Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here. |
Notices |
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
Are you new to LinuxQuestions.org? Visit the following links:
Site Howto |
Site FAQ |
Sitemap |
Register Now
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
|
|
02-27-2012, 04:58 PM
|
#1
|
Member
Registered: Sep 2011
Location: /dev/null
Distribution: ubuntu 64bits
Posts: 135
Rep:
|
rkhunter reported RH-Sharpe's Rootkit
Hi,
rkhunter reported RH-Sharpe's Rootkit. In /var/log/rkhunter.log file there is information that potential rootkit is in the executable perl script /usr/bin/slice.
I have contacted rootkit.nl but they told me to ask for help on internet.
Could please anybody help me how to investigate if it is true or false positive ?
thank you,
regards,
M.
|
|
|
02-27-2012, 08:01 PM
|
#2
|
Moderator
Registered: May 2001
Posts: 29,415
|
Quote:
Originally Posted by masuch
rkhunter reported RH-Sharpe's Rootkit. In /var/log/rkhunter.log file there is information that potential rootkit is in the executable perl script /usr/bin/slice.
|
Verify the file belongs to the package that contains it (prolly called "slice" ;-p) then white-list it.
Quote:
Originally Posted by masuch
I have contacted rootkit.nl but they told me to ask for help on internet.
|
I often wonder why people refuse to read files that are aptly named FAQ or README:
Quote:
ROOTKIT HUNTER GENERAL SUPPORT
==============================
If a problem is found with RKH, it is recommended that users initially
try and resolve the problem themselves. This can be done by first
checking the FAQ file, which is present in your installation if the
distributed tarball is used as source. The FAQ will contain answers
to many common problems. The latest version of the FAQ can always be
found at RKH's project pages on SourceForge, in the 'Documentation'
section.
If the problem has occurred directly after upgrading RKH, then please
check the CHANGELOG file. It will contain information about changes
made since the previous version of RKH, and may indicate why you are
now experiencing a problem.
Users should also check the rkhunter-users mailing list archives
(available on the web site). The problem will be investigated by the
RKH development team, and, where appropriate, a solution posted on the
mailing list. Hence the mailing list archives may well contain a
solution to the problem.
Additionally, users should check the RKH tracker system (available at
http://sourceforge.net/tracker/?group_id=155034). It is quite
possible that the problem has already been reported to us as a bug or
support request. It is also possible that a fix for the problem has
been provided in the tracker log.
Depending upon the nature of the problem it may be worthwhile trying
an Internet search (for example using google), to see if anyone else
has experienced a similar problem.
Finally, if you have still not found an answer to the problem, then
mail it to the rkhunter-users mailing list. Please provide as much
information as possible about the problem, but do not make the
message excessively long! Information such as your operating system
and version of RKH should always be included.
Please be advised that while you are free to ask for advice in your
favourite IRC channel, all-purpose forum or distribution mailing list,
the demonstrated level of general and security knowledge and experience,
and therefore the quality of responses, may vary (very much).
If you are sure the problem is a bug, or want it considered as a
support request, then please submit it directly into the tracker
system.
|
|
|
|
02-28-2012, 06:25 AM
|
#3
|
Member
Registered: Sep 2011
Location: /dev/null
Distribution: ubuntu 64bits
Posts: 135
Original Poster
Rep:
|
Quote:
Originally Posted by unSpawn
Verify the file belongs to the package that contains it (prolly called "slice" ;-p) then white-list it.
I often wonder why people refuse to read files that are aptly named FAQ or README:
|
Meybe because the answer is not there. I am sorry, I missed to try IRC channels.
|
|
|
All times are GMT -5. The time now is 11:36 AM.
|
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.
|
Latest Threads
LQ News
|
|