Scheduled Maintenance: We are aware of an issue with Google, AOL, and Yahoo services as email providers which are blocking new registrations. We are trying to fix the issue and we have several internal and external support tickets in process to resolve the issue. Please see: viewtopic.php?t=158230

 

 

 

rkhunter-log help

Linux Kernel, Network, and Services configuration.
Post Reply
Message
Author
User avatar
habu
Posts: 63
Joined: 2016-03-13 09:07

rkhunter-log help

#1 Post by habu »

i have a rootkit log file a will like some help understanding the contest and some help on what to do white the warnings there is en the log file, part of the log file below is from chkrootkit.

Code: Select all

root@debian:~# rkhunter -c --enable all --disable none --rwo
Warning: The following processes are using deleted files:
         Process: /usr/lib/tracker/tracker-extract    PID: 1442    File: /home/hans/.local/share/gvfs-metadata/root
         Process: /usr/lib/gnome-terminal/gnome-terminal-server    PID: 27002    File: /tmp/#29622298
Warning: Process '/sbin/dhclient' (PID 997) is listening on the network.
Warning: Suspicious file types found in /dev:
         /dev/shm/pulse-shm-3798098583: data
         /dev/shm/pulse-shm-3995757986: data
         /dev/shm/pulse-shm-3812361329: data
         /dev/shm/pulse-shm-1526989350: data
         /dev/shm/pulse-shm-61889942: data
         /dev/shm/pulse-shm-2174947809: data
         /dev/shm/pulse-shm-505689004: data
Warning: Hidden directory found: /etc/.java

chkrootkit
Searching for anomalies in shell history files...           nothing found
Checking `asp'...                                           not infected
Checking `bindshell'...                                     not infected
Checking `lkm'...                                           chkproc: nothing detected
chkdirs: nothing detected
Checking `rexedcs'...                                       not found
Checking `sniffer'...                                       lo: not promisc and no packet sniffer sockets
eth0: PACKET SNIFFER(/sbin/dhclient[997])
Checking `w55808'...                                        not infected
Checking `wted'...                                          chkwtmp: nothing deleted
Checking `scalper'...                                       not infected
Checking `slapper'...                                       not infected
Checking `z2'...                                            user hans deleted or never logged from lastlog!
Checking `chkutmp'...                                        The tty of the following user process(es) were not found
 in /var/run/utmp !
! RUID          PID TTY    CMD
! root          741 tty7   /usr/bin/Xorg :0 -novtswitch -background none -noreset -verbose 3 -auth /var/run/gdm3/auth-for-Debian-gdm-18XKkD/database -seat seat0 -nolisten tcp vt7
chkutmp: nothing deleted
Checking `OSX_RSPLUG'...                                    not infected
debian-8.8
Lenovo Thinkpad: Intel(R) Core(TM) i7-3610QM
CPU 2.30GHz amd64
Top
Post Reply

Return to “System and Network configuration”