Ubuntu Security :: Rkhunter File Properties Changed?
Sep 12, 2010Rkhunter file properties changed
View 2 Replies
ADVERTISEMENT
Fedora Security :: Rkhunter Error - Can't Open File
Jun 4, 2009why I can't open this file.
[root@localhost fedora]# gedit /etc/var/log/rkhunter/rkhunter.log No protocol specified (gedit:24869): Gtk-WARNING **: cannot open display: :0.0 [root@localhost fedora]# gedit /var/log/rkhunter/rkhunter.log No protocol specified
There is absolutely no reason why it can't be opened. I opened it just fine earlier and now it won't open up for inspection.
Security :: Fix A Source File That Had Definately Not Changed?
Jul 9, 2010I am running a Fedora 10 Virtual Server and get have a feeling I have been hacked. I needed to fix a source file that I had definately not changed myself. It was a PHP file concerned with usernames and passwords so that made me even more suspicious. I have been investigating and found the following. If you need other information give me the command I should run and I will update, I am no expert in this area and use the server to host my website and SVN. I am the only person that has access to the server.
Code:
# lsof -u nobody
COMMAND PID USER FD TYPE DEVICE SIZE NODE NAME
[code]....
Ubuntu Security :: Best Way To Use Chkrootkit Or Rkhunter
Apr 14, 2010What the best method is for checking for rootkits? I have heard that it is best not to install and run these programs on the distro itself. Would it be possible to install them on another distro/partition and then use them to check for rootkits on my main partition/distro (Ubuntu)?
View 9 Replies View RelatedUbuntu Security :: Rkhunter Comes With A Warning?
Jul 13, 2011Just I install the rkhunter tool via apt-get install rkhunter. When I had run the rkhunter check, rkhunter comes with a warning about "GasKit Rootkit", i dont understand what it is
This server is install new last and maby 1 week old, so i don't understand why this happends.
Security :: Just Ran Rkhunter And Got A Lot Of Red Warnings?
Jan 11, 2011You should be running a firewall. I would also periodically check for rootkits with rkhunter and chkrootkit. Antivirus is usually optional, but it depends on your network ... if you have Window$ machines, do use clamav or something.Hope I'm not distorting the thread but just ran rkhunter and got a lot of red warnings, especially worrying seems:
Quote:
Applications checks...
Applications checked: 4
Suspect applications: 3
Security :: Rkhunter Useful On Slackware 13.1?
Nov 28, 2010According to the rkhunter home page, rkhunter is tested on Slackware up to version 10.1. Does this mean it is not useful on Slackware 13.1?
View 2 Replies View RelatedUbuntu Security :: Interpret The 'dates' In Rkhunter.log?
Oct 6, 2010I've got rkhunter installed and regularly do scans immediately before & after updates & if I get warnings about 'file property updates' after the update I use 'rkhunter --propupd' to give me a clean run.I'm about to setup a ubuntu computer for my nan, I want to enable automatic security updates so she doesn't have to do anything to keep her system secure. I was planning on running rkhunter when I go to her house (about once a month) and check the dates in the resulting rkhunter.log warnings with those in the var/log/apt/history.log to see if legitimate updates caused any rkhunter warnings. I've noticed though that the 'Current file modifiation time:' in the rkhunter.log warnings are incorrect.
My system seems to be about 15 days behind the actual date, I've now run rkhunter --propupd so I have no warnings but got this one off another forum post to show what I mean:
Current file modification time: 1283341157 (01-Sep-2010 06:39:17)
I believe that the '1283341157' is the time in some strange format and the date in brackets is what rkhunter thinks it might be in human format.
1) How to interpret the 'strange date format' (1283341157 in the line above)?
2) If there's a way of configuring the date in rkhunter so that they're correct in rkhunter.log?
3) If there's a better way of keeping her system up-to-date & secure, it's her first computer & she's 86 so I think setting up automatic security updates is the way to go, it'll be one less thing to overwhelm her!
Ubuntu Security :: Warning Flagged By The 'rkhunter'
Feb 1, 2011When I scanned my Ubuntu 10.04 with rkhunter a root kit hunter toolkit, it gave following warning:
Is there something that I have to worry about.
Code:
Security :: Possible False Positive With Rkhunter
Jan 5, 2010I have just been checking one of my machines with rkhunter and got the following result:
Code:
[17:50:08] Warning: Checking for possible rootkit strings [ Warning ]
[17:50:09] Found string 'hdparm' in file '/etc/init.d/checkroot.sh'. Possible rootkit: Xzibit Rootkit
[17:50:09] Found string 'hdparm' in file '/etc/init.d/bootlogd'. Possible rootkit: Xzibit Rootkit
Using a well known search engine shows that others have come across this before: [URL] I have installed the current version of rkhunter from Debian's Unstable repo,but i still have the same result as above. I now check the rkhunter wiki,which mentions the same problem: [URL]
Quote: Here is an example on my system to remove a false positive for a certain rootkit that hit hdparm.
[Code]....
Security :: False Positive From Rkhunter?
Oct 25, 2010Is this a false positive from rkhunter?
/usr/bin/curl [ Warning ]
/usr/bin/ldd [ Warning ]
Chkrootkit came back ok. Running ClamAV and will only add that here if it finds anything. I just neve remember seeing these before. This is in Ubuntu 10.10
Security :: Rkhunter's Email With Several Warnings
Dec 23, 2010Last night I received the classic rkhunter's email with several warnings inside:
Quote:
Warning:
Warning:
Warning:
and so on..
Why rkhunter isn't able to calculate the hash of those files and compare it with the stored one?
Other strange thing: for the "good" file, the hash is often different!
For example, in the last rkhunter.log, /bin/awk is "good".
But:
Quote:
Quote:
So, if the sha1sum is different, why rkhunter tell me that awk is secure?
Ubuntu Security :: Rkhunter Suspicious Files And Folders?
Apr 1, 2010I have been running rkhunter but how do i view the /var/log/rkhunter.log? I have tried using: sudo /var/log/rkhunter.log but all i got was "Command not found?
View 6 Replies View RelatedUbuntu Security :: Ran A Rkhunter Check And In Log Have Found Some Very Odd Reports?
Nov 8, 2010I recently ran a rkhunter check and in my log i have found some very odd (to me at least) reports.
/usr/bin/last [ Warning ]
Warning: The file properties have changed:
File: /usr/bin/last
[code]....
Fedora Security :: SELinux Warning On Rkhunter?
Mar 17, 2011i get this warning from selinux :
"SELinux is preventing /bin/mailx from append access on the file /var/lib/rkhunter/rkhcronlog.OmRFCZOynG."
I tried to fix it by "# /sbin/restorecon -v /var/lib/rkhunter/rkhcronlog.OmRFCZOynG" as suggested by SELinux but it comes back with another warning, but with a different /rkhcronlog.xxxxxxxxx...
i think its just a way of rkhunter logging issue -. attached here is the actual error message by selinux.
Security :: Localhost Scans With Rkhunter And Chkrootkit?
Feb 16, 2011Let's say you have a host with some kind of locally installed root kit detector/scanner.
If someone managed to get root access to that box. Wouldn't the first thing to do, before installing a root kit, be to remove any kind root kit detector?
Security :: Rkhunter Found Suspicious Files?
Aug 10, 2010I got this warning in the log of rkhunter:Quote:
Checking /dev for suspicious file types [ Warning ]
[13:37:16] Warning: Suspicious file types found in /dev:
[13:37:16] /dev/shm/pulse-shm-43136623: data
[code]....
Fedora Security :: Receiving A Rkhunter Warning On 14 Server
Jun 15, 2011I had been receiving a rkhunter warning on my Fedora 14 server for quite some time now. Attempts to fix the error via information from Google searches have failed. I decided to have a look at bugzilla and what do you know, a fix. The warning:
Quote:
[03:29:08] Warning: The SSH and rkhunter configuration options should be the same:
Warning: The SSH and rkhunter configuration options should be the same:
The fix, according to https://bugzilla.redhat.com/show_bug.cgi?id=596775 is to change
PHP Code:
ALLOW_SSH_PROT_V1=2
to
PHP Code:
ALLOW_SSH_PROT_V1=0
I made the change and ran rkhunter again. No more error. I know everyone was wondering about this.
Security :: Centos 5.5 / Rkhunter Result In Logwatch Mail
Apr 20, 2011I have a server, running Centos 5.5. It runs daily rkhunter and logwatch. From both I get a daily mail.
I have a desktop computer, running Fedora 13 (almost 14...). It runs also a daily rkhunter and logwatch. But I get ONE mail from logwatch, which contains the result of rkhunter.
On the server, I want also only mail from logwatch, containing the rkhunter results. But so far, no luck.
How can I get the rkhunter results in the logwatch mail on my Centos server?
Security :: X Freezing, Rkhunter Warns About Adore Rootkit?
Mar 8, 2010Something really nasty happened to my Arch Linux just now and I don't know why. I was switching through Xfwm4 themes when suddenly Kate crashed and brought down X with it. I started X back up, and Xfwm got hung up, I had to switch to another VT and run "killall X". I tried replacing xfwm4 with pekwm (but still with xfce4-panel) in .xinitrc, same thing. I deleted all my Xfce config files and tried again. The mouse didn't even move. The keyboard didn't work, not even the keyboard light would come on and I couldn't switch to another VT. I was forced to use the Reset button and hope it wouldn't ruin my hard drive.
It booted up fine, I purged all xfce4-related packages just in case while still in CLI mode, and I ran "xinit /usr/bin/pekwm" and I got into a working GUI. I closed a window and X froze again! The window's close button just stayed presses after I let go of it! I killed X from another VT. So I installed and ran "rkhunter" form AUR (I wonder why they don't have it in the arch repos, it's so much better that chkrootkit) and it warned that I might have Adore Rootkit. What should I do? If it helps, I recently installed a few packages from the Arch Linux AUR, including "ooc-git", "ooc-gtksourceview-git", "libpng12", and "virtualbox_bin".
Fedora Security :: Keep Top/htop Running Rkhunter Showed Up Randomly
Aug 29, 2009I like to keep top/htop running rkhunter showed up randomly. I didn't launch this. f11, 2 day old install, fully updated.
View 2 Replies View RelatedSecurity :: Transient Rkhunter Warning Of Sebek/adore Trojan On Desktop Debian?
Feb 22, 2011Like Jackp27, I am reacting to a transient warning from rkhunter, indicating a possible LKM trojan, which may or may not be a false positive. Running chkrootkit and rkhunter repeatedly, including older versions running under live CDs like INSERT, indicated nothing wrong, but two runs of rkhunter running under the possibly compromised system itself did seem to suggest rkhunter thought it might have found elements of trojan code in RAM.
Like Jackp27, I can't give details right now because I do not currently have access to my logs, but I did find one webpage (can't give link because I do not currently have access to my detailed notes) suggesting that rkhunter may have thought it found a signature of the adore trojan in RAM by looking at /proc/kallsymms which is not a file I ordinary look at. I did look at it very closely yesterday, repeatedly, and it seems to be mostly empty, but occasionaly seems to contain what might be a sequence of calls to various kernel modules--- right now I only recall that some had the form ??_guest_? and that x_tables might be involved.
Can anyone give me a rough indication of what /proc/kallsymms is supposed to do, whether it should normally be empty, and when it is not, what kind of lines are supposed to show up in that "file" when I cat it? I also saw something about ?_logdrop? which may have had something to do with with rotating logs (I rebooted several times) rather than a trojan keylogger. But maybe some trojans rotate logs to try to hide their presence?
I know I am not giving enough information--- I hope to come back later with more details after I have managed to access my logs and notes, so feel free to say what kind of details would be most helpful in helping me decide whether or not this was a false positive.
Ubuntu Security :: Security Changed In Remote Desktop?
Jul 6, 2010I always use VNC to check my server for updates, and this morning I started the xvnc4viewer to vnc into my server and it keep asking for a password. I never setup a password because I do this local from my laptop, and I am the only one who uses my laptop. I had to go to my server and check the setting in System > Preferences > Remote Desktop and found them all changed. There was a password setup and there was a check mark in the you must confirm each access to this machine there some security update that changed all these setting? Sometimes when I do updates I don't know what is being changed on my server
View 9 Replies View RelatedUbuntu Security :: Rkhunter/ Chkrootkit And Exim4 - Installing Progs On Lucid It Comes With Exim4?
May 7, 2010When installing these progs on Lucid it comes with exim4,I noticed this in the terminal output. What has exim4 to do with rkhunter and/or chkrootkit?
View 3 Replies View RelatedUbuntu Security :: Check For Updates To The Current Version Of Rkhunter And Upgrade To A New Version?
Sep 18, 2010How do i check for updates to the current version of rkhunter and if possible upgrade to a new version?
View 2 Replies View RelatedUbuntu :: Permission Tab On File Properties?
Jun 7, 2011How can hide it ?Or unless to request a password?I want to do this because Sometimes My cousins use my PC and I don't really want to set an account for each one so I let them use the mine.Problem is I have important files that i don't want to hide but to make them unerasable (I doubt that word exist though)I mean to not let them erase them but some are pretty clever and they Know of the properties option so they can change the attributes.
View 5 Replies View RelatedOpenSUSE :: Updated To 11.4 [64 Bit] - Rkhunter Is Giving Warning: User 'rtkit' Has Been Added To The Passwd File
Mar 13, 2011i have just updated to openSuSE 11.4 [64 bit]; rkhunter is giving these Warnings :
Warning: User 'rtkit' has been added to the passwd file.
Warning: User 'pulse' has been added to the passwd file.
Warning: User 'statd' has been added to the passwd file.
Warning: Changes found in the group file for group 'audio': User 'pulse' has been added to the group
Warning: Group 'rtkit' has been added to the group file.
Warning: Group 'pulse' has been added to the group file.
Warning: Group 'pulse-access' has been added to the group file.
Warning: Suspicious file types found in /dev: /dev/shm/initrd_exports.sh: ASCII text
Warning: Hidden directory found: /dev/.sysconfig
Warning: Hidden directory found: /dev/.mount
Do these look Normal, Are these False-Positives??
Ubuntu :: File Or Folder Properties Command
Apr 13, 2011I'm having trouble finding the correct modifiers to the stat command to print out the file/folder properties in human readable format. I would like to run a command on a given file or folder and have the file size in kb, mb, or gb size as opposed to byte size in addition to other pertinent information.
View 2 Replies View RelatedUbuntu :: File Properties Takes A Long Time To Open
May 6, 2010I have a newly installed Kubuntu 10.04 running here, works fine except for one thing.
I have a kind of "fileserver" and it has a samba share that I have mounted in the home folder of my desktop computer ("/home/xxx/fileserver", the server is running an older version of Ubuntu, can't exactly remember what it is but the filesystem is ext2, if that's of any importance).
I have large files on the server, mostly video. When I use Dolphin (or Konqueror, doesn't make any difference) and right click one of these large files and choose Properties, it takes a LONG time to load the properties window. As if it copies the file to local hd before opening properties, or something.
The reason why I posted here and not in the networking section is, that I had the exact same setup with my previous installation which was Kubuntu 8.04, and also at least three different Ubuntu's before that. Never had this problem before, so I think my server and networking thingies are okay.
Fedora :: Unable To Check "allow Executing File As Program" In File Properties - Permission Denied
Feb 27, 2011Im trying to run a program but my system won't let me.i used to be able to run executable files without a problem but i can't anymore when i double click the file i get "there is no application installed for executable files" i am unable to check "allow executing file as program" in file properties there is a script file which runs the program but all i get from the terminal is "permission denied"
View 14 Replies View Related