login åŽé—¨æ–‡ä»¶: $1 ROOTKIT_MALWARE_SUSP_DIR:检测å¯ç–‘目录 ROOTKIT_MALWARE_SUSP_DIR_LOG:执行å¯ç–‘目录的检测 ROOTKIT_MALWARE_SUSP_DIR_FOUND:å‘现å¯ç–‘的目录: $1 ROOTKIT_MALWARE_SFW_INTRUSION:检测软件入侵 ROOTKIT_MALWARE_SFW_INTRUSION_FOUND:文件 '$1' 中包å«æœ‰å­—符串 '$2'. å¯èƒ½å­˜åœ¨rootkit: SHV5 ROOTKIT_MALWARE_SFW_INTRUSION_SKIP:跳过检测 - tripwire 没有安装 ROOTKIT_MALWARE_SNIFFER:检测 sniffer 日志文件 ROOTKIT_MALWARE_SNIFFER_LOG:执行 sniffer 日志文件的检测 ROOTKIT_MALWARE_SNIFFER_FOUND:å‘现å¯ç–‘çš„sniffer 日志文件: $1 ROOTKIT_TROJAN_START:执行木马详细检测 ROOTKIT_TROJAN_INETD:检测å¯åŠ¨çš„ inetd æœåŠ¡ ROOTKIT_TROJAN_INETD_SKIP:跳过检测 - 文件 '$1' ä¸å­˜åœ¨. ROOTKIT_TROJAN_INETD_FOUND:å‘现已å¯åŠ¨çš„ inetd æœåŠ¡: $1 ROOTKIT_TROJAN_XINETD:检测å¯åŠ¨çš„ xinetd æœåŠ¡ ROOTKIT_TROJAN_XINETD_LOG:执行已å¯åŠ¨çš„ xinetd æœåŠ¡çš„检测 ROOTKIT_TROJAN_XINETD_ENABLED:在 '$1' 中检测已å¯åŠ¨çš„æœåŠ¡ ROOTKIT_TROJAN_XINETD_INCLUDE:å‘现 'include $1' 指令 ROOTKIT_TROJAN_XINETD_INCLUDEDIR:å‘现 'includedir $1' 指令 ROOTKIT_TROJAN_XINETD_ENABLED_FOUND:å‘现å¯åŠ¨çš„ xinetd æœåŠ¡: $1 ROOTKIT_TROJAN_XINETD_WHITELIST:å‘现æœåŠ¡ '$1': 它ä½äºŽ $2 白åå•. ROOTKIT_TROJAN_APACHE:检测 Apache çš„åŽé—¨ ROOTKIT_TROJAN_APACHE_SKIPPED:跳过Apache åŽé—¨çš„检测: 没å‘现Apache 模å—å’Œé…置目录. ROOTKIT_TROJAN_APACHE_FOUND:å‘现Apache åŽé—¨æ¨¡å— 'mod_rootme' : $1 ROOTKIT_OS_START:执行 $1 详细的检测 ROOTKIT_OS_SKIPPED:没有å¯ç”¨çš„详细检测 ROOTKIT_OS_BSD_SOCKNET:检测 sockstat å’Œ netstat 命令 ROOTKIT_OS_BSD_SOCKNET_FOUND: sockstat å’Œ netstat 的输出å‘现ä¸åŒ: ROOTKIT_OS_BSD_SOCKNET_OUTPUT:$1 输出: $2 ROOTKIT_OS_FREEBSD_KLD:检测 KLD åŽé—¨ ROOTKIT_OS_FREEBSD_KLD_FOUND:å‘现å¯ç–‘çš„ FreeBSD KLD åŽé—¨. 'kldstat -v' 命令显示字符串 '$1' ROOTKIT_OS_FREEBSD_PKGDB:检测包数æ®åº“ ROOTKIT_OS_FREEBSD_PKGDB_NOTOK:包数æ®åº“似乎有矛盾. ROOTKIT_OS_FREEBSD_PKGDB_NOTOK:è¿™å¯èƒ½ä¸æ˜¯å®‰å…¨é—®é¢˜, 但是è¿è¡Œ 'pkgdb -F' å¯èƒ½æœ‰åŠ©äºŽè¯Šæ–­é—®é¢˜. ROOTKIT_OS_LINUX_LKM:检测内核模å—命令 ROOTKIT_OS_LINUX_LKM_FOUND: lsmod 命令 å’Œ /proc/modules 文件之间å‘现ä¸åŒçš„地方: ROOTKIT_OS_LINUX_LKM_OUTPUT:$1 输出: $2 ROOTKIT_OS_LINUX_LKM_EMPTY: 没有å‘现 lsmod 命令 和或 /proc/modules 文件的输出: ROOTKIT_OS_LINUX_LKM_MOD_MISSING:模å—文件 '$1' 已丢失. ROOTKIT_OS_LINUX_LKMNAMES:检测内核模å—å称 ROOTKIT_OS_LINUX_LKMNAMES_PATH:使用模å—路径å '$1' ROOTKIT_OS_LINUX_LKMNAMES_FOUND:在 '$1'中å‘现已知的æ¶æ„内核模å—: $2 ROOTKIT_OS_LINUX_LKMNAMES_PATH_MISSING:内核模å—目录 '$1' 丢失 CHECK_LOCALHOST:检测本地host... STARTUP_FILES_START:执行系统boot检测 STARTUP_HOSTNAME:检测本地hostå称 STARTUP_NO_HOSTNAME:没å‘现hostå. STARTUP_LOCAL_RC_FILE:检测本地å¯åŠ¨æ–‡ä»¶ STARTUP_FOUND_LOCAL_RC_FILE:å‘现本地å¯åŠ¨æ–‡ä»¶: $1 STARTUP_NO_LOCAL_RC_FILE:没å‘现本地å¯åŠ¨æ–‡ä»¶. STARTUP_CHECK_LOCAL_RC:检测本地å¯åŠ¨æ–‡ä»¶æ˜¯å¦æ¶‰åŠæœ‰å®³ç¨‹åº STARTUP_CHECK_SYSTEM_RC:检测系统å¯åŠ¨æ–‡ä»¶æ˜¯å¦æ¶‰åŠæœ‰å®³ç¨‹åº STARTUP_CHECK_SYSTEM_RC_FOUND:å‘现系统å¯åŠ¨ç›®å½•: $1 STARTUP_CHECK_SYSTEM_RC_NONE:没å‘现系统å¯åŠ¨æ–‡ä»¶. ACCOUNTS_START:执行用户组和å¸æˆ·æ£€æµ‹ ACCOUNTS_PWD_FILE_CHECK:检测密ç æ–‡ä»¶ ACCOUNTS_FOUND_PWD_FILE:å‘现密ç æ–‡ä»¶: $1 ACCOUNTS_NO_PWD_FILE:密ç æ–‡ä»¶ $1 ä¸å­˜åœ¨. ACCOUNTS_UID0:检测等效root (UID 0) å¸æˆ· ACCOUNTS_UID0_WL:å‘现等效root å¸æˆ· '$1': 它ä½äºŽç™½åå•ä¸­. ACCOUNTS_UID0_FOUND:å¸æˆ· '$1' 是等效root (UID = 0) ACCOUNTS_SHADOW_FILE:å‘现 shadow 文件: $1 ACCOUNTS_PWDLESS:检测空密ç çš„å¸æˆ· ACCOUNTS_PWDLESS_WL:å‘现空密ç å¸æˆ· '$1': 它列于白åå•. ACCOUNTS_PWDLESS_FOUND:å‘现空密ç å¸æˆ·: $1 ACCOUNTS_NO_SHADOW_FILE:没å‘现 shadow/password 文件. PASSWD_CHANGES:检测密ç æ–‡ä»¶çš„å˜åŒ– PASSWD_CHANGES_NO_TMP:无法检测密ç æ–‡ä»¶çš„异常: 密ç æ–‡ä»¶çš„副本ä¸å­˜åœ¨. PASSWD_CHANGES_ADDED:有用户被加到密ç æ–‡ä»¶ä¸­: PASSWD_CHANGES_REMOVED:有用户从密ç æ–‡ä»¶ä¸­ç§»é™¤: GROUP_CHANGES:检测用户组文件的å˜åŒ– GROUP_CHANGES_NO_FILE:用户组文件 $1 ä¸å­˜åœ¨. GROUP_CHANGES_NO_TMP:无法检测用户组文件的å˜åŒ–: 用户组文件的副本ä¸å­˜åœ¨. GROUP_CHANGES_ADDED:有用户被加进用用户组文件: GROUP_CHANGES_REMOVED:组已被从用户组文件中删除: HISTORY_CHECK:检测rootå¸æˆ·çš„shell历å²æ–‡ä»¶ HISTORY_CHECK_FOUND:Root å¸æˆ· $1 shell 历å²æ–‡ä»¶æ˜¯ä¸€ä¸ªç¬¦å·é“¾æŽ¥: $2 SYSTEM_CONFIGS_START:执行系统é…置文件检测 SYSTEM_CONFIGS_FILE:检测é…置文件 $1 SYSTEM_CONFIGS_FILE_FOUND:å‘现 $1 é…置文件: $2 SYSTEM_CONFIGS_SSH_ROOT:检测SSH是å¦å…许root访问 SYSTEM_CONFIGS_SSH_ROOT_FOUND: SSH å’Œ rkhunter çš„é…置选顶应当相åŒ: SYSTEM_CONFIGS_SSH_ROOT_FOUND1:SSH é…置选项 'PermitRootLogin': $1 SYSTEM_CONFIGS_SSH_ROOT_FOUND2:Rkhunter é…置选项 'ALLOW_SSH_ROOT_USER': $1 SYSTEM_CONFIGS_SSH_ROOT_NOTFOUND: 还没设置SSH é…置选项 'PermitRootLogin' . SYSTEM_CONFIGS_SSH_ROOT_NOTFOUND:默认值å¯èƒ½æ˜¯ 'yes', å…许root访问. SYSTEM_CONFIGS_SSH_PROTO:检测是å¦å…许 SSH v1版åè®® SYSTEM_CONFIGS_SSH_PROTO_FOUND:SSHçš„é…置文件SSH ($1)已让SSH 版本1å议生效. SYSTEM_CONFIGS_SSH_PROTO_NOTFOUND: SSH é…置选项 'Protocol' 还没设置. SYSTEM_CONFIGS_SSH_PROTO_NOTFOUND:默认值å¯èƒ½æ˜¯ '2,1', å…许使用 版本11åè®®. SYSTEM_CONFIGS_SYSLOG:检测是å¦è¿è¡Œsyslog daemon SYSTEM_CONFIGS_SYSLOG_NOT_RUNNING:syslog daemon 没有è¿è¡Œ. SYSTEM_CONFIGS_SYSLOG_METALOG_RUNNING:syslog daemon 没有è¿è¡Œ, 但是已ç»å‘现一个metalog daemon. SYSTEM_CONFIGS_SYSLOG_SOCKLOG_RUNNING:syslog daemon 没有è¿è¡Œ, 但是已ç»å‘现一个socklog daemon. SYSTEM_CONFIGS_SYSLOG_NO_FILE:syslog daemon 正在è¿è¡Œ, 但是无法å‘现é…置文件. SYSTEM_CONFIGS_SYSLOG_REMOTE:检测是å¦å…许 syslog remote logging SYSTEM_CONFIGS_SYSLOG_REMOTE_FOUND:Syslog é…置文件å…许远程登陆: $1 SYSTEM_CONFIGS_SYSLOG_REMOTE_ALLOWED:Rkhunter é…置选项 'ALLOW_SYSLOG_REMOTE_LOGGING' å·²ç»ç”Ÿæ•ˆ. FILESYSTEM_START:执行文件系统检测 FILESYSTEM_DEV_CHECK:/dev 作为å¯ç–‘文件类型检测 FILESYSTEM_DEV_CHECK_NO_DEV:/dev ä¸å­˜åœ¨. FILESYSTEM_DEV_FILE_WL:å‘现文件 '$1': 它列于白åå•ä¸­. FILESYSTEM_DEV_FILE_FOUND:在 ${1}中å‘现å¯ç–‘文件类型: FILESYSTEM_HIDDEN_DIR_WL:å‘现éšè—的目录'$1': 它列于白åå•ä¸­. FILESYSTEM_HIDDEN_FILE_WL:å‘现éšè—文件 '$1': 它列于白åå•ä¸­. FILESYSTEM_HIDDEN_CHECK:检测éšè—的文件和目录 FILESYSTEM_HIDDEN_DIR_FOUND:å‘现éšè—的目录: $1 FILESYSTEM_HIDDEN_FILE_FOUND:å‘现éšè—的文件: $1 CHECK_APPS:检测应用程åºçš„版本... APPS_NONE_FOUND:å‘çŽ°æœ«çŸ¥åº”ç”¨ç¨‹åº - 跳过所有的检测. APPS_DAT_MISSING:跳过所有的应用程åºç‰ˆæœ¬æ£€æµ‹. APPS_DAT_MISSING:ä¸å®‰å…¨åº”用程åºç‰ˆæœ¬ (programs_bad.dat) 丢失或为空. APPS_DAT_MISSING:如果它已ç»è¢«åˆ é™¤, ä½ å¾—è¿è¡Œ 'rkhunter --update'. APPS_NOT_FOUND:没å‘çŽ°åº”ç”¨ç¨‹åº '$1' . APPS_CHECK:检测版本 $1 APPS_CHECK_WL:å‘çŽ°åº”ç”¨ç¨‹åº '$1': 它列于白åå•ä¸­. APPS_CHECK_VERSION_UNKNOWN:æ— æ³•èŽ·å– '$1'的版本å·. APPS_CHECK_VERSION_FOUND:å‘çŽ°åº”ç”¨ç¨‹åº '$1' ç‰ˆæœ¬å· '$2' . APPS_CHECK_VERSION_WL:å‘çŽ°åº”ç”¨ç¨‹åº '$1' 版本 '$2': 这个版本ä½äºŽç™½åå•. APPS_CHECK_WHOLE_VERSION_USED:æ— æ³•èŽ·å– '$1'的版本å·: 版本选项赋予: $2 APPS_CHECK_FOUND:åº”ç”¨ç¨‹åº '$1', ç‰ˆæœ¬å· '$2', 已过时, 有潜在的安全风险. APPS_TOTAL_COUNT:应用程åºæ£€æµ‹: $1 out of $2 CHECK_NETWORK:检测网络... NETWORK_PORTS_START:执行åŽé—¨ç«¯å£çš„检测 NETWORK_PORTS_FILE_MISSING:跳过所有åŽé—¨ç«¯å£çš„检测. NETWORK_PORTS_FILE_MISSING:已知åŽé—¨ç«¯å£æ–‡ä»¶ (backdoorports.dat) 丢失或为空白. NETWORK_PORTS_FILE_MISSING:如果它已被删除,你必须è¿è¡Œå‘½ä»¤ 'rkhunter --update'. NETWORK_PORTS_UNKNOWN_NETSTAT:跳过所有åŽé—¨ç«¯å£çš„检测. NETWORK_PORTS_UNKNOWN_NETSTAT:æ­¤æ“作系统中无法识别该netstat命令格å¼. NETWORK_PORTS_DISABLE_PATHS:在PORT_WHITELIST 设置中'*' 和路径å无效: 'lsof' 命令ä¸å­˜åœ¨. NETWORK_PORTS_ENABLE_TRUSTED:å¯ä¿¡ä»»çš„路径å已在端å£ç™½åå•ä¸­å¯ç”¨. NETWORK_PORTS:为 $1 æ£€æµ‹ç«¯å£ $2 NETWORK_PORTS_PATH_WHITELIST:网络 $1 ç«¯å£ $2 正在被 $3 使用: 路径å列于白åå•. NETWORK_PORTS_TRUSTED_WHITELIST:网络 $1 ç«¯å£ $2 正在被 $3 使用: 路径å是å¯ä¿¡ä»»çš„. NETWORK_PORTS_PORT_WHITELIST:网络 $1 ç«¯å£ $2 正在被使用: 端å£åˆ—于白åå•ä¸­. NETWORK_PORTS_FOUND:网络 $1 ç«¯å£ $2 正在被使用${3}. å¯èƒ½æ˜¯rootkit: $4 NETWORK_PORTS_FOUND:使用 'lsof -i' 或 'netstat -an' 命令检测它. NETWORK_INTERFACE_START:执行网络接å£çš„检测 NETWORK_PROMISC_CHECK:检测 promiscuous æŽ¥å£ NETWORK_PROMISC_NO_IFCONFIG:Promiscuous 网络接å£è¢«è·³è¿‡ - 无法找到 'ifconfig' 命令. NETWORK_PROMISC_NO_IP:使用'ip' 命令检测Promiscuous ç½‘ç»œæŽ¥å£ - 无法找到 'ip' 命令. NETWORK_PROMISC_IF:å¯èƒ½promiscuous 接å£: NETWORK_PROMISC_IF_1:'ifconfig' 命令输出: $1 NETWORK_PROMISC_IF_2:'ip' 命令输出: $1 NETWORK_PACKET_CAP_CHECK:检测 æ•°æ®æŠ¥æ•æ‰ç¨‹åº NETWORK_PACKET_CAP_CHECK_NO_FILE:æ•°æ®åŒ…检测程åºæ£€æµ‹è¢«è·³è¿‡ - 文件 '$1' 丢失. NETWORK_PACKET_CAP_FOUND:进程 '$1' (PID $2) 正在网络上监å¬. NETWORK_PACKET_CAP_WL:å‘现进程 '$1': 它列于白åå•ä¸­. SHARED_LIBS_START:执行 '共享库' 的检测 SHARED_LIBS_PRELOAD_VAR:检测预装载å˜é‡ SHARED_LIBS_PRELOAD_VAR_FOUND:å‘现预装载å˜é‡: $1 SHARED_LIBS_PRELOAD_FILE:检测预装文件 SHARED_LIBS_PRELOAD_FILE_FOUND:å‘现library preload 文件: $1 SHARED_LIBS_PATH:检测 LD_LIBRARY_PATH å˜é‡ SHARED_LIBS_PATH_BAD: LD_LIBRARY_PATH 环境å˜é‡è¢«è®¾ç½®ï¼Œå®ƒä¼šå½±å“二进制程åº: 被设置为: $1 SUSPSCAN_CHECK:检测具有å¯ç–‘ contents 的文件 SUSPSCAN_DIR_NOT_EXIST:目录 '$1' ä¸å­˜åœ¨. SUSPSCAN_INSPECT:文件 '$1' (score: $2) 包å«ä¸€äº›å¯ç–‘的内容,它将被检测. SUSPSCAN_START:执行带有å¯ç–‘contents文件的检测 SUSPSCAN_DIRS:待检测目录是: $1 SUSPSCAN_NO_DIRS:没有指定目录: 使用用默认 ($1) SUSPSCAN_TEMP:使用临时文件夹: $1 SUSPSCAN_NO_TEMP:没指定临刊文件夹: 使用用默认的 ($1) SUSPSCAN_TEMP_NOT_EXIST:suspscan 临时目录ä¸å­˜åœ¨: $1 SUSPSCAN_TEMP_NO_WRITE:suspscan 临时目录ä¸å¯å†™: $1 SUSPSCAN_SIZE:检测的最大文件大å°(byte为å•ä½): '$1' SUSPSCAN_NO_SIZE:没指定最大的文件大å°: 使用默认值($1) SUSPSCAN_SIZE_INVALID:The suspscan 最大文件大å°æ— æ•ˆ: $1 SUSPSCAN_THRESH:Score 上é™è¢«è®¾ç½®ä¸º: $1 SUSPSCAN_NO_THRESH:没有指定 score 上é™: 使用默认值 ($1) SUSPSCAN_THRESH_INVALID:The suspscan score 上é™æ˜¯æ— æ•ˆçš„: $1 SUSPSCAN_DIR_CHECK:检查目录: '$1' SUSPSCAN_DIR_CHECK_NO_FILES:没有åˆé€‚的文件检查. SUSPSCAN_FILE_CHECK:文件检测: Name: '$1' Score: $2 SUSPSCAN_FILE_CHECK_DEBUG:文件检测: Name: '$1' Score: $2 Hitcount: $3 Hits: ($4) SUSPSCAN_FILE_SKIPPED_EMPTY:忽略文件: 空白: '$1' SUSPSCAN_FILE_SKIPPED_LINK:忽略文件: 符å·è¿žæŽ¥: '$1' SUSPSCAN_FILE_SKIPPED_TYPE:忽略文件: 错误类型: '$1': '$2' SUSPSCAN_FILE_SKIPPED_SIZE:忽略文件: 太大: '$1' SUSPSCAN_FILE_LINK_CHANGE:å‘现符å·è¿žæŽ¥: '$1' -> '$2' LIST_TESTS:有效的测试å: LIST_GROUPED_TESTS:分组检测å称: LIST_LANGS:å¯ç”¨çš„语言: LIST_RTKTS:检测rootkit # #If any problem related with this cn version message,please mail to #linux_fqh@yahoo.com.cn.I will fix them as soon as possible. #如果有任何关于本中文版信æ¯çš„问题,请è”ç³»linux_fqh@yahoo.com.cn #我将尽快修正它们 # rkhunter-1.4.6/files/i18n/en0000644000000000000000000011307013242661162014275 0ustar rootrootVersion:2018021101 # # We start with the definitions of the message types and results. There # are very few of these, so including these and all the parts of each # message in one file makes sense and for easier translation. # # The message type MSG_TYPE_PLAIN is used for ordinary messages. It has # no specific value, and is intercepted in the display function. It is # included here for completeness. The index names of MSG_TYPE_ and # MSG_RESULT_ are reserved - no messages can use this as part of its index. # MSG_TYPE_PLAIN: MSG_TYPE_INFO:Info MSG_TYPE_WARNING:Warning # # This is the list of message results. # MSG_RESULT_OK:OK MSG_RESULT_SKIPPED:Skipped MSG_RESULT_WARNING:Warning MSG_RESULT_FOUND:Found MSG_RESULT_NOT_FOUND:Not found MSG_RESULT_NONE_FOUND:None found MSG_RESULT_ALLOWED:Allowed MSG_RESULT_NOT_ALLOWED:Not allowed MSG_RESULT_UNSET:Not set MSG_RESULT_WHITELISTED:Whitelisted MSG_RESULT_NONE_MISSING:None missing MSG_RESULT_UPD:Updated MSG_RESULT_NO_UPD:No update MSG_RESULT_UPD_FAILED:Update failed MSG_RESULT_VCHK_FAILED:Version check failed # # The messages. # VERSIONLINE:[ $1 version $2 ] VERSIONLINE2:Running $1 version $2 on $3 VERSIONLINE3:Running $1 version $2 RKH_STARTDATE:Start date is $1 RKH_ENDDATE:End date is $1 OPSYS:Detected operating system is '$1' UNAME:Uname output is '$1' CONFIG_CHECK_START:Checking configuration file and command-line options... CONFIG_CMDLINE:Command line is $1 CONFIG_DEBUGFILE:Debug file is $1 CONFIG_ENVSHELL:Environment shell is $1; rkhunter is using $2 CONFIG_CONFIGFILE:Using configuration file '$1' CONFIG_LOCALCONFIGFILE:Using local configuration file '$1' CONFIG_LOCALCONFIGDIR:Using local configuration directory '$1': $2 file$3 found CONFIG_INSTALLDIR:Installation directory is '$1' CONFIG_LANGUAGE:Using language '$1' CONFIG_DBDIR:Using '$1' as the database directory CONFIG_SCRIPTDIR:Using '$1' as the support script directory CONFIG_BINDIR:Using '$1' as the command directories CONFIG_TMPDIR:Using '$1' as the temporary directory CONFIG_NO_MAIL_ON_WARN:No mail-on-warning address configured CONFIG_MOW_DISABLED:Disabling use of mail-on-warning at users request CONFIG_MAIL_ON_WARN:Emailing warnings to '$1' using command '$2' CONFIG_SSH_ROOT:Rkhunter option ALLOW_SSH_ROOT_USER set to '$1'. CONFIG_SSH_PROTV1:Rkhunter option ALLOW_SSH_PROT_V1 set to '$1'. CONFIG_X_AUTO:X will be automatically detected CONFIG_CLRSET2:Using second color set CONFIG_NO_SHOW_SUMMARY:Disabling system check summary at users request CONFIG_SCAN_MODE_DEV:SCAN_MODE_DEV set to '$1' CONFIG_LOG_FILE:Logging to log file: $1 CONFIG_NO_VL:Disabling verbose logging at users request CONFIG_APPEND_LOG:Current logging will be appended to the log file CONFIG_COPY_LOG:The log file will be copied if there are any errors CONFIG_XINETD_PATH:Using $1 configuration file '$2' CONFIG_SOL10_INETD:Using Solaris 10 and later inetd mechanism CONFIG_STARTUP_PATHS:Using system startup paths: $1 CONFIG_ROTATE_MIRRORS:The mirrors file will be rotated CONFIG_NO_ROTATE_MIRRORS:The mirrors file will not be rotated CONFIG_UPDATE_MIRRORS:The mirrors file will be updated CONFIG_NO_UPDATE_MIRRORS:The mirrors file will not be updated CONFIG_MIRRORS_MODE0:Both local and remote mirrors will be used CONFIG_MIRRORS_MODE1:Only local mirrors will be used CONFIG_MIRRORS_MODE2:Only remote mirrors will be used FOUND_CMD:Found the '$1' command: $2 NOT_FOUND_CMD:Unable to find the '$1' command DISABLED_CMD:The '$1' command has been disabled CMD_ERROR:The command '$1' gave error code $2. SYS_PRELINK:System is using prelinking SYS_NO_PRELINK:System is not using prelinking SYS_SELINUX:SELinux is enabled SYS_NO_SELINUX:SELinux is disabled HASH_FUNC_PRELINK:Using the prelink command (with $1) for the file hash checks HASH_FUNC_PERL:Using the perl $1 module for the file hash checks HASH_FUNC_PERL_SHA:Using the perl $1 module (with $2) for the file hash checks HASH_FUNC:Using the '$1' command for the file hash checks HASH_FUNC_NONE:File hash checks disabled: NONE specified HASH_FUNC_NONE_PKGMGR:File hash function NONE specified: only package manager will be used HASH_FUNC_DISABLED:Hash function set to 'NONE': automatically disabling file hash checks HASH_FUNC_OLD:Stored hash values used hash function '$1' HASH_FUNC_OLD_DISABLED:Previous hash function was disabled: no hash values were stored HASH_PKGMGR_OLD:Stored hash values used package manager '$1' HASH_PKGMGR_OLD_UNSET:Stored hash values did not use a package manager HASH_PKGMGR:Using package manager '$1' for file property checks HASH_PKGMGR_MD5:Using MD5 hash function command '$1' to assist package manager verification HASH_PKGMGR_SHA:Using SHA hash function command '$1' to assist package manager verification HASH_PKGMGR_SUM:Using the stored 16-bit checksum for package verification HASH_PKGMGR_NOT_SPEC:No package manager specified: using hash function '$1' HASH_PKGMGR_NOT_SPEC_PRELINKED:No package manager specified: using prelink command with '$1' HASH_FIELD_INDEX:The hash function field index is set to $1 HASHUPD_DISABLED:Hash checks disabled: current file hash values will not be stored HASHUPD_PKGMGR:Using package manager '$1' to update the file hash values HASHUPD_PKGMGR_NOT_SPEC:No file hash update package manager specified: using hash function '$1' HASHUPD_PKGMGR_NOT_SPEC_PRELINKED:No file hash update package manager specified: using prelink command with '$1' ATTRUPD_DISABLED:File attribute checks disabled: current file attributes will not be stored ATTRUPD_NOSTATCMD:File attribute checks disabled: no 'stat' command found: current file attributes will not be stored ATTRUPD_OK:Current file attributes will be stored ATTRUPD_OLD_DISABLED:Previous file attributes were disabled: no file attributes were stored ATTRUPD_OLD_NOSTATCMD:Previous file attributes were disabled: no 'stat' command found: no file attributes were stored ATTRUPD_OLD_OK:Previous file attributes were stored RKHDAT_ADD_NEW_ENTRY:Adding file entry to the 'rkhunter.dat' file: $1 RKHDAT_DEL_OLD_ENTRY:Deleting non-existent file entry from the 'rkhunter.dat' file: $1 SYSLOG_ENABLED:Using syslog for some logging - facility/priority level is '$1'. SYSLOG_DISABLED:Disabling use of syslog at users request. SYSLOG_NO_LOGGER:Disabling use of syslog - unable to find 'logger' command. NAME:$1 PRESSENTER:[Press to continue] TEST_SKIPPED_OS:Test '$1' skipped due to O/S: $2 SUMMARY_TITLE1:System checks summary SUMMARY_TITLE2:===================== SUMMARY_PROP_SCAN:File properties checks... SUMMARY_PROP_REQCMDS:Required commands check failed SUMMARY_PROP_COUNT:Files checked: $1 SUMMARY_PROP_FAILED:Suspect files: $1 SUMMARY_CHKS_SKIPPED:All checks skipped SUMMARY_RKT_SCAN:Rootkit checks... SUMMARY_RKT_COUNT:Rootkits checked : $1 SUMMARY_RKT_FAILED:Possible rootkits: $1 SUMMARY_RKT_NAMES:Rootkit names : $1 SUMMARY_APPS_SCAN:Applications checks... SUMMARY_APPS_COUNT:Applications checked: $1 SUMMARY_APPS_FAILED:Suspect applications: $1 SUMMARY_SCAN_TIME:The system checks took: $1 SUMMARY_NO_SCAN_TIME:The system check took: Unable to determine clock time SUMMARY_LOGFILE:All results have been written to the log file: $1 SUMMARY_NO_LOGFILE:No log file created. SUMMARY_LOGFILE_COPIED:Log file copied to $1 CREATED_TEMP_FILE:Created temporary file '$1' MIRRORS_NO_FILE:The mirrors file does not exist: $1 MIRRORS_NO_MIRRORS:The mirrors file has no required mirrors in it: $1 MIRRORS_NO_VERSION:The mirrors file has no version number - resetting to zero: $1 MIRRORS_ROTATED:The mirrors file has been rotated: $1 MIRRORS_SF_DEFAULT:Using the SourceForge mirror: $1 DOWNLOAD_CMD:Executing download command '$1' DOWNLOAD_FAIL:Download failed - $1 mirror(s) left. VERSIONCHECK_START:Checking rkhunter version... VERSIONCHECK_FAIL_ALL:Download failed: Unable to determine the latest program version number. VERSIONCHECK_CURRENT:This version : $1 VERSIONCHECK_LATEST:Latest version: $1 VERSIONCHECK_LATEST_FAIL:Latest version: Download failed VERSIONCHECK_UPDT_AVAIL:Update available VERSIONCHECK_CONV_FAIL:Unable to compare version numbers: Program: '$1' Latest: '$2' UPDATE_START:Checking rkhunter data files... UPDATE_CHECKING_FILE:Checking file $1 UPDATE_FILE_NO_VERS:File '$1' has no valid version number. Downloading a new copy. UPDATE_FILE_MISSING:File '$1' is missing or empty. Downloading a new copy. UPDATE_DOWNLOAD_FAIL:Download of '$1' failed: Unable to determine the latest version number. UPDATE_I18N_NO_VERS:No i18n language file version numbers can be found. UPDATE_SKIPPED:Language file update skipped at users request. OSINFO_START:Checking if the O/S has changed since last time... OSINFO_END:Nothing seems to have changed. OSINFO_HOST_CHANGE1:The host name has changed since the last run: OSINFO_HOST_CHANGE2:Old host value: $1 New value: $2 OSINFO_OSVER_CHANGE1:The O/S name or version has changed since the last run: OSINFO_OSVER_CHANGE2:Old O/S value: $1 New value: $2 OSINFO_PRELINK_CHANGE:The system has changed to ${1}using prelinking since the last run. OSINFO_ARCH_CHANGE1:The system seems to have changed CPU type: OSINFO_ARCH_CHANGE2:Old CPU value: $1 New value: $2 OSINFO_MSG1:Because of the change(s) the file properties checks may give some false-positive results. OSINFO_MSG2:You may need to re-run rkhunter with the '--propupd' option. OSINFO_DO_UPDT:The file properties file will be automatically updated. SET_FILE_PROP_START:Getting file properties... SET_FILE_PROP_DIR_FILE_COUNT:Found $1 files in $2 SET_FILE_PROP_FILE_COUNT:File $1: searched for $2 files, found $3 SET_FILE_PROP_FILE_COUNT_BL:File $1: searched for $2 files, found $3, broken links $4 SET_FILE_PROP_FILE_COUNT_PROPOPT:File $1: searched for $2 files, found $3 of $4 SET_FILE_PROP_FILE_COUNT_PROPOPT_BL:File $1: searched for $2 files, found $3 of $4, broken links $5 SET_FILE_PROP_FILE_COUNT_NOHASH:File $1: searched for $2 files, found $3, missing hashes $4 SET_FILE_PROP_FILE_COUNT_NOHASH_BL:File $1: searched for $2 files, found $3, missing hashes $4, broken links $5 SET_FILE_PROP_FILE_COUNT_NOHASH_PROPOPT:File $1: searched for $2 files, found $3 of $4, missing hashes $5 SET_FILE_PROP_FILE_COUNT_NOHASH_PROPOPT_BL:File $1: searched for $2 files, found $3 of $4, missing hashes $5, broken links $6 PROPUPD_START:Starting file properties data update... PROPUPD_OSINFO_START:Collecting O/S info... PROPUPD_ARCH_FOUND:Found system architecture: $1 PROPUPD_REL_FILE:Found release file: $1 PROPUPD_NO_REL_FILE_NO_OUTPUT:Unable to find an O/S release file. PROPUPD_NO_REL_FILE:Unable to find an O/S release file: LS output shows: PROPUPD_OSNAME_FOUND:Found O/S name: $1 PROPUPD_ERROR:Error installing new 'rkhunter.dat' file. Code $1 PROPUPD_NEW_DAT_FILE:New 'rkhunter.dat' file installed in '$1' PROPUPD_WARN:WARNING! It is the users responsibility to ensure that when the '--propupd' option PROPUPD_WARN:is used, all the files on their system are known to be genuine, and installed from a PROPUPD_WARN:reliable source. The rkhunter '--check' option will compare the current file properties PROPUPD_WARN:against previously stored values, and report if any values differ. However, rkhunter PROPUPD_WARN:cannot determine what has caused the change, that is for the user to do. ENABLED_TESTS:Enabled tests are: $1 DISABLED_TESTS:Disabled tests are: $1 USER_FILE_LIST:Including user files for file properties check: USER_CMD_LIST:Including user commands for file properties check: USER_DIR_LIST:Including user directories for file properties check: USER_EXCLUDE_PROP:Excluding from file properties check: KSYMS_FOUND:Found kernel symbols file '$1' KSYMS_UNAVAIL:All kernel symbol checks will be skipped - the kernel symbols file is unreadable: $1 KSYMS_MISSING:All kernel symbol checks will be skipped - could not find a kernel symbols file on the system. STARTING_TEST:Starting test name '$1' USER_DISABLED_TEST:Test '$1' disabled at users request. CHECK_START:Starting system checks... CHECK_WARNINGS_NOT_FOUND:No warnings were found while checking the system. CHECK_WARNINGS_NOT_FOUND0:0 warnings were found while checking the system. CHECK_WARNINGS_FOUND:One or more warnings have been found while checking the system. CHECK_WARNINGS_FOUND_NUMBER:$1 warnings have been found while checking the system. CHECK_WARNINGS_FOUND_NUMBER1:1 warning has been found while checking the system. CHECK_WARNINGS_FOUND_RERUN:Please re-run rkhunter, ensuring that a log file is created. CHECK_WARNINGS_FOUND_CHK_LOG:Please check the log file ($1) CHECK_SYS_COMMANDS:Checking system commands... STRINGS_CHECK_START:Performing 'strings' command checks STRINGS_SCANNING_OK:Scanning for string $1 STRINGS_SCANNING_BAD:Scanning for string $1 STRINGS_SCANNING_BAD:String not found in 'strings' command STRINGS_CHECK:Checking 'strings' command STRINGS_CHECK:Check skipped - no 'strings' command found. FILE_PROP_START:Performing file properties checks FILE_PROP_CMDS:Checking for prerequisites FILE_PROP_IMMUT_OS:Skipping all immutable-bit checks. This check is only available for Linux systems. FILE_PROP_IMMUT_SET:The immutable-bit check will be reversed. FILE_PROP_SKIP_ATTR:Unable to find the 'stat' command - all file attribute checks will be skipped. FILE_PROP_SKIP_ATTR_DISABLED:The 'stat' command has been disabled - all file attribute checks will be skipped. FILE_PROP_SKIP_HASH:All file hash checks will be skipped because: FILE_PROP_SKIP_HASH_FUNC:The current hash function ($1) or package manager ($2) is incompatible with the hash function ($3) or package manager ($4) used to store the values. FILE_PROP_SKIP_HASH_PRELINK:Unable to find 'prelink' command. FILE_PROP_SKIP_HASH_SHA1:This system uses prelinking, but the hash function command does not look like SHA1 or MD5. FILE_PROP_SKIP_HASH_LIBSAFE:Libsafe was found, which can cause errors. If possible, disable libsafe and then run the prelink command. Finally, recreate the hash values using 'rkhunter --propupd'. FILE_PROP_SKIP_IMMUT:Unable to find the 'lsattr' command - all file immutable-bit checks will be skipped. FILE_PROP_SKIP_IMMUT_DISABLED:The 'lsattr' command has been disabled - all file immutable-bit checks will be skipped. FILE_PROP_SKIP_IMMUT_CMD:No output from the '$1' command - all file immutable-bit checks will be skipped. FILE_PROP_SKIP_SCRIPT:Unable to find the 'file' command - all script replacement checks will be skipped. FILE_PROP_SKIP_SCRIPT_DISABLED:The 'file' command has been disabled - all script replacement checks will be skipped. FILE_PROP_SKIP_FILE_CMD:No output from the 'file' command - all script replacement checks will be skipped. FILE_PROP_SKIP_INODE:All file inode checks will be skipped. FILE_PROP_NO_OS_WARNING:Warnings of any O/S change have been disabled at the users request. FILE_PROP_OS_CHANGED:The local host configuration or operating system has changed. FILE_PROP_DAT_MISSING:The file of stored file properties (rkhunter.dat) does not exist, and should be created. To do this type in 'rkhunter --propupd'. FILE_PROP_DAT_EMPTY:The file of stored file properties (rkhunter.dat) is empty, and should be created. To do this type in 'rkhunter --propupd'. FILE_PROP_SKIP_ALL:All file property checks are now being skipped. FILE_PROP_DAT_MISSING_INFO:The file properties check will still run as there are checks that can be performed without the 'rkhunter.dat' file. FILE_PROP_FILE_NOT_EXIST:The file '$1' does not exist on the system, but it is present in the 'rkhunter.dat' file. FILE_PROP_WL:Found file '$1': it is whitelisted for the '$2' check. FILE_PROP_WL_STR:Found file '$1' and string '$2': they are whitelisted for the '$3' check. FILE_PROP_WL_DIR:Found directory '$1': it is whitelisted for the '$2' check. FILE_PROP_NO_RKH_REC:The file '$1' exists on the system, but it is not present in the 'rkhunter.dat' file. FILE_PROP_CHANGED:The file properties have changed: FILE_PROP_CHANGED2:File: $1 FILE_PROP_NO_PKGMGR_FILE:File '$1' hash value skipped: file does not belong to a package FILE_PROP_NO_SYSHASH:No hash value found for file '$1' FILE_PROP_NO_SYSHASH_BL:The file is a broken link: $1 -> $2 FILE_PROP_BROKEN_LINK_WL_TGT:Found a broken link, but the targets existence is whitelisted: $1 -> $2 FILE_PROP_NO_SYSHASH_CMD:Hash command output: $1 FILE_PROP_NO_SYSHASH_DEPENDENCY:Try running the command 'prelink $1' to resolve dependency errors. FILE_PROP_IGNORE_PRELINK_DEP_ERR:Ignoring prelink dependency error for file '$1' FILE_PROP_SYSHASH_UNAVAIL:Current hash: Unavailable FILE_PROP_SYSHASH_UNAVAIL_BL:Current hash: Unavailable (possible broken link) FILE_PROP_SYSHASH:Current hash: $1 FILE_PROP_RKHHASH:Stored hash : $1 FILE_PROP_NO_RKHHASH:No hash value found for file '$1' in the 'rkhunter.dat' file. FILE_PROP_NO_RKHPERM:No file permissions value found for file '$1' in the 'rkhunter.dat' file. FILE_PROP_PERM_UNAVAIL:Current permissions: Unavailable Stored permissions: $1 FILE_PROP_PERM:Current permissions: $1 Stored permissions: $2 FILE_PROP_UID_UNAVAIL:Current uid: Unavailable Stored uid: $1 FILE_PROP_UID:Current uid: $1 Stored uid: $2 FILE_PROP_NO_RKHUID:No user-id value found for file '$1' in the 'rkhunter.dat' file. FILE_PROP_GID_UNAVAIL:Current gid: Unavailable Stored gid: $1 FILE_PROP_GID:Current gid: $1 Stored gid: $2 FILE_PROP_NO_RKHGID:No group-id value found for file '$1' in the 'rkhunter.dat' file. FILE_PROP_INODE_UNAVAIL:Current inode: Unavailable Stored inode: $1 FILE_PROP_INODE:Current inode: $1 Stored inode: $2 FILE_PROP_NO_RKHINODE:No inode value found for file '$1' in the 'rkhunter.dat' file. FILE_PROP_SIZE_UNAVAIL:Current size: Unavailable Stored size: $1 FILE_PROP_SIZE:Current size: $1 Stored size: $2 FILE_PROP_NO_RKHSIZE:No size value found for file '$1' in the 'rkhunter.dat' file. FILE_PROP_SYSDTM_UNAVAIL:Current file modification time: Unavailable FILE_PROP_SYSDTM:Current file modification time: $1 FILE_PROP_RKHDTM:Stored file modification time : $1 FILE_PROP_NO_RKHDTM:No file modification time value found for file '$1' in the 'rkhunter.dat' file. FILE_PROP_SYSLNK:Current symbolic link target: '$1' -> '$2' FILE_PROP_RKHLNK:Stored symbolic link target : '$1' -> '$2' FILE_PROP_NO_RKHLNK:No symbolic link target found for file '$1' in the 'rkhunter.dat' file. FILE_PROP_LINK_WL:The symbolic link target has changed, but it is whitelisted: '$1' -> '$2' FILE_PROP_NO_SYSATTR:Unable to obtain current properties for file '$1' FILE_PROP_WRITE:Write permission is set on file '$1' for all users. FILE_PROP_SYSPERM_UNAVAIL:Unable to obtain current write permission for file '$1' FILE_PROP_IMMUT:File '$1' has the immutable-bit set. FILE_PROP_IMMUT_NOT_SET:File '$1' does not have the immutable-bit set. FILE_PROP_SCRIPT:The command '$1' has been replaced by a script: $2 FILE_PROP_SCRIPT_RKH:The command '$1' has been replaced and is not a script: $2 FILE_PROP_VRFY:Package manager verification has failed: FILE_PROP_VRFY_HASH:The file hash value has changed FILE_PROP_VRFY_PERM:The file permissions have changed FILE_PROP_VRFY_UID:The file owner has changed FILE_PROP_VRFY_GID:The file group has changed FILE_PROP_VRFY_DTM:The file modification time has changed FILE_PROP_VRFY_LNK:The symbolic link target has changed FILE_PROP_VRFY_SIZE:The file size has changed FILE_PROP_EPOCH_DATE_CMD:Using '$1' to process epoch second times CHECK_ROOTKITS:Checking for rootkits... ROOTKIT_FILES_DIRS_START:Performing check of known rootkit files and directories ROOTKIT_FILES_DIRS_NAME_LOG:Checking for ${1}... ROOTKIT_FILES_DIRS_FILE:Checking for file '$1' ROOTKIT_FILES_DIRS_DIR:Checking for directory '$1' ROOTKIT_FILES_DIRS_KSYM:Checking for kernel symbol '$1' ROOTKIT_FILES_DIRS_FILE_FOUND:File '$1' found ROOTKIT_FILES_DIRS_DIR_FOUND:Directory '$1' found ROOTKIT_FILES_DIRS_KSYM_FOUND:Kernel symbol '$1' found ROOTKIT_FILES_DIRS_STR:Checking for string '$1' ROOTKIT_FILES_DIRS_STR_FOUND:Found string '$1' in file '$2' ROOTKIT_FILES_DIRS_NOFILE:The file '$1' does not exist! ROOTKIT_FILES_DIRS_SINAR_DIR:Checking in '$1' ROOTKIT_FILES_DIRS_SINAR:Found SInAR in: $1 ROOTKIT_LINK_COUNT:Checking hard link count on '$1' ROOTKIT_LINK_COUNT_FAIL:Hard link count from '$1' command: $2 ROOTKIT_LINK_COUNT_CMDERR:Error from '$1' command when checking '$2' ROOTKIT_PHALANX2_LINK_COUNT_FAIL:Hard link check on '$1' failed ROOTKIT_PHALANX2_PROC:Checking process list for process 'ata/0' ROOTKIT_PHALANX2_PROC_FOUND:Found running process 'ata/0' ROOTKIT_PHALANX2_PROC_PPID:Expected 'kthread' parent PID '$1' found parent PID '$2' ROOTKIT_PHALANX2_PROC_PS_ERR:Running 'ps' returned unexpected results: possibly unsupported cmdline arguments. ROOTKIT_ADD_START:Performing additional rootkit checks ROOTKIT_ADD_SUCKIT:Suckit Rootkit additional checks ROOTKIT_ADD_SUCKIT_LOG:Performing Suckit Rootkit additional checks ROOTKIT_ADD_SUCKIT_LINK_NOCMD:Checking '/sbin/init' link count: no 'stat' command found ROOTKIT_ADD_SUCKIT_LINK_DISABLED:Checking '/sbin/init' link count: the 'stat' command has been disabled ROOTKIT_ADD_SUCKIT_LINK_FOUND:Checking '/sbin/init' link count: count is $1, it should be 1 ROOTKIT_ADD_SUCKIT_EXT:Checking for hidden file extensions ROOTKIT_ADD_SUCKIT_EXT_FOUND:Checking for hidden file extensions: found: $1 ROOTKIT_ADD_SUCKIT_SKDET:Running skdet command ROOTKIT_ADD_SUCKIT_SKDET_FOUND:Running skdet command: found: $1 ROOTKIT_ADD_SUCKIT_SKDET_VER:Running skdet command: unknown version: $1 ROOTKIT_POSS_FILES_DIRS:Checking for possible rootkit files and directories ROOTKIT_POSS_FILES_DIRS_LOG:Performing check of possible rootkit files and directories ROOTKIT_POSS_FILES_FILE_FOUND:Found file '$1'. Possible rootkit: $2 ROOTKIT_POSS_FILES_DIR_FOUND:Found directory '$1'. Possible rootkit: $2 ROOTKIT_POSS_STRINGS:Checking for possible rootkit strings ROOTKIT_POSS_STRINGS_LOG:Performing check for possible rootkit strings ROOTKIT_POSS_STRINGS_FOUND:Found string '$1' in file '$2'. Possible rootkit: $3 ROOTKIT_MALWARE_START:Performing malware checks ROOTKIT_MALWARE_SUSP_FILES:Checking running processes for suspicious files ROOTKIT_MALWARE_SUSP_FILES_FOUND:The following processes are using suspicious files: ROOTKIT_MALWARE_SUSP_FILES_FOUND_UID:UID: $1 PID: $2 ROOTKIT_MALWARE_SUSP_FILES_FOUND_CMD:Command: $1 ROOTKIT_MALWARE_SUSP_FILES_FOUND_PATH:Pathname: $1 ROOTKIT_MALWARE_SUSP_FILES_FOUND_RTKT:Possible Rootkit: $1 ROOTKIT_MALWARE_HIDDEN_PROCS:Checking for hidden processes ROOTKIT_MALWARE_HIDDEN_PROCS_UNHIDE_VERS:Found 'unhide' command version: $1 ROOTKIT_MALWARE_HIDDEN_PROCS_UNHIDE_CMD:Using command '$1' ROOTKIT_MALWARE_HIDDEN_PROCS_UNH_ERR:'unhide' not executed: invalid configured test names: $1 ROOTKIT_MALWARE_HIDDEN_PROCS_FOUND:Hidden processes found: ROOTKIT_MALWARE_DELETED_FILES:Checking running processes for deleted files ROOTKIT_MALWARE_DELETED_FILES_FOUND:The following processes are using deleted files: ROOTKIT_MALWARE_DELETED_FILES_FOUND_DATA:Process: $1 PID: $2 File: $3 ROOTKIT_MALWARE_DELETED_FILES_WL:Found process '$1' using file '$2': it is whitelisted. ROOTKIT_MALWARE_LOGIN_BDOOR:Checking for login backdoors ROOTKIT_MALWARE_LOGIN_BDOOR_CHK:Checking for '$1' ROOTKIT_MALWARE_LOGIN_BDOOR_FOUND:Found login backdoor file: $1 ROOTKIT_MALWARE_SUSP_DIR:Checking for suspicious directories ROOTKIT_MALWARE_SUSP_DIR_FOUND:Found suspicious directory: $1 ROOTKIT_MALWARE_SFW_INTRUSION:Checking for software intrusions ROOTKIT_MALWARE_SFW_INTRUSION_FOUND:The file '$1' contains the string '$2'. Possible rootkit: SHV5 ROOTKIT_MALWARE_SFW_INTRUSION_SKIP:Check skipped - tripwire not installed ROOTKIT_MALWARE_SNIFFER:Checking for sniffer log files ROOTKIT_MALWARE_SNIFFER_FOUND:Found possible sniffer log file: $1 ROOTKIT_MALWARE_IPCS:Checking for suspicious (large) shared memory segments ROOTKIT_MALWARE_IPCS_FOUND:The following suspicious (large) shared memory segments have been found: ROOTKIT_MALWARE_IPCS_DETAILS:Process: $1 PID: $2 Owner: $3 Size: $4 (configured size allowed: $5) ROOTKIT_MALWARE_IPCS_DETACHED:Detached segment with no pathname: Owner: $1 PID: $2 Segment ID: $3 Size: $4 (configured size allowed: $5) ROOTKIT_MALWARE_IPCS_ATTACHED:Attached segment with no pathname: Owner: $1 Segment ID: $2 Attached processes: $3 Creator PID: $4 Last PID: $5 Size: $4 (configured size allowed: $5) ROOTKIT_MALWARE_IPCS_WL_PATH:Found process pathname '$1': it is whitelisted. ROOTKIT_MALWARE_IPCS_WL_USER:Found process username '$1': it is whitelisted. ROOTKIT_MALWARE_IPCS_WL_PID:Found process PID '$1': it is whitelisted. ROOTKIT_TROJAN_START:Performing trojan specific checks ROOTKIT_TROJAN_INETD:Checking for enabled inetd services ROOTKIT_TROJAN_INETD_SKIP:Check skipped - file '$1' does not exist. ROOTKIT_TROJAN_INETD_FOUND:Found enabled inetd service: $1 ROOTKIT_TROJAN_XINETD:Checking for enabled xinetd services ROOTKIT_TROJAN_XINETD_ENABLED:Checking '$1' for enabled services ROOTKIT_TROJAN_XINETD_INCLUDE:Found 'include $1' directive ROOTKIT_TROJAN_XINETD_INCLUDEDIR:Found 'includedir $1' directive ROOTKIT_TROJAN_XINETD_ENABLED_FOUND:Found enabled xinetd service: $1 ROOTKIT_TROJAN_XINETD_WHITELIST:Found service '$1': it is $2 whitelisted. ROOTKIT_TROJAN_APACHE:Checking for Apache backdoor ROOTKIT_TROJAN_APACHE_SKIPPED:Check skipped - no Apache module or configuration directories found. ROOTKIT_TROJAN_APACHE_FOUND:Apache backdoor module 'mod_rootme' found: $1 ROOTKIT_OS_START:Performing $1 specific checks ROOTKIT_OS_SKIPPED:No specific tests available ROOTKIT_OS_BSD_SOCKNET:Checking sockstat and netstat commands ROOTKIT_OS_BSD_SOCKNET_FOUND:Differences found between sockstat and netstat output: ROOTKIT_OS_BSD_SOCKNET_OUTPUT:$1 output (ports in use): $2 ROOTKIT_OS_FREEBSD_KLD:Checking for KLD backdoors ROOTKIT_OS_FREEBSD_KLD_FOUND:Found possible FreeBSD KLD backdoor. 'kldstat -v' command shows string '$1' ROOTKIT_OS_FREEBSD_PKGDB:Checking package database ROOTKIT_OS_FREEBSD_PKGDB_NOTOK:The package database seems to have inconsistencies. ROOTKIT_OS_FREEBSD_PKGDB_NOTOK:This may not be a security issue, but running 'pkgdb -F' may help diagnose the problem. ROOTKIT_OS_DFLY_PKGDB_NOTOK:The package database seems to have inconsistencies. ROOTKIT_OS_DFLY_PKGDB_NOTOK:This may not be a security issue, but running 'pkg_admin check' may help diagnose the problem. ROOTKIT_OS_LINUX_LKM:Checking loaded kernel modules ROOTKIT_OS_LINUX_LKM_FOUND:Differences found between the lsmod command and the /proc/modules file: ROOTKIT_OS_LINUX_LKM_OUTPUT:$1 output: $2 ROOTKIT_OS_LINUX_LKM_EMPTY:No output found from the lsmod command or the /proc/modules file: ROOTKIT_OS_LINUX_LKM_MOD_MISSING:The modules file '$1' is missing. ROOTKIT_OS_LINUX_LKMNAMES:Checking kernel module names ROOTKIT_OS_LINUX_LKMNAMES_PATH:Using modules pathname of '$1' ROOTKIT_OS_LINUX_LKMNAMES_FOUND:Known bad kernel module found in '$1': $2 ROOTKIT_OS_LINUX_LKMNAMES_PATH_MISSING:The kernel modules directory '$1' is missing or empty. CHECK_LOCALHOST:Checking the local host... STARTUP_FILES_START:Performing system boot checks STARTUP_HOSTNAME:Checking for local host name STARTUP_NO_HOSTNAME:No host name found. STARTUP_CHECK_FILES_EXIST:Checking for system startup files STARTUP_NONE_GIVEN:User specified 'NONE' for startup file pathnames STARTUP_CHECK_FILES_MALWARE:Checking system startup files for malware STARTUP_CHECK_NO_RC_FILES:No system startup files found. ACCOUNTS_START:Performing group and account checks ACCOUNTS_PWD_FILE_CHECK:Checking for passwd file ACCOUNTS_FOUND_PWD_FILE:Found password file: $1 ACCOUNTS_NO_PWD_FILE:Password file $1 does not exist. ACCOUNTS_UID0:Checking for root equivalent (UID 0) accounts ACCOUNTS_UID0_WL:Found root equivalent account '$1': it is whitelisted. ACCOUNTS_UID0_FOUND:Account '$1' is root equivalent (UID = 0) ACCOUNTS_SHADOW_FILE:Found shadow file: $1 ACCOUNTS_SHADOW_TCB:Found TCB shadow file directory: $1 ACCOUNTS_PWDLESS:Checking for passwordless accounts ACCOUNTS_PWDLESS_WL:Found passwordless account '$1': it is whitelisted. ACCOUNTS_PWDLESS_FOUND:Found passwordless account in $1 file: $2 ACCOUNTS_NO_SHADOW_FILE:No shadow/password file found. PASSWD_CHANGES:Checking for passwd file changes PASSWD_CHANGES_NO_TMP:Unable to check for passwd file differences: no copy of the passwd file exists. PWD_CHANGES_IDADD:User '$1' has been added to the passwd file. PWD_CHANGES_IDREM:User '$1' has been removed from the passwd file. PWD_CHANGES_FOUND:Changes found in the passwd file for user '$1': PWDGRP_CHANGES_UNK:Unknown field found in the $1 file: Old field: '$2' New field: '$3' PWD_CHANGES_PWD:The passwd has changed from '$1' to '$2' PWD_CHANGES_UID:The UID has changed from '$1' to '$2' PWD_CHANGES_GID:The GID has changed from '$1' to '$2' PWD_CHANGES_COMM:The account comment has changed from '$1' to '$2' PWD_CHANGES_HOME:The home directory has changed from '$1' to '$2' PWD_CHANGES_SHL:The login shell has changed from '$1' to '$2' GROUP_CHANGES:Checking for group file changes GROUP_CHANGES_NO_FILE:Group file $1 does not exist. GROUP_CHANGES_NO_TMP:Unable to check for group file differences: no copy of the group file exists. GROUP_CHANGES_FOUND:Changes found in the group file for group '$1': GROUP_CHANGES_IDADD:Group '$1' has been added to the group file. GROUP_CHANGES_IDREM:Group '$1' has been removed from the group file. GROUP_CHANGES_PWD:The group passwd has changed from '$1' to '$2' GROUP_CHANGES_GID:The group number has changed from '$1' to '$2' GROUP_CHANGES_GRPREM:User '$1' has been removed from the group GROUP_CHANGES_GRPADD:User '$1' has been added to the group HISTORY_CHECK:Checking root account shell history files HISTORY_CHECK_FOUND:Root account $1 shell history file is a symbolic link: $2 SYSTEM_CONFIGS_START:Performing system configuration file checks SYSTEM_CONFIGS_FILE:Checking for a system logging configuration file SYSTEM_CONFIGS_FILE_SSH:Checking for an SSH configuration file SYSTEM_CONFIGS_FILE_FOUND:Found $1 $2 configuration file: $3 SYSTEM_CONFIGS_SSH_ROOT:Checking if SSH root access is allowed SYSTEM_CONFIGS_SSH_ROOT_FOUND:The SSH and rkhunter configuration options should be the same: SYSTEM_CONFIGS_SSH_ROOT_FOUND1:SSH configuration option 'PermitRootLogin': $1 SYSTEM_CONFIGS_SSH_ROOT_FOUND2:Rkhunter configuration option 'ALLOW_SSH_ROOT_USER': $1 SYSTEM_CONFIGS_SSH_ROOT_NOTFOUND:The SSH configuration option 'PermitRootLogin' has not been set. SYSTEM_CONFIGS_SSH_ROOT_NOTFOUND:The default value may be 'yes', to allow root access. SYSTEM_CONFIGS_SSH_PROTO:Checking if SSH protocol v1 is allowed SYSTEM_CONFIGS_SSH_PROTO_DIFF1:SSH configuration option 'Protocol': $1 SYSTEM_CONFIGS_SSH_PROTO_DIFF2:Rkhunter configuration option 'ALLOW_SSH_PROT_V1': $1 SYSTEM_CONFIGS_SSH_PROTO_NOTFOUND:The SSH configuration option 'Protocol' has not been set. SYSTEM_CONFIGS_SSH_PROTO_NOTFOUND:The default value may be '2,1', to allow the use of protocol version 1. SYSTEM_CONFIGS_SSH_EXTRA:Checking for other suspicious configuration settings SYSTEM_CONFIGS_SSH_EBURY:Possible Ebury sshd backdoor found (SSH AuthorizedKeysFile setting) SYSTEM_CONFIGS_SYSLOG:Checking for a running system logging daemon SYSTEM_CONFIGS_SYSLOG_NOT_RUNNING:No running system logging daemon has been found. SYSTEM_CONFIGS_SYSLOG_DAEMON:A running '$1' daemon has been found. SYSTEM_CONFIGS_SYSLOG_NO_FILE:The '$1' daemon is running, but no configuration file can be found. SYSTEM_CONFIGS_SYSLOG_REMOTE:Checking if syslog remote logging is allowed SYSTEM_CONFIGS_SYSLOG_REMOTE_LOG:The '$1' configuration file allows remote logging: $2 SYSTEM_CONFIGS_SYSLOG_REMOTE_ALLOWED:Rkhunter configuration option 'ALLOW_SYSLOG_REMOTE_LOGGING' has been enabled. FILESYSTEM_START:Performing filesystem checks FILESYSTEM_DEV_CHECK:Checking /dev for suspicious file types FILESYSTEM_DEV_CHECK_NO_DEV:/dev does not exist. FILESYSTEM_DEV_FILE_WL:Found file '$1': it is whitelisted. FILESYSTEM_DEV_FILE_FOUND:Suspicious file types found in ${1}: FILESYSTEM_HIDDEN_DIR_WL:Found hidden directory '$1': it is whitelisted. FILESYSTEM_HIDDEN_FILE_WL:Found hidden file '$1': it is whitelisted. FILESYSTEM_HIDDEN_CHECK:Checking for hidden files and directories FILESYSTEM_HIDDEN_DIR_FOUND:Hidden directory found: $1 FILESYSTEM_HIDDEN_FILE_FOUND:Hidden file found: $1 FILESYSTEM_LOGFILE_MISSING:Checking for missing log files FILESYSTEM_LOGFILE_MISSING_FOUND:The log file '$1' is missing. FILESYSTEM_LOGFILE_MISS_DISABLED:No missing log file names configured. FILESYSTEM_LOGFILE_EMPTY:Checking for empty log files FILESYSTEM_LOGFILE_EMPTY_FOUND:The log file '$1' is empty. FILESYSTEM_LOGFILE_EMPTY_DISABLED:No empty log file names configured. CHECK_APPS:Checking application versions... APPS_NONE_FOUND:No known applications found - all version checks skipped. APPS_DAT_MISSING:The file of unsecure application versions is missing or empty: $1 APPS_DAT_MISSING:Run 'rkhunter --update' to restore the default file. APPS_DAT_NOTAFILE:The file of unsecure application versions is not a file: $1 APPS_NOT_FOUND:Application '$1' not found. APPS_CHECK:Checking version of $1 APPS_CHECK_WL:Found application '$1': it is whitelisted. APPS_CHECK_VERSION_UNKNOWN:Unable to obtain version number for '$1'. APPS_CHECK_VERSION_FOUND:Application '$1' version '$2' found. APPS_CHECK_VERSION_WL:Found application '$1' version '$2': this version is whitelisted. APPS_CHECK_WHOLE_VERSION_USED:Unable to obtain version number for '$1': version option gives: $2 APPS_CHECK_FOUND:Application '$1', version '$2', is out of date, and possibly a security risk. APPS_TOTAL_COUNT:Applications checked: $1 out of $2 CHECK_NETWORK:Checking the network... NETWORK_PORTS_START:Performing checks on the network ports NETWORK_PORTS_BACKDOOR:Checking for backdoor ports NETWORK_PORTS_BACKDOOR_LOG:Performing check for backdoor ports NETWORK_PORTS_FILE_MISSING:The file of known backdoor ports is missing or empty: $1 NETWORK_PORTS_FILE_MISSING:Run 'rkhunter --update' to restore the default file. NETWORK_PORTS_FILE_NOTAFILE:The file of known backdoor ports is not a file: $1 NETWORK_PORTS_UNKNOWN_NETSTAT:All backdoor port checks skipped. NETWORK_PORTS_UNKNOWN_NETSTAT:Unknown netstat command format with this O/S. NETWORK_PORTS_ENABLE_TRUSTED:Trusted pathnames are enabled for port whitelisting. NETWORK_PORTS_BACKDOOR_CHK:Checking for $1 port $2 NETWORK_PORTS_PATH_WHITELIST:Network $1 port $2 is being used by $3: the pathname is whitelisted. NETWORK_PORTS_TRUSTED_WHITELIST:Network $1 port $2 is being used by $3: the pathname is trusted. NETWORK_PORTS_PORT_WHITELIST:Network $1 port $2 found: the port is whitelisted. NETWORK_PORTS_BKDOOR_FOUND:Network $1 port $2 is being used${3}. Possible rootkit: $4 NETWORK_PORTS_BKDOOR_FOUND:Use the 'lsof -i' or 'netstat -an' command to check this. NETWORK_HIDDEN_PORTS:Checking for hidden ports NETWORK_HIDDEN_PORTS_FOUND:Hidden ports found: NETWORK_HIDDEN_PORTS_CHK:Port number: $1:$2 NETWORK_HIDDEN_PORTS_CHK_NAME:Port number: $1:$2 is being used by $3 NETWORK_HIDDEN_PORTS_PATH_WHITELIST:Hidden $1 port $2 is being used by $3: the pathname is whitelisted. NETWORK_HIDDEN_PORTS_TRUSTED_WHITELIST:Hidden $1 port $2 is being used by $3: the pathname is trusted. NETWORK_HIDDEN_PORTS_PORT_WHITELIST:Hidden $1 port $2 found: the port is whitelisted. NETWORK_INTERFACE_START:Performing checks on the network interfaces NETWORK_PROMISC_WLIST:Network interfaces allowed to be in promiscuous mode: $1 NETWORK_PROMISC_CHECK:Checking for promiscuous interfaces NETWORK_PROMISC_NO_IFCONF_IP:Promiscuous network interface check skipped - unable to find the 'ifconfig' or 'ip' command. NETWORK_PROMISC_NO_CMD:Promiscuous network interface check using the '$1' command skipped - unable to find the '$1' command. Using the '$2' command. NETWORK_PROMISC_IF:Possible promiscuous interfaces: NETWORK_PROMISC_IF_1:'ifconfig' command output: NETWORK_PROMISC_IF_2:'ip' command output: NETWORK_PACKET_CAP_CHECK:Checking for packet capturing applications NETWORK_PACKET_CAP_CHECK_NO_FILE:Packet capturing application check skipped - the '$1' file is missing. NETWORK_PACKET_CAP_FOUND:Process '$1' (PID $2) is listening on the network. NETWORK_PACKET_CAP_WL:Found process '$1': it is whitelisted. SHARED_LIBS_START:Performing 'shared libraries' checks SHARED_LIBS_PRELOAD_VAR:Checking for preloading variables SHARED_LIBS_PRELOAD_VAR_FOUND:Found library preload variable: $1 SHARED_LIBS_PRELOAD_FILE:Checking for preloaded libraries SHARED_LIBS_PRELOAD_LIB_FOUND:Found preloaded shared library: $1 SHARED_LIBS_PRELOAD_FILE_FOUND:Found library preload file: $1 SHARED_LIBS_PRELOAD_LIB_WLIST:Found preloaded shared library '$1': it is whitelisted. SHARED_LIBS_PATH:Checking LD_LIBRARY_PATH variable SHARED_LIBS_PATH_BAD:The LD_LIBRARY_PATH environment variable is set and can influence binaries: set to: $1 SUSPSCAN_CHECK:Checking for files with suspicious contents SUSPSCAN_DIR_NOT_EXIST:The directory '$1' does not exist. SUSPSCAN_INSPECT:File '$1' (score: $2) contains some suspicious content and should be checked. SUSPSCAN_START:Performing check of files with suspicious contents SUSPSCAN_DIRS:Directories to check are: $1 SUSPSCAN_TEMP:Temporary directory to use: $1 SUSPSCAN_SIZE:Maximum file size to check (in bytes): $1 SUSPSCAN_THRESH:Score threshold is set to: $1 SUSPSCAN_DIR_CHECK:Checking directory: $1 SUSPSCAN_FILE_CHECK:File checked: Name: '$1' Score: $2 SUSPSCAN_FILE_CHECK_DEBUG:File checked: Name: '$1' Score: $2 Hitcount: $3 Hits: ($4) SUSPSCAN_FILE_SKIPPED_EMPTY:File ignored: empty: $1 SUSPSCAN_FILE_SKIPPED_LINK:File ignored: symbolic link: $1 SUSPSCAN_FILE_SKIPPED_TYPE:File ignored: wrong type: '$1': '$2' SUSPSCAN_FILE_SKIPPED_SIZE:File ignored: too big: $1 SUSPSCAN_FILE_LINK_CHANGE:Symbolic link found: '$1' -> '$2' SUSPSCAN_DAT_MISSING:The data file of suspicious contents is missing or empty: $1 SUSPSCAN_DAT_MISSING:Run 'rkhunter --update' to restore the default file. SUSPSCAN_DAT_NOTAFILE:The data file of suspicious contents is not a file: $1 SUSPSCAN_WL:Found file '$1': it is whitelisted. LIST_TESTS:Current test names: LIST_GROUPED_TESTS:Grouped test names: LIST_LANGS:Current languages: LIST_PERL:Perl module installation status: LIST_RTKTS:Rootkits checked for: LOCK_USED:Locking is being used: timeout is $1 seconds LOCK_DIR:Using '$1' as the locking directory LOCK_UNUSED:Locking is not being used LOCK_WAIT:Waiting for lock file LOCK_FAIL:Unable to get the lock file: rkhunter has not run! IPC_SEG_SIZE:The minimum shared memory segment size to be checked (in bytes): $1 LINUX_ONLY:Check skipped - this check is only for Linux systems. rkhunter-1.4.6/files/i18n/tr.utf80000644000000000000000000012145613207556312015215 0ustar rootrootVersion:2017080401 # # We start with the definitions of the message types and results. There # are very few of these, so including these and all the parts of each # message in one file makes sense and for easier translation. # # The message type MSG_TYPE_PLAIN is used for ordinary messages. It has # no specific value, and is intercepted in the display function. It is # included here for completeness. The index names of MSG_TYPE_ and # MSG_RESULT_ are reserved - no messages can use this as part of its index. # MSG_TYPE_PLAIN: MSG_TYPE_INFO:Bilgilendirme MSG_TYPE_WARNING:Uyarı # # This is the list of message results. # MSG_RESULT_OK:Tamam MSG_RESULT_SKIPPED:Atlandı MSG_RESULT_WARNING:Uyarı MSG_RESULT_FOUND:Bulundu MSG_RESULT_NOT_FOUND:Bulunamadı MSG_RESULT_NONE_FOUND:Bulunamadı MSG_RESULT_ALLOWED:Ä°zin verildi MSG_RESULT_NOT_ALLOWED:Ä°zin verilmedi MSG_RESULT_UNSET:Ayarlanmadı MSG_RESULT_WHITELISTED:Beyaz listeye alındı MSG_RESULT_NONE_MISSING:Eksik yok MSG_RESULT_UPD:Güncellendi MSG_RESULT_NO_UPD:Güncelleme yok MSG_RESULT_UPD_FAILED:Güncelleme hatası MSG_RESULT_VCHK_FAILED:Sürüm kontrol hatası # # The messages. # VERSIONLINE:[ $1 sürüm $2 ] VERSIONLINE2:$3 üzerinde $1 $2 sürümü çalışıyor VERSIONLINE3:$1 $2 sürümü çalışıyor RKH_STARTDATE:BaÅŸlama tarihi $1 RKH_ENDDATE:BitiÅŸ tarihi $1 OPSYS:Tespit edilen iÅŸletim sistemi: '$1' UNAME:Uname çıktısı: '$1' CONFIG_CHECK_START:Yapılandırma dosyası ve komut-satırı seçenekleri kontrol ediliyor... CONFIG_CMDLINE:Komut satırı: $1 CONFIG_DEBUGFILE:Hata ayıklama dosyası: $1 CONFIG_ENVSHELL:Çevre deÄŸiÅŸkeni kabuÄŸu $1; rkhunter, $2 kullanıyor CONFIG_CONFIGFILE:'$1' yapılandırma dosyası kullanılıyor CONFIG_LOCALCONFIGFILE:'$1' yerel yapılandırma dosyası kullanılıyor CONFIG_LOCALCONFIGDIR:'$1' yerel yapılandırma dizini kullanılıyor: $2 dosya bulundu CONFIG_INSTALLDIR:Kurulum dizini '$1' CONFIG_LANGUAGE:'$1' Dili kullanılıyor CONFIG_DBDIR:Veritabanı dizini olarak '$1' kullanılıyor CONFIG_SCRIPTDIR:Destek eklentileri dizini olarak '$1' kullanılıyor CONFIG_BINDIR:Komut dizinleri olarak '$1' kullanılıyor CONFIG_TMPDIR:Geçici dizin olarak '$1' kullanılıyor CONFIG_NO_MAIL_ON_WARN:Uyarılarda postalama adresi yapılandırılmadı CONFIG_MOW_DISABLED:Uyarılarda postalama, kullanıcı isteÄŸi üzerine devre dışı bırakılıyor CONFIG_MAIL_ON_WARN:Uyarılar, '$2' komutuyla, '$1' adresine postalanıyor CONFIG_SSH_ROOT:Rkhunter yapılandırmasındaki ALLOW_SSH_ROOT_USER seçeneÄŸini '$1' olarak ayarlayın. CONFIG_SSH_PROTV1:Rkhunter yapılandırmasındaki ALLOW_SSH_PROT_V1 seçeneÄŸini '$1' olarak ayarlayın. CONFIG_X_AUTO:X otomatik olarak algılanacaktır CONFIG_CLRSET2:Ä°kinci renk ayarı kullanılıyor CONFIG_NO_SHOW_SUMMARY:Sistem kontrol özeti, kullanıcı isteÄŸi üzerine devre dışı bırakılıyor CONFIG_SCAN_MODE_DEV:SCAN_MODE_DEV özelliÄŸini '$1' olarak ayarlayın CONFIG_LOG_FILE:$1 günlük/kayıt dosyasına kayıtlanıyor CONFIG_NO_VL:Ayrıntılı günlük, kullanıcı isteÄŸi üzerine devre dışı bırakılıyor CONFIG_APPEND_LOG:Geçerli günlük, günlük/kayıt dosyasına eklenecek CONFIG_COPY_LOG:Herhangi bir hata varsa günlük dosyası kopyalanacak CONFIG_XINETD_PATH:$1 yapılandırma dosyası olarak '$2' kullanılıyor CONFIG_SOL10_INETD:Solaris 10 veya üstü bir inetd mekanizması kullanılıyor CONFIG_STARTUP_PATHS:Sistem baÅŸlangıç yolu olarak ÅŸunlar kullanılıyor: $1 CONFIG_ROTATE_MIRRORS:Yansı dosyası döndürülecek CONFIG_NO_ROTATE_MIRRORS:Yansı dosyası döndürülmeyecek CONFIG_UPDATE_MIRRORS:Yansı dosyası güncellenecek CONFIG_NO_UPDATE_MIRRORS:Yansı dosyası güncellenmeyecek CONFIG_MIRRORS_MODE0:Yerel ve uzak yansıların her ikiside kullanılacak CONFIG_MIRRORS_MODE1:Yalnızca yerel yansılar kullanılacak CONFIG_MIRRORS_MODE2:Yalnızca uzak yansılar kullanılacak FOUND_CMD:'$1' komutu bulundu: $2 NOT_FOUND_CMD:'$1' komutu bulunamıyor CMD_ERROR:'$1' komutu '$2' hata kodunu verdi. SYS_PRELINK:Sistem prelinking (önbaÄŸlantı) kullanıyor SYS_NO_PRELINK:Sistem prelinking (önbaÄŸlantı) kullanmıyor SYS_SELINUX:SELinux etkin SYS_NO_SELINUX:SELinux devredışı HASH_FUNC_PRELINK:Dosya saÄŸlama kontrolü için prelinking komutu ($1 ile) kullanılıyor HASH_FUNC_PERL:Dosya saÄŸlama kontrolü için perl $1 modülü kullanılıyor HASH_FUNC_PERL_SHA:Dosya saÄŸlama kontrolü için perl $1 modülü ($1 ile) kullanılıyor HASH_FUNC:Dosya saÄŸlama kontrolü için '$1' komutu kullanılıyor HASH_FUNC_NONE:Dosya saÄŸlama kontrolü devredışı: NONE belirtilmiÅŸ HASH_FUNC_NONE_PKGMGR:Dosya saÄŸlama kontrolü NONE belirtilmiÅŸ: yalnızca paket yöneticisi kullanılacak HASH_FUNC_DISABLED:SaÄŸlama fonksiyonu 'NONE' olarak ayarlandı: dosya saÄŸlama kontrolü otomatikman devredışı HASH_FUNC_OLD:Depolanan saÄŸlama verileri, '$1' saÄŸlama fonksiyonunu kullandı HASH_FUNC_OLD_DISABLED:Önceki saÄŸlama fonksiyonu devredışı bırakılmış: depolanan saÄŸlama verisi yok HASH_PKGMGR_OLD:Depolan doÄŸrulama verileri, '$1' paket yöneticisini kullandı HASH_PKGMGR_OLD_UNSET:Depolan doÄŸrulama verileri, bir paket yöneticisi kullanmadı HASH_PKGMGR:Dosya özellikleri kontrolü için '$1' paket yöneticisi kullanılıyor HASH_PKGMGR_MD5:Paket yöneticisi doÄŸrulamasına yardımcı olması için MD5 saÄŸlama fonksiyonu komutu '$1' kullanılıyor HASH_PKGMGR_SHA:Paket yöneticisi doÄŸrulamasına yardımcı olması için SHA saÄŸlama fonksiyonu komutu '$1' kullanılıyor HASH_PKGMGR_SUM:Paket doÄŸrulaması için depolanan 16-bit saÄŸlama kullanılıyor HASH_PKGMGR_NOT_SPEC:Paket yöneticisi belirtilmedi: '$1' saÄŸlama fonksiyonu kullanılıyor HASH_PKGMGR_NOT_SPEC_PRELINKED:Paket yöneticisi belirtilmedi: '$1' ile prelink komutu kullanılıyor HASH_FIELD_INDEX:SaÄŸlama fonksiyonu kısım içeriÄŸi, $1 olarak ayarlandı HASHUPD_DISABLED:SaÄŸlama kontrolü devredışı: geçerli dosya saÄŸlama verileri depolanmayacak HASHUPD_PKGMGR:Dosya saÄŸlama deÄŸerlerini güncellemek için, '$1' paket yöneticisi kullanılıyor HASHUPD_PKGMGR_NOT_SPEC:Dosya saÄŸlama deÄŸerlerini güncellemek için paket yöneticisi belirtilmemiÅŸ: saÄŸlama fonksiyonu olarak '$1' kullanılıyor HASHUPD_PKGMGR_NOT_SPEC_PRELINKED:Dosya saÄŸlama deÄŸerlerini güncellemek için paket yöneticisi belirtilmemiÅŸ: '$1' ile prelink komutu kullanılıyor ATTRUPD_DISABLED:Dosya özniteliklerinin kontrolü devredışı: geçerli dosya öznitelikleri depolanmayacak ATTRUPD_NOSTATCMD:Dosya özniteliklerinin kontrolü devredışı: 'stat' komutu bulunamıyor: geçerli dosya öznitelikleri depolanmayacak ATTRUPD_OK:Geçerli dosya öznitelikleri depolanacak ATTRUPD_OLD_DISABLED:Önceki dosya öznitelikleri devredışı: depolanmış dosya özniteliÄŸi yok ATTRUPD_OLD_NOSTATCMD:Önceki dosya öznitelikleri devredışı: 'stat' komutu bulunamıyor: depolanmış dosya özniteliÄŸi yok ATTRUPD_OLD_OK:Önceki dosya öznitelikleri depolandı RKHDAT_ADD_NEW_ENTRY:'rkhunter.dat' dosyasına, $1 dosya girdisi eklendi RKHDAT_DEL_OLD_ENTRY:'rkhunter.dat' dosyasından, $1 varolmayan dosya girdisi silindi SYSLOG_ENABLED:Muhtelif günlük/kayıtları için 'syslog' kullanılıyor - imkan/öncelik seviyesi '$1'. SYSLOG_DISABLED:Kullanıcıların isteÄŸiyle syslog devredışı bırakılıyor. SYSLOG_NO_LOGGER:syslog devredışı bırakılıyor - 'logger' komutu bulunamıyor. NAME:$1 PRESSENTER:[Devam etmek için a basın] TEST_SKIPPED_OS:'$1' testi Ä°ÅŸletim Sistemi: $2 nedeniyle atlandı SUMMARY_TITLE1:Sistem kontrol özeti SUMMARY_TITLE2:===================== SUMMARY_PROP_SCAN:Dosya özellik kontrolü... SUMMARY_PROP_REQCMDS:Gerekli komut kontrolü baÅŸarısız SUMMARY_PROP_COUNT:Dosyalar kontrol edildi: $1 SUMMARY_PROP_FAILED:Şüpheli dosyalar: $1 SUMMARY_CHKS_SKIPPED:Tüm kontroller atlandı SUMMARY_RKT_SCAN:Rootkit kontrolü... SUMMARY_RKT_COUNT:Rootkitler kontrol edildi : $1 SUMMARY_RKT_FAILED:Olası rootkitler: $1 SUMMARY_RKT_NAMES:Rootkit isimleri : $1 SUMMARY_APPS_SCAN:Uygulama kontrolü... SUMMARY_APPS_COUNT:Kontrol edilen uygulamalar: $1 SUMMARY_APPS_FAILED:Şüpheli uygulamalar: $1 SUMMARY_SCAN_TIME:Sistem kontrolleri alındı: $1 SUMMARY_NO_SCAN_TIME:Sistem kontrolü alındı: Saat zamanı belirlenemiyor SUMMARY_LOGFILE:Tüm sonuçlar günlük/kayıt dosyasına yazılmıştır: $1 SUMMARY_NO_LOGFILE:OluÅŸturulmuÅŸ kayıt dosyası yok. SUMMARY_LOGFILE_COPIED:Günlük/kayıt dosyası $1 ÅŸeklinde kopyalandı CREATED_TEMP_FILE:Geçici dosya oluÅŸturuldu '$1' MIRRORS_NO_FILE:Hedef dosya mevcut deÄŸil: $1 MIRRORS_NO_MIRRORS:Yansı dosyası için gerekli yansı içermiyor: $1 MIRRORS_NO_VERSION:Yansı dosyası sürüm numarası içermiyor - sıfıra resetleniyor: $1 MIRRORS_ROTATED:Yansı dosyası döndürülmüştür: $1 MIRRORS_SF_DEFAULT:SourceForge yansısı kullanılıyor: $1 DOWNLOAD_CMD:Ä°ndirme komutu iÅŸletiliyor '$1' DOWNLOAD_FAIL:Ä°ndirme baÅŸarısız - $1 mirror(s) left. VERSIONCHECK_START:Rkhunter sürümü kontrol ediliyor... VERSIONCHECK_FAIL_ALL:Ä°ndirme baÅŸarısız: Programın son sürüm numarası belirlenemiyor. VERSIONCHECK_CURRENT:Bu sürüm : $1 VERSIONCHECK_LATEST:Son sürüm: $1 VERSIONCHECK_LATEST_FAIL:Son sürüm: Ä°ndirme baÅŸarısız VERSIONCHECK_UPDT_AVAIL:Güncelleme mevcut VERSIONCHECK_CONV_FAIL:Sürüm numaraları karşılaÅŸtırılamıyor: Program: '$1' Son: '$2' UPDATE_START:rkhunter veri dosyaları kontrol ediliyor... UPDATE_CHECKING_FILE:Dosya kontrol ediliyor: $1 UPDATE_FILE_NO_VERS:'$1' dosyasının geçerli sürüm numarası yok. Yeni bir kopyası indiriliyor. UPDATE_FILE_MISSING:'$1' dosyası yok yada boÅŸ. Yeni bir kopyası indiriliyor. UPDATE_DOWNLOAD_FAIL:'$1' dosyasının indirilmesi baÅŸarısız: Son sürüm numarası belirlenemiyor. UPDATE_I18N_NO_VERS:i18n dil dosyası sürüm numaraları bulunamadı. UPDATE_SKIPPED:Kullanıcıların isteÄŸi üzerine dil dosyası güncelleme iÅŸlemi atlandı. OSINFO_START:Ä°ÅŸletim Sisteminin en son ne zaman deÄŸiÅŸtiÄŸi kontrol ediliyor... OSINFO_END:DeÄŸiÅŸen birÅŸey yok gibi görünüyor. OSINFO_HOST_CHANGE1:Son çalıştırmadan bu yana hostname deÄŸiÅŸmiÅŸ gibi görünüyor: OSINFO_HOST_CHANGE2:Eski host deÄŸeri: $1 Yeni host deÄŸeri: $2 OSINFO_OSVER_CHANGE1:Son çalıştırmadan bu yana Ä°ÅŸletim Sistemi adı veya sürümü deÄŸiÅŸmiÅŸ gibi görünüyor: OSINFO_OSVER_CHANGE2:Eski Ä°/S deÄŸeri: $1 Yeni Ä°/S deÄŸeri: $2 OSINFO_PRELINK_CHANGE:Son çalıştırmadan bu yana prelinking olarak ${1} ÅŸeklinde deÄŸiÅŸtirilmiÅŸ gibi görünüyor. OSINFO_ARCH_CHANGE1:Sistemin CPU türü deÄŸiÅŸmiÅŸ gibi görünüyor: OSINFO_ARCH_CHANGE2:Eski CPU deÄŸeri: $1 Yeni deÄŸer: $2 OSINFO_MSG1:Çünkü dosya özelliÄŸi deÄŸiÅŸikliklerinin kontrolü bazı yanlış-olumlu sonuçlar verebilir. OSINFO_MSG2:'--propupd' seçeneÄŸi ile rkhunterı tekrar çalıştırmanız gerekebilir. OSINFO_DO_UPDT:Dosya özellikleri dosyası otomatik olarak güncellenecek. SET_FILE_PROP_START:Dosya özelliklerini alınıyor... SET_FILE_PROP_DIR_FILE_COUNT:$2 dizininde $1 dosya bulundu SET_FILE_PROP_FILE_COUNT:Dosya $1: aranan $2 dosya, $3 tane bulundu SET_FILE_PROP_FILE_COUNT_BL:Dosya $1: aranan $2 dosya, $3 tane bulundu, kırık link: $4 SET_FILE_PROP_FILE_COUNT_PROPOPT:Dosya $1: aranan $2 dosya, $4 taneden $3 tanesi bulundu SET_FILE_PROP_FILE_COUNT_PROPOPT_BL:Dosya $1: aranan $2 dosya, $4 taneden $3 tanesi bulundu, kırık link: $5 SET_FILE_PROP_FILE_COUNT_NOHASH:Dosya $1: aranan $2 dosya, $3 tane bulundu, kayıp saÄŸlama: $4 SET_FILE_PROP_FILE_COUNT_NOHASH_BL:Dosya $1: aranan $2 dosya, $3 tane bulundu, kayıp saÄŸlama: $4, kırık link: $5 SET_FILE_PROP_FILE_COUNT_NOHASH_PROPOPT:Dosya $1: aranan $2 dosya, $4 taneden $3 tanesi bulundu, kayıp saÄŸlama $5 SET_FILE_PROP_FILE_COUNT_NOHASH_PROPOPT_BL:Dosya $1: aranan $2 dosya, $4 taneden $3 tanesi bulundu, kayıp saÄŸlama: $5, kırık link: $6 PROPUPD_START:Dosya özellikleri veri güncellemesi baÅŸlatılıyor... PROPUPD_OSINFO_START:Ä°ÅŸletim Sistemi bilgisi toplanıyor... PROPUPD_ARCH_FOUND:Sistem mimarisi bulundu: $1 PROPUPD_REL_FILE:Sürüm dosyası bulundu: $1 PROPUPD_NO_REL_FILE_NO_OUTPUT:Bir Ä°/S sürüm dosyası bulunamadı. PROPUPD_NO_REL_FILE:Bir Ä°/S sürüm dosyası bulunamadı: LS çıktısı: PROPUPD_OSNAME_FOUND:Bulunan Ä°ÅŸletim Sistemi: $1 PROPUPD_ERROR:Yeni rkhunter.dat dosyası kurulurken hata. Kod $1 PROPUPD_NEW_DAT_FILE:Yeni rkhunter.dat dosyası '$1' dizininde kuruldu PROPUPD_WARN:UYARI! Sistemlerindeki dosyaların doÄŸru olup olmadığından ve güvenilir bir kaynaktan yüklenip PROPUPD_WARN:yüklenmediÄŸinden emin olmak için '--propupd' seçeneÄŸini kullanmaları, kullanıcıların PROPUPD_WARN:sorumluluÄŸundadır. rkhunter geçerli dosya özelliklerini daha önceden depolanmış deÄŸerlerle PROPUPD_WARN:karşılaÅŸtırır ve herhangi bir deÄŸer farklılığını rapor eder. Bununla birlikte rkhunter, PROPUPD_WARN:deÄŸiÅŸikliklere neyin sebep olduÄŸunu belirleyemez, bunu sebepleri kullanıcı kendisi bulmalıdır. ENABLED_TESTS:Etkin testler: $1 DISABLED_TESTS:Devredışı testler: $1 USER_FILE_LIST:Dosya özellikleri kontrolüne kullanıcı dosyaları dahil ediliyor: USER_CMD_LIST:Dosya özellikleri kontrolüne kullanıcı komutları dahil ediliyor: USER_DIR_LIST:Dosya özellikleri kontrolüne kullanıcı dizinleri dahil ediliyor: USER_EXCLUDE_PROP:Dosya özellikleri kontrolünden hariç tutulanlar: KSYMS_FOUND:'$1' kysm dosyası bulundu KSYMS_UNAVAIL:Tüm ksym ve kallsym kontrolleri atlanacak - dosya okunabilir deÄŸil. KSYMS_MISSING:Tüm ksym ve kallsym kontrolleri atlanacak - hiçbir dosya sistemde mevcut deÄŸil. STARTING_TEST:'$1' testi baÅŸlatılıyor USER_DISABLED_TEST:Kullanıcı isteÄŸiyle '$1' testi devredışı bırakıldı. CHECK_START:Sistem kontrolleri baÅŸlatılıyor... CHECK_WARNINGS_NOT_FOUND:Sistem kontrol edilirken herhangi bir uyarı bulunamadı. CHECK_WARNINGS_NOT_FOUND0:Sistem kontrol edilirken 0 uyarı bulundu. CHECK_WARNINGS_FOUND:Sistem kontrol edilirken bir veya daha fazla uyarı bulundu. CHECK_WARNINGS_FOUND_NUMBER:Sistem kontrol edilirken $1 uyarı bulundu. CHECK_WARNINGS_FOUND_NUMBER1:Sistem kontrol edilirken 1 uyarı bulundu. CHECK_WARNINGS_FOUND_RERUN:Bir günlük/kayıt dosyası oluÅŸturmak için lütfen rkhunterı tekrar çalıştırın. CHECK_WARNINGS_FOUND_CHK_LOG:Lütfen günlük/kayıt dosyasını ($1) kontrol edin CHECK_SYS_COMMANDS:Sistem komutları kontrol ediliyor... STRINGS_CHECK_START:'strings' komut kontrolü iÅŸletiliyor STRINGS_SCANNING_OK:Ä°fade (OK) taranıyor: $1 STRINGS_SCANNING_BAD:Ä°fade (BAD) taranıyor: $1 STRINGS_SCANNING_BAD:'strings' komut kontrolünde (BAD) ifade bulunamadı STRINGS_CHECK:'strings' komutu kontrol ediliyor STRINGS_CHECK:Kontrol atlandı - 'strings' komutu bulunamıyor. FILE_PROP_START:Dosya özelliklerinin kontrolleri gerçekleÅŸtiriliyor FILE_PROP_CMDS:Ön koÅŸullar kontrol ediliyor FILE_PROP_IMMUT_OS:Tüm immutable-bit kontrolleri atlanıyor.Bu kontrol sadece Linux sistemleri için kullanılabilir. FILE_PROP_IMMUT_SET:Immutable-bit kontrolü tersine dönecek. FILE_PROP_SKIP_ATTR:'stat' komutu bulunamıyor - tüm dosya nitelik kontrolleri atlanacak. FILE_PROP_SKIP_HASH:Tüm dosya saÄŸlama kontrolleri atlanacak, çünkü: FILE_PROP_SKIP_HASH_FUNC:Geçerli saÄŸlama fonksiyonu ($1) ya da ($2) paket yöneticisi saÄŸlama fonksiyonu, deÄŸerleri saklamak için kullanılan ($3) saÄŸlama fonksiyonu veya ($4) paket yöneticisi ile uyumsuz. FILE_PROP_SKIP_HASH_PRELINK:'prelink' komutu bulunamıyor. FILE_PROP_SKIP_HASH_SHA1:Bu sistem prelinking kullanıyor, fakat saÄŸlama fonksiyonu komutu SHA1 yada MD5 gibi görünmüyor. FILE_PROP_SKIP_HASH_LIBSAFE:Libsafe bulundu, bu durum hatalara neden olabilir. Mümkünse, libsafe'i devre dışı bırakın ve sonra prelink komutunu çalıştırın. Son olarak, 'rkhunter --propupd' komutunu kullanarak saÄŸlama deÄŸerlerini tekrar oluÅŸturun. FILE_PROP_SKIP_IMMUT:'lsattr' komutu bulunamıyor - tüm dosya immutable-bit kontrolleri atlanacak. FILE_PROP_SKIP_IMMUT_CMD:'$1' komutu sonrası bir çıktı yok - tüm dosya immutable-bit kontrolleri atlanacak. FILE_PROP_SKIP_SCRIPT:'file' komutu bulunamıyor - Tüm komut dosyası yedek kontrolleri atlanacak. FILE_PROP_SKIP_FILE_CMD:'file' komutu sonrası bir çıktı yok - tüm script deÄŸiÅŸtirme kontrolleri atlanacak. FILE_PROP_NO_OS_WARNING:Ä°ÅŸletim Sistemi deÄŸiÅŸiklik uyarıları kullanıcı isteÄŸi üzerine devredışı bırakılmış. FILE_PROP_OS_CHANGED:Yerel host yapılandırması yada iÅŸletim sistemi deÄŸiÅŸmiÅŸ. FILE_PROP_DAT_MISSING:Depolanan dosya özellikleri dosyası (rkhunter.dat) mevcut deÄŸil ve oluÅŸturulması gerekiyor. Bunun için 'rkhunter --propupd' komutunu çalıştırın. FILE_PROP_DAT_EMPTY:Depolanan dosya özellikleri dosyası (rkhunter.dat) boÅŸ ve oluÅŸturulması gerekiyor. Bunun için 'rkhunter --propupd' komutunu çalıştırın. FILE_PROP_SKIP_ALL:Tüm dosya özellikleri kontrolleri atlanıyor. FILE_PROP_DAT_MISSING_INFO:Dosya özellik kontrolleri, rkhunter.dat dosyası olmadan da yapılabilen kontrolleri yerine getirmek üzere yine de çalışacaktır. FILE_PROP_FILE_NOT_EXIST:'$1' dosyası sistem üzerinde bulunamadı, ancak 'rkhunter.dat' dosyasında mevcut. FILE_PROP_WL:'$1' dosyası bulundu: Bu dosya '$2' kontrolü için beyaz listede. FILE_PROP_WL_STR:'$1' dosyası ve '$2' dizisi bulundu: Bunlar '$3' kontrolü için beyaz listedeler. FILE_PROP_WL_DIR:'$1' dizini bulundu: Bu dizin '$2' kontrolü için beyaz listede. FILE_PROP_NO_RKH_REC:'$1' dosyası sistemde mevcut, fakat 'rkhunter.dat' dosyasında mevcut deÄŸil. FILE_PROP_CHANGED:Dosya özellikleri deÄŸiÅŸti: FILE_PROP_CHANGED2:Dosya: $1 FILE_PROP_NO_PKGMGR_FILE:'$1' dosyası saÄŸlama deÄŸeri atlandı: dosya bir pakete ait deÄŸil FILE_PROP_NO_SYSHASH:'$1' dosyası için saÄŸlama deÄŸeri yok FILE_PROP_NO_SYSHASH_BL:$1 dosyası bir kırık link. FILE_PROP_BROKEN_LINK_WL_TGT:Kırık link bulundu, fakat sözkonusu hedeflerin varlığı beyaz listede: '$1' FILE_PROP_NO_SYSHASH_CMD:SaÄŸlama komutu çıktısı: $1 FILE_PROP_NO_SYSHASH_DEPENDENCY:Bağımlılık hatalarını gidermek için 'prelink $1' komutunu deneyin. FILE_PROP_IGNORE_PRELINK_DEP_ERR:'$1' dosyası için prelink bağımlılık hatası görmezden geliniyor FILE_PROP_SYSHASH_UNAVAIL:Geçerli saÄŸlama: Mevcut deÄŸil FILE_PROP_SYSHASH_UNAVAIL_BL:Geçerli saÄŸlama: Mevcut deÄŸil (muhtemelen kırık link) FILE_PROP_SYSHASH:Geçerli saÄŸlama: $1 