Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here. |
| Notices |
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
Are you new to LinuxQuestions.org? Visit the following links:
Site Howto |
Site FAQ |
Sitemap |
Register Now
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
 |
GNU/Linux Basic Guide
This 255-page guide will provide you with the keys to understand the philosophy of free software, teach you how to use and handle it, and give you the tools required to move easily in the world of GNU/Linux. Many users and administrators will be taking their first steps with this GNU/Linux Basic guide and it will show you how to approach and solve the problems you encounter.
Click Here to receive this Complete Guide absolutely free. |
|
 |
07-15-2009, 01:58 AM
|
#1
|
|
Member
Registered: Jul 2009
Posts: 157
Rep: 
|
rkhunter warnings or suspect files
I just installed and ran my first rootkit check and it gave me three warnings or suspect files. I checked rkhunter --help file but it wasn't much help. How do I fix them?
|
|
|
|
|
07-15-2009, 09:37 AM
|
#2
|
|
Senior Member
Registered: Dec 2007
Location: In front of my LINUX OR MAC BOX
Distribution: Mandriva 2009 X86_64 suse 11.3 X86_64 Centos X86_64 Debian X86_64 Linux MInt 86_64 OS X
Posts: 2,354
Rep: 
|
Quote:
Originally Posted by judoka
I just installed and ran my first rootkit check and it gave me three warnings or suspect files. I checked rkhunter --help file but it wasn't much help. How do I fix them?
|
Which distro are you running ?
And what exactly are the warnings |
|
|
|
|
07-15-2009, 10:14 AM
|
#3
|
|
Guru
Registered: Jul 2003
Location: Los Angeles
Distribution: Ubuntu
Posts: 9,870
|
For the record, this post was pruned from here, in order to focus on one topic at a time. I wasn't able to post a notice here earlier, due to some technical problems I experienced.
Last edited by win32sux; 07-15-2009 at 10:15 AM.
|
|
|
|
|
07-15-2009, 09:48 PM
|
#4
|
|
Member
Registered: Jul 2009
Posts: 157
Original Poster
Rep:
|
I'm using ubuntu 9.04 i can't tell you the problems because when i tried to run it again with rkhunter -c it said you must be root user to run this command but it didn't prompt me for a password -- strange
|
|
|
|
|
07-15-2009, 09:52 PM
|
#5
|
|
Member
Registered: Jul 2009
Posts: 157
Original Poster
Rep:
|
oh yeah i forgot about sudo, sorry
|
|
|
|
|
07-15-2009, 09:59 PM
|
#6
|
|
Member
Registered: Jul 2009
Posts: 157
Original Poster
Rep:
|
after performing the check i had warnings in /usr/sbin/inetd /usr/sbin/unhide and usr/sbinunhide-linux26 also when checkng for rootkits i had
Performing trojan specific checks
Checking for enabled inetd services [ Warning ] and
Performing filesystem checks
Checking /dev for suspicious file types [ Warning ]
what should I do?
|
|
|
|
|
07-16-2009, 12:32 PM
|
#7
|
|
Moderator
Registered: May 2001
Posts: 24,779
|
Quote:
Originally Posted by judoka
what should I do?
|
Read the README (isn't that big) before running it and make sure you configure rkhunter.conf and run "--propupd". On error read your logfile and check the FAQ (isn't that big either) for clues, there's even a mailing list archive you can check, and if nothing else comes up post *complete* log lines and error messages. Just saying "hey, I got this [error]" doesn't quite cut it. |
|
|
|
|
08-21-2010, 08:30 AM
|
#8
|
|
LQ Newbie
Registered: Aug 2010
Posts: 2
Rep: 
|
rkhunter binary warnings for mac os x ver: 10.6.4
Your post has been moved to its own thread. See http://www.linuxquestions.org/questi...-6-4-a-827629/. Please don't post in stale threads. Thread closed.
Last edited by unSpawn; 08-21-2010 at 08:41 AM.
|
|
|
|
| Thread Tools |
Search this Thread |
|
|
|
Posting Rules
|
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
HTML code is Off
|
|
|
All times are GMT -5. The time now is 01:28 AM.
|
|
|
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.
|
|
 Latest Threads
LQ News
|
|
