xchkrootkit alert ?

[jsanza@terra.es]

Hello,

If i run xchkrootkit in my system, i get :
Searching for anomalies in shell history files... nothing found
Checking `asp'... not infected
Checking `bindshell'... not infected
Checking `lkm'... chkproc: nothing detected
Checking `rexedcs'... not found
Checking `sniffer'... eth0: PF_PACKET(/sbin/dhclient)
Checking `w55808'... not infected
Checking `wted'... chkwtmp: nothing deleted
Checking `scalper'... not infected
Checking `slapper'... not infected
Checking `z2'... chklastlog: nothing deleted
Checking `chkutmp'... The tty of the following user process(es) were not found
in /var/run/utmp !
! RUID PID TTY CMD
! root 1731 tty2 /usr/bin/X -br -nolisten tcp :0 vt2 -auth /var/run/xa uth/A:0-w6a1DX
chkutmp: nothing deleted
Press ENTER to exit
[admin@darkstar tmp]$ tty
/dev/pts/2
[admin@darkstar tmp]$ ps -ef | grep "/X"
root 1718 1 0 01:39 ? 00:00:00 /bin/sh /etc/X11/prefdm -nodaemon
root 1731 1729 4 01:39 tty2 00:00:27 /usr/bin/X -br -nolisten tcp :0 vt2 -auth /var/run/xauth/A:0-w6a1DX
admin 4245 1982 0 01:50 pts/2 00:00:00 grep /X


what is this process?

what is tty2?

thank you

[Brian1]

tty is the device block for your terminal session. Normally tty is your first one and then tty2 the the one it is using for the X session. So one is in the gui you can hit Alt-Ctrl-F1 and get to the terminal of the gui. To get back to the gui hit alt_ctrl-F2. On some distros like redhat it defines 6 ttys at the bootup which means the first gui for tty1 will be tty7. tty2 will be tty8.
For more info do a ' man tty ' and also search google for tty.

Brian1