OpenSUSE :: Install Chkrootkit / Rkhunter And Zenmap In 11.2 Kde

Jun 23, 2010

how to install chkrootkit, rkhunter and zenmap in suse 11.2 kde

View 9 Replies


ADVERTISEMENT

Ubuntu Security :: Best Way To Use Chkrootkit Or Rkhunter

Apr 14, 2010

What the best method is for checking for rootkits? I have heard that it is best not to install and run these programs on the distro itself. Would it be possible to install them on another distro/partition and then use them to check for rootkits on my main partition/distro (Ubuntu)?

View 9 Replies View Related

Security :: Localhost Scans With Rkhunter And Chkrootkit?

Feb 16, 2011

Let's say you have a host with some kind of locally installed root kit detector/scanner.

If someone managed to get root access to that box. Wouldn't the first thing to do, before installing a root kit, be to remove any kind root kit detector?

View 3 Replies View Related

Ubuntu Security :: Rkhunter/ Chkrootkit And Exim4 - Installing Progs On Lucid It Comes With Exim4?

May 7, 2010

When installing these progs on Lucid it comes with exim4,I noticed this in the terminal output. What has exim4 to do with rkhunter and/or chkrootkit?

View 3 Replies View Related

OpenSUSE :: Zenmap As Root In KDE (11.4) - "Cannot Execute Command Zenmap"

Apr 2, 2011

I have installed nmap/zenmap from rpms in 11.4. Zenmap as root runs fine from the CLI, but when launched from the KDE Kickoff Application Launcher I get a message back Cannot execute command ' 'zenmap " 'which zenmap' finds zenmap in /usr/bin no problem.

View 6 Replies View Related

OpenSUSE :: Unable To Hunt Rkhunter?

Jun 28, 2010

I am in studio and unable to hunt rkhunter, any ideas.

The rpm is available at [URL] but this repo isnt there in studio options.

View 1 Replies View Related

Ubuntu :: Chmod Not Working, Rkhunter Install?

Mar 8, 2011

sudo: /etc/sudoers is mode 0777, should be 0440 sudo: no valid sudoers sources found, quitting Is the message I'm getting.

View 2 Replies View Related

OpenSUSE :: Updated To 11.4 [64 Bit] - Rkhunter Is Giving Warning: User 'rtkit' Has Been Added To The Passwd File

Mar 13, 2011

i have just updated to openSuSE 11.4 [64 bit]; rkhunter is giving these Warnings :

Warning: User 'rtkit' has been added to the passwd file.
Warning: User 'pulse' has been added to the passwd file.
Warning: User 'statd' has been added to the passwd file.
Warning: Changes found in the group file for group 'audio': User 'pulse' has been added to the group
Warning: Group 'rtkit' has been added to the group file.
Warning: Group 'pulse' has been added to the group file.
Warning: Group 'pulse-access' has been added to the group file.
Warning: Suspicious file types found in /dev: /dev/shm/initrd_exports.sh: ASCII text
Warning: Hidden directory found: /dev/.sysconfig
Warning: Hidden directory found: /dev/.mount

Do these look Normal, Are these False-Positives??

View 4 Replies View Related

Ubuntu :: Get Root Access From Zenmap?

Jul 14, 2011

I've just installed Zenmap and was wondering could anybody show me how to get root access.

View 4 Replies View Related

Software :: Zenmap Not Working In Fedora 14

Nov 17, 2010

i recently installed nmap-5.21 on my fedora using the tar.gz file and the installation was successful (with the typical dragon head at the end of configuration) after which i did make and make install and it showed installation succesful now there is an icon for zenmap and zenmap as root under my internet menu but they dont work ((when i tried to run the command /usr/local/share/zenmap/su-to-zenmap.sh %F the output is

[root@blitz ~]# /usr/local/share/zenmap/su-to-zenmap.sh %F
python: /builddir/build/BUILD/Python-2.7/Objects/dictobject.c:759: PyDict_SetItem: Assertion `value' failed.
/usr/local/share/zenmap/su-to-zenmap.sh: line 50: 24779 Aborted (core dumped) $COMMAND
[root@blitz ~]#

i chkd the line 50 which has 'fi' in the end im new to linux and the only problem i face is installation of softwares

View 2 Replies View Related

Networking :: Zenmap Intense Scan Crashes Network

May 13, 2010

I just started messing with the networking tools in Linux, and I've discovered that when I run an intense scan in zenmap on 192.168.1.1-254, the network crashes. By network crash I mean - All clients on the network lose connectivity.

View 12 Replies View Related

Ubuntu Security :: Chkrootkit Log, Compromised Box?

Mar 28, 2011

Looks like my firefox has been compromised and i have a packet sniffer. Not sure what to do.Should I just delete the suspicous files? here's the chkrootkit log:

ROOTDIR is `/'
Checking `amd'... not found
Checking `basename'... not infected

[code]....

View 6 Replies View Related

Fedora :: After Running Chkrootkit I Got Warning / Remove This?

Jul 6, 2011

Suckit rootkit... Warning: /sbin/init INFECTED

How can I remove this guys? using fedora 15 64bits

View 14 Replies View Related

Security :: Chkrootkit Versus Rootkit Hunter

Jun 8, 2010

I am going through the motions of testing the checkrootkit and rootkit hunter applications on one of our servers. I wanted to get feedback from those who know both as to which of the two is better at 'sniffing' out rootkits. Alternatively, can both be installed without their interfering with the other?

View 4 Replies View Related

Security :: Interpreting Zenmap Results: Network Distance And Traceroute Hop Values

Apr 18, 2011

I ran two scans in Zenmap: 1) Quick scan plus and 2) Quick Traceroute. Quick scan plus, under the Nmap Output tab, has a field called "Network Distance". The Quick Traceroute report under the same tab lists the HOP and RTT time. I was thinking that for a given server, the value for the Network Distance would be the same as the HOP field when initiating the scans from the same server, but they are not.

View 5 Replies View Related

Ubuntu Security :: Ran A Chkrootkit Scan And Found - Suspicious Files And Directories ?

Aug 1, 2010

I ran a chkrootkit scan and found this: The following suspicious files and directories were found: /usr/lib/pymodules/python2.6/.path /usr/lib/xulrunner-1.9.2.8/.autoreg /usr/lib/firefox 3.6.8/.autoreg /usr/lib/jvm/.java-6-openjdk.jinfo

How do I get rid of this suspicious file?

View 4 Replies View Related

Security :: Connection Between Traffic Control Rules & Chkrootkit Threat Notifications?

Sep 25, 2010

Two days ago we started to receive the following message:

/etc/cron.daily/chkrootkit:
The following suspicious files and directories were found:
/lib/init/rw/.mdadm /lib/init/rw/.ramfs
/lib/init/rw/.mdadm
INFECTED (PORTS: 4369)
You have 2 process hidden for ps command
chkproc: Warning: Possible LKM Trojan installed

And about at the same time (a day before that) we have set up new rules for the queueing disciplines using 'tc' on our Debian lenny box (these rules are for some of the experiments we are carrying out). I have ran the chkrootkit manually and this message (as above) keeps appearing, while the rkhunter tool does not complain about these items. Could there be a connection between setting up the new qdisc's and the chkrootkit "INFECTED" messages?

View 7 Replies View Related

Ubuntu Security :: Difference In The Output Of A Port Scan Using Zenmap On The Same System With UFW Turned Off And Then With It Turned On

Feb 16, 2010

This is the difference in the output of a port scan using Zenmap on the same system with UFW turned off and then with it turned on. It is obvious that UFW works.

View 6 Replies View Related

Security :: Just Ran Rkhunter And Got A Lot Of Red Warnings?

Jan 11, 2011

You should be running a firewall. I would also periodically check for rootkits with rkhunter and chkrootkit. Antivirus is usually optional, but it depends on your network ... if you have Window$ machines, do use clamav or something.Hope I'm not distorting the thread but just ran rkhunter and got a lot of red warnings, especially worrying seems:

Quote:

Applications checks...
Applications checked: 4
Suspect applications: 3

View 11 Replies View Related

Security :: Rkhunter Useful On Slackware 13.1?

Nov 28, 2010

According to the rkhunter home page, rkhunter is tested on Slackware up to version 10.1. Does this mean it is not useful on Slackware 13.1?

View 2 Replies View Related

Ubuntu :: Rkhunter Output - Possible Rootkit ?

Nov 9, 2010

Quote:

Warning: Network TCP port 60922 is being used by /usr/lib/chromium-browser/chromium-browser. Possible rootkit: zaRwT.KiT

Use the 'lsof -i' or 'netstat -an' command to check this.

Got this checking rkhunter logs but running rkhunter shows nothing suspicious, should I be worried?

View 1 Replies View Related

Ubuntu Security :: Rkhunter Comes With A Warning?

Jul 13, 2011

Just I install the rkhunter tool via apt-get install rkhunter. When I had run the rkhunter check, rkhunter comes with a warning about "GasKit Rootkit", i dont understand what it is

This server is install new last and maby 1 week old, so i don't understand why this happends.

View 5 Replies View Related

Security :: Possible False Positive With Rkhunter

Jan 5, 2010

I have just been checking one of my machines with rkhunter and got the following result:

Code:
[17:50:08] Warning: Checking for possible rootkit strings [ Warning ]
[17:50:09] Found string 'hdparm' in file '/etc/init.d/checkroot.sh'. Possible rootkit: Xzibit Rootkit
[17:50:09] Found string 'hdparm' in file '/etc/init.d/bootlogd'. Possible rootkit: Xzibit Rootkit

Using a well known search engine shows that others have come across this before: [URL] I have installed the current version of rkhunter from Debian's Unstable repo,but i still have the same result as above. I now check the rkhunter wiki,which mentions the same problem: [URL]

Quote: Here is an example on my system to remove a false positive for a certain rootkit that hit hdparm.

[Code]....

View 4 Replies View Related

Security :: False Positive From Rkhunter?

Oct 25, 2010

Is this a false positive from rkhunter?

/usr/bin/curl [ Warning ]
/usr/bin/ldd [ Warning ]

Chkrootkit came back ok. Running ClamAV and will only add that here if it finds anything. I just neve remember seeing these before. This is in Ubuntu 10.10

View 2 Replies View Related

Security :: Rkhunter's Email With Several Warnings

Dec 23, 2010

Last night I received the classic rkhunter's email with several warnings inside:

Quote:

Warning:

Warning:

Warning:

and so on..

Why rkhunter isn't able to calculate the hash of those files and compare it with the stored one?

Other strange thing: for the "good" file, the hash is often different!

For example, in the last rkhunter.log, /bin/awk is "good".

But:

Quote:

Quote:

So, if the sha1sum is different, why rkhunter tell me that awk is secure?

View 1 Replies View Related

Fedora Security :: SELinux Warning On Rkhunter?

Mar 17, 2011

i get this warning from selinux :

"SELinux is preventing /bin/mailx from append access on the file /var/lib/rkhunter/rkhcronlog.OmRFCZOynG."

I tried to fix it by "# /sbin/restorecon -v /var/lib/rkhunter/rkhcronlog.OmRFCZOynG" as suggested by SELinux but it comes back with another warning, but with a different /rkhcronlog.xxxxxxxxx...

i think its just a way of rkhunter logging issue -. attached here is the actual error message by selinux.

View 6 Replies View Related

Ubuntu Security :: Interpret The 'dates' In Rkhunter.log?

Oct 6, 2010

I've got rkhunter installed and regularly do scans immediately before & after updates & if I get warnings about 'file property updates' after the update I use 'rkhunter --propupd' to give me a clean run.I'm about to setup a ubuntu computer for my nan, I want to enable automatic security updates so she doesn't have to do anything to keep her system secure. I was planning on running rkhunter when I go to her house (about once a month) and check the dates in the resulting rkhunter.log warnings with those in the var/log/apt/history.log to see if legitimate updates caused any rkhunter warnings. I've noticed though that the 'Current file modifiation time:' in the rkhunter.log warnings are incorrect.

My system seems to be about 15 days behind the actual date, I've now run rkhunter --propupd so I have no warnings but got this one off another forum post to show what I mean:

Current file modification time: 1283341157 (01-Sep-2010 06:39:17)

I believe that the '1283341157' is the time in some strange format and the date in brackets is what rkhunter thinks it might be in human format.

1) How to interpret the 'strange date format' (1283341157 in the line above)?

2) If there's a way of configuring the date in rkhunter so that they're correct in rkhunter.log?

3) If there's a better way of keeping her system up-to-date & secure, it's her first computer & she's 86 so I think setting up automatic security updates is the way to go, it'll be one less thing to overwhelm her!

View 2 Replies View Related

Ubuntu Security :: Warning Flagged By The 'rkhunter'

Feb 1, 2011

When I scanned my Ubuntu 10.04 with rkhunter a root kit hunter toolkit, it gave following warning:

Is there something that I have to worry about.

Code:

View 7 Replies View Related

SUSE :: Rkhunter Suspect Files And Applications?

Jun 10, 2010

Is this normal? Suspect applications: 2 Suspect files: 7 Code: [09:53:29]

[Code]...

(I'm guessing the suspect applications are OpenSSH & OpenSSL b/c they are outdated but zypper tells me they're up-to-date?)

View 1 Replies View Related

General :: Rkhunter.conf Doesn't Exists?

Feb 12, 2011

I get this warning when running rkhunter:The file rkhunter.cond foes not exist on the system, but it is present in the rkhunter.dat file.However, the conf file does exist as I just edited it.Any ideas on why this error occurs?[root#] locate rkhunter.conf/etc/rkhunter.conf

View 15 Replies View Related







Copyrights 2005-15 www.BigResource.com, All rights reserved