Find the answer to your Linux question:
Results 1 to 3 of 3
So I ran rkhunter just to make sure things are on the up and up, and I found a couple of things that are suspect When checking the network it ...
Enjoy an ad free experience by logging in. Not a member yet? Register.
  1. #1
    Linux Newbie
    Join Date
    Aug 2008
    Posts
    104

    Scary rkhunter output


    So I ran rkhunter just to make sure things are on the up and up, and I found a couple of things that are suspect

    When checking the network it came up with:

    Performing filesystem checks
    Checking /dev for suspicious file types [ Warning ]
    Checking for hidden files and directories [ Warning ]
    And when I cat the rkhunter.log, it gives me this info:

    [19:09:08] Performing filesystem checks
    [19:09:08] Info: Starting test name 'filesystem'
    [19:09:08] Info: SCAN_MODE_DEV set to 'THOROUGH'
    [19:09:35] Checking /dev for suspicious file types [ Warning ]
    [19:09:35] Warning: Suspicious files found in /dev:
    [19:09:35] /dev/shm/pulse-shm-1356685213: data
    [19:09:35] /dev/shm/pulse-shm-249331996: data
    [19:09:36] Checking for hidden files and directories [ Warning ]
    [19:09:36] Warning: Hidden directory found: /etc/.java
    [19:09:36] Warning: Hidden directory found: /dev/.static
    [19:09:36] Warning: Hidden directory found: /dev/.udev
    [19:09:36] Warning: Hidden directory found: /dev/.initramfs
    Anything I should be worried about? Or is it just overly cautious like that time ClamAV said my gnome log in screen and all my large .pdf files were viruses?
    She sells C Shells by the sea shore.

  2. #2
    Linux Newbie
    Join Date
    Apr 2008
    Location
    India
    Posts
    170
    check when the file was modified ???
    Regards
    David Anand
    -->Success is the list of failures ...!!!

  3. #3
    Banned
    Join Date
    Apr 2009
    Posts
    3
    Quote Originally Posted by davidanand View Post
    check when the file was modified ???
    Rootkits can hide that too.
    If an attacker installed a decent rootkit then you're basically ****ed, reformat.

    But it doesn't look too serious to me, just:
    Code:
    rm -rf /etc/.java /dev/.static /dev/.udev /dev/.initramfs /dev/shm/pulse-shm-1356685213 /dev/shm/pulse-shm-249331996

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •