Results 1 to 5 of 5

Thread: warning and suspect file properties displayed

  1. #1
    Join Date
    Jun 2011
    Beans
    3

    Exclamation warning and suspect file properties displayed

    Today when I scanned my system with rkhunter, It gave me 3 file properties warnings.

    rkhunter --check -l log.txt

    1). /usr/bin/last => warning
    2). /usr/bin/perl => warning
    3). /sbin/sulogin => warning.


    What does this warning indicates as i had no warnings earlier, This is recent warnings, and How can i rectify it.

    Thanks

  2. #2
    prodigy_ is offline May the Ubuntu Be With You!
    Join Date
    Mar 2008
    Beans
    1,219

    Re: warning and suspect file properties displayed

    Quote Originally Posted by h4ck0lic View Post
    1). /usr/bin/last => warning
    2). /usr/bin/perl => warning
    3). /sbin/sulogin => warning.
    This doesn't look like a part of rkhunter log. Should be something like:
    Code:
    [15:27:40] /usr/bin/mail                                     [ Warning ]
    [15:27:41] Warning: The file '/usr/bin/mail' exists on the system, but it is not present in the rkhunter.dat file.
    Use sudo cat log.txt to read the log file.

  3. #3
    Join Date
    Jun 2011
    Beans
    3

    Exclamation Re: warning and suspect file properties displayed

    File Properties :-

    Code:
    /usr/bin/last                                         [ Warning ]
    /usr/bin/perl                                         [ Warning ]
    /sbin/sulogin                                         [ Warning ]
    Performing trojan specific checks

    Code:
    Checking for enabled inetd services                   [ Warning ]
    
    Warning: Found enabled inetd service: tftp
    Code:
    Checking if SSH root access is allowed                [ Warning ]
    
    Warning: The SSH and rkhunter configuration options should be the same:
    [02:30:35]          SSH configuration option 'PermitRootLogin': yes
    [02:30:35]          Rkhunter configuration option 'ALLOW_SSH_ROOT_USER': no
    Performing filesystem checks

    Code:
    Checking /dev for suspicious file types               [ Warning ]
    Checking for hidden files and directories             [ Warning ]
    
     Checking /dev for suspicious file types         [ Warning ]
    [02:30:36] Warning: Suspicious file types found in /dev:
    [02:30:36]          /dev/shm/pulse-shm-3744425219: data
    [02:30:36]          /dev/shm/pulse-shm-3080383606: data
    [02:30:36]          /dev/shm/pulse-shm-4165232942: data
    [02:30:36]          /dev/shm/pulse-shm-3175425441: data
    [02:30:36]          /dev/shm/pulse-shm-928137017: data
    [02:30:37]   Checking for hidden files and directories       [ Warning ]
    [02:30:37] Warning: Hidden directory found: /etc/.java
    [02:30:37] Warning: Hidden directory found: /dev/.udev
    [02:30:37] Warning: Hidden directory found: /dev/.initramfs
    Last edited by h4ck0lic; June 18th, 2011 at 11:45 PM.

  4. #4
    Join Date
    Jun 2011
    Beans
    3

    Exclamation Re: warning and suspect file properties displayed

    Can anyone help me here ?

  5. #5
    Join Date
    Mar 2006
    Location
    Sevierville, Tennessee
    Beans
    1,279
    Distro
    Ubuntu Development Release

    Re: warning and suspect file properties displayed

    Quote Originally Posted by h4ck0lic View Post
    Today when I scanned my system with rkhunter, It gave me 3 file properties warnings.

    rkhunter --check -l log.txt

    1). /usr/bin/last => warning
    2). /usr/bin/perl => warning
    3). /sbin/sulogin => warning.


    What does this warning indicates as i had no warnings earlier, This is recent warnings, and How can i rectify it.

    Thanks
    Have you read up on rkhunter. Some of your warning may be normal hits. What makes you think you have a rootkit?
    Gary
    Linux since 1995, Ubuntu since 2006

Tags for this Thread

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •