LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Linux - Newbie (https://www.linuxquestions.org/questions/linux-newbie-8/)
-   -   Both chkrootkit and rkhunter find suspicious files, are they false positives? (https://www.linuxquestions.org/questions/linux-newbie-8/both-chkrootkit-and-rkhunter-find-suspicious-files-are-they-false-positives-888870/)

theif519 06-28-2011 07:37 PM
Both chkrootkit and rkhunter find suspicious files, are they false positives?
 
Code:
Searching for suspicious files and dirs, it may take a while... The following suspicious files and directories were found:
 /usr/lib/jvm/.java-6-openjdk.jinfo /usr/lib/pymodules/python2.6/.path /usr/lib/pymodules/python2.7/.path
 /usr/lib/xulrunner-1.9.2.17/.autoreg /usr/lib/byobu/.notify_osd /usr/lib/thunderbird-3.1.10/.autoreg
Results from chkrootkit

Code:
Performing system configuration file checks
 Checking for SSH configuration file [ Found ]
 Checking if SSH root access is allowed [ Warning ]
 Checking if SSH protocol v1 is allowed [ Not allowed ]
 Checking for running syslog daemon [ Found ]
 Checking for syslog configuration file [ Found ]
 Checking if syslog remote logging is allowed [ Not allowed ]

 Performing filesystem checks
 Checking /dev for suspicious file types [ Warning ]
 Checking for hidden files and directories [ Warning ]

Results from RKHunter

GlennsPref 06-28-2011 08:33 PM
Hi, Having used these programs a few times I remember some of the
false positives that get reported, like auto-register and auto-update
files/programs acting autonomously and exhibit Trojan behaviour.

Looking at your info you posted, I'd say those files are fine, not trojans.

The only one I personally have not seen is
Quote:
/usr/lib/byobu/.notify_osd
If you know what it is and what it does, that may clear up any doubts.

Cheers, Glenn

theif519 06-28-2011 08:42 PM
Quote:
Originally Posted by GlennsPref (Post 4398584)
Hi, Having used these programs a few times I remember some of the
false positives that get reported, like auto-register and auto-update
files/programs acting autonomously and exhibit Trojan behaviour.

Looking at your info you posted, I'd say those files are fine, not trojans.

The only one I personally have not seen is If you know what it is and what it does, that may clear up any doubts.

Cheers, Glenn
I forgot I installed it, it's a screen saver

"byobu (1) - wrapper script for seeding a user's byobu configuration and launching screen"

Thank you for clearing that up.


All times are GMT -5. The time now is 09:01 PM.