View Full Version : [ubuntu] Rkhunter comes with a warning
July 13th, 2011, 09:13 PM
Just I install the rkhunter tool via apt-get install rkhunter. When I had run the rkhunter check, rkhunter comes with a warning about "GasKit Rootkit", i dont understand what it is, but maby your can help me.
This server is install new last and maby 1 week old, so i don't understand why this happends.
July 13th, 2011, 09:17 PM
Have you tried a google search on your reply. There seems to be a lot of information on it.
July 13th, 2011, 09:18 PM
Of course, but i dont found any thing, maby you can help me?
July 14th, 2011, 02:14 AM
Checking out the current release code you can find file and directories names to check out yourself:
7196 # GasKit Rootkit
8410 # Suspicious startup file strings
8411 RCLOCAL_STRINGS="/usr/bin/rpc.wall:Linux Rootkit (LRK4)
8412 sshdd:GasKit Rootkit
8413 hidef:Knark Rootkit
8414 /usr/bin/.etc:Dica-Kit Rootkit"
* RKHROOTDIR usually equals "/" and RCLOCAL_STRINGS means running 'strings' on files and grepping for search terms.
i dont found any thing
...then your search-fu may be low as there AFAIK is one entry only in the rkhunter-users mailing list (which actually is listed as the preferred first point of contact instead of *any* forum regardless of how friendly, knowledgeable or helpful members are or not): http://sourceforge.net/mailarchive/forum.php?thread_name=20080222161213.77CB515803D%4 0mailserver6.hushmail.com&forum_name=rkhunter-users
July 14th, 2011, 08:51 AM
Thanks all for the helpfull answers is it maby possible that error the mounted usb disk? On this disk is a ubuntu server os on it. This was my old disk. Maby is that the problem.
I try to find out and do my best :)
Do you have any idea?
July 14th, 2011, 09:18 AM
Yes! I found out what the problem is. My LVM named "Dev" en lvm is in /dev always ;)
Powered by vBulletin® Version 4.2.2 Copyright © 2015 vBulletin Solutions, Inc. All rights reserved.