rkhunter-log help

Kernels & Hardware, configuring network, installing services

rkhunter-log help

Postby habu » 2017-06-20 18:29

i have a rootkit log file a will like some help understanding the contest and some help on what to do white the warnings there is en the log file, part of the log file below is from chkrootkit.

Code: Select all
root@debian:~# rkhunter -c --enable all --disable none --rwo
Warning: The following processes are using deleted files:
         Process: /usr/lib/tracker/tracker-extract    PID: 1442    File: /home/hans/.local/share/gvfs-metadata/root
         Process: /usr/lib/gnome-terminal/gnome-terminal-server    PID: 27002    File: /tmp/#29622298
Warning: Process '/sbin/dhclient' (PID 997) is listening on the network.
Warning: Suspicious file types found in /dev:
         /dev/shm/pulse-shm-3798098583: data
         /dev/shm/pulse-shm-3995757986: data
         /dev/shm/pulse-shm-3812361329: data
         /dev/shm/pulse-shm-1526989350: data
         /dev/shm/pulse-shm-61889942: data
         /dev/shm/pulse-shm-2174947809: data
         /dev/shm/pulse-shm-505689004: data
Warning: Hidden directory found: /etc/.java

Searching for anomalies in shell history files...           nothing found
Checking `asp'...                                           not infected
Checking `bindshell'...                                     not infected
Checking `lkm'...                                           chkproc: nothing detected
chkdirs: nothing detected
Checking `rexedcs'...                                       not found
Checking `sniffer'...                                       lo: not promisc and no packet sniffer sockets
eth0: PACKET SNIFFER(/sbin/dhclient[997])
Checking `w55808'...                                        not infected
Checking `wted'...                                          chkwtmp: nothing deleted
Checking `scalper'...                                       not infected
Checking `slapper'...                                       not infected
Checking `z2'...                                            user hans deleted or never logged from lastlog!
Checking `chkutmp'...                                        The tty of the following user process(es) were not found
 in /var/run/utmp !
! RUID          PID TTY    CMD
! root          741 tty7   /usr/bin/Xorg :0 -novtswitch -background none -noreset -verbose 3 -auth /var/run/gdm3/auth-for-Debian-gdm-18XKkD/database -seat seat0 -nolisten tcp vt7
chkutmp: nothing deleted
Checking `OSX_RSPLUG'...                                    not infected
Lenovo Thinkpad: Intel(R) Core(TM) i7-3610QM
CPU 2.30GHz amd64
User avatar
Posts: 63
Joined: 2016-03-13 09:07

Return to System configuration

Who is online

Users browsing this forum: No registered users and 5 guests