A Carafe of Ubuntu
Chkrootkit warning
When I run chkrootkit in 12.04 I get a warning I have never seen before. It is located in /var/run/utmp.
Is this a new type of security issue or a false positive?Checking `chkutmp'... The tty of the following user process(es) were not found
in /var/run/utmp !
! RUID PID TTY CMD
! root 1198 tty7 /usr/bin/X :0 -auth /var/run/lightdm/root/:0 -nolisten tcp vt7 -novtswitch -background none
Chocolate-Covered Ubuntu Beans
That is simply a false positive. That's all you will ever get a sgetting a rootkit is highly unlikely to happen.....relax/play...this is Linux.
Dell Inspiron 1764 Laptop, Intel CoreTM i5 520M), 4GB Shared Dual Channel DDR3 at 1066MHz, 512MB ATI Mobility RadeonTM HD4330 Integrated Intel HD.
Dark-Roasted but Half-Baked
Don't be so cavalier about security.
Rootkits can and do appear in Linux environments. It is particularly possible if you have been "socially engineered" into installing something malicious when using elevated privileges. An untrusted source or "something cool I found on the internet" can both make you vulnerable.
Assuming that we are somehow "safe" from the dangers of the world by virtue of using Linux is foolhardy. We should be every bit as vigilant as Windows users. Linux invulnerability is a myth.
Use chrootkit. If you get a hit, ask or google. If it's a false positive, better safe than sorry.
Please read The Forum Rules and The Forum Posting Guidelines
A thing discovered and kept to oneself must be discovered time and again by others. A thing discovered and shared with others need be discovered only the once.
This universe is crazy. I'm going back to my own.
Chocolate-Covered Ubuntu Beans
I wasn't being cavalier,I was speaking from experience. In 15yrs of working with Unix/Linux and working with people working on Linux, niether i or anyone else I know or work with has ever gotten a virus or rootkit. While I know it's not impossible, I merely stated it was very unlikely.Originally Posted by QIII
Dell Inspiron 1764 Laptop, Intel CoreTM i5 520M), 4GB Shared Dual Channel DDR3 at 1066MHz, 512MB ATI Mobility RadeonTM HD4330 Integrated Intel HD.
Dark-Roasted but Half-Baked
Nobody you know does not mean nobody.
It can and does happen. Hence, a tool to check for it.
I've been at this for 35 years going back to Unix. I've learned a hard lesson or two.
Please read The Forum Rules and The Forum Posting Guidelines
A thing discovered and kept to oneself must be discovered time and again by others. A thing discovered and shared with others need be discovered only the once.
This universe is crazy. I'm going back to my own.
Way Too Much Ubuntu
Regardless of intent a lot of people on everything from fora to mailing lists think they should decide for others what is good and what is not. Instead, and in keeping with the Fish vs Fishing Rod thingie, it would be better to say that if this is a FP then it is often caused by processes, commonly associated with logging in, that haven't written to utmp yet.
Those practicing forensics at whatever level know evidence gathering should be step one in case of suspicion and those even fleetingly familiar with security know it requires a multi-layered approach, meaning not just running a single post-incident auditing tool.
Posting Permissions
Adv Reply
Bookmarks