Find the answer to your Linux question:
Results 1 to 6 of 6
Hi, I just did a scan on two of my linux conputers with chkrootkit and Rkhunter. chkrootkit showed nothing on both. But rkhunter said otherwise, it didn't find any rootkits ...
Enjoy an ad free experience by logging in. Not a member yet? Register.
  1. #1
    Just Joined! jreidsma's Avatar
    Join Date
    Aug 2011
    Posts
    93

    RKHunter Warnings?


    Hi,
    I just did a scan on two of my linux conputers with chkrootkit and Rkhunter. chkrootkit showed nothing on both. But rkhunter said otherwise, it didn't find any rootkits or malware, but gave me a couple warnings and told me to check the .log file it made. I tried on both computer to look at that file but the computer said I can't, and in the permissions of the file it is set up for root to view it.

    So anyone know how to view the file as root?

    Also, here's a direct copy and paste from the terminal of the "warnings"

    First computer, Kororaa 15:
    Performing file properties checks
    Checking for prerequisites [ Warning ]

    Second computer, MoonOS laptop:
    Performing filesystem checks
    Checking /dev for suspicious file types [ Warning ]
    Checking for hidden files and directories [ Warning ]


    So anyone know what that means? Should I be worried about any of the warnings? And if anyone knows how, it might help to be able to see the logs it left with info on this.

  2. #2
    Administrator jayd512's Avatar
    Join Date
    Feb 2008
    Location
    Kentucky
    Posts
    5,023
    Many of the warnings given by rkhunter can be false positives, caused by a hidden folder or something similar. Even if you created it it yourself.
    And to read the logs, you need root permissions.
    Code:
    sudo cat /var/log/rkhunter.log
    If you don't have sudo enabled, simply do:
    Code:
     su -
    <enter root password>
    cat /var/log/rkhunter.log
    Jay

    New users, read this first.
    New Member FAQ
    Registered Linux User #463940
    I do not respond to private messages asking for Linux help. Please keep it on the public boards.

  3. #3
    Just Joined! jreidsma's Avatar
    Join Date
    Aug 2011
    Posts
    93
    Hi,
    Ok, thanks

    I did what you posted, and will put the warnings on here.

    Here's the warnings for the MoonOS laptop:
    [16:04:34] Performing filesystem checks
    [16:04:34] Info: Starting test name 'filesystem'
    [16:04:34] Info: SCAN_MODE_DEV set to 'THOROUGH'
    [16:04:35] Checking /dev for suspicious file types [ Warning ]
    [16:04:35] Warning: Suspicious file types found in /dev:
    [16:04:35] /dev/shm/pulse-shm-2455246965: data
    [16:04:35] /dev/shm/pulse-shm-1513986577: data
    [16:04:35] /dev/shm/mono-shared-1000-shared_fileshare-jreidsma-Presario-V2000-EH458UA-ABA-Linux-i686-36-12-0: data
    [16:04:35] /dev/shm/mono-shared-1000-shared_data-jreidsma-Presario-V2000-EH458UA-ABA-Linux-i686-312-12-0: data
    [16:04:35] /dev/shm/mono.2034: data
    [16:04:35] /dev/shm/pulse-shm-4265638741: data
    [16:04:35] /dev/shm/pulse-shm-509220867: data
    [16:04:35] /dev/shm/ecryptfs-jreidsma-Private: ASCII text
    [16:04:35] /dev/shm/pulse-shm-3542168363: data
    [16:04:35] Checking for hidden files and directories [ Warning ]
    [16:04:35] Warning: Hidden directory found: /dev/.udev
    [16:04:35] Warning: Hidden directory found: /dev/.initramfs
    [16:04:48]

    I went on the kororaa computer and put in the codes you put. But it says there is no such file or directory. So I will hunt for the file, it might take a couple minutes.

  4. #4
    Administrator jayd512's Avatar
    Join Date
    Feb 2008
    Location
    Kentucky
    Posts
    5,023
    Looks okay to me.
    Mine reports similar warnings.
    Hidden files can be something as simple as a system preference file.

    I wouldn't worry about it.
    Jay

    New users, read this first.
    New Member FAQ
    Registered Linux User #463940
    I do not respond to private messages asking for Linux help. Please keep it on the public boards.

  5. #5
    Just Joined! jreidsma's Avatar
    Join Date
    Aug 2011
    Posts
    93
    Hi,
    ok Thanks

    On the kororaa one it was:
    sudo cat /var/log/rkhunter/rkhunter.log

    And it didn't show the warning it had. So I am guessing it wasn't anything to worry about either. It did have some stuff put on there as hidden but white listed. In fact, it was the same items the other computer had as warnings.

    I am kind of paranoid when it comes to security Not that that's a bad thing Better to be slightly paranoid then to not care at all.

  6. #6
    Administrator jayd512's Avatar
    Join Date
    Feb 2008
    Location
    Kentucky
    Posts
    5,023
    Quote Originally Posted by jreidsma View Post
    Better to be slightly paranoid then to not care at all.
    Absolutely!
    And I just ran through my most recent log (from about a week ago) and one hidden folder was for some java settings. So just look through the files or directories that are brought to your attention, and you should be fine.
    Jay

    New users, read this first.
    New Member FAQ
    Registered Linux User #463940
    I do not respond to private messages asking for Linux help. Please keep it on the public boards.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •