Frågor pga rkhunter.log
Postat: 21 mar 2010, 22:02
Jag körde rkhunter och fick fram dessa grejjer i loggen,
[20:48:08] Info: Found file '/usr/bin/ldd': it is whitelisted for the 'script replacement' check.
[20:48:17] Info: Found file '/usr/bin/lwp-request': it is whitelisted for the 'script replacement' check.
[20:48:22] Info: Found file '/usr/sbin/adduser': it is whitelisted for the 'script replacement' check.
[20:48:26] Warning: The file '/usr/sbin/unhide' exists on the system, but it is not present in the rkhunter.dat file.
[20:48:27] Warning: The file '/usr/sbin/unhide-linux26' exists on the system, but it is not present in the rkhunter.dat file.
[20:50:39] Performing system boot checks
[20:50:39] Info: Starting test name 'startup_files'
[20:50:39] Checking for local host name [ Found ]
[20:50:39] Info: Starting test name 'startup_malware'
[20:50:39] Checking for system startup files [ Found ]
[20:50:42] Checking system startup files for malware [ None found ]
[20:50:42]
[20:50:42] Performing group and account checks
[20:50:42] Info: Starting test name 'group_accounts'
[20:50:42] Checking for passwd file [ Found ]
[20:50:42] Info: Found password file: /etc/passwd
[20:50:42] Checking for root equivalent (UID 0) accounts [ None found ]
[20:50:42] Info: Found shadow file: /etc/shadow
[20:50:42] Checking for passwordless accounts [ None found ]
[20:50:42] Info: Starting test name 'passwd_changes'
[20:50:42] Checking for passwd file changes [ None found ]
[20:50:42] Info: Starting test name 'group_changes'
[20:50:42] Checking for group file changes [ None found ]
[20:50:42] Checking root account shell history files [ OK ]
[20:50:43]
[20:50:43] Performing system configuration file checks
[20:50:43] Info: Starting test name 'system_configs'
[20:50:43] Checking for SSH configuration file [ Not found ]
[20:50:43] Checking for running syslog daemon [ Found ]
[20:50:43] Checking for syslog configuration file [ Found ]
[20:50:43] Info: Found syslog configuration file: /etc/syslog.conf
[20:50:43] Checking if syslog remote logging is allowed [ Not allowed ]
[20:50:43]
[20:50:43] Performing filesystem checks
[20:50:43] Info: Starting test name 'filesystem'
[20:50:43] Info: SCAN_MODE_DEV set to 'THOROUGH'
[20:50:44] Checking /dev for suspicious file types [ Warning ]
[20:50:44] Warning: Suspicious file types found in /dev:
[20:50:44] /dev/shm/pulse-shm-3648311577: data
[20:50:44] /dev/shm/pulse-shm-4259845016: data
[20:50:44] /dev/shm/pulse-shm-2851694753: data
[20:50:44] /dev/shm/pulse-shm-1677299384: data
[20:50:45] /dev/shm/pulse-shm-188182408: data
[20:50:45] /dev/shm/pulse-shm-559511693: data
[20:50:45] /dev/shm/pulse-shm-1828084571: data
[20:50:45] Checking for hidden files and directories [ Warning ]
[20:50:46] Warning: Hidden directory found: /etc/.java
[20:50:46] Warning: Hidden directory found: /dev/.udev
[20:50:46] Warning: Hidden directory found: /dev/.initramfs
Är det nått skumt med dom grejjer som den hittat (jag utelämnade allt som bara var ok). I sådana fall, vad ska jag göra åt det?[20:50:55] System checks summary
[20:50:55] =====================
[20:50:55]
[20:50:55] File properties checks...
[20:50:55] Files checked: 129
[20:50:55] Suspect files: 2
[20:50:55]
[20:50:55] Rootkit checks...
[20:50:55] Rootkits checked : 114
[20:50:55] Possible rootkits: 0
[20:50:55]
[20:50:55] Applications checks...
[20:50:55] Applications checked: 2
[20:50:55] Suspect applications: 0
[20:50:55]
[20:50:55] The system checks took: 3 minutes and 6 seconds
[20:50:56]
[20:50:56] Info: End date is sön 21 mar 2010 20.50.55 CET