LinuxQuestions.org
Latest LQ Deal: Linux Power User Bundle
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie
User Name
Password
Linux - Newbie This Linux forum is for members that are new to Linux.
Just starting out and have a question? If it is not in the man pages or the how-to's this is the place!

Notices


Reply
  Search this Thread
Old 06-28-2011, 07:37 PM   #1
theif519
Member
 
Registered: Mar 2011
Location: Philadelphia, PA
Distribution: Kubuntu 12.10
Posts: 255

Rep: Reputation: 4
Both chkrootkit and rkhunter find suspicious files, are they false positives?


Code:
 Searching for suspicious files and dirs, it may take a while... The following suspicious files and directories were found: 
 /usr/lib/jvm/.java-6-openjdk.jinfo /usr/lib/pymodules/python2.6/.path /usr/lib/pymodules/python2.7/.path
 /usr/lib/xulrunner-1.9.2.17/.autoreg /usr/lib/byobu/.notify_osd /usr/lib/thunderbird-3.1.10/.autoreg
Results from chkrootkit

Code:
Performing system configuration file checks
 Checking for SSH configuration file [ Found ]
 Checking if SSH root access is allowed [ Warning ]
 Checking if SSH protocol v1 is allowed [ Not allowed ]
 Checking for running syslog daemon [ Found ]
 Checking for syslog configuration file [ Found ]
 Checking if syslog remote logging is allowed [ Not allowed ]

 Performing filesystem checks
 Checking /dev for suspicious file types [ Warning ]
 Checking for hidden files and directories [ Warning ]

Results from RKHunter
 
Old 06-28-2011, 08:33 PM   #2
GlennsPref
Senior Member
 
Registered: Apr 2004
Location: Brisbane, Australia
Distribution: pclinuxos slackware64 tails kali
Posts: 3,372
Blog Entries: 33

Rep: Reputation: 217Reputation: 217Reputation: 217
Hi, Having used these programs a few times I remember some of the
false positives that get reported, like auto-register and auto-update
files/programs acting autonomously and exhibit Trojan behaviour.

Looking at your info you posted, I'd say those files are fine, not trojans.

The only one I personally have not seen is
Quote:
/usr/lib/byobu/.notify_osd
If you know what it is and what it does, that may clear up any doubts.

Cheers, Glenn
 
Old 06-28-2011, 08:42 PM   #3
theif519
Member
 
Registered: Mar 2011
Location: Philadelphia, PA
Distribution: Kubuntu 12.10
Posts: 255

Original Poster
Rep: Reputation: 4
Quote:
Originally Posted by GlennsPref View Post
Hi, Having used these programs a few times I remember some of the
false positives that get reported, like auto-register and auto-update
files/programs acting autonomously and exhibit Trojan behaviour.

Looking at your info you posted, I'd say those files are fine, not trojans.

The only one I personally have not seen is If you know what it is and what it does, that may clear up any doubts.

Cheers, Glenn
I forgot I installed it, it's a screen saver

"byobu (1) - wrapper script for seeding a user's byobu configuration and launching screen"

Thank you for clearing that up.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
Rkhunter false positives? Amdx2_x64 Linux - Security 2 10-25-2010 05:19 PM
rkhunter found suspicious files mikieboy Linux - Security 2 08-10-2010 11:00 AM
unable to remove rkhunter false positives. permalac Linux - Security 2 11-07-2008 01:23 PM
chkrootkit - suspicious files and dirs Dave Lerner Linux - Security 2 07-09-2005 08:49 AM
Chkrootkit False Positives Sabicas Linux - Software 0 08-03-2004 12:42 AM

LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie

All times are GMT -5. The time now is 02:57 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration