OpenSUSE :: Updated To 11.4 [64 Bit] - Rkhunter Is Giving Warning: User 'rtkit' Has Been Added To The Passwd File
Mar 13, 2011
i have just updated to openSuSE 11.4 [64 bit]; rkhunter is giving these Warnings :
Warning: User 'rtkit' has been added to the passwd file.
Warning: User 'pulse' has been added to the passwd file.
Warning: User 'statd' has been added to the passwd file.
Warning: Changes found in the group file for group 'audio': User 'pulse' has been added to the group
Warning: Group 'rtkit' has been added to the group file.
Warning: Group 'pulse' has been added to the group file.
Warning: Group 'pulse-access' has been added to the group file.
Warning: Suspicious file types found in /dev: /dev/shm/initrd_exports.sh: ASCII text
Warning: Hidden directory found: /dev/.sysconfig
Warning: Hidden directory found: /dev/.mount
Do these look Normal, Are these False-Positives??
View 4 Replies
ADVERTISEMENT
Jan 14, 2011
we know that /etc/passwd - is a replica of /etc/passwd file and acts as a backup in any damage done to /etc/passwd file..i have observed a strange thing in RHEL 5.4....for example... if /etc/passwd has 100 accounts.. then /etc/passwd - is having only 99 accounts....when i add 101 useraccount with "useradd" then /etc/passwd has 101 accounts and /etc/passwd is having the 100th account of /etc/passwd - ..when i delete /etc/passwd and recover it with /etc/passwd - from runlevel 1 the lastly created user is not having his account after recovery.. what is the solution? this is same case even with /etc/shadow and /etc/shadow -
View 2 Replies
View Related
Jul 13, 2011
Just I install the rkhunter tool via apt-get install rkhunter. When I had run the rkhunter check, rkhunter comes with a warning about "GasKit Rootkit", i dont understand what it is
This server is install new last and maby 1 week old, so i don't understand why this happends.
View 5 Replies
View Related
Mar 17, 2011
i get this warning from selinux :
"SELinux is preventing /bin/mailx from append access on the file /var/lib/rkhunter/rkhcronlog.OmRFCZOynG."
I tried to fix it by "# /sbin/restorecon -v /var/lib/rkhunter/rkhcronlog.OmRFCZOynG" as suggested by SELinux but it comes back with another warning, but with a different /rkhcronlog.xxxxxxxxx...
i think its just a way of rkhunter logging issue -. attached here is the actual error message by selinux.
View 6 Replies
View Related
Feb 1, 2011
When I scanned my Ubuntu 10.04 with rkhunter a root kit hunter toolkit, it gave following warning:
Is there something that I have to worry about.
Code:
View 7 Replies
View Related
Jun 15, 2011
I had been receiving a rkhunter warning on my Fedora 14 server for quite some time now. Attempts to fix the error via information from Google searches have failed. I decided to have a look at bugzilla and what do you know, a fix. The warning:
Quote:
[03:29:08] Warning: The SSH and rkhunter configuration options should be the same:
Warning: The SSH and rkhunter configuration options should be the same:
The fix, according to https://bugzilla.redhat.com/show_bug.cgi?id=596775 is to change
PHP Code:
ALLOW_SSH_PROT_V1=2
to
PHP Code:
ALLOW_SSH_PROT_V1=0
I made the change and ran rkhunter again. No more error. I know everyone was wondering about this.
View 2 Replies
View Related
Dec 25, 2010
when loggin as a normal user and search for a file passwd under /etc. i get few errors with permission denied.how to ignore this permission denied errors.
csh hostname 109 % find . -name passwd
find: ./lvm/backup: Permission denied
find: ./lvm/archive: Permission denied
[code]....
View 4 Replies
View Related
Feb 22, 2011
Like Jackp27, I am reacting to a transient warning from rkhunter, indicating a possible LKM trojan, which may or may not be a false positive. Running chkrootkit and rkhunter repeatedly, including older versions running under live CDs like INSERT, indicated nothing wrong, but two runs of rkhunter running under the possibly compromised system itself did seem to suggest rkhunter thought it might have found elements of trojan code in RAM.
Like Jackp27, I can't give details right now because I do not currently have access to my logs, but I did find one webpage (can't give link because I do not currently have access to my detailed notes) suggesting that rkhunter may have thought it found a signature of the adore trojan in RAM by looking at /proc/kallsymms which is not a file I ordinary look at. I did look at it very closely yesterday, repeatedly, and it seems to be mostly empty, but occasionaly seems to contain what might be a sequence of calls to various kernel modules--- right now I only recall that some had the form ??_guest_? and that x_tables might be involved.
Can anyone give me a rough indication of what /proc/kallsymms is supposed to do, whether it should normally be empty, and when it is not, what kind of lines are supposed to show up in that "file" when I cat it? I also saw something about ?_logdrop? which may have had something to do with with rotating logs (I rebooted several times) rather than a trojan keylogger. But maybe some trojans rotate logs to try to hide their presence?
I know I am not giving enough information--- I hope to come back later with more details after I have managed to access my logs and notes, so feel free to say what kind of details would be most helpful in helping me decide whether or not this was a false positive.
View 6 Replies
View Related
Jan 9, 2010
I was able to get Firefox3.5.6 working on Mandriva which came with Firefox2 but I could use a few questions answered. I downloaded the tar file from the Mozilla site and followed the directions. I un-tarred it and dragged the shell script onto the top panel or launch bar at the top of the desktop instead of finalizing it their way. The launcher application works fine for three but two starts up the Dom inspector every time it starts. Not a big deal because I don't want to disturb Ff2 anymore than needed right now. So my main questions are what is the proper way to add a browser that shares files on Linux and is it possible to add Ff3 to the Application/Internet helper file? Should you really only have one version of Firefox? Does Linux call their helper files helper files or is it something different?
View 5 Replies
View Related
Jan 16, 2010
I am using Ubuntu 9.10. I currently have two users myself and my wife. Yesterday morning when I tried to log in I receive the following messages:
"Could not update ICEauthority file /home/david/.ICEauthority"
then
"There is a problem with configuration server /usr/lib/libgonf2-4/gconf-sanity-check-2 with status 256"
and finally
"Nautilus could not create the following required folder /home/david/Desktop/.nautilius"
I searched the forum and followed some stuff about chmod 755 for the gconf file etc but still have the same problem. My wife can still log in with no problem by the way.
View 9 Replies
View Related
Jul 6, 2010
i just tried to install Ubuntu Netbook 10.04 on my old Amilo Lifebook P Series. But after the boot screen and the choice to install Ubuntu i get stuck at the Ubuntu screen with the little dots on the bottom If I hit esc i can see the warning (process 257): GLib-WARNING **: getpwuid_(r) failed due to unknown user id (0)
View 2 Replies
View Related
Jul 29, 2011
Wvdial give me this error
PHP Code:
--> WvDial: Internet dialer version 1.60--> Warning:
section [Dialer Defaults] does not exist in wvdial.conf.
--> Cannot open /dev/modem: No such file or directory
--> Cannot open /dev/modem: No such file or directory
--> Cannot open /dev/modem: No such file or directory
View 1 Replies
View Related
May 1, 2011
This has been bugging me since I upgraded to 11.4. First I noticed that most of the time when a file is copied from an application (say, downloaded from Firefox) in to a directory that Konqueror does not show the new file until I hit "Reload".OK, I could live with that, annoying as it is. Why it can't recognize that a new file has been added to the directory since the last display refresh when I switch to that window I don't know, but fine, whatever.
Then I installed Firefox 4.0 - and now frequently when I open the "Save As" file browse dialog, it doesn't see any of the files recently added either. I put in a complaint to Mozilla, but apparently only ONE other person on the planet has ever seen this happen. But it was never the case before, either in earlier Firefox or earlier openSUSE releases. I was always able to see the files I previously saved to that folder when saving a new one.
And today it happened in Kaffeine which I don't remember ever seeing before. I opened the "Open File" dialog and it couldn't see a video file I had just downloaded. When I closed Kaffeine and then restarted it, it could see it.Is this something that has been ongoing or is it new? I can't find anything via Google Search to explain it. Is there some setting somewhere that needs to be tweaked? Is it a file system problem?
View 3 Replies
View Related
Apr 19, 2010
I've installed BOINC for first time (from suse repos). I'm worried about running BOINC as root. How can this be avoided? I'd first like to exhaust all options with the official opensuse repo version of BOINC. If I am unsuccessful, then I'll try the version from Berkeley website.
View 13 Replies
View Related
Dec 20, 2010
All servers mentioned below run OpenSuSE, either 10 or 11.I am currently working on a few scripts that are meant to be used as part of a continuous integration setup. I am trying to keep these scripts reasonably secure, and so I have made sure that all the servers run these scripts only as a specific user (user1) that has permissions to basically nothing else. The problem I am currently running into is that I need to start and stop tomcat as user1 but this user doesn't have permissions to the tomcat rectory (only tomcat has execute permissions). I have a temporary workaround in place while I work on the scripts (I have an SSH key in place that allows me to SSH from user1o tomcat without a password and execute my commands that way) but it is not very secure. I have tried adding the following line to /etc/sudoers:
Code:
tomcat localhost = NOPASSWD: /opt/tomcat/bin/startup.sh, /opt/tomcat/bin/shutdown.sh
but it doesn't work as I expected it to. I tried a few different syntaxes for that line,
[code]...
View 6 Replies
View Related
Jul 28, 2010
In what cases would a user appear in /etc/shadow and not /etc/passwd
View 2 Replies
View Related
Apr 22, 2010
we are trying to make a policy decision whether to go with SSH user/passwd or PPK secure key ? our servers are hosted remotely by a hosting service. we were wondering which of these two models are more secure.e.g. i would tend to think that user/passwd with account lockouts upon failed attempts would be more secure because the other option exposes your server in case someone sneaks the PPK file or steals your whole computer.however, what makes me doubt myself is that Amazon Web Services EC2 cloud hosting uses PPK by default (although an instance's SSH config can be change to accommodate logging in but they don't endorse it).
View 3 Replies
View Related
May 16, 2011
I have just got my Openldap server up and running howerver, I admit I'm a little confused about authenticating a client mechine to the server. When I create an account on the ldap server, does this mean that the server creates a user account in the /etc/passwd, or somewhere else on the server?
View 2 Replies
View Related
Oct 15, 2010
How we can take username from the /etc/passwd which have UID more than or equal to 500.
View 3 Replies
View Related
Jan 26, 2011
Is it possible to log in secure shell (openssh ) using a username and password which is not present in "/etc/passwd" .The shell created after authentication should be owned by the logged in user . Is it possible to store the user infromation like uid , gid , home dir , shell in some remote machine instead of /etc/passwd and then retrive the these these information when a session is created for the logged in user .
View 2 Replies
View Related
May 12, 2011
When I learn shell script, I want to add my own PATH variable to system previous variables. I find that my linux has the below PATH variables (in the end of this message). It shows 'No such file or directory' although I verify that all the directories exist. Some directories are empty indeed. This will result that warning?
I want to make the present PATH variables correct before I add mine.
bash: /usr/lib/mpi/gcc/openmpi/bin:/home/jeff/bin:/usr/local/bin:/usr/bin:/bin:/usr/bin/X11:/usr/X11R6/bin:/usr/games:/usr/lib/jvm/jre/bin: No such file or directory
View 9 Replies
View Related
Mar 25, 2011
How I can do a ftp connection putting the user and passwd, and I would do! Today, I need to know how can I do this, but in SFTP!
View 1 Replies
View Related
Apr 23, 2010
I am using Red Hat and was wondering how to disable username and password only login and require that a PPK secure key file be used for authentication ? I can log in using the secure private key and the public key that is in ~/.ssh/authorized_keys but i can still log in using the plain username and password login.
View 2 Replies
View Related
Feb 4, 2010
I started to work on building a ftp by vsftpd in our lab (that's only for our lab members). I am going to setup some the virtual users for each of the member. We have a CentOS5 (without upgrade after the fresh installation). I try several ways to setup the vsftpd for virtual users. 1) with db4 2) with mysql 3) without database and use htpasswd. But all fails. Actually, I don't want to use database, so I am going to find out the reason of failure on 'htpasswd' method
My vsftpd is installed in /etc/vsftpd (for only using ftp account, it is no problem to login).
1) I setup an account called vftpuser and build the corresponding home (/home/vftpuser), and then I setup another account call usera and also create a directory within /home/vftpuser.
2) I use htpasswd to add passwd to usera and store the passwd in /etc/vsftpd/passwd.
3) I added the name of usera to /etc/vsftpd/user_list
4) I create a directory /etc/vsftpd/user to store a unique conf for each user (for usera, the conf named usera) which contains the local root for users, which is
[Code]....
View 1 Replies
View Related
Sep 24, 2009
I am trying to write a remote access module. Is there any function in linux where I can give string (password entered by user) and compare it with the actual user password stored in /etc/shadow. Since the password is stored encrypted in /etc/shadow I cannot parse and compare. So I want some method to compare if my user entered the correct password..Is there any function for that..
View 6 Replies
View Related
Jun 12, 2011
So I just recently installed fresh 13.37 over my 13.1 install. Went multilib, and added myself to the usergroups I thought I might need. But truth is, I don't know what half of these are and I just picked the ones that sounded right. I'm the only user on this computer, although I might possibly maybe add another someone if I have to for some reason.
For my user account, I added myself to:
Code:
bin
disk
mem
kmem
wheel
floppy
mail
news
uucp
man
dialout
audio
video
cdrom
games
mysql
sshd
gdm
shadow
ftp
messagebus
haldaemon
plugdev
power
netdev
scanner
users
console
kismet
vboxusers
Basically, I want my own account to be able to do everything I normally do without too much restriction (use the disc drive, mount hard drives, browse the web, read/send email via Thunderbird, download stuff, etc), but leaving the important stuff to root so that if someone else happens to use the computer under my account, they can't do any damage. Did I select the right groups for this? Should I add or remove any? And what groups should a user have if I just want them able to browse the web, download files, use their /home, run non-root apps, and nothing else?
View 8 Replies
View Related
Jun 4, 2009
why I can't open this file.
[root@localhost fedora]# gedit /etc/var/log/rkhunter/rkhunter.log No protocol specified (gedit:24869): Gtk-WARNING **: cannot open display: :0.0 [root@localhost fedora]# gedit /var/log/rkhunter/rkhunter.log No protocol specified
There is absolutely no reason why it can't be opened. I opened it just fine earlier and now it won't open up for inspection.
View 7 Replies
View Related
Sep 12, 2010
Rkhunter file properties changed
View 2 Replies
View Related
Feb 18, 2010
is it possible to create a shell script that adds user and password in the passwd and smbpasswd?
View 3 Replies
View Related
Aug 10, 2010
Not able to login to a user account, even after clearing the password from root using passwd -d
[root@ivrsdb1_pnq /]# passwd -S oracle
Password locked.
[root@ivrsdb1_pnq /]# passwd -u -f oracle
Unlocking password for user oracle.
[code]....
View 3 Replies
View Related