FILE_PROP_RKHHASH:Depolanan saÄŸlama: $1 FILE_PROP_NO_RKHHASH:'rkhunter.dat' dosyasında '$1' dosyası için saÄŸlama deÄŸeri yok. FILE_PROP_NO_RKHPERM:'rkhunter.dat' dosyasında '$1' dosyası için dosya izni deÄŸeri yok. FILE_PROP_PERM_UNAVAIL:Geçerli dosya izni: Mevcut deÄŸil Depolanan dosya izni: $1 FILE_PROP_PERM:Geçerli dosya izni: $1 Depolanan dosya izni: $2 FILE_PROP_UID_UNAVAIL:Geçerli UID: Mevcut deÄŸil Depolanan UID: $1 FILE_PROP_UID:Geçerli UID: $1 Depolanan UID: $2 FILE_PROP_NO_RKHUID:'rkhunter.dat' dosyasında '$1' dosyası için UID deÄŸeri yok. FILE_PROP_GID_UNAVAIL:Geçerli GID: Mevcut deÄŸil Depolanan GID: $1 FILE_PROP_GID:Geçerli GID: $1 Depolanan UID: $2 FILE_PROP_NO_RKHGID:'rkhunter.dat' dosyasında '$1' dosyası için GID deÄŸeri yok. FILE_PROP_INODE_UNAVAIL:Geçerli inode: Mevcut deÄŸil Depolanan inode: $1 FILE_PROP_INODE:Geçerli inode: $1 Depolanan inode: $2 FILE_PROP_NO_RKHINODE:'rkhunter.dat' dosyasında '$1' dosyası için inode deÄŸeri yok. FILE_PROP_SIZE_UNAVAIL:Geçerli boyut: Mevcut deÄŸil Depolanan boyut: $1 FILE_PROP_SIZE:Geçerli boyut: $1 Depolanan boyut: $2 FILE_PROP_NO_RKHSIZE:'rkhunter.dat' dosyasında '$1' dosyası için boyut deÄŸeri yok. FILE_PROP_SYSDTM_UNAVAIL:Geçerli dosya deÄŸiÅŸiklik zamanı: Mevcut deÄŸil FILE_PROP_SYSDTM:Geçerli dosya deÄŸiÅŸiklik zamanı: $1 FILE_PROP_RKHDTM:Depolanan dosya deÄŸiÅŸiklik zamanı: $1 FILE_PROP_NO_RKHDTM:'rkhunter.dat' dosyasında '$1' dosyası için dosya deÄŸiÅŸiklik zamanı deÄŸeri yok. FILE_PROP_SYSLNK:Geçerli sembolik link hedefi: '$1' -> '$2' FILE_PROP_RKHLNK:Depolanan sembolik link hedefi : '$1' -> '$2' FILE_PROP_NO_RKHLNK:'$1' dosyası için 'rkhunter.dat' dosyasında sembolik link hedefi bulunamadı. FILE_PROP_LINK_WL:Sembolik link hedefi deÄŸiÅŸmiÅŸ, fakat beyaz listede: '$1' -> '$2' FILE_PROP_NO_SYSATTR:'$1' dosyasının geçerli dosya özellikleri elde edilemiyor FILE_PROP_WRITE:'$1' dosyasının yazma izni tüm kullanıcılar için ayarlandı. FILE_PROP_SYSPERM_UNAVAIL:'$1' dosyasının geçerli yazma izni elde edilemiyor FILE_PROP_IMMUT:'$1' dosyası immutable-bit ayarına sahip. FILE_PROP_IMMUT_NOT_SET:'$1' dosyası immutable-bit ayarına sahip deÄŸil. FILE_PROP_SCRIPT:'$1' komutu, '$2' scripti ile deÄŸiÅŸtirilmiÅŸtir. FILE_PROP_SCRIPT_RKH:'$1' komutu, '$2' ile deÄŸiÅŸtirilmiÅŸ olup bir script deÄŸildir. FILE_PROP_VRFY:Paket yöneticisi doÄŸrulaması baÅŸarısız oldu: FILE_PROP_VRFY_HASH:Dosya hash deÄŸeri deÄŸiÅŸmiÅŸ FILE_PROP_VRFY_PERM:Dosya izinleri deÄŸiÅŸmiÅŸ FILE_PROP_VRFY_UID:Dosya sahibi deÄŸiÅŸmiÅŸ FILE_PROP_VRFY_GID:Dosya grubu deÄŸiÅŸmiÅŸ FILE_PROP_VRFY_DTM:Dosya deÄŸiÅŸiklik zamanı deÄŸiÅŸmiÅŸ FILE_PROP_VRFY_LNK:Sembolik link hedefi deÄŸiÅŸmiÅŸ FILE_PROP_VRFY_SIZE:Dosya boyutu deÄŸiÅŸmiÅŸ FILE_PROP_EPOCH_DATE_CMD:Ä°kinci tur iÅŸlemi için '$1' kullanılıyor. CHECK_ROOTKITS:Rootkitler kontrol ediliyor... ROOTKIT_FILES_DIRS_START:Bilinen rootkit dosyaları ve dizinlerinin kontrolü çalıştırılıyor ROOTKIT_FILES_DIRS_NAME_LOG:${1} için kontrol ediliyor... ROOTKIT_FILES_DIRS_FILE:Dosya kontrol ediliyor '$1' ROOTKIT_FILES_DIRS_DIR:Dizin kontrol ediliyor '$1' ROOTKIT_FILES_DIRS_KSYM:Kernel sembolü '$1' için kontrol ediliyor ROOTKIT_FILES_DIRS_FILE_FOUND:'$1' dosyası bulundu ROOTKIT_FILES_DIRS_DIR_FOUND:'$1' dizini bulundu ROOTKIT_FILES_DIRS_KSYM_FOUND:Kernel sembolü '$1' bulundu ROOTKIT_FILES_DIRS_STR:'$1' dizisi için kontrol ediliyor ROOTKIT_FILES_DIRS_STR_FOUND:'$2' dosyasında '$1' dizisi bulundu ROOTKIT_FILES_DIRS_NOFILE:'$1' dosyası mevcut deÄŸil! ROOTKIT_FILES_DIRS_SINAR_DIR:'$1' dizininde kontrol ediliyor ROOTKIT_FILES_DIRS_SINAR:'$1' dizininde SInAR bulundu ROOTKIT_LINK_COUNT:'$1' dizininde hard link sayısı kontrol ediliyor ROOTKIT_LINK_COUNT_FAIL:'$1' komutundan hard link sayısı: $2 ROOTKIT_LINK_COUNT_CMDERR:'$2' kontrol edildiÄŸinde '$2' komutundan hata döndürüldü ROOTKIT_PHALANX2_LINK_COUNT_FAIL:'$1' üzerinde hard link kontrolü baÅŸarısız oldu ROOTKIT_PHALANX2_PROC:'ata/0' iÅŸlemi için iÅŸlem listesi kontrol ediliyor ROOTKIT_PHALANX2_PROC_FOUND:Çalışan 'ata/0' iÅŸlemi bulundu ROOTKIT_PHALANX2_PROC_PPID:Beklenen 'kthread' parent PID'si '$1', bulunan parent PID'si '$2' ROOTKIT_PHALANX2_PROC_PS_ERR:'ps' çalıştırılırken beklenmeyen sonuçlar döndürüldü: muhtemelen desteklenmeyen komut satırı argümanları. ROOTKIT_ADD_START:Ek rootkit kontrolleri çalıştırılıyor ROOTKIT_ADD_SUCKIT:Suckit Rookit ek kontrolleri ROOTKIT_ADD_SUCKIT_LOG:Suckit Rookit ek kontrolleri çalıştırılıyor ROOTKIT_ADD_SUCKIT_LINK_NOCMD:'/sbin/init' link sayısı kontrol ediliyor: 'stat' komutu bulunamadı ROOTKIT_ADD_SUCKIT_LINK_FOUND:'/sbin/init' link sayısı kontrol ediliyor: sayı $1, 1 olmalıdır ROOTKIT_ADD_SUCKIT_EXT:Gizli dosya uzantıları kontrol ediliyor ROOTKIT_ADD_SUCKIT_EXT_FOUND:Gizli dosya uzantıları kontrol ediliyor: $1 tane bulundu ROOTKIT_ADD_SUCKIT_SKDET:'skdet' komutu çalıştırılıyor ROOTKIT_ADD_SUCKIT_SKDET_FOUND:'skdet' komutu çalıştırılıyor: $1 tane bulundu ROOTKIT_ADD_SUCKIT_SKDET_VER:'skdet' komutu çalıştırılıyor: bilinmeyen sürüm: $1 ROOTKIT_POSS_FILES_DIRS:Olası rootkit dosya ve klasörleri kontrol ediliyor ROOTKIT_POSS_FILES_DIRS_LOG:Olası rootkit dosya ve klasörlerinin kontrolü çalıştırılıyor ROOTKIT_POSS_FILES_FILE_FOUND:'$1' dosyası bulundu. Olası rootkit: $2 ROOTKIT_POSS_FILES_DIR_FOUND:'$1' klasörü bulundu. Olası rootkit: $2 ROOTKIT_POSS_STRINGS:Olası rootkit dizileri kontrol ediliyor ROOTKIT_POSS_STRINGS_LOG:Olası rootkit dizilerinin kontrolü çalıştırılıyor ROOTKIT_POSS_STRINGS_FOUND:'$2' dosyasında '$1' dizisi bulundu. Olası rootkit: $3 ROOTKIT_MALWARE_START:Zararlı yazılım kontrolü çalıştırılıyor ROOTKIT_MALWARE_SUSP_FILES:Şüpheli dosyalar için çalışan iÅŸlemler kontrol ediliyor ROOTKIT_MALWARE_SUSP_FILES_FOUND:AÅŸağıdaki iÅŸlemler şüpheli dosya(lar) kullanıyor: ROOTKIT_MALWARE_SUSP_FILES_FOUND_UID:UID: $1 PID: $2 ROOTKIT_MALWARE_SUSP_FILES_FOUND_CMD:Komut: $1 ROOTKIT_MALWARE_SUSP_FILES_FOUND_PATH:Yol ismi: $1 ROOTKIT_MALWARE_SUSP_FILES_FOUND_RTKT:Olası Rootkit: $1 ROOTKIT_MALWARE_HIDDEN_PROCS:Gizli iÅŸlemler kontrol ediliyor ROOTKIT_MALWARE_HIDDEN_PROCS_UNHIDE_VERS:'unhide' komut sürümü bulundu: $1 ROOTKIT_MALWARE_HIDDEN_PROCS_UNHIDE_CMD:'$1' komutu kullanılıyor ROOTKIT_MALWARE_HIDDEN_PROCS_UNH_ERR:'unhide' çalıştırılabilir deÄŸil: geçersiz yapılandırılmış testler: $1 ROOTKIT_MALWARE_HIDDEN_PROCS_FOUND:Gizli iÅŸlemler bulundu: ROOTKIT_MALWARE_DELETED_FILES:Silinen dosyalar için çalışan iÅŸlemler kontrol ediliyor ROOTKIT_MALWARE_DELETED_FILES_FOUND:AÅŸağıdaki iÅŸlemler silinen dosya(lar) kullanıyor: ROOTKIT_MALWARE_DELETED_FILES_FOUND_DATA:Ä°ÅŸlem: $1 PID: $2 Dosya: $3 ROOTKIT_MALWARE_DELETED_FILES_WL:Beyaz listedeki '$1' dosyasını kullanan '$1' iÅŸlemi bulundu. ROOTKIT_MALWARE_LOGIN_BDOOR:Arkakapı giriÅŸleri kontrol ediliyor ROOTKIT_MALWARE_LOGIN_BDOOR_CHK:'$1' kontrol ediliyor ROOTKIT_MALWARE_LOGIN_BDOOR_FOUND:Arkakapı giriÅŸ dosyası bulundu: $1 ROOTKIT_MALWARE_SUSP_DIR:Şüpheli klasörler kontrol ediliyor ROOTKIT_MALWARE_SUSP_DIR_FOUND:Şüpheli klasör bulundu: $1 ROOTKIT_MALWARE_SFW_INTRUSION:Yazılım ihlalleri kontrol ediliyor ROOTKIT_MALWARE_SFW_INTRUSION_FOUND:'$1' dosyası '$2' dizisini içeriyor. Olası rootkit: SHV5 ROOTKIT_MALWARE_SFW_INTRUSION_SKIP:Kontrol atlandı - tripwire yüklü deÄŸil ROOTKIT_MALWARE_SNIFFER:Algılayıcı günlük/kayıt dosyaları kontrol ediliyor ROOTKIT_MALWARE_SNIFFER_FOUND:Algılayıcı günlük/kayıt dosyası bulundu: $1 ROOTKIT_MALWARE_IPCS:Şüpheli Paylaşılan Bellek segmentleri ROOTKIT_MALWARE_IPCS_FOUND:Åžu şüpheli paylaşım belleÄŸi segmentleri bulundu: ROOTKIT_MALWARE_IPCS_DETAILS:Ä°ÅŸlem: $1 PID: $2 Sahibi: $3 ROOTKIT_MALWARE_IPCS_WL:Ä°ÅŸlem yolu adı '$1': beyaz listeye alındı. ROOTKIT_TROJAN_START:Spesifik trojan kontrolleri çalıştırılıyor ROOTKIT_TROJAN_INETD:Etkin inetd servisleri kontrol ediliyor ROOTKIT_TROJAN_INETD_SKIP:Kontrol atlandı - '$1' dosyası mevcut deÄŸil. ROOTKIT_TROJAN_INETD_FOUND:Etkin inetd servisi bulundu: $1 ROOTKIT_TROJAN_XINETD:Etkin xinetd servisleri kontrol ediliyor ROOTKIT_TROJAN_XINETD_ENABLED:Etkin servisler için, '$1' çalıştırılıyor ROOTKIT_TROJAN_XINETD_INCLUDE:'include $1' direktifi bulundu ROOTKIT_TROJAN_XINETD_INCLUDEDIR:'includedir $1' direktifi bulundu ROOTKIT_TROJAN_XINETD_ENABLED_FOUND:Etkin xinetd servisi bulundu: $1 ROOTKIT_TROJAN_XINETD_WHITELIST:'$1' servisi bulundu: $2 beyaz listesinde. ROOTKIT_TROJAN_APACHE:Apache arkakapısı kontrol ediliyor ROOTKIT_TROJAN_APACHE_SKIPPED:Apache arkakapısı kontrolü atlandı: Apache modül ve yapılandırma klasörleri bulunamadı. ROOTKIT_TROJAN_APACHE_FOUND:Apache arkakapı modülü 'mod_rootme' bulundu: $1 ROOTKIT_OS_START:Spesifik $1 kontrolleri çalıştırılıyor ROOTKIT_OS_SKIPPED:Spesifik test yok ROOTKIT_OS_BSD_SOCKNET:'sockstat' ve 'netstat' komutları kontrol ediliyor ROOTKIT_OS_BSD_SOCKNET_FOUND:'sockstat' ve 'netstat' komutları arasında bulunan farklılıkların çıktısı: ROOTKIT_OS_BSD_SOCKNET_OUTPUT:$1 çıktısı (port kullanımda): $2 ROOTKIT_OS_FREEBSD_KLD:KLD arkakapıları kontrol ediliyor ROOTKIT_OS_FREEBSD_KLD_FOUND:Olası FreeBSD KLD arkakapısı bulundu. 'kldstat -v' komutu '$1' dizisini gösteriyor ROOTKIT_OS_FREEBSD_PKGDB:Paket veritabanı kontrol ediliyor ROOTKIT_OS_FREEBSD_PKGDB_NOTOK:Paket veritabanının tutarsızlıkları var gibi görünüyor. ROOTKIT_OS_FREEBSD_PKGDB_NOTOK:Bu bir güvenlik sorunu olmayabilir, ama 'pkgdb -F' komutunu çalıştırmak sorunu teÅŸhis etmeye yardımcı olabilir. ROOTKIT_OS_DFLY_PKGDB_NOTOK:Paket veritabanının tutarsızlıkları var gibi görünüyor. ROOTKIT_OS_DFLY_PKGDB_NOTOK:Bu bir güvenlik sorunu olmayabilir, ama 'pkg_admin check' komutunu çalıştırmak sorunu teÅŸhis etmeye yardımcı olabilir. ROOTKIT_OS_LINUX_LKM:Yüklü kernel modülleri kontrol ediliyor ROOTKIT_OS_LINUX_LKM_FOUND:'lsmod' komutu ve '/proc/modules' dosyası arasında farklılıklar bulundu: ROOTKIT_OS_LINUX_LKM_OUTPUT:$1 çıktısı: $2 ROOTKIT_OS_LINUX_LKM_EMPTY:'lsmod' komutu ya da /proc/modules dosyasından bir çıktı bulunamadı: ROOTKIT_OS_LINUX_LKM_MOD_MISSING:'$1' modül dosyası kayıp. ROOTKIT_OS_LINUX_LKMNAMES:Kernek çekirdek modülleri kontrol ediliyor ROOTKIT_OS_LINUX_LKMNAMES_PATH:Modüllerin yolu olarak '$1' kullanılıyor ROOTKIT_OS_LINUX_LKMNAMES_FOUND:'$1' konumunda bilinen kötü kernel modülü bulundu: $2 ROOTKIT_OS_LINUX_LKMNAMES_PATH_MISSING:Kernel modül dizini '$1' kayıp yada boÅŸ. CHECK_LOCALHOST:Yerel host kontrol ediliyor... STARTUP_FILES_START:Sistem boot kontrolleri çalıştırılıyor STARTUP_HOSTNAME:Yerel host adı kontrol ediliyor STARTUP_NO_HOSTNAME:Host adı bulunamadı. STARTUP_CHECK_FILES_EXIST:Sistem baÅŸlangıç dosyaları kontrol ediliyor STARTUP_NONE_GIVEN:BaÅŸlangıç dosya yolları için kullanıcı tercihi 'NONE' STARTUP_CHECK_FILES_MALWARE:Sistem baÅŸlangıç dosyaları zararlı yazılım için kontrol ediliyor STARTUP_CHECK_NO_RC_FILES:Sistem baÅŸlangıç dosyaları bulunamadı. ACCOUNTS_START:Grup ve hesap kontrolleri çalıştırılıyor ACCOUNTS_PWD_FILE_CHECK:Åžifre dosyası kontrol ediliyor ACCOUNTS_FOUND_PWD_FILE:Åžifre dosyası bulundu: $1 ACCOUNTS_NO_PWD_FILE:Åžifre dosyası '$1' mevcut deÄŸil. ACCOUNTS_UID0:Rootla (UID 0) eÅŸdeÄŸer hesaplar kontrol ediliyor ACCOUNTS_UID0_WL:Rootla (UID 0) eÅŸdeÄŸer hesap '$1' bulundu: Beyaz listede. ACCOUNTS_UID0_FOUND:'$1' hesabı rootla eÅŸdeÄŸer (UID = 0) ACCOUNTS_SHADOW_FILE:Gölge dosyası bulundu: $1 ACCOUNTS_SHADOW_TCB:TCB gölge dosyası dizini bulundu: $1 ACCOUNTS_PWDLESS:Åžifresiz hesaplar kontrol ediliyor ACCOUNTS_PWDLESS_WL:Åžifresiz hesap bulundu: '$1': Beyaz listede. ACCOUNTS_PWDLESS_FOUND:'$1' dosyasında ÅŸifresiz hesap bulundu: $2 ACCOUNTS_NO_SHADOW_FILE:Gölge/ÅŸifre dosyası bulunamadı. PASSWD_CHANGES:Åžifre dosyası deÄŸiÅŸiklikleri kontrol ediliyor PASSWD_CHANGES_NO_TMP:Åžifre dosyası farklılıkları için kontrol yapılamıyor: Varolan ÅŸifre dosyasının kopyası yok. PWD_CHANGES_IDADD:'$1' kullanıcısı ÅŸifre dosyasına eklenmiÅŸtir. PWD_CHANGES_IDREM:'$1' kullanıcısı ÅŸifre dosyasından kaldırılmıştır. PWD_CHANGES_FOUND:Åžifre dosyasında '$1' kullanıcısına ait deÄŸiÅŸiklikler bulundu: PWDGRP_CHANGES_UNK:$1 dosyasında bilinmeyen alan bulundu: Eski alan: '$2' Yeni alan: '$3' PWD_CHANGES_PWD:Åžifre '$1' iken, '$2' ÅŸeklinde deÄŸiÅŸtirildi PWD_CHANGES_UID:UID '$1' iken, '$2' ÅŸeklinde deÄŸiÅŸtirildi PWD_CHANGES_GID:GID '$1' iken, '$2' ÅŸeklinde deÄŸiÅŸtirildi PWD_CHANGES_COMM:Hesap açıklaması '$1' iken, '$2' ÅŸeklinde deÄŸiÅŸtirildi PWD_CHANGES_HOME:Hesap kök dizini '$1' iken, '$2' ÅŸeklinde deÄŸiÅŸtirildi PWD_CHANGES_SHL:Varsayılan kabuk '$1' iken, '$2' ÅŸeklinde deÄŸiÅŸtirildi GROUP_CHANGES:Grup dosyası deÄŸiÅŸiklikleri kontrol ediliyor GROUP_CHANGES_NO_FILE:Grup dosyası '$1' mevcut deÄŸil. GROUP_CHANGES_NO_TMP:Grup dosyası farklılıkları için kontrol yapılamıyor: Varolan grup dosyasının kopyası yok. GROUP_CHANGES_FOUND:'$1' grubu için grup dosyasında deÄŸiÅŸiklikler bulundu: GROUP_CHANGES_IDADD:'$1' grubu, grup dosyasına eklenmiÅŸtir. GROUP_CHANGES_IDREM:'$1' grubu, grup dosyasından kaldırılmıştır. GROUP_CHANGES_PWD:Grup ÅŸifresi '$1' iken, '$2' ÅŸeklinde deÄŸiÅŸtirilmiÅŸtir GROUP_CHANGES_GID:Grup numarası '$1' iken, '$2' ÅŸeklinde deÄŸiÅŸtirilmiÅŸtir GROUP_CHANGES_GRPREM:'$1' kullanıcısı, grup dosyasından kaldırılmıştır GROUP_CHANGES_GRPADD:'$1' kullanıcısı, grup dosyasına eklenmiÅŸtir HISTORY_CHECK:Root hesabı komut geçmiÅŸi dosyaları kontrol ediliyor HISTORY_CHECK_FOUND:Root hesabı komut geçmiÅŸi dosyası '$1', '$2' konumuna sembolik bir baÄŸlantı SYSTEM_CONFIGS_START:Sistem yapılandırma dosyalarının kontrolü çalıştırılıyor SYSTEM_CONFIGS_FILE:$1 yapılandırma dosyası kontrol ediliyor SYSTEM_CONFIGS_FILE_SSH:Bir SSH yapılandırma dosyası kontrol ediliyor SYSTEM_CONFIGS_FILE_FOUND:$1 '$2' yapılandırma dosyası bulundu: $3 SYSTEM_CONFIGS_SSH_ROOT:SSH root eriÅŸim durumu kontrol ediliyor SYSTEM_CONFIGS_SSH_ROOT_FOUND:SSH ve rkhunter yapılandırma aÅŸağıdaki gibi olmalıdır: SYSTEM_CONFIGS_SSH_ROOT_FOUND1:SSH yapılandırma seçeneÄŸi 'PermitRootLogin': $1 SYSTEM_CONFIGS_SSH_ROOT_FOUND2:Rkhunter yapılandırma seçeneÄŸi 'ALLOW_SSH_ROOT_USER': $1 SYSTEM_CONFIGS_SSH_ROOT_NOTFOUND:SSH yapılandırma seçeneÄŸi 'PermitRootLogin' ayarlanmamış. SYSTEM_CONFIGS_SSH_ROOT_NOTFOUND:Varsayılan deÄŸer root eriÅŸimine izin vermek için, 'yes' olabilir. SYSTEM_CONFIGS_SSH_PROTO:SSH protokolü v1 durumu kontrol ediliyor SYSTEM_CONFIGS_SSH_PROTO_DIFF1:SSH yapılandırma seçeneÄŸi 'Protocol': $1 SYSTEM_CONFIGS_SSH_PROTO_DIFF2:Rkhunter yapılandırma seçeneÄŸi 'ALLOW_SSH_PROT_V1': $1 SYSTEM_CONFIGS_SSH_PROTO_NOTFOUND:SSH yapılandırma seçeneÄŸi 'Protocol' henüz ayarlanmamış. SYSTEM_CONFIGS_SSH_PROTO_NOTFOUND:Protokol sürüm 1'e izin vermek için, varsayılan deÄŸer '2,1' olabilir. SYSTEM_CONFIGS_SYSLOG:Çalışan bir sistem kayıtlama süreci kontrol ediliyor SYSTEM_CONFIGS_SYSLOG_NOT_RUNNING:Çalışan bir sistem kayıtlama süreci bulunamadı. SYSTEM_CONFIGS_SYSLOG_DAEMON:Çalışan bir '$1' süreci bulundu. SYSTEM_CONFIGS_SYSLOG_NO_FILE:Syslog süreci çalışıyor, fakat hiçbir yapılandırma dosyası bulunamadı. SYSTEM_CONFIGS_SYSLOG_REMOTE:Syslog uzak günlük/kayıtlama durumu kontrol ediliyor SYSTEM_CONFIGS_SYSLOG_REMOTE_LOG:Yapılandırma dosyası uzak günlük/kayıtlamaya izin veriyor: $1 SYSTEM_CONFIGS_SYSLOG_REMOTE_ALLOWED:Rkhunter yapılandırma seçeneÄŸi 'ALLOW_SYSLOG_REMOTE_LOGGING' etkinleÅŸtirilmiÅŸ. FILESYSTEM_START:Dosya sistemi kontrolü çalıştırılıyor FILESYSTEM_DEV_CHECK:Şüpheli dosya tipleri için '/dev' kontrol ediliyor FILESYSTEM_DEV_CHECK_NO_DEV:'/dev' mevcut deÄŸil. FILESYSTEM_DEV_FILE_WL:'$1' dosyası bulundu: Beyaz listede. FILESYSTEM_DEV_FILE_FOUND:${1} dizininde şüpheli dosya türleri bulundu: FILESYSTEM_HIDDEN_DIR_WL:Gizli klasör bulundu: '$1': Beyaz listede. FILESYSTEM_HIDDEN_FILE_WL:Gizli dosya bulundu: '$1': Beyaz listede. FILESYSTEM_HIDDEN_CHECK:Gizli dosya ve klasörler kontrol ediliyor FILESYSTEM_HIDDEN_DIR_FOUND:Gizli klasör bulundu: '$1' FILESYSTEM_HIDDEN_FILE_FOUND:Gizli dosya bulundu: '$1' FILESYSTEM_LOGFILE_MISSING:Kayıp kayıt dosyaları kontrol ediliyor FILESYSTEM_LOGFILE_MISSING_FOUND:'$1' kayıt dosyası eksik. FILESYSTEM_LOGFILE_EMPTY:BoÅŸ kayıt dosyaları kontrol ediliyor FILESYSTEM_LOGFILE_EMPTY_FOUND:'$1' kayıt dosyası boÅŸ. CHECK_APPS:Uygulama sürümleri kontrol ediliyor... APPS_NONE_FOUND:Bilinen uygulamalar bulunamadı - tüm sürüm kontrolleri atlandı. APPS_DAT_MISSING:Güvensiz uygulama sürümleri dosyası kayıp yada boÅŸ: $1 APPS_DAT_MISSING:Varsayılan dosyayı sıfırlamak için 'rkhunter --update' komutunu çalıştırın. APPS_DAT_NOTAFILE:Güvensiz uygulama sürümleri dosyası bir dosya deÄŸil: $1 APPS_NOT_FOUND:'$1' uygulaması bulunamadı. APPS_CHECK:$1 sürümü kontrol ediliyor APPS_CHECK_WL:'$1' uygulaması bulundu: Beyaz listede. APPS_CHECK_VERSION_UNKNOWN:'$1' sürüm numarası alınamadı. APPS_CHECK_VERSION_FOUND:'$1' uygulaması (sürüm: '$2') bulundu. APPS_CHECK_VERSION_WL:'$1' uygulaması (sürüm: '$2') bulundu: Bu sürüm beyaz listede. APPS_CHECK_WHOLE_VERSION_USED:'$1' sürüm numarası alınamadı: Sürüm seçeneÄŸi '$2' veriyor APPS_CHECK_FOUND:'$1' uygulaması (sürüm: '$2'), güncel deÄŸil ve bu muhtemel bir güvenlik riski. APPS_TOTAL_COUNT:Uygulamalar kontrol edildi: $1, $2 dışında CHECK_NETWORK:AÄŸ kontrol ediliyor... NETWORK_PORTS_START:Ağın portlarının kontrolü çalıştırılıyor NETWORK_PORTS_BACKDOOR:Arkakapı portları kontrol ediliyor NETWORK_PORTS_BACKDOOR_LOG:Arkakapı portlarının kontrolü çalıştırılıyor NETWORK_PORTS_FILE_MISSING:Arkakapı portları dosyası kayıp yada boÅŸ: $1 NETWORK_PORTS_FILE_MISSING:Varsayılan dosyayı sıfırlamak için 'rkhunter --update' komutunu çalıştırın. NETWORK_PORTS_FILE_NOTAFILE:Bilinen arkakapı portları dosyası bir dosya deÄŸil: $1 NETWORK_PORTS_UNKNOWN_NETSTAT:Tüm arkakapı port kontrolleri atlandı. NETWORK_PORTS_UNKNOWN_NETSTAT:'netstat' komut biçimi bu Ä°/S ile bilinmiyor. NETWORK_PORTS_ENABLE_TRUSTED:Port beyaz listesi için güvenilir yollar etkinleÅŸtiriliyor. NETWORK_PORTS_BACKDOOR_CHK:$2 nolu $1 portu kontrol ediliyor NETWORK_PORTS_PATH_WHITELIST:Ağın $2 nolu $1 portu '$3' tarafından kullanılıyor: yol beyaz listede. NETWORK_PORTS_TRUSTED_WHITELIST:Ağın $2 nolu $1 portu '$3' tarafından kullanılıyor: yol güvenilir. NETWORK_PORTS_PORT_WHITELIST:Ağın $2 nolu $1 portu bulundu: port beyaz listede. NETWORK_PORTS_BKDOOR_FOUND:Ağın $2 nolu $1 portu, [$3] tarafından kullanılıyor. Olası rootkit: $4 NETWORK_PORTS_BKDOOR_FOUND:Kontrol etmek için 'lsof -i' ya da 'netstat -an' komutunu uygulayın. NETWORK_HIDDEN_PORTS:Gizli portlar kontrol ediliyor NETWORK_HIDDEN_PORTS_FOUND:Gizli portlar bulundu: NETWORK_HIDDEN_PORTS_CHK:$2 nolu $1 portu NETWORK_HIDDEN_PORTS_CHK_NAME:$2 nolu $1 portu $3 tarafından kullanılıyor NETWORK_HIDDEN_PORTS_PATH_WHITELIST:Gizli $2 nolu $1 portu $3 tarafından kullanılıyor: yol beyaz listede. NETWORK_HIDDEN_PORTS_TRUSTED_WHITELIST:Gizli $2 nolu $1 portu '$3' tarafından kullanılıyor: yol güvenilir. NETWORK_HIDDEN_PORTS_PORT_WHITELIST:Gizli $2 nolu $1 portu bulundu: port beyaz listede. NETWORK_INTERFACE_START:AÄŸ arayüzlerinin kontrolleri çalıştırılıyor NETWORK_PROMISC_WLIST:AÄŸ arayüzleri karşık modda kullanıma izinli: $1 NETWORK_PROMISC_CHECK:Karışık arayüzler kontrol ediliyor NETWORK_PROMISC_NO_IFCONF_IP:Karışık aÄŸ arayüzü kontrolü atlandı - 'ifconfig' yada 'ip' komutu bulunamıyor. NETWORK_PROMISC_NO_CMD:'$1' komutu kullanılarak yapılan karışık aÄŸ arayüzü kontrolü atlandı - '$1' komutu bulunamadı. '$2' komutu kullanılıyor. NETWORK_PROMISC_IF:Olası karışık arayüzler: NETWORK_PROMISC_IF_1:'ifconfig' komutu çıktısı: NETWORK_PROMISC_IF_2:'ip' komutu çıktısı: NETWORK_PACKET_CAP_CHECK:Paket yakalama uygulamaları kontrol ediliyor NETWORK_PACKET_CAP_CHECK_NO_FILE:Paket yakalama uygulama kontrolü atlandı - '$1' dosyası kayıp. NETWORK_PACKET_CAP_FOUND:'$1' iÅŸlemi (PID $2) ağı dinliyor. NETWORK_PACKET_CAP_WL:'$1' iÅŸlemi bulundu: Beyaz listede. SHARED_LIBS_START:'paylaşılan kütüphaneler' kontrolü çalıştırılıyor SHARED_LIBS_PRELOAD_VAR:Önceden yüklenmiÅŸ deÄŸiÅŸkenler kontrol ediliyor SHARED_LIBS_PRELOAD_VAR_FOUND:Önceden yüklenmiÅŸ deÄŸiÅŸken(ler) bulundu: $1 SHARED_LIBS_PRELOAD_FILE:Önceden yüklenmiÅŸ kütüphaneler kontrol ediliyor SHARED_LIBS_PRELOAD_LIB_FOUND:Önceden yüklenmiÅŸ paylaşılan kütüphane bulundu: $1 SHARED_LIBS_PRELOAD_FILE_FOUND:Önceden yüklenmiÅŸ dosya kütüphanesi bulundu: $1 SHARED_LIBS_PRELOAD_LIB_WLIST:FÖnceden yüklenmiÅŸ paylaşılan kütüphane bulundu '$1': Beyaz listede. SHARED_LIBS_PATH:LD_LIBRARY_PATH deÄŸiÅŸkeni kontrol ediliyor SHARED_LIBS_PATH_BAD:LD_LIBRARY_PATH çevre deÄŸiÅŸkeni ayarlandı ve bu durum ikili dosyaları etkileyebilir: $1 ÅŸeklinde ayarlandı SUSPSCAN_CHECK:Şüpheli içerikli dosyalar kontrol ediliyor SUSPSCAN_DIR_NOT_EXIST:'$1' dizini mevcut deÄŸil. SUSPSCAN_INSPECT:'$1' dosyası (skor: $2) biraz şüheli içerik içeriyor ve kontrol edilmeli. SUSPSCAN_START:Şüpheli içerikli dosyaların kontrolü çalıştırılıyor SUSPSCAN_DIRS:Kontrol dizinleri: $1 SUSPSCAN_NO_DIRS:Belirlenen dizin yok: varsayılanlar kullanılıyor ($1) SUSPSCAN_TEMP:Kullanılan geçici dizin: $1 SUSPSCAN_NO_TEMP:Belirlenen geçici dizin yok: varsayılan kullanılıyor ($1) SUSPSCAN_SIZE:Kontrol için maksimum dosya boyutu (byte olarak): $1 SUSPSCAN_NO_SIZE:Maksimum dosya boyutu belirlenmedi: varsayılan kullanılıyor ($1) SUSPSCAN_THRESH:Skor eÅŸiÄŸi $1 ÅŸeklinde ayarlandı SUSPSCAN_NO_THRESH:Skor eÅŸiÄŸi belirlenmedi: varsayılan kullanılıyor ($1) SUSPSCAN_DIR_CHECK:Dizin kontrol ediliyor: '$1' SUSPSCAN_FILE_CHECK:Dosya kontrol edildi: Adı: '$1' Skor: $2 SUSPSCAN_FILE_CHECK_DEBUG:Dosya kontrol edildi: Adı: '$1' Skor: $2 Liste başı: $3 Hit: ($4) SUSPSCAN_FILE_SKIPPED_EMPTY:Dosya yok sayıldı: boÅŸ: '$1' SUSPSCAN_FILE_SKIPPED_LINK:Dosya yok sayıldı: sembolik baÄŸlantı: '$1' SUSPSCAN_FILE_SKIPPED_TYPE:Dosya yok sayıldı: yanlış tip: '$1': '$2' SUSPSCAN_FILE_SKIPPED_SIZE:Dosya yok sayıldı: çok büyük: '$1' SUSPSCAN_FILE_LINK_CHANGE:Sembolik baÄŸlantı bulundu: '$1' -> '$2' SUSPSCAN_DAT_MISSING:Şüpheli içeriÄŸinin veri dosyası eksik veya boÅŸ: $1 SUSPSCAN_DAT_MISSING:Varsayılan dosyayı onarmak için 'rkhunter --update' komutunu çalıştırın. SUSPSCAN_DAT_NOTAFILE:Şüpheli içeriÄŸinin veri dosyası bir dosya deÄŸil: $1 LIST_TESTS:Test isimleri: LIST_GROUPED_TESTS:Testlerin gruplanmış hali: LIST_LANGS:Geçerli diller: LIST_PERL:Perl modülü kurulum durumu: LIST_RTKTS:Kontrol edilen rootkitler: LOCK_USED:Kilitleme kullanımda: zaman aşımı $1 saniye LOCK_DIR:Kilitleme dizini olarak '$1' kullanılıyor LOCK_UNUSED:Kilitleme kullanımda deÄŸil LOCK_WAIT:Kilit dosyası bekleniyor LOCK_FAIL:Kilit dosyası alınamadı: rkhunter çalışmadı! LINUX_ONLY:Kontrol atlandı - bu kontrol sadece Linux sistemler içindir. rkhunter-1.4.6/files/LICENSE0000644000000000000000000004313213207556312014200 0ustar rootroot GNU GENERAL PUBLIC LICENSE Version 2, June 1991 Copyright (C) 1989, 1991 Free Software Foundation, Inc. 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA Everyone is permitted to copy and distribute verbatim copies of this license document, but changing it is not allowed. Preamble The licenses for most software are designed to take away your freedom to share and change it. By contrast, the GNU General Public License is intended to guarantee your freedom to share and change free software--to make sure the software is free for all its users. This General Public License applies to most of the Free Software Foundation's software and to any other program whose authors commit to using it. (Some other Free Software Foundation software is covered by the GNU Library General Public License instead.) You can apply it to your programs, too. When we speak of free software, we are referring to freedom, not price. Our General Public Licenses are designed to make sure that you have the freedom to distribute copies of free software (and charge for this service if you wish), that you receive source code or can get it if you want it, that you can change the software or use pieces of it in new free programs; and that you know you can do these things. To protect your rights, we need to make restrictions that forbid anyone to deny you these rights or to ask you to surrender the rights. These restrictions translate to certain responsibilities for you if you distribute copies of the software, or if you modify it. For example, if you distribute copies of such a program, whether gratis or for a fee, you must give the recipients all the rights that you have. You must make sure that they, too, receive or can get the source code. And you must show them these terms so they know their rights. We protect your rights with two steps: (1) copyright the software, and (2) offer you this license which gives you legal permission to copy, distribute and/or modify the software. Also, for each author's protection and ours, we want to make certain that everyone understands that there is no warranty for this free software. If the software is modified by someone else and passed on, we want its recipients to know that what they have is not the original, so that any problems introduced by others will not reflect on the original authors' reputations. Finally, any free program is threatened constantly by software patents. We wish to avoid the danger that redistributors of a free program will individually obtain patent licenses, in effect making the program proprietary. To prevent this, we have made it clear that any patent must be licensed for everyone's free use or not licensed at all. The precise terms and conditions for copying, distribution and modification follow. GNU GENERAL PUBLIC LICENSE TERMS AND CONDITIONS FOR COPYING, DISTRIBUTION AND MODIFICATION 0. This License applies to any program or other work which contains a notice placed by the copyright holder saying it may be distributed under the terms of this General Public License. The "Program", below, refers to any such program or work, and a "work based on the Program" means either the Program or any derivative work under copyright law: that is to say, a work containing the Program or a portion of it, either verbatim or with modifications and/or translated into another language. (Hereinafter, translation is included without limitation in the term "modification".) Each licensee is addressed as "you". Activities other than copying, distribution and modification are not covered by this License; they are outside its scope. The act of running the Program is not restricted, and the output from the Program is covered only if its contents constitute a work based on the Program (independent of having been made by running the Program). Whether that is true depends on what the Program does. 1. You may copy and distribute verbatim copies of the Program's source code as you receive it, in any medium, provided that you conspicuously and appropriately publish on each copy an appropriate copyright notice and disclaimer of warranty; keep intact all the notices that refer to this License and to the absence of any warranty; and give any other recipients of the Program a copy of this License along with the Program. You may charge a fee for the physical act of transferring a copy, and you may at your option offer warranty protection in exchange for a fee. 2. You may modify your copy or copies of the Program or any portion of it, thus forming a work based on the Program, and copy and distribute such modifications or work under the terms of Section 1 above, provided that you also meet all of these conditions: a) You must cause the modified files to carry prominent notices stating that you changed the files and the date of any change. b) You must cause any work that you distribute or publish, that in whole or in part contains or is derived from the Program or any part thereof, to be licensed as a whole at no charge to all third parties under the terms of this License. c) If the modified program normally reads commands interactively when run, you must cause it, when started running for such interactive use in the most ordinary way, to print or display an announcement including an appropriate copyright notice and a notice that there is no warranty (or else, saying that you provide a warranty) and that users may redistribute the program under these conditions, and telling the user how to view a copy of this License. (Exception: if the Program itself is interactive but does not normally print such an announcement, your work based on the Program is not required to print an announcement.) These requirements apply to the modified work as a whole. If identifiable sections of that work are not derived from the Program, and can be reasonably considered independent and separate works in themselves, then this License, and its terms, do not apply to those sections when you distribute them as separate works. But when you distribute the same sections as part of a whole which is a work based on the Program, the distribution of the whole must be on the terms of this License, whose permissions for other licensees extend to the entire whole, and thus to each and every part regardless of who wrote it. Thus, it is not the intent of this section to claim rights or contest your rights to work written entirely by you; rather, the intent is to exercise the right to control the distribution of derivative or collective works based on the Program. In addition, mere aggregation of another work not based on the Program with the Program (or with a work based on the Program) on a volume of a storage or distribution medium does not bring the other work under the scope of this License. 3. You may copy and distribute the Program (or a work based on it, under Section 2) in object code or executable form under the terms of Sections 1 and 2 above provided that you also do one of the following: a) Accompany it with the complete corresponding machine-readable source code, which must be distributed under the terms of Sections 1 and 2 above on a medium customarily used for software interchange; or, b) Accompany it with a written offer, valid for at least three years, to give any third party, for a charge no more than your cost of physically performing source distribution, a complete machine-readable copy of the corresponding source code, to be distributed under the terms of Sections 1 and 2 above on a medium customarily used for software interchange; or, c) Accompany it with the information you received as to the offer to distribute corresponding source code. (This alternative is allowed only for noncommercial distribution and only if you received the program in object code or executable form with such an offer, in accord with Subsection b above.) The source code for a work means the preferred form of the work for making modifications to it. For an executable work, complete source code means all the source code for all modules it contains, plus any associated interface definition files, plus the scripts used to control compilation and installation of the executable. However, as a special exception, the source code distributed need not include anything that is normally distributed (in either source or binary form) with the major components (compiler, kernel, and so on) of the operating system on which the executable runs, unless that component itself accompanies the executable. If distribution of executable or object code is made by offering access to copy from a designated place, then offering equivalent access to copy the source code from the same place counts as distribution of the source code, even though third parties are not compelled to copy the source along with the object code. 4. You may not copy, modify, sublicense, or distribute the Program except as expressly provided under this License. Any attempt otherwise to copy, modify, sublicense or distribute the Program is void, and will automatically terminate your rights under this License. However, parties who have received copies, or rights, from you under this License will not have their licenses terminated so long as such parties remain in full compliance. 5. You are not required to accept this License, since you have not signed it. However, nothing else grants you permission to modify or distribute the Program or its derivative works. These actions are prohibited by law if you do not accept this License. Therefore, by modifying or distributing the Program (or any work based on the Program), you indicate your acceptance of this License to do so, and all its terms and conditions for copying, distributing or modifying the Program or works based on it. 6. Each time you redistribute the Program (or any work based on the Program), the recipient automatically receives a license from the original licensor to copy, distribute or modify the Program subject to these terms and conditions. You may not impose any further restrictions on the recipients' exercise of the rights granted herein. You are not responsible for enforcing compliance by third parties to this License. 7. If, as a consequence of a court judgment or allegation of patent infringement or for any other reason (not limited to patent issues), conditions are imposed on you (whether by court order, agreement or otherwise) that contradict the conditions of this License, they do not excuse you from the conditions of this License. If you cannot distribute so as to satisfy simultaneously your obligations under this License and any other pertinent obligations, then as a consequence you may not distribute the Program at all. For example, if a patent license would not permit royalty-free redistribution of the Program by all those who receive copies directly or indirectly through you, then the only way you could satisfy both it and this License would be to refrain entirely from distribution of the Program. If any portion of this section is held invalid or unenforceable under any particular circumstance, the balance of the section is intended to apply and the section as a whole is intended to apply in other circumstances. It is not the purpose of this section to induce you to infringe any patents or other property right claims or to contest validity of any such claims; this section has the sole purpose of protecting the integrity of the free software distribution system, which is implemented by public license practices. Many people have made generous contributions to the wide range of software distributed through that system in reliance on consistent application of that system; it is up to the author/donor to decide if he or she is willing to distribute software through any other system and a licensee cannot impose that choice. This section is intended to make thoroughly clear what is believed to be a consequence of the rest of this License. 8. If the distribution and/or use of the Program is restricted in certain countries either by patents or by copyrighted interfaces, the original copyright holder who places the Program under this License may add an explicit geographical distribution limitation excluding those countries, so that distribution is permitted only in or among countries not thus excluded. In such case, this License incorporates the limitation as if written in the body of this License. 9. The Free Software Foundation may publish revised and/or new versions of the General Public License from time to time. Such new versions will be similar in spirit to the present version, but may differ in detail to address new problems or concerns. Each version is given a distinguishing version number. If the Program specifies a version number of this License which applies to it and "any later version", you have the option of following the terms and conditions either of that version or of any later version published by the Free Software Foundation. If the Program does not specify a version number of this License, you may choose any version ever published by the Free Software Foundation. 10. If you wish to incorporate parts of the Program into other free programs whose distribution conditions are different, write to the author to ask for permission. For software which is copyrighted by the Free Software Foundation, write to the Free Software Foundation; we sometimes make exceptions for this. Our decision will be guided by the two goals of preserving the free status of all derivatives of our free software and of promoting the sharing and reuse of software generally. NO WARRANTY 11. BECAUSE THE PROGRAM IS LICENSED FREE OF CHARGE, THERE IS NO WARRANTY FOR THE PROGRAM, TO THE EXTENT PERMITTED BY APPLICABLE LAW. EXCEPT WHEN OTHERWISE STATED IN WRITING THE COPYRIGHT HOLDERS AND/OR OTHER PARTIES PROVIDE THE PROGRAM "AS IS" WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESSED OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. THE ENTIRE RISK AS TO THE QUALITY AND PERFORMANCE OF THE PROGRAM IS WITH YOU. SHOULD THE PROGRAM PROVE DEFECTIVE, YOU ASSUME THE COST OF ALL NECESSARY SERVICING, REPAIR OR CORRECTION. 12. IN NO EVENT UNLESS REQUIRED BY APPLICABLE LAW OR AGREED TO IN WRITING WILL ANY COPYRIGHT HOLDER, OR ANY OTHER PARTY WHO MAY MODIFY AND/OR REDISTRIBUTE THE PROGRAM AS PERMITTED ABOVE, BE LIABLE TO YOU FOR DAMAGES, INCLUDING ANY GENERAL, SPECIAL, INCIDENTAL OR CONSEQUENTIAL DAMAGES ARISING OUT OF THE USE OR INABILITY TO USE THE PROGRAM (INCLUDING BUT NOT LIMITED TO LOSS OF DATA OR DATA BEING RENDERED INACCURATE OR LOSSES SUSTAINED BY YOU OR THIRD PARTIES OR A FAILURE OF THE PROGRAM TO OPERATE WITH ANY OTHER PROGRAMS), EVEN IF SUCH HOLDER OR OTHER PARTY HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. END OF TERMS AND CONDITIONS How to Apply These Terms to Your New Programs If you develop a new program, and you want it to be of the greatest possible use to the public, the best way to achieve this is to make it free software which everyone can redistribute and change under these terms. To do so, attach the following notices to the program. It is safest to attach them to the start of each source file to most effectively convey the exclusion of warranty; and each file should have at least the "copyright" line and a pointer to where the full notice is found. Copyright (C) This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 2 of the License, or (at your option) any later version. This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. You should have received a copy of the GNU General Public License along with this program; if not, write to the Free Software Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA Also add information on how to contact you by electronic and paper mail. If the program is interactive, make it output a short notice like this when it starts in an interactive mode: Gnomovision version 69, Copyright (C) year name of author Gnomovision comes with ABSOLUTELY NO WARRANTY; for details type `show w'. This is free software, and you are welcome to redistribute it under certain conditions; type `show c' for details. The hypothetical commands `show w' and `show c' should show the appropriate parts of the General Public License. Of course, the commands you use may be called something other than `show w' and `show c'; they could even be mouse-clicks or menu items--whatever suits your program. You should also get your employer (if you work as a programmer) or your school, if any, to sign a "copyright disclaimer" for the program, if necessary. Here is a sample; alter the names: Yoyodyne, Inc., hereby disclaims all copyright interest in the program `Gnomovision' (which makes passes at compilers) written by James Hacker. , 1 April 1989 Ty Coon, President of Vice This General Public License does not permit incorporating your program into proprietary programs. If your program is a subroutine library, you may consider it more useful to permit linking proprietary applications with the library. If this is what you want to do, use the GNU Library General Public License instead of this License. rkhunter-1.4.6/files/rkhunter.80000644000000000000000000004721413207556312015133 0ustar rootroot.\" rkhunter - RootKit Hunter .TH rkhunter 8 "June 2017" .SH NAME rkhunter \- RootKit Hunter .SH SYNOPSIS \fBrkhunter\fP {--check | --unlock | --update | --versioncheck | --propupd [{filename | directory | package name},...] | --list [tests | {lang | languages} | rootkits | perl | propfiles] | --config\-check | --version | --help} [options] .SH DESCRIPTION \fBrkhunter\fP is a shell script which carries out various checks on the local system to try and detect known rootkits and malware. It also performs checks to see if commands have been modified, if the system startup files have been modified, and various checks on the network interfaces, including checks for listening applications. \fBrkhunter\fP has been written to be as generic as possible, and so should run on most Linux and UNIX systems. It is provided with some support scripts should certain commands be missing from the system, and some of these are perl scripts. \fBrkhunter\fP does require certain commands to be present for it to be able to execute. Additionally, some tests require specific commands, but if these are not present then the test will be skipped. \fBrkhunter\fP needs to be run under a Bourne\-type shell, typically \fBbash\fP or \fBksh\fP. \fBrkhunter\fP can be run as a cron job or from the command\-line. .PP .SH COMMAND OPTIONS If no command option is given, then \fB\-\-help\fP is assumed. \fBrkhunter\fP will return a non-zero exit code if any error or warning occurs. .PP .IP "\fB\-c, \-\-check\fP" This command option tells \fBrkhunter\fP to perform various checks on the local system. The result of each test will be displayed on stdout. If anything suspicious is found, then a warning will be displayed. A log file of the tests and the results will be automatically produced. It is suggested that this command option is run regularly in order to ensure that the system has not been compromised. .IP .IP "\fB\-\-unlock\fP" This command option simply unlocks (removes) the lock file. If this option is used on its own, then no log file is created. .IP .IP \fB\-\-update\fP This command option causes \fBrkhunter\fP to check if there is a later version of any of its text data files. A command\-line web browser, for example \fBwget\fP or \fBlynx\fP, must be present on the system when using this option. It is suggested that this command option is run regularly in order to ensure that the data files are kept up to date. If this option is used via cron, then it is recommended that the \fB\-\-nocolors\fP option is also used. An exit code of zero for this command option means that no updates were available. An exit code of one means that a download error occurred, and a code of two means that no error occurred but updates were available and have been installed. .IP .IP "\fB\-\-propupd [{filename | directory | package name},...]\fP" One of the checks \fBrkhunter\fP performs is to compare various current file properties of various commands, against those it has previously stored. This command option causes \fBrkhunter\fP to update its data file of stored values with the current values. If the \fIfilename\fP option is used, then it must either be a full pathname, or a plain file name (for example, 'awk'). When used, then only the entry in the file properties database for that file will be updated. If the \fIdirectory\fP option is used, then only those files listed in the database that are in the given directory will be updated. Similarly, if the \fIpackage name\fP option is used, then only those files in the database which are part of the specified package will be updated. The package name must be the base part of the name, no version numbers should be included - for example, 'coreutils'. Package names will, of course, only be stored in the file properties database if a package manager is being used. If a package name is the same as a file name - for example, 'file' could refer to the 'file' command or to the RPM 'file' package (which contains the 'file' command) - the package name will be used. If no specific option is given, then the entire database is updated. \fIWARNING:\fP It is the users responsibility to ensure that the files on the system are genuine and from a reliable source. \fBrkhunter\fP can only report if a file has changed, but not on what has caused the change. Hence, if a file has changed, and the \fB\-\-propupd\fP command option is used, then \fBrkhunter\fP will assume that the file is genuine. .IP .IP \fB\-\-versioncheck\fP This command option causes \fBrkhunter\fP to check if there is a later version of the program. A command\-line web browser must be present on the system when using this option. If this option is used via cron, then it is recommended that the \fB\-\-nocolors\fP option is also used. An exit code of zero for this command option means that no new version was available. An exit code of one means that an error occurred downloading the latest version number, and a code of two means that no error occurred but a new version is available. .IP .IP "\fB\-\-list [tests | {lang | languages} | rootkits | perl | propfiles]\fP" This command option will list some of the supported capabilities of the program, and then exit. The \fItests\fP option lists the currently available test names (see the README file for more details about test names). The \fIlanguages\fP option lists the currently available languages, and the \fIrootkits\fP option lists the rootkits that are searched for by \fBrkhunter\fP. The \fIperl\fP option lists the installation status of the perl command and perl modules that may be used by some of the tests. Note that it is not \fIrequired\fP to install these modules. However, if \fBrkhunter\fP is forced to use perl to execute a test then the module must be present. The \fIpropfiles\fP option will list the file names that are used to generate the file properties database. If no specific option is given, then all the lists, except for the file properties database, are displayed. .IP .IP "\fB\-C, \-\-config\-check\fP" This command option causes \fBrkhunter\fP to check its configuration file(s), and then exit. The program will run through its normal configuration checks as specified by the enable and disable options on the command\-line and in the configuration files. That is, only the configuration options for tests which would normally run are checked. In order to check all the configured options, then use the \fB--enable all --disable none\fP options on the command line. Additionally, the program will check to see if there are any unrecognised configuration options. If any configuration problems are found, then they will be displayed and the return code will be set to 1. It is suggested that this option is used whenever the configuration file(s) have been changed. .IP .IP "\fB\-V, \-\-version\fP" This command option causes \fBrkhunter\fP to display its version number, and then exit. .IP .IP "\fB\-h, \-\-help\fP" .br This command option displays the help screen menu, and then exits. .IP .SH OPTIONS \fBrkhunter\fP uses a configuration file, named \fIrkhunter.conf\fP, for many of its configuration options. It can also use a local configuration file, named \fIrkhunter.conf.local\fP, and a directory named \fIrkhunter.d\fP if it is present. Both the local configuration file, and the local directory, must be in the same directory as the main configuration file. The installer does not create the local file or directory, but one, or both, can be created by the user if required. If a directory is used, then within the directory any file ending in \fI.conf\fP will be treated as a local configuration file. Some options can also be specified on the command\-line, and these will override the equivalent configuration file options. The configuration file options are well documented within the main configuration file itself. The following are the command\-line options. The defaults mentioned here are the program defaults, unless explicitly stated as the configuration file default. .PP .IP \fB\-\-appendlog\fP By default a new log file will be created when \fBrkhunter\fP runs, and the previous log file will be renamed by having \fI.old\fP appended to its name. This option tells \fBrkhunter\fP to append to the existing log file. If the log file does not exist, then it will be created. .IP "\fB\-\-bindir ...\fP" This option modifies which directories \fBrkhunter\fP looks in to find the various commands it requires (that is, its PATH). The default is the root PATH, and an internal list of some common command directories. By default a specified directory will be appended to the default list. However, if the directory name begins with the '+' character, then it will be prepended to the list (that is, it will be put at the start of the list). .IP "\fB\-\-cs2, \-\-color\-set2\fP" By default \fBrkhunter\fP will display its test results in color. The colors used are green for successful tests, red for failed tests (warnings), and yellow for skipped tests. These colors are visible when a black background is used, but are difficult to see on a white background. This option tells \fBrkhunter\fP to use a different color set which is more suited to a white background. .IP "\fB\-\-configfile \fP" The installation process will automatically tell \fBrkhunter\fP where its configuration file is located. However, if necessary, this option can be used to specify a different pathname. If a local configuration file, or directory, is to be used, then it must reside in the same directory as the configuration file specified by this option. .IP \fB\-\-cronjob\fP This is similar to the \fB\-\-check\fP command option, but it disables several of the interactive options. When this option is used \fB\-\-check\fP, \fB\-\-nocolors\fP and \fB\-\-skip-keypress\fP are assumed. By default no output is sent to stdout, so the \fB\-\-report\-warnings\-only\fP option may be useful with this option. .IP "\fB\-\-dbdir \fP" The installation process will automatically configure where the data files are stored for \fBrkhunter\fP. However, if necessary, this option can be used to specify a different directory. The directory can be read-only, after installation, provided that neither of the \fB\-\-update\fP or \fB\-\-propupd\fP options are specified, and that the \fB\-\-versioncheck\fP option is not specified if ROTATE_MIRRORS is set to 1 in the configuration file. .IP \fB\-\-debug\fP This is a special option mainly for the developers. It produces no output on stdout. Regular logging will continue as per default or as specified by the \fB\-\-logfile\fP option, and the debug output will be in a randomly generated filename which starts with \fI/tmp/rkhunter\-debug\fP. .IP "\fB\-\-disable [,...]\fP" This option tells \fBrkhunter\fP not to run the specified tests. Read the README file for more information about test names. By default no tests are disabled. .IP \fB\-\-display\-logfile\fP This option will cause the logfile to be displayed on the screen once \fBrkhunter\fP has finished. .IP "\fB\-\-enable [,...]\fP" This option tells \fBrkhunter\fP to only run the specified tests. If only one test name, other than \fIall\fP, is given, then the \fB\-\-skip\-keypress\fP option is assumed. Read the README file for more information about test names. By default all tests are enabled. All the test names are listed below under TESTS. .IP "\fB\-\-hash {MD5 | SHA1 | SHA224 | SHA256 | SHA384 | SHA512 |\fP" \fB NONE | }\fP .br Both the file properties check and the \fB\-\-propupd\fP command option will use a hash function to determine a files current hash value. This option tells \fBrkhunter\fP which hash function to use. The \fIMD5\fP and \fISHA\fP options will look for the relevant command, and, if not found, a perl support script will then be used to see if a perl module supporting the function has been installed. Alternatively, a specific \fIcommand\fP may be specified. A value of \fINONE\fP can be used to indicate that the hash values should not be obtained or used as part of the file properties check. The default is \fISHA256\fP. Systems using prelinking must use either MD5, SHA1 or NONE. .IP "\fB\-\-lang, \-\-language \fP" This option specifies which language to use for the displayed tests and results. The currently supported languages can be seen by the \fB\-\-list\fP command option. The default is \fIen\fP (English). If a message to be displayed cannot be found in the language file, then the English version will be used. As such, the English language file must always be present. The \fB\-\-update\fP command option will update the language files when new versions are available. .IP "\fB\-l, \-\-logfile [file]\fP" By default \fBrkhunter\fP will write out a log file. The default location of the file is \fI/var/log/rkhunter.log\fP. However, this location can be changed by using this option. If \fI/dev/null\fP is specified as the log file, then no log file will be written. If no specific \fIfile\fP is given, then the default will be used. By default \fBrkhunter\fP will create a new log file each time it is run. Any previously existing logfile is moved out of the way, and has \fI.old\fP appended to it. .IP \fB\-\-noappend\-log\fP This option reverts \fBrkhunter\fP to its default behaviour of creating a new log file rather than appending to it. .IP \fB\-\-nocf\fP .br This option is only valid when the command\-line \fB\-\-disable\fP option is used. When the \fB\-\-disable\fP option is used, by default, the configuration file option to disable tests is also used to determine which tests to run. If only the \fB\-\-disable\fP option is to be used to determine which tests to run, then \fB\-\-nocf\fP must be given. .IP \fB\-\-nocolors\fP This option causes the result of each test to not be displayed in a specific color. The default color, usually the reverse of the background color, will be used (typically this is just black and white). .IP \fB\-\-nolog\fP This option tells \fBrkhunter\fP not to write anything to a log file. .IP "\fB\-\-nomow, \-\-no\-mail\-on\-warning\fP" The configuration file has an option which will cause a simple email message to be sent to a user should \fBrkhunter\fP detect any warnings during system checks. This command\-line option overrides the configuration file option, and prevents an email message from being sent. The configuration file default is not to email a message. .IP "\fB\-\-ns, \-\-nosummary\fP" When the \fB\-\-check\fP command option is used, by default a short summary of results is displayed at the end. This option prevents the summary from being displayed. .IP "\fB\-\-novl, \-\-no\-verbose\-logging\fP" During some tests \fBrkhunter\fP will log a lot of information. Use of this option reduces the amount of logging, and so can improve the performance of \fBrkhunter\fP. However, the log file will contain less information should any warnings occur. By default verbose logging is enabled. .IP "\fB\-\-pkgmgr {RPM | DPKG | BSD | BSDng | SOLARIS | NONE}\fP" This option is used during the file properties check or when the \fB\-\-propupd\fP command option is given. It tells \fBrkhunter\fP that the current file property values should be obtained from the relevant package manager. See the README file for more details of this option. The default is \fINONE\fP, which means not to use a package manager. .IP "\fB\-q, \-\-quiet\fP" This option tells \fBrkhunter\fP not to display any output. It can be useful when only the exit code is going to be checked. Other options may be used with this one, to force only specific items to be displayed. .IP "\fB\-\-rwo, \-\-report\-warnings\-only\fP" This option causes only warning messages to be displayed. This can be useful when \fBrkhunter\fP is run via cron. Other options may be used to force other items of information to be displayed. .IP "\fB\-\-sk, \-\-skip\-keypress\fP" When the \fB\-\-check\fP command option is used, after certain sections of tests, the user will be prompted to press the \fIreturn\fP key in order to continue. This option disables that feature, and \fBrkhunter\fP will run until all the tests have completed. If this option has not been given, and the user is prompted to press the \fIreturn\fP key, a single '\fIs\fP' character, in upper\- or lowercase, may be given followed by the \fIreturn\fP key. \fBrkhunter\fP will then continue the tests without prompting the user again (as if this option had been given). .IP \fB\-\-summary\fP This option will cause the summary of test results to be displayed. This is the default. .IP "\fB\-\-syslog [facility.priority]\fP" When the \fB\-\-check\fP command option is used, this option will cause the start and finish times to be logged to syslog. The default is not to log anything to syslog, but if the option is used, then the default level is \fIauthpriv.notice\fP. .IP "\fB\-\-tmpdir \fP" The installation process will automatically configure where temporary files are to be created. However, if necessary, this option can be used to specify a different directory. The directory must not be a symbolic link, and must be secure (root access only). .IP "\fB\-\-vl, \-\-verbose\-logging\fP" This option tells \fBrkhunter\fP that when it runs some tests, it should log as much information as possible. This can be useful when trying to diagnose why a warning has occurred, but it obviously also takes more time. The default is to use verbose logging. .IP "\fB\-x, \-\-autox\fP" When this option is used, \fBrkhunter\fP will try and detect if the X Window system is in use. If it is in use, then the second color set will automatically be used (see the \fB\-\-color\-set2\fP option). This allows \fBrkhunter\fP to be run on, for example, a server console (where X is not present, so the default color set should be used), and on a users terminal (where X is in use, so the second color set should be used). In both cases \fBrkhunter\fP will use the correct color set. The configuration file default is to try and detect X. .IP "\fB\-X, \-\-no\-autox\fP" This option prevents \fBrkhunter\fP from automatically detecting if the X Window system is being used. See the \fB\-\-autox\fP option. .SH TESTS [This section to be written] .IP "\fBadditional_rkts\fP" This test is for SHORT_EXPLANATION. It works as part of GROUP. Corresponding configuration file entries: ONE=one, TWO=two and for white-listing THREE=three,three. Simple globbing (/dev/shm/file-*) works. .IP \fBall\fP .IP \fBapps\fP .IP \fBattributes\fP .IP \fBavail_modules\fP .IP \fBdeleted_files\fP .IP \fBfilesystem\fP .IP \fBgroup_accounts\fP .IP \fBgroup_changes\fP .IP \fBhashes\fP .IP \fBhidden_ports\fP .IP \fBhidden_procs\fP .IP \fBimmutable\fP .IP \fBknown_rkts\fP .IP \fBloaded_modules\fP .IP \fBlocal_host\fP .IP \fBmalware\fP .IP \fBnetwork\fP .IP \fBnone\fP .IP \fBos_specific\fP .IP \fBother_malware\fP .IP \fBpacket_cap_apps\fP .IP \fBpasswd_changes\fP .IP \fBports\fP .IP \fBpossible_rkt_files\fP .IP \fBpossible_rkt_strings\fP .IP \fBpromisc\fP .IP \fBproperties\fP .IP \fBrootkits\fP .IP \fBrunning_procs\fP .IP \fBscripts\fP .IP \fBshared_libs\fP .IP \fBshared_libs_path\fP .IP \fBstartup_files\fP .IP \fBstartup_malware\fP .IP \fBstrings\fP .IP \fBsuspscan\fP .IP \fBsystem_commands\fP .IP \fBsystem_configs\fP .IP \fBtrojans\fP .SH FILES (For a default installation) .br /etc/rkhunter.conf .br /var/log/rkhunter.log .SH SEE ALSO See the CHANGELOG file for recent changes. .br The README file has information about installing \fBrkhunter\fP, as well as specific sections on test names and using package managers. .br The FAQ file should also answer some questions. .SH LICENSING RootKit Hunter is licensed under the GPL, copyright Michael Boelen. See the LICENSE file for details of GPL licensing. .SH CONTACT INFORMATION This software was developed by the RootKit Hunter project team. To report bugs, patches, comments and questions, please go to: http://rkhunter.sourceforge.net/ .fi rkhunter-1.4.6/files/mirrors.dat0000644000000000000000000000014113207556312015353 0ustar rootrootVersion:2007060601 mirror=http://rkhunter.sourceforge.net mirror=http://rkhunter.sourceforge.net rkhunter-1.4.6/files/README0000644000000000000000000010216613242661162014055 0ustar rootroot THE ROOTKIT HUNTER PROJECT ========================== Copyright (c) 2003-2017, Michael Boelen See the LICENSE file for conditions of use and distribution. It is recommended that all users of RootKit Hunter (RKH) join the rkhunter-users mailing list. Subscribing to the list can be done via the RKH website at http://rkhunter.sourceforge.net A copy of the RKH FAQ is also available from the web site. ROOTKIT HUNTER REQUIREMENTS =========================== Please note that RKH has some requirements: 1) Before RKH starts it will check that certain required commands are present on the system. These are typical commands such as 'cat', 'sed', 'head', 'tail', etc. If a command is missing then RKH will not run. 2) Some tests require commands such as stat, readlink, sha256 or sha256sum. If these are not present, then RKH has perl scripts which will automatically be used instead. However, this requires perl, and certain modules, being present. If they are not, then the tests will be skipped. Readlink is provided as a script itself, and does not use perl. Other tests will use other commands. If the relevant command is not found on the system, then the test will be skipped. 3) A tool should be present with which to download file updates. Currently wget, curl, (e)links, lynx and GET are supported. If your system does not allow the possibility to install one of these applications, but does run perl, you can use 'bget' available from http://www.cpan.org/authors/id/E/EL/ELIJAH/. If you use another generic method of updating RKH then please let us know. Additionally, a non-standard command to be used for file downloads can be configured in the RKH configuration file. 4) Some tests require single-purpose tools. RKH does not depend on these, but it will use them if it finds them. They can enhance RKH's detection capabilities. The tools are: - Skdet Tests for SucKIT, Adore, Adore-NG, UNFshit, UNFkmem and frontkey. http://www.xs4all.nl/~dvgevers/ - Unhide and unhide-tcp (C versions) Finds hidden ports and processes. http://unhide.sourceforge.net If the relevant tool is not found, then the test is skipped. ROOTKIT HUNTER INSTALLATION =========================== Unpacking the tar file should produce a single directory called 'rkhunter-'. Where '' is the version number of rkhunter being installed. For example, the rkhunter-1.4.0.tar.gz tar file will produce the 'rkhunter-1.4.0' directory when unpacked. Within this directory is the installation script called 'installer.sh'. To perform a default installation of RKH simply unpack the tarball and, as root, run the installation script: tar zxf rkhunter-.tar.gz cd rkhunter- ./installer.sh --install Note: If some form of file permission error is shown, then check that the 'installer.sh' script is executable. RKH installation supports custom layouts. To show some examples run: ./installer.sh --examples The installer also has a help option: ./installer.sh --help The default installation process will install a configuration file, called 'rkhunter.conf', into the '/etc' directory or where you chose using the '--layout' switch. You can either edit the main configuration file itself, or create a 'local' configuration file for your own settings. This file, which must be called 'rkhunter.conf.local', must reside in the same directory as the main configuration file. Alternatively, or in addition if wished, you can create a directory, named 'rkhunter.d', in the same directory as the main configuration file. Within 'rkhunter.d' you can then create further configuration files. The only restriction is that the file names end in '.conf'. You should edit the configuration file(s) according to your own system requirements. Note: If the installer detects an existing 'rkhunter.conf.local' file, or an 'rkhunter.d' directory, then these will be added to the main configuration file for monitoring by rkhunter. The installer will also add the 'rkhunter.conf' file itself to be monitored. By doing this, any changes to the rkhunter configuration file(s) will be detected. If the installer encounters an existing 'rkhunter.conf' file, it will not be overwritten. Instead the installer creates a new configuration file, but with a unique number as its suffix. Please inspect the new configuration file, and copy over any changes to the existing main configuration file or to your local configuration file(s). The main RKH script will be installed into the '/usr/local/bin' directory or where you chose using the '--layout' switch. Man pages will be installed into '/usr/local/share/man', and other documentation will be installed into the '/usr/local/share/doc' directory. RKH data files, language support, and a directory for temporary files will be installed into '/var/lib/rkhunter'. Finally, RKH support scripts will be installed into '/usr/local/lib/rkhunter/scripts', or, if using an x86_64 system, into '/usr/local/lib64/rkhunter/scripts'. All directories, except 'lib64', will be created where necessary. Before running RKH you will need to fill the file properties database by running the following command: rkhunter --propupd Note that if you want to use the package management tools provided by your distribution you will need to select a package manager. In the case of using RPM your command would be: rkhunter --propupd --pkgmgr RPM To run RKH, as root, simply enter the following command: rkhunter --check By default, the log file '/var/log/rkhunter.log' will be created. It will contain the results of the checks made by RKH. To see what other options can be used with rkhunter, enter: rkhunter --help or see the 'rkhunter' man page. NOTE: The first run of 'rkhunter' after installation may give some warning messages. Please see the FAQ file and the rkhunter mailing list archive posts for more details about this. STANDALONE INSTALLATION ======================= It is possible to run RKH standalone, that is, with it all being installed into one directory. To do this unpack RKH as described above, and then install it using the following command: ./installer.sh --layout custom . --install It is then necessary to change to the 'files' directory: cd files Within the directory will be a copy of the 'rkhunter.conf' configuration file. You can modify this file according to your requirements if you wish. To run RKH, as root simply enter the following command: ./rkhunter --propupd --check --sk TESTING RKHUNTER WITHOUT INSTALLING IT ====================================== It is perfectly understandable that new users may wish to try out rkhunter without having to fully install it. Similarly current users may want to test a new version of rkhunter, or a development version of it, without it affecting their current system or current installation of rkhunter. This is all perfectly possible, and quite easy, using a standalone installation. First, as the root user, it is suggested that a separate temporary directory is created, and then change to that directory. For example: mkdir /tmp/rkh cd /tmp/rkh It is now necessary to either copy or download a tarball of the version of rkhunter that you want to test. (Since you are reading this file, we assume you have already downloaded the relevant version.) For users wishing to try the latest development version, it is possible to download a tarball: wget http://rkhunter.sourceforge.net/rkhunter-dev.tar.gz Next, it is necessary to extract the files from the tarball. The simplest way is to use the 'tar' command, such as: tar xzf rkhunter-dev.tar.gz Obviously, for official releases, you will need to use the correct tarball name. For example: tar xzf rkhunter-1.4.0.tar.gz For users of systems with alternative implementations of 'tar', for example Solaris users, you may need to break the extraction process into two steps (or use the 'gtar' command if you have it installed). For example: gunzip rkhunter-dev.tar.gz tar xf rkhunter-dev.tar The extraction process will create a sub-directory containing all the rkhunter files. The sub-directory name will contain the rkhunter version number, or, for development tarballs, it will simply be called 'rkhunter'. Change into this directory: cd rkhunter-1.4.0 (for an official release tarball) or cd rkhunter (for development tarballs) Now, we can run the installer program as described in the section above about standalone installations: ./installer.sh --layout custom . --install Finally change to the 'files' sub-directory: cd files Within here will be all the files that rkhunter requires. The configuration file, './rkhunter.conf', will already have been configured for a standalone installation. So there is no need to modify it unless you want to. Any files created by rkhunter will be within this directory. So, as mentioned above, it is perfectly possible to run a check using this installation without affecting any other installation of rkhunter that may exist on your system. To run a check use this command: ./rkhunter --propupd --check --sk By default a log file (rkhunter.log) will be created, and that too will be within this directory. NOTE: If the rkhunter '--debug' option is used then this will, by default, create a file in the '/tmp' directory, and not within the current directory. Once you have finished testing rkhunter, simply delete the entire directory it was installed into: cd /tmp /bin/rm -rf rkh INSTALLATION INFORMATION FOR x86_64 SYSTEMS =========================================== The installation of RKH is largely independent of the system architecture. However, RKH does have some support scripts and these need to be installed into the appropriate library directory. When performing a default installation, or using one of the known layout options (for example, '/usr' or '/usr/local'), then the relevant 'lib64' directory will be used only if it already exists. For a 'custom' layout, the 'lib64' directory will be used and created if necessary. Standalone installations do not use any special library directory at all. RPM installations will use the relevant 'lib64' directory only if the system architecture is detected as being 'x86_64'. REMOVING AN INSTALLATION ======================== RKH supports uninstallation. To do this unpack the installation tarball, and then run the installer with the --remove option. If RKH was installed using a default installation, then run: tar zxf rkhunter-.tar.gz cd rkhunter- ./installer.sh --remove If you chose a different layout, for example '/usr', then run the installer using: ./installer.sh --layout /usr --remove Note: the installer will not remove files that were installed using RPM (use the 'rpm' command to remove the package). For a standalone uninstallation, specified by using '--layout custom .', the installer will remove the whole installation directory (the 'files' sub-directory). During uninstallation, the installer will remove the initial configuration file (usually '/etc/rkhunter.conf'). However, any other files beginning with 'rkhunter.conf' are not removed. Similarly, any 'rkhunter.d' directory is not removed. These may be removed manually if wished. When installing RKH, some directories may have been created. However, RKH is unaware of this when being uninstalled. As such, and especially when having used a custom installation, some directories may be emptied of files, but the directories themselves may remain. Again, these can be removed manually if wished. In order to see where RKH installed its files during installation, the '--show' option can be used. For example: ./installer.sh --layout custom /opt --show USING TEST NAMES ================ Within RKH some of the tests have been given names. There are two types of test names - specific test names and grouped test names. A specific test name generally refers to one specific test within RKH. A grouped test name refers to a set, or group, of related tests. Within a group name there are usually one or more specific test names. To see the current list of test names use the 'rkhunter --list tests' command. The grouped names list will show the specific names that are within the group. So, for example, the file properties check has the grouped name of 'properties'. However, within that test the file hash value test is known as 'hashes'. Similarly, the file attributes check, which checks the file permissions, uid and gid values, and so on, is known as the 'attributes' test. Note that while it is possible to tell RKH to run the file properties check, but ignore the file hash value test, it is not possible to tell RKH to run the file attributes but to ignore the file permissions checks. RKH has no specific name for the file permissions test, and so it cannot be specifically enabled or disabled. RKH can be told to enable or disable one or more of the tests by using the '--enable' and '--disable' command-line options. Alternatively, the RKH configuration file options 'ENABLE_TESTS' and 'DISABLE_TESTS' can be used. By default, if the command-line '--disable' option is used, then the configuration file option 'DISABLE_TESTS' is also used to determine which tests to run. If only the command-line option is to be used to determine which tests to run, then the '--nocf' option must also be given. The program defaults, if no options are used at all, are to enable all tests and to disable no tests. For this purpose the enable options can use the special test name 'all', and the disable options can use the name 'none'. The enable options cannot use the name 'none', and the disable options cannot use the name 'all'. To specify more than one test name, specify them as a comma-separated list. For example: rkhunter --enable 'rootkits,hashes' Note that in the above example no disabled test list was specified. As such, it will default to the value of the configuration file option (DISABLE_TESTS), or ultimately to the program default value of 'none'. The command-line options '--enable' and '--disable' may be used more than once on the command-line. The supplied RKH configuration file will have some tests already disabled. These are generally CPU and/or I/O intensive tests, or ones which may be prone to giving false-positive results. They can, of course, be enabled by editing the DISABLE_TESTS list. To run the tests from the command line, either use the '--enable' command-line option with the specified test name, or use either '--enable all' or '--disable none'. If either of the '--enable' or '--disable' command-line options is used, and the '--propupd' option is not given, then '--check' is assumed. If the '--enable' option is used and only one test name, other than 'all', is given, then the '--skip-keypress' option is assumed as well. So, for example, to run all the rootkit tests just use: rkhunter --enable rootkits Similarly, to run all the tests except the rootkit tests, then use: rkhunter --disable rootkits In this example RKH will assume the value of the configuration file option (ENABLE_TESTS) for the enabled test list, or ultimately the program default of 'all'. In the previous example, the value of DISABLED_TESTS or, ultimately, 'none' will have been used for the disabled tests list. If a combination of enabled and disabled tests are specified, then RKH will disable a test if it is specified in the enable list. So, for example: rkhunter --enable 'rootkits,deleted_files' --disable malware In this example the 'malware' test is disabled because it is part of the 'rootkits' test. The fact that the 'deleted_files' test is specified to be run is ignored, because that is part of the 'malware' test. RKH will always look to see what tests to disable first. It will then run any enabled tests that are left. By default RKH will log what test names have been enabled and disabled. Additionally it will log each test name that it is about to execute. When initially run RKH may skip some tests due to missing commands or files. It is usually possible to omit these tests by including them in the DISABLE_TESTS list in the configuration file. The test name associated with these tests can be found by looking in the log file. It should be noted that not all the tests have been given names. As such some test names may execute more tests than expected. For example: rkhunter --enable group_changes The 'group_changes' test name refers to the check to see if the /etc/group file has been modified. However, running the above command will also cause several tests on the /etc/passwd file to be executed. This is because those tests are part of the 'local_host' grouped test name, as is the 'group_changes' test, but those other tests have no specific names. As such, RKH will start the 'local_host' tests, executing some of the /etc/passwd file tests and then the 'group_changes' test, but ignoring any other tests within 'local_host' which do have specific names (for example, 'filesystem' and 'passwd_changes'). USING PACKAGE MANAGERS ====================== The RKH file properties check, by default, performs a check of various current file properties against those that it has previously stored in the 'rkhunter.dat' file. This way RKH can warn the user if a file has changed. The file properties include items such as the files hash value, file permissions, uid, gid, inode number and so on. The properties are obtained and stored in the rkhunter.dat file when RKH is run with the '--propupd' option. Typically the file properties are obtained using commands such as 'stat', 'file', 'md5sum' and 'prelink'. However, it is also possible to specify that RKH should get whatever values it can by using a package manager. This can be done by using the '--pkgmgr' command-line option, or the 'PKGMGR' configuration file option. When the RPM package manager is specified, during the file properties check the results from the RPM verification command are used as the test results. For the other package managers, the values from the package manager database are compared against the current values for the files. By using a package manager, it is possible to avoid some false-positive reports that a file has changed when in fact it has been automatically updated by the system. The currently available package managers are 'RPM' for RedHat/RPM-based systems, 'DPKG' for Debian-based systems, 'BSD' (using the 'pkg_info' command) and 'BSDng' (using the 'pkg' command) for *BSD systems, and 'SOLARIS' for Solaris systems. It is also possible to specify 'NONE' to indicate not to use a package manager. The program default is 'NONE'. Any file which is not part of a package is treated as before, that is, the HASH_CMD configuration file option, or the '--hash' command-line option, will be used. It should be noted that all the package managers, except 'SOLARIS', provide a hash value for a file. However, the 'RPM' and 'SOLARIS' package managers can provide other file property values as well, such as the file permissions, uid, gid, modification time and so on. During the file properties check all of these values will be used, rather than the ones stored in the rkhunter.dat file. The Solaris package manager does store a 16-bit hash value, but this is not used by default. If it is wished to use the stored value, then the USE_SUNSUM configuration option must be enabled. It should also be noted that the 'DPKG', 'BSD' and 'BSDng' package manager options only provide a files hash value. As such, during the file properties check, all the other current file properties will be re-calculated as before, and compared against the values in the rkhunter.dat file. Hence, only the 'RPM' and 'SOLARIS' package managers offer any real benefits in using a package manager. NOTE: It is possible for a package manager database to become maliciously corrupted. To that extent the use of the package manager options with RKH does not provide any increase in security. However, it may result in less false-positive warnings of files which have changed. As always RKH can only report on changes, but not on what has caused the change. USING LOCAL MIRRORS =================== When the '--update' or '--versioncheck' options are used, rkhunter uses a mirror site from the mirrors.dat file to obtain the required information. By default rkhunter will use any mirror listed in the file, and it will then rotate the list of mirrors. At the time of writing the supplied mirrors.dat file lists the Rootkit Hunter SourceForge site as a mirror. However, it is possible for users to define a local mirror if they wish to. This is done by simply editing the mirrors.dat file and inserting the mirror URL. The line should begin with the text 'local='. For example: local=http://www.example.com/rkhunter_data The required rkhunter files must be placed in a location, of the users choice, which is accessible by the clients. So in the above example, the rkhunter data files would have been placed in the 'rkhunter_data' directory. The required files consist of the '.dat' files supplied with rkhunter, and which will have been installed in the database directory. For a default installation this would have been in '/var/lib/rkhunter/db'. Additionally, the mirror directory must have an 'i18n' sub-directory which contains all the current language translation files for the various versions of rkhunter. Each version is put into its own sub-directory. So, for example, there would be a '1.4.0' sub-directory, a '1.4.2' sub-directory and so on, all within the 'i18n' directory. Again, the database directory will already have had the 'i18n' sub-directory installed in to it, but it will only contain the language files for the current version of rkhunter. There are no version sub-directories installed by default. As such, the mirror will need to have the various version sub-directories created, and the relevant language files put in to them, for the versions of rkhunter that the mirror is required to support. If a client tries to access the language files for a version of rkhunter that is not supported by the mirror, then the download will fail. Depending on how the client is configured, another, possibly remote, mirror may be tried, or rkhunter will give a warning. Within each rkhunter version sub-directory of the 'i18n' directory, it is necessary to have a file called 'i18n.ver'. This file simply contains a list of the available language files, and their version numbers. For example: cn:2009112801 en:2009112902 So, as an example, the mirror file structure will need to look similar to this: rkhunter_data || || =============================================== || || || || mirrors.dat rkhunter_latest.dat i18n suspscan.dat || || 1.3.8 ============ 1.4.0 ============ 1.4.2 / | \ / | \ / | \ / | \ / | \ / | \ cn en i18n.ver cn en i18n.ver cn en i18n.ver Finally, if the '--versioncheck' option is to be supported with the local mirror, then the directory, 'rkhunter_data' in the above example, must contain a file called 'rkhunter_latest.dat'. This file must contain the current rkhunter version number (for example, '1.4.0') and no other text. It is possible to similarly define 'remote' mirrors, which begin with the text 'remote='. At present though there is no real difference between a local or remote mirror. The supplied mirror site(s) in the mirrors.dat file begin with the text 'mirror=', and this should not be changed. In order to select whether all the mirrors or only the local or remote mirrors should be used, the rkhunter configuration file has an option in it called 'MIRRORS_MODE'. This option takes a numeric value, which by default is zero. The current values and meanings are: 0 - use any mirror (the default) 1 - use only local mirrors 2 - use only remote mirrors To further support local and remote mirrors there are two other configuration options available: The first is 'UPDATE_MIRRORS', which simply tells rkhunter whether the mirrors.dat file itself should be updated (i.e. overwritten) when the '--update' option is used. If local mirrors are listed in the file then you probably do not want the file automatically updated. The 'UPDATE_MIRRORS' option has a default value of one, indicating that the mirrors.dat file should be updated. Set this option to zero to disable this feature. The second option is 'ROTATE_MIRRORS'. This tells rkhunter whether it should rotate the list of mirrors whenever the '--update' or '--versioncheck' options are used. Again, with local mirrors you may want these accessed in a specific order, rather than rotated each time. The option has a default value of one indicating that the mirrors should be rotated. Set this option to zero to disable this feature. By default if a mirror fails for some reason, then rkhunter will use the next mirror, of the configured type, listed in the file. If there are no more mirrors left, then rkhunter will give a warning message. CREATING A NEW LANGUAGE FILE ============================ Creating a new language file to work with rkhunter is quite easy - the actual translating is the hard part! First, it is necessary to find out where the current language files are located. For a default installation this will be in the '/var/lib/rkhunter/db/i18n' directory. If this directory does not exist, then look in the rkhunter log file (usually located in /var/log) and there should be a line similar to 'Using... as the database directory'. Within that directory there should be the 'i18n' sub-directory. Once you have changed to that directory, you should then see the current language files. Next, take a copy of the 'en' language file and name it for your new language. We would suggest that you use something similar to the known ISO 639 language codes. For example, to create a generic French language file, then execute 'cp -p en fr'. Once you have done this, your new language file will be recognised by rkhunter. You can check this by using the command 'rkhunter --list lang'. Note that if you use the 'rkhunter --update' command, the new language file will not be touched in any way. Also note that you must not remove the 'en' file, rkhunter will not work without it. The next part is to actually translate the messages. Each language file starts with a line containing the version number of that file. The actual messages start with a keyword, which must not be changed at all, followed by a colon (:), and then the actual message. It is the actual message which you need to translate. Some messages may contain variables such as '$1' or '$2'. Again, these must not be changed. Once you have translated the messages you can test them by using the command 'rkhunter --lang fr ...' - substituting 'fr' for whatever name you gave to your language file. If you want to have your new language translation made available as part of rkhunter, then please submit a feature request on the rkhunter SourceForge web site. However, please be aware that the language file is a fundamental part of rkhunter, and as such is continuously changing. You should endeavour to keep your translation up to date with the current version of rkhunter. ROOTKIT HUNTER GENERAL SUPPORT ============================== If a problem is found with RKH, it is recommended that users initially try and resolve the problem themselves. This can be done by first checking the FAQ file, which is present in your installation if the distributed tarball is used as source. The FAQ will contain answers to many common problems. The latest version of the FAQ can always be found at RKH's project pages on SourceForge, in the 'Documentation' section. If the problem has occurred directly after upgrading RKH, then please check the CHANGELOG file. It will contain information about changes made since the previous version of RKH, and may indicate why you are now experiencing a problem. Users should also check the rkhunter-users mailing list archives (available on the web site). The problem will be investigated by the RKH development team, and, where appropriate, a solution posted on the mailing list. Hence the mailing list archives may well contain a solution to the problem. Additionally, users should check the RKH tracker system (available at http://sourceforge.net/tracker/?group_id=155034). It is quite possible that the problem has already been reported to us as a bug or support request. It is also possible that a fix for the problem has been provided in the tracker log. Depending upon the nature of the problem it may be worthwhile trying an Internet search (for example using google), to see if anyone else has experienced a similar problem. Finally, if you have still not found an answer to the problem, then mail it to the rkhunter-users mailing list. Please provide as much information as possible about the problem, but do not make the message excessively long! Information such as your operating system and version of RKH should always be included. Please be advised that while you are free to ask for advice in your favourite IRC channel, all-purpose forum or distribution mailing list, the demonstrated level of general and security knowledge and experience, and therefore the quality of responses, may vary (very much). If you are sure the problem is a bug, or want it considered as a support request, then please submit it directly into the tracker system. ROOTKIT HUNTER REPORTS SIGNS OF A POTENTIAL BREACH OF SECURITY ============================================================== When you think you have a (potential) security problem it is advised to think and inform yourself thoroughly before you act. Please consider checking the FAQ, the rkhunter-users mailing list archives, your distribution documentation about security and security issues and the CERT Intruder Detection Checklist, formerly located at http://www.cert.org/tech_tips/intruder_detection_checklist.html, and archived at http://web.archive.org/web/20080109214340/\ http://www.cert.org/tech_tips/intruder_detection_checklist.html. If you do not have the required knowledge and experience to deal with security issues then please ensure yourself that the people who respond do and have. - Logging in, killing processes, deleting files, powering down, rebooting the machine, removing or installing software may signal the intruder and may destroy vital information. If you need to communicate with people or compile software then do use a different machine to work on. - If usage of the machine is governed by rules and regulations consider alerting the designated security officer or team, systems or network administrators or IT department before doing anything else. - In your initial email or post include as much information and make it as detailed as possible. The more details you provide the more efficient the troubleshooting or incident response process will be. - Do not be easily satisfied or mistake "don't worry" type of replies for qualitatively good answers: read the FAQ, ask for specific steps to take and commands to run so you can verify things yourself. - Please act timely and responsibly. (Potential) security problems should be prioritized and acted on at the time of reporting, not days or weeks later. ROOTKIT HUNTER AS PART OF YOUR SECURITY STRATEGY ================================================ Rootkit Hunter is a host-based, passive, post-incident, path-based tool. - Host-based means it only diagnoses the host you run it on. - Passive means it has to be scheduled or run manually. - Post-incident means it can only be effective when a breach of security is suspected, is in progress or has already occurred. Due to the nature of software that hides processes and files it may be beneficial to run Rootkit Hunter from a bootable medium if a breach of security is suspected and the machine can be booted from a bootable medium. - Path-based means RKH will check for filenames. It does not include or use heuristics or signatures like for instance an antivirus product could. Do understand that the SCANROOTKITMODE configuration option and "suspscan" functionality are just crude attempts to try and bridge that gap. Rootkit Hunter is best deployed as part of your security strategy. - Most breaches of security are preceded by reconnaissance. Regular system and log file auditing provides the necessary "early warning" capabilities. - RKH does not replace, or absolve you from performing, proper host hardening. Common administration errors that may result in a breach of security includes failing to apply updates when they are released, misconfiguration, lack of access restrictions and lack of auditing. Please see your distribution documentation and search the 'net. - Do not rely on one tool or one class of tools. Consider installing same- class tools like Chkrootkit or OSSEC-HIDS and consider overlap as a Good Thing. Additionally it is suggested you install and use a separate filesystem integrity scanner like Samhain, Aide, Integrit, Osiris (or even tripwire) to provide you with a second opinion. - Like with all data used for verifying integrity it is recommended to regularly save a copy of your RKH data files off-site. rkhunter-1.4.6/files/rkhunter0000755000000000000000000214455413242661162014776 0ustar rootroot#!/bin/sh # # rkhunter -- Scan the system for rootkits and other known security issues. # # Copyright (c) 2003-2017, Michael Boelen ( michael AT rootkit DOT nl ) # # This program is free software; you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by # the Free Software Foundation; either version 2 of the License, or # (at your option) any later version. # # This program is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # You should have received a copy of the GNU General Public License # along with this program; if not, write to the Free Software # Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111, USA. # # # Unfortunately we must do some O/S checks at the very beginning, # otherwise SunOS will complain about some of the ksh/bash syntax. # By default the SunOS root account uses a simple Bourne shell, # which does not work with RKH. So we exec to use the Bash shell # if it is present, or the Korn shell which is usually installed # by default on Solaris systems. # BSDOS=0 SUNOS=0 BUSYBOX=0 OPERATING_SYSTEM=`uname 2>/dev/null` case "${OPERATING_SYSTEM}" in *BSD|DragonFly) BSDOS=1 unset CLICOLOR CLICOLOR_FORCE ;; SunOS) SUNOS=1 unset CLICOLOR CLICOLOR_FORCE ;; esac if [ $SUNOS -eq 1 ]; then # Simple SunOS test of RANDOM to see if we are now running bash or ksh. if [ -z "$RANDOM" ]; then # If the 'which' output contains a space, then it is probably an error. if [ -n "`which bash 2>/dev/null | grep -v ' '`" ]; then exec bash $0 $* elif [ -n "`which ksh 2>/dev/null | grep -v ' '`" ]; then exec ksh $0 $* else echo "Unable to find the bash or ksh shell to run rkhunter." exit 1 fi exit 0 fi fi # # Check to see if we are using the '--debug' option. If so, then # we exec to log everything to the debug file. # if [ -n "`echo \"$*\" | grep '\-\-debug'`" ]; then RKHDEBUGFILE="" RKHDEBUGBASE="/tmp/rkhunter-debug" # # Ensure we create a random file name. # if [ -n "`which mktemp 2>/dev/null | grep -v ' '`" ]; then RKHDEBUGFILE=`mktemp ${RKHDEBUGBASE}.XXXXXXXXXX` elif [ -n "$RANDOM" ]; then RKHDEBUGFILE="${RKHDEBUGBASE}.$RANDOM" elif [ -n "`date +%N%s 2>/dev/null | grep '^[0-9][0-9]*$'`" ]; then RKHDEBUGFILE="${RKHDEBUGBASE}.`date +%N%s%N`" elif [ -n "`date +%Y%m%d%H%M%S 2>/dev/null | grep '^[0-9][0-9]*$'`" ]; then RKHDEBUGFILE="${RKHDEBUGBASE}.`date +%Y%m%d%H%M%S`" else RKHDEBUGFILE="${RKHDEBUGBASE}.$$" fi if [ -e "${RKHDEBUGFILE}" ]; then if [ -f "${RKHDEBUGFILE}" -a ! -h "${RKHDEBUGFILE}" ]; then rm -f "${RKHDEBUGFILE}" >/dev/null 2>&1 else echo "Cannot use '--debug' option. Debug file \"${RKHDEBUGFILE}\" already exists, but it is not a file." exit 1 fi fi DEBUG_OPT=1 exec 1>"${RKHDEBUGFILE}" 2>&1 chmod 600 "${RKHDEBUGFILE}" >/dev/null 2>&1 set -x else DEBUG_OPT=0 fi # # Now we must determine if we are using the Korn shell or not. If so, # then we alias the 'echo' command and set ECHOOPT. For other shells, # we try and determine the real shell being used, and test to see if # the 'echo -e' command is valid or not. We set ECHOOPT accordingly. # # # Unfortunately *BSD doesn't seem to allow capturing of unknown commands. # So we must alias 'print' to something valid, but which will fail. # test $BSDOS -eq 1 && alias print=false if [ "`print "rkh-ksh-string-test" 2>/dev/null`" = "rkh-ksh-string-test" ]; then alias echo='print' ECHOOPT="--" MYSHELL=ksh elif [ $SUNOS -eq 1 ]; then # For Solaris, if we are not running ksh, then it must be bash. MYSHELL=bash ECHOOPT="-e" else # # We want to get the actual shell used by this program, and # so we need to test /bin/sh. # MYSHELL=/bin/sh test -h ${MYSHELL} && MYSHELL=`readlink ${MYSHELL} 2>/dev/null` MYSHELL=`basename ${MYSHELL} 2>/dev/null` # Assume 'bash' if we have problems finding the real shell. test -z "${MYSHELL}" && MYSHELL=bash # Check if we are using BusyBox. test "${MYSHELL}" = "busybox" && BUSYBOX=1 # # Now test the 'echo -e' command. # if [ "`echo -e \"rkh-ksh\tstring-test\" 2>/dev/null`" = "rkh-ksh string-test" ]; then ECHOOPT="-e" else ECHOOPT="" fi fi # # We now perform a similar test to see if 'echo -n', or "\c", is valid # or not. Unfortunately on some systems both '-e' and '-n' are valid, # but not together. The "\c" option works in these cases. So we set # ECHON accordingly. # if [ "`echo -n -e \"rkh-ksh-string-test\" 2>/dev/null`" = "rkh-ksh-string-test" ]; then ECHON="-n" elif [ "`echo -e \"rkh-ksh-string-test\c\" 2>/dev/null`" = "rkh-ksh-string-test" ]; then ECHON="c" elif [ "`echo \"rkh-ksh-string-test\c\" 2>/dev/null`" = "rkh-ksh-string-test" ]; then ECHON="c" else ECHON="" fi # # We also need to run a test to see if POSIX grep is being # used. If it is, then some typical grep tests will fail. # if [ "`echo \"rkh-grep-test\" | grep '^\+'`" = "rkh-grep-test" ]; then alias grep='grep -E' fi # # It seems that the BusyBox 'readlink' command does have # a '-f' option, but it does not show the true pathname. # So we only use the option for everyone else. # test $BUSYBOX -eq 1 && READLINK_OPT="" || READLINK_OPT="-f" # # Finally, we need to test the 'head' and 'tail' commands # to see if they understand the '-n' option or not. # if head -n 1 /dev/null 2>&1; then HEAD_OPT="-n " else HEAD_OPT="-" fi if tail -n 1 /dev/null 2>&1; then TAIL_OPT="-n " else TAIL_OPT="-" fi ###################################################################### # # Global function definitions # ###################################################################### display() { # # This function is used to display text messages on to the # users screen, as well as in to the log file. The same # message is written to both. However, the screen may have # a coloured result (green for good, red for bad, etc), and # the log file will have the time prefixed to the message and, # optionally, additional information messages after the main # message. All the messages are indexed in the language file. # # Syntax: display --to --type # [--screen-indent ] [--log-indent ] # [--nl []] [--nl-after] [--log-nl] [--screen-nl] [--nonl] # [--result --color ] # [optional message arguments] # # where the destination can be one of SCREEN, LOG or SCREEN+LOG. # The type can be one of PLAIN, INFO or WARNING. # The language file will have all the current values. # # The --screen-indent and --log-indent options are used to # forcibly indent a message. # The --nl option causes a blank-line to be output before the # message both on the screen and in the log file. A following # number can be used to indicate how many blank lines should # be displayed on the screen. # The --log-nl option outputs a blank line only in the log file. # The --screen-nl option outputs a blank line on the screen # regardless of whether SCREEN was specified or not. # The --nl-after option outputs a blank line on the screen after # the message. # The --nonl option is only to be used in special cases where we # want the output of more than one message to appear on the same # line. This is currently only used when trying to obtain the # lock file. It only applies to PLAIN messages, and may not be # supported on all systems (depending on whether 'echo -n' works # or not). # # # We first initialize some variables and then # process the switches used. # WARN_MSG=0; NL=0; NLAFTER=0; LOGINDENT=0; SCREENINDENT=0 LOGNL=0; SCREENNL=0 WRITETO=''; TYPE=''; RESULT=''; COLOR=''; MSG='' LINE1=''; LOGLINE1=''; SPACES=''; NONL='' # # The IFS environment variable could be set to a non-default value # when this function is called. However, we need it to be the default # value in order to dislay things correctly. So, we record the initial # value, and then set it to the default. We set it back to the initial # value whenever we return from this function. # ORIG_IFS=$IFS IFS=$RKHIFS DISPLAY_LINE="display $*" if [ $# -le 0 ]; then echo "Error: Invalid display call - no arguments given" IFS=$ORIG_IFS return fi while [ $# -ge 1 ]; do case "$1" in --to) case "$2" in SCREEN|LOG|SCREEN+LOG) WRITETO=$2 ;; *) echo "Error: Invalid display destination: $2 Display line: ${DISPLAY_LINE}" IFS=$ORIG_IFS return ;; esac shift ;; --type) TYPE=`eval echo "\\$MSG_TYPE_$2"` if [ -z "${TYPE}" -a "$2" != "PLAIN" ]; then if [ $RKHLANGUPDT -eq 0 ]; then echo "Error: Invalid display type: $2 Display line: ${DISPLAY_LINE}" IFS=$ORIG_IFS return fi fi test "$2" = "WARNING" && WARN_MSG=1 shift ;; --result) RESULT=`eval echo "\\$MSG_RESULT_$2"` if [ -z "${RESULT}" ]; then if [ $RKHLANGUPDT -eq 0 ]; then echo "Error: Invalid display result: $2 Display line: ${DISPLAY_LINE}" IFS=$ORIG_IFS return fi fi shift ;; --color) if [ $COLORS -eq 1 ]; then test -n "$2" && COLOR=`eval "echo \\${$2}"` if [ -z "${COLOR}" ]; then echo "Error: Invalid display color: $2 Display line: ${DISPLAY_LINE}" IFS=$ORIG_IFS return fi fi shift ;; --log-indent) LOGINDENT=$2 if [ -z "${LOGINDENT}" ]; then echo "Error: No --log-indent value given. Display line: ${DISPLAY_LINE}" IFS=$ORIG_IFS return elif [ -z "`echo ${LOGINDENT} | grep '^[0-9]*$'`" ]; then echo "Error: Invalid '--log-indent' value given: $2 Display line: ${DISPLAY_LINE}" IFS=$ORIG_IFS return fi shift ;; --screen-indent) SCREENINDENT=$2 if [ -z "${SCREENINDENT}" ]; then echo "Error: No --screen-indent value given. Display line: ${DISPLAY_LINE}" IFS=$ORIG_IFS return elif [ -z "`echo ${SCREENINDENT} | grep '^[0-9]*$'`" ]; then echo "Error: Invalid '--screen-indent' value given: $2 Display line: ${DISPLAY_LINE}" IFS=$ORIG_IFS return fi shift ;; --nl) NL=1 case "$2" in [0-9]) NL=$2 shift ;; esac ;; --log-nl) LOGNL=1 ;; --screen-nl) SCREENNL=1 ;; --nl-after) NLAFTER=1 ;; --nonl) NONL=$ECHON ;; -*) echo "Error: Invalid display option given: $1 Display line: ${DISPLAY_LINE}" IFS=$ORIG_IFS return ;; *) MSG=$1 shift break ;; esac shift done # # Before anything we must record if this is a warning message. # test $WARN_MSG -eq 1 && WARNING_COUNT=`expr ${WARNING_COUNT} + 1` # # For simplicity we now set variables as to whether the output # goes to the screen and/or the log file. In some cases we do # not need to output anything, and so can just return. # if [ $NOLOG -eq 1 ]; then if [ "${WRITETO}" = "LOG" ]; then IFS=$ORIG_IFS return fi test "${WRITETO}" = "SCREEN+LOG" && WRITETO="SCREEN" fi if [ $NOTTY -eq 1 ]; then if [ "${WRITETO}" = "SCREEN" ]; then IFS=$ORIG_IFS return fi test "${WRITETO}" = "SCREEN+LOG" && WRITETO="LOG" fi test "${WRITETO}" = "SCREEN" -o "${WRITETO}" = "SCREEN+LOG" && WRITETOTTY=1 || WRITETOTTY=0 test "${WRITETO}" = "LOG" -o "${WRITETO}" = "SCREEN+LOG" && WRITETOLOG=1 || WRITETOLOG=0 # # Now check that the options we have been given make sense. # if [ $WRITETOTTY -eq 0 -a $WRITETOLOG -eq 0 ]; then echo "Error: Invalid display destination: Display line: ${DISPLAY_LINE}" IFS=$ORIG_IFS return elif [ $WRITETOTTY -eq 1 -a $COLORS -eq 1 -a -n "${RESULT}" -a -z "${COLOR}" ]; then echo "Error: Invalid display - no color given: Display line: ${DISPLAY_LINE}" IFS=$ORIG_IFS return fi # # We only allow no newline for PLAIN messages. # test -n "${TYPE}" && NONL="" # # If we want whitelisted results to be shown as white, or # black for colour set two users, then change the colour now. # if [ $WLIST_IS_WHITE -eq 1 -a $WRITETOTTY -eq 1 -a $COLORS -eq 1 -a "${RESULT}" = "${MSG_RESULT_WHITELISTED}" ]; then COLOR=$WHITE fi # # We set the variable LINE1 to contain the first line of the message. # For the log file we use the variable LOGLINE1. We also set # where the language file is located. If a message cannot be found # in the file, then we look in the English file. This will allow RKH # to still work even when the language files change. # LANG_FILE="${DB_PATH}/i18n/${LANGUAGE}" if [ -n "${MSG}" ]; then LINE1=`grep ${GREP_OPT} "^${MSG}:" "${LANG_FILE}" 2>/dev/null | head ${HEAD_OPT}1 | cut -d: -f2-` if [ $RKHCHKLOCALE -eq 1 ]; then LINE1=`echo "${LINE1}" | ${ICONV_CMD} -f UTF-8 -t ${RKHCHRMAP} 2>/dev/null` test $? -ne 0 && LINE1="" fi if [ -z "${LINE1}" ]; then LANG_FILE="${DB_PATH}/i18n/en" LINE1=`grep ${GREP_OPT} "^${MSG}:" "${LANG_FILE}" 2>/dev/null | head ${HEAD_OPT}1 | cut -d: -f2-` if [ -z "${LINE1}" ]; then echo "Error: Invalid display - keyword cannot be found: Display line: ${DISPLAY_LINE}" IFS=$ORIG_IFS return fi else LINE1=`echo "${LINE1}" | sed -e 's/\`/\\\\\`/g'` fi test -n "${LINE1}" && LINE1=`eval "echo \"${LINE1}\" | sed -e 's/;/\\;/g'"` fi # # At this point LINE1 is the text of the message. We have to # see if the message is to be indented, and must prefix the # time to log file messages. We must do the log file first # because it uses LINE1. # if [ $WRITETOLOG -eq 1 ]; then LOGLINE1=`date '+[%H:%M:%S]'` test $NL -gt 0 -o $LOGNL -eq 1 && echo "${LOGLINE1}" >>"${RKHLOGFILE}" if [ -n "${TYPE}" ]; then LOGLINE1="${LOGLINE1} ${TYPE}: ${LINE1}" else test $LOGINDENT -gt 0 && SPACES=`echo "${BLANK_LINE}" | cut -c1-$LOGINDENT` LOGLINE1="${LOGLINE1} ${SPACES}${LINE1}" fi fi if [ $WRITETOTTY -eq 1 -a $SCREENINDENT -gt 0 ]; then SPACES=`echo "${BLANK_LINE}" | cut -c1-$SCREENINDENT` LINE1="${SPACES}${LINE1}" fi # # We now check to see if a result is to be output. If it is, # then we need to space-out the line and color the result. # if [ -n "${RESULT}" ]; then if [ $WRITETOTTY -eq 1 ]; then LINE1_NUM=`echo "${LINE1}" | wc -c | tr -d ' '` NUM_SPACES=`expr 62 - ${LINE1_NUM}` test $NUM_SPACES -lt 1 && NUM_SPACES=1 if [ $COLORS -eq 0 ]; then SPACES=`echo "${BLANK_LINE}" | cut -c1-$NUM_SPACES` LINE1="${LINE1}${SPACES}[ ${RESULT} ]" else LINE1="${LINE1}\033[${NUM_SPACES}C[ ${COLOR}${RESULT}${NORMAL} ]" fi fi if [ $WRITETOLOG -eq 1 ]; then LOGLINE1_NUM=`echo "${LOGLINE1}" | wc -c | tr -d ' '` NUM_SPACES=`expr 62 - ${LOGLINE1_NUM}` test $NUM_SPACES -lt 1 && NUM_SPACES=1 SPACES=`echo "${BLANK_LINE}" | cut -c1-$NUM_SPACES` LOGLINE1="${LOGLINE1}${SPACES}[ ${RESULT} ]" fi elif [ $WRITETOTTY -eq 1 -a -n "${COLOR}" ]; then LINE1="${COLOR}${LINE1}${NORMAL}" fi # # We can now output the message. We start with any required blank # lines, and then the first line. If this is a warning message we # write to the log file any additional lines. # if [ $SCREENNL -eq 1 ]; then test $QUIET -eq 0 -a $SHOWWARNINGSONLY -eq 0 -a $NOTTY -eq 0 && echo "" fi if [ $WRITETOTTY -eq 1 ]; then NLLOOP=$NL while test $NLLOOP -gt 0; do echo "" NLLOOP=`expr ${NLLOOP} - 1` done if [ "${NONL}" = "c" ]; then echo $ECHOOPT "${LINE1}\c" else echo $NONL $ECHOOPT "${LINE1}" fi fi if [ $WRITETOLOG -eq 1 ]; then echo $ECHOOPT "${LOGLINE1}" >>"${RKHLOGFILE}" if [ $WARN_MSG -eq 1 ]; then test $SHOWWARNINGSONLY -eq 1 && echo $ECHOOPT "${LOGLINE1}" | cut -d' ' -f2- LINE1=1 OLDIFS=$IFS IFS=$IFSNL for LOGLINE1 in `grep ${GREP_OPT} "^${MSG}:" "${LANG_FILE}" 2>/dev/null | cut -d: -f2-`; do if [ $LINE1 -eq 1 ]; then LINE1=0 continue else test $SHOWWARNINGSONLY -eq 1 && echo $ECHOOPT " ${LOGLINE1}" echo $ECHOOPT " ${LOGLINE1}" >>"${RKHLOGFILE}" fi done IFS=$OLDIFS elif [ $SHOWWARNINGSONLY -eq 1 -a -n "`echo \"${LOGLINE1}\" | grep '^\[[0-9][0-9]:[0-9][0-9]:[0-9][0-9]\] '`" ]; then echo $ECHOOPT "${LOGLINE1}" | cut -d' ' -f2- fi fi # # Output a final blank line if requested to do so. # test $WRITETOTTY -eq 1 -a $NLAFTER -eq 1 && echo "" IFS=$ORIG_IFS return } name2text() { # # This function changes any spaces in a character string to '', # tabs to '' and any control characters to '?'. This allows # pathnames to be seen more easily - especially if spaces or tabs # are used. # # Whilst it would be nice to perform this function in 'display', we do # not want the changes to occur for all messages. So we keep this a # separate function, and only use it where necessary. # # Note that we must ensure that the 'echo' command does not interpret # any part of the string. # echo $ECHOOPT "$*" | sed -e 's/ //g; s/ //g' | tr -d '\n' | tr '[:cntrl:]' '?' return } keypresspause() { # # This function will display a prompt message to the user. # if [ $SKIP_KEY_PRESS -eq 0 -a $QUIET -eq 0 ]; then display --to SCREEN --type PLAIN --nl PRESSENTER read RKHTMPVAR test "${RKHTMPVAR}" = "s" -o "${RKHTMPVAR}" = "S" && SKIP_KEY_PRESS=1 fi return } get_option() { # # This function is used to process configuration file options. # # Syntax: get_option (single | space-list | newline-list)