Linux - SecurityThis forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
I just ran a 'ps aux' (after a long time of ignoring it) and I noticed that among the processes there is one called "-:0" (except for the quotes). It actually looks like this:
As I said, I ignored (I know, shame on me) for a while some basic security checks, but I don't remember seeing this until now. Is it normal?
chkrootkit returns clean output, so does rkhunter except for:
I just ran a 'ps aux' (after a long time of ignoring it) and I noticed that among the processes there is one called "-:0" (except for the quotes) ... Is it normal?
I believe that's just the Xserver. If you were to start another instance, it would appear as :1. Anytime you need to verify of a process like that, you can look up information on the process in /proc/<PID>. In this case, just take a look at /proc/3743/cmdline
chkrootkit returns clean output, so does rkhunter except for:
I didn't see anything special in the logs. So, should I be worried about it?
Chkrootkit flags any hidden files or dirs that it finds outside of the home directory portions of the filesystem. So this causes alot of false positives. Those appear to be normal, but it's usually a good idea to look at the contents just to be sure.
Not to mention that my XP install seems to have problems as well: no matter what URL I'd type in the address bar (FF or IE, rgeardless), it only displays a page that says "MONSTER", and the page's title is "Babilon computers". Anyway, I have to google for this, I didn't have time so far to do it.
So, Capt_Caveman, it looks you were right, but I still need a confirmation that everything is alright (maybe I'm a bit paranoid though ) due to the output of 'cat /proc/NNNN/cmdline' as shown before.
And does anybody have any ideas on the other, XP problem? Google didn't reveal anything so far.
Sounds completely normal. I remember thinking it was strange the first time I saw it as well. As for the XP system, could be a trojan but a malicious proxy sounds very possible too. I'd do an antivirus scan and run a spyware remover like adaware
Indeed, the Win problem turned out to be a spyware (I'm not sure if it's WebHancer, New.Net or CommonName, one of them though). It affects the Windows' LSP, rendering impossible any kind of Web Connection.
Right now I'm downloading some trouble-fixer (LSPFix if anyone heard of it) and if it won't work...I have to do it manually...uninstall & reinstall Windows' Communication support and some other stuff. I mentioned this just in case someone else has the same problem.
Anyway, thanks Capt_Caveman for the tips and for making my fears go away. Also thanks to pAn1k for the spared time.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.