LinuxQuestions.org
Review your favorite Linux distribution.
Home Forums Tutorials Articles Register
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
Reload this Page Rkhunter reports a hidden directory
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices


Reply
  Search this Thread
Old 10-23-2015, 02:24 PM   #1
born2bewild
LQ Newbie
 
Registered: Oct 2015
Posts: 9

Rep: Reputation: Disabled
Rkhunter reports a hidden directory

I ran rkhunter and there was a warning.

Warning: Hidden directory found: /bin/.gnome-desktop
Warning: Hidden directory found: /sbin/.gnome-desktop

I then ran ls to see what was in there

Code:
ls -l /bin/.gnome-desktop
total 4
-rwxr-xr-x 1 root root 342 Jun 13  2014 DELL-Configurator.desktop*

ls -l /sbin/.gnome-desktop
total 4
-rwxr-xr-x 1 root root 342 Jun 13  2014 DELL-Configurator.desktop*
This is the dell printer setup utility that I install last year from dell's website. Why would it be installed in a hidden directory?

Rkhunter doesn't say it's a rootkit, just a hidden directory. Should I be concern anyway because it's hidden?
Last edited by born2bewild; 10-23-2015 at 02:27 PM.
 
Old 10-23-2015, 02:49 PM   #2
Habitual
LQ Veteran
 
Registered: Jan 2011
Location: Abingdon, VA
Distribution: Catalina
Posts: 9,374
Blog Entries: 37

Rep: Reputation: Disabled
Quote:
Originally Posted by born2bewild View Post
I ran rkhunter and there was a warning.

Warning: Hidden directory found: /bin/.gnome-desktop
Warning: Hidden directory found: /sbin/.gnome-desktop
Just remove them since you know how they got there.
 
Old 10-23-2015, 03:46 PM   #3
born2bewild
LQ Newbie
 
Registered: Oct 2015
Posts: 9

Original Poster
Rep: Reputation: Disabled
Quote:
Originally Posted by Habitual View Post
Just remove them since you know how they got there.
I might just do that.

I digged a little deeper into this directory and ran two commands on this DELL file to see what it really is.

Code:
file /sbin/.gnome-desktop/DELL-Configurator.desktop 
/sbin/.gnome-desktop/DELL-Configurator.desktop: UTF-8 Unicode text

cat /sbin/.gnome-desktop/DELL-Configurator.desktop 
[Desktop Entry]
Type=Application
Name=DELL Unified Driver Configurator
Name[fr]=Configurateur de pilote DELL Unified Driver
Comment=Manage your printers and scanners here
Comment[fr]=Grer vos imprimantes et scanners ici
Exec=/opt/DELL/mfp/bin/Configurator
Icon=/opt/DELL/mfp/share/images/Configurator.png
Terminal=false
StartupNotify=false
It's just an icon that points to the dell utility printer setup wheeewww

Sometimes when you audit your own system and you're not an IT security person. it can be an adventure when you don't understand if a warning message is harmless or not

Also, now that linux is as popular as windows we need to be proactive and check for rootkits and malwares periodically.
Last edited by born2bewild; 10-23-2015 at 03:54 PM.
 
Old 10-23-2015, 04:46 PM   #4
Habitual
LQ Veteran
 
Registered: Jan 2011
Location: Abingdon, VA
Distribution: Catalina
Posts: 9,374
Blog Entries: 37

Rep: Reputation: Disabled
Quote:
Originally Posted by born2bewild View Post
Code:
file /sbin/.gnome-desktop/DELL-Configurator.desktop
add 'strings' to your utility-belt
Code:
strings /sbin/.gnome-desktop/DELL-Configurator.desktop
 
Old 10-23-2015, 05:27 PM   #5
born2bewild
LQ Newbie
 
Registered: Oct 2015
Posts: 9

Original Poster
Rep: Reputation: Disabled
Quote:
Originally Posted by Habitual View Post
add 'strings' to your utility-belt
Code:
strings /sbin/.gnome-desktop/DELL-Configurator.desktop
Thanks I will.
 
Old 10-24-2015, 04:44 PM   #6
Habitual
LQ Veteran
 
Registered: Jan 2011
Location: Abingdon, VA
Distribution: Catalina
Posts: 9,374
Blog Entries: 37

Rep: Reputation: Disabled
You are welcome.
 
  


Reply



Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
How do you copy hidden files from one directory to another? Akhran Linux - Newbie 22 12-13-2019 05:20 PM
[SOLVED] Strange rkhunter reports -- Yet another "has my machine been compromised" question... cincin Linux - Security 5 07-25-2012 04:21 AM
[SOLVED] rkhunter to check hashes of files in directory crts Linux - Software 2 08-09-2011 12:33 AM
[SOLVED] How to unhide hidden directory TigerLinux Linux - Newbie 3 06-30-2011 07:35 AM
RKhunter warning about hidden files. gonus Linux - Security 3 05-03-2007 10:27 AM

LinuxQuestions.org > Forums > Linux Forums > Linux - Security

All times are GMT -5. The time now is 12:14 AM.

Contact Us - Advertising Info - Rules - Privacy - LQ Merchandise - Donations - Contributing Member - LQ Sitemap -
Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration