[Fedora 16] Rootkit?

[15:36:40]   /sbin/ifconfig                                  [ Warning ]
[15:36:40] Warning: File '/sbin/ifconfig' has the immutable-bit set.
[15:36:52]   /usr/sbin/lsof                                  [ Warning ]
[15:36:52] Warning: File '/usr/sbin/lsof' has the immutable-bit set.
........
[15:37:14] Checking for cb Rootkit...
[15:37:14]   Checking for file '/dev/srd0'                   [ Not found ]
[15:37:14]   Checking for file '/lib/libproc.so.2.0.6'       [ Found ]
[15:37:14]   Checking for file '/dev/mounnt'                 [ Not found ]
[15:37:14]   Checking for file '/etc/rc.d/init.d/init'       [ Not found ]
[15:37:14]   Checking for file '/usr/bin/.zeen/.. /cl'       [ Not found ]
[15:37:14]   Checking for file '/usr/bin/.zeen/.. /.x.tgz'   [ Not found ]
[15:37:14]   Checking for file '/usr/bin/.zeen/.. /statdx'   [ Not found ]
[15:37:15]   Checking for file '/usr/bin/.zeen/.. /wted'     [ Not found ]
[15:37:15]   Checking for file '/usr/bin/.zeen/.. /write'    [ Not found ]
[15:37:15]   Checking for file '/usr/bin/.zeen/.. /scan'     [ Not found ]
[15:37:15]   Checking for file '/usr/bin/.zeen/.. /sc'       [ Not found ]
[15:37:15]   Checking for file '/usr/bin/.zeen/.. /sl2'      [ Not found ]
[15:37:15]   Checking for file '/usr/bin/.zeen/.. /wroot'    [ Not found ]
[15:37:15]   Checking for file '/usr/bin/.zeen/.. /wscan'    [ Not found ]
[15:37:15]   Checking for file '/usr/bin/.zeen/.. /wu'       [ Not found ]
[15:37:15]   Checking for file '/usr/bin/.zeen/.. /v'        [ Not found ]
[15:37:15]   Checking for file '/usr/bin/.zeen/.. /read'     [ Not found ]
[15:37:15]   Checking for file '/usr/lib/sshrc'              [ Not found ]
[15:37:15]   Checking for file '/usr/lib/ssh_host_key'       [ Not found ]
[15:37:16]   Checking for file '/usr/lib/ssh_host_key.pub'   [ Not found ]
[15:37:16]   Checking for file '/usr/lib/ssh_random_seed'    [ Not found ]
[15:37:16]   Checking for file '/usr/lib/sshd_config'        [ Not found ]
[15:37:16]   Checking for file '/usr/lib/shosts.equiv'       [ Not found ]
[15:37:16]   Checking for file '/usr/lib/ssh_known_hosts'    [ Not found ]
[15:37:16]   Checking for file '/u/zappa/.ssh/pid'           [ Not found ]
[15:37:16]   Checking for file '/usr/bin/.system/.. /tcp.log' [ Not found ]
[15:37:17]   Checking for file '/usr/bin/.zeen/.. /curatare/attrib' [ Not found ]
[15:37:17]   Checking for file '/usr/bin/.zeen/.. /curatare/chattr' [ Not found ]
[15:37:17]   Checking for file '/usr/bin/.zeen/.. /curatare/ps' [ Not found ]
[15:37:17]   Checking for file '/usr/bin/.zeen/.. /curatare/pstree' [ Not found ]
[15:37:17]   Checking for file '/usr/bin/.system/.. /.x/xC.o' [ Not found ]
[15:37:17]   Checking for directory '/usr/bin/.zeen'         [ Not found ]
[15:37:17]   Checking for directory '/usr/bin/.zeen/.. /curatare' [ Not found ]
[15:37:18]   Checking for directory '/usr/bin/.zeen/.. /scan' [ Not found ]
[15:37:18]   Checking for directory '/usr/bin/.system/.. '   [ Not found ]
[15:37:18] Warning: cb Rootkit                               [ Warning ]
[15:37:18]          File '/lib/libproc.so.2.0.6' found
.............
[15:38:00] Checking for SHV4 Rootkit...
[15:38:00]   Checking for file '/etc/ld.so.hash'             [ Not found ]
[15:38:00]   Checking for file '/lib/libext-2.so.7'          [ Not found ]
[15:38:00]   Checking for file '/lib/lidps1.so'              [ Found ]
[15:38:01]   Checking for file '/lib/libproc.a'              [ Found ]
[15:38:01]   Checking for file '/lib/libproc.so.2.0.6'       [ Found ]
[15:38:01]   Checking for file '/lib/ldd.so/tks'             [ Not found ]
[15:38:01]   Checking for file '/lib/ldd.so/tkp'             [ Not found ]
[15:38:01]   Checking for file '/lib/ldd.so/tksb'            [ Not found ]
[15:38:01]   Checking for file '/lib/security/.config/sshd'  [ Not found ]
[15:38:01]   Checking for file '/lib/security/.config/ssh/ssh_host_key' [ Not found ]
[15:38:01]   Checking for file '/lib/security/.config/ssh/ssh_host_key.pub' [ Not found ]
[15:38:02]   Checking for file '/lib/security/.config/ssh/ssh_random_seed' [ Not found ]
[15:38:02]   Checking for file '/usr/include/file.h'         [ Found ]
[15:38:02]   Checking for file '/usr/include/hosts.h'        [ Found ]
[15:38:02]   Checking for file '/usr/include/lidps1.so'      [ Not found ]
[15:38:02]   Checking for file '/usr/include/log.h'          [ Found ]
[15:38:02]   Checking for file '/usr/include/proc.h'         [ Found ]
[15:38:02]   Checking for file '/usr/sbin/xntps'             [ Not found ]
[15:38:03]   Checking for file '/dev/srd0'                   [ Not found ]
[15:38:03]   Checking for directory '/lib/ldd.so'            [ Not found ]
[15:38:03]   Checking for directory '/lib/security/.config'  [ Not found ]
[15:38:03]   Checking for directory '/lib/security/.config/ssh' [ Not found ]
[15:38:03] Warning: SHV4 Rootkit                             [ Warning ]
[15:38:03]          File '/lib/lidps1.so' found
[15:38:03]          File '/lib/libproc.a' found
[15:38:03]          File '/lib/libproc.so.2.0.6' found
[15:38:03]          File '/usr/include/file.h' found
[15:38:03]          File '/usr/include/hosts.h' found
[15:38:03]          File '/usr/include/log.h' found
[15:38:03]          File '/usr/include/proc.h' found
[15:38:04]
[15:38:04] Checking for SHV5 Rootkit...
[15:38:04]   Checking for file '/etc/sh.conf'                [ Found ]
[15:38:04]   Checking for file '/lib/libproc.a'              [ Found ]
[15:38:04]   Checking for file '/lib/libproc.so.2.0.6'       [ Found ]
[15:38:04]   Checking for file '/lib/lidps1.so'              [ Found ]
[15:38:04]   Checking for file '/lib/libsh.so/bash'          [ Found ]
[15:38:04]   Checking for file '/usr/include/file.h'         [ Found ]
[15:38:04]   Checking for file '/usr/include/hosts.h'        [ Found ]
[15:38:04]   Checking for file '/usr/include/log.h'          [ Found ]
[15:38:04]   Checking for file '/usr/include/proc.h'         [ Found ]
[15:38:04]   Checking for file '/lib/libsh.so/shdcf2'        [ Not found ]
[15:38:04]   Checking for file '/lib/libsh.so/shhk'          [ Found ]
[15:38:04]   Checking for file '/lib/libsh.so/shhk.pub'      [ Found ]
[15:38:04]   Checking for file '/lib/libsh.so/shrs'          [ Found ]
[15:38:05]   Checking for file '/usr/lib/libsh/.bashrc'      [ Found ]
[15:38:05]   Checking for file '/usr/lib/libsh/shsb'         [ Not found ]
[15:38:05]   Checking for file '/usr/lib/libsh/hide'         [ Found ]
[15:38:05]   Checking for file '/usr/lib/libsh/.sniff/shsniff' [ Not found ]
[15:38:05]   Checking for file '/usr/lib/libsh/.sniff/shp'   [ Found ]
[15:38:05]   Checking for file '/dev/srd0'                   [ Not found ]
[15:38:05]   Checking for directory '/lib/libsh.so'          [ Found ]
[15:38:05]   Checking for directory '/usr/lib/libsh'         [ Found ]
[15:38:05]   Checking for directory '/usr/lib/libsh/utilz'   [ Not found ]
[15:38:05]   Checking for directory '/usr/lib/libsh/.backup' [ Found ]
[15:38:05] Warning: SHV5 Rootkit                             [ Warning ]
[15:38:05]          File '/etc/sh.conf' found
[15:38:05]          File '/lib/libproc.a' found
[15:38:05]          File '/lib/libproc.so.2.0.6' found
[15:38:05]          File '/lib/lidps1.so' found
[15:38:05]          File '/lib/libsh.so/bash' found
[15:38:05]          File '/usr/include/file.h' found
[15:38:05]          File '/usr/include/hosts.h' found
[15:38:06]          File '/usr/include/log.h' found
[15:38:06]          File '/usr/include/proc.h' found
[15:38:06]          File '/lib/libsh.so/shhk' found
[15:38:06]          File '/lib/libsh.so/shhk.pub' found
[15:38:06]          File '/lib/libsh.so/shrs' found
[15:38:06]          File '/usr/lib/libsh/.bashrc' found
[15:38:06]          File '/usr/lib/libsh/hide' found
[15:38:06]          File '/usr/lib/libsh/.sniff/shp' found
[15:38:06]          Directory '/lib/libsh.so' found
[15:38:06]          Directory '/usr/lib/libsh' found
[15:38:06]          Directory '/usr/lib/libsh/.backup' found
......
[15:39:02] Warning: Checking for possible rootkit strings    [ Warning ]
[15:39:02]          Found string 'fucknut' in file '/sbin/ttymon'. Possible rootkit: SHV5 Rootkit
[15:39:02]          Found string 'lamersucks' in file '/sbin/ttymon'. Possible rootkit: SHV5 Rootkit
[15:39:02]          Found string 'skillz' in file '/sbin/ttymon'. Possible rootkit: SHV5 Rootkit
[15:39:02]          Found string 'propert of SH' in file '/sbin/ttyload'. Possible rootkit: SHV5 Rootkit
[15:39:03]          Found string 'ttyload' in file '/etc/inittab'. Possible rootkit: SHV5 Rootkit

# Firewall configuration written by system-config-firewall
# Manual customization of this file is not recommended.
*filter
:FORWARD ACCEPT [0:0]
:INPUT ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
# Bestaand
-A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT

# echo
-A INPUT -p tcp -m tcp -m state --dport 7 --state NEW -j ACCEPT
# SSH
-A INPUT -p tcp -m tcp -m state --dport 22 --sport 1024:65535 --state NEW -j ACCEPT
#-A INPUT -p tcp -m tcp -m state --dport 25 --state NEW -j ACCEPT

# HTTP HTTPS
-A INPUT -p tcp -m tcp -m state --dport 80 --sport 1024:65535 --state NEW -j ACCEPT
-A INPUT -p tcp -m tcp -m state --dport 443 --sport 1024:65535 --state NEW -j ACCEPT
#-A INPUT -p tcp -m tcp -m state --dport 8008 --sport 1024:65535 --state NEW -j ACCEPT

# FTP
-A INPUT -p tcp -m tcp -m state --dport 20:21 --state NEW -j ACCEPT
-A INPUT -p tcp -m tcp -m state --dport 10000:10100 --state NEW -j ACCEPT


# PING
-A INPUT -p icmp -j ACCEPT

# Loopback
-A INPUT -i lo -j ACCEPT

# MySql
-A INPUT -p tcp -m tcp --dport 3306 --tcp-flags SYN,ACK,FIN,RST SYN -j ACCEPT

# ...interne dienst...
#-A INPUT -p tcp -m tcp -m state --dport 8000:8001 --state NEW -j ACCEPT

# LogicalDOC
-A INPUT -p tcp -m tcp -m state --dport 8080 --sport 1024:65535 --state NEW -j ACCEPT

#Output
-A OUTPUT -j ACCEPT

# Reject restant
-A INPUT -j REJECT --reject-with icmp-host-prohibited

# Uitvoeren
COMMIT

# Firewall configuration written by system-config-firewall
# Manual customization of this file is not recommended.
*filter
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
-A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
-A INPUT -p icmp -j ACCEPT
-A INPUT -i lo -j ACCEPT

# SSH en SFTP
-A INPUT -p tcp --dport 22 -j ACCEPT

# HTTP(s)
-A INPUT -p tcp --dport 80 -j ACCEPT
-A INPUT -p tcp --dport 443 -j ACCEPT

# FTPS (enkel SSL verbindingen, rest wordt geweigerd
-A INPUT -p tcp --dport 21 -j ACCEPT

# MySQL ipadressen
-A INPUT -p tcp --dport 3306 -s ***/** -j ACCEPT
-A INPUT -p tcp --dport 3306 -s ***/** -j ACCEPT

-A INPUT -j REJECT --reject-with icmp-host-prohibited
-A FORWARD -j REJECT --reject-with icmp-host-prohibited
COMMIT