Results 1 to 9 of 9

Thread: [SOLVED] rkhunter warnings, virus?

  1. #1
    Join Date
    Jul 2008
    Location
    Atlanta, GA
    Beans
    623
    Distro
    Ubuntu 12.04 Precise Pangolin

    Question [SOLVED] rkhunter warnings, virus?

    Ran rkhunter and
    /usr/sbin/unhide [ Warning ]
    /usr/sbin/unhide-linux26 [ Warning ]
    Performing filesystem checks
    Checking /dev for suspicious file types [ Warning ]
    Checking for hidden files and directories [ Warning ]

    Does anyone know what this means and what I should do about it? Hopefully not viruses.
    Last edited by Camilia; September 7th, 2008 at 07:46 AM. Reason: changing

  2. #2
    Join Date
    Jan 2008
    Location
    /us/al/home/mb_webguy
    Beans
    2,340
    Distro
    Ubuntu 10.04 Lucid Lynx

    Re: rkhunter warnings, virus?

    Quote Originally Posted by Camilia View Post
    Ran rkhunter and
    /usr/sbin/unhide [ Warning ]
    /usr/sbin/unhide-linux26 [ Warning ]
    Performing filesystem checks
    Checking /dev for suspicious file types [ Warning ]
    Checking for hidden files and directories [ Warning ]

    Does anyone know what this means and what I should do about it? Hopefully not viruses.
    Well, first off, even if those directories do contain viruses, you don't need to concern yourself terribly much, since a virus can't do anything on Linux. You could pass it on to a Windows user if you transfer the file to them, but you'd have to do it yourself, since -- as I said -- the virus can't do it on its own in Linux.

    Second... Wow. Those are some extraordinarily unhelpful warning messages. I don't know much (or actually anything) about rkhunter, but you may want to try installing the Linux version of AVG and see what it says.

  3. #3
    Join Date
    Dec 2005
    Location
    Western Australia
    Beans
    11,479
    Distro
    Ubuntu 12.04 Precise Pangolin

    Re: rkhunter warnings, virus?

    Rkhunter doesn't look for viruses, it looks for rootkits. Linux rootkits, not Windows ones.

    The /dev and "hidden files and directories" warnings are something I've always had; I suggest ignoring those. The warnings about the unhide program are probably also false alarms - they are used by rkhunter. If you're worried about them, you can use Synaptic Package Manager to reinstall "unhide".

    Rkhunter also has a log file that gives more information; at the end of your scan it should tell you the location of it.

    If you're running an up-to-date system, and you don't have any outward-facing services accessible from the Internet (i.e. your router has a firewall that doesn't have any ports allowed), then there is no realistic way you can get a rootkit.
    I try to treat the cause, not the symptom. I avoid the terminal in instructions, unless it's easier or necessary. My instructions will work within the Ubuntu system, instead of breaking or subverting it. Those are the three guarantees to the helpee.

  4. #4
    Join Date
    Jul 2008
    Location
    Atlanta, GA
    Beans
    623
    Distro
    Ubuntu 12.04 Precise Pangolin

    Question Re: rkhunter warnings, virus?

    Read this could be due to updates thus pasted sudo rkhunter—propupd in terminal. Then pasted /sudo rkhunter -c -sk in terminal and get /sudo: No such file or directory

    Sometimes can run check and sometimes can't. This concerns me. Why could this be?

    I have the unhide program installed.

  5. #5
    Join Date
    Jan 2008
    Location
    /us/al/home/mb_webguy
    Beans
    2,340
    Distro
    Ubuntu 10.04 Lucid Lynx

    Re: rkhunter warnings, virus?

    Quote Originally Posted by 3rdalbum View Post
    Rkhunter doesn't look for viruses, it looks for rootkits. Linux rootkits, not Windows ones.

    The /dev and "hidden files and directories" warnings are something I've always had; I suggest ignoring those. The warnings about the unhide program are probably also false alarms - they are used by rkhunter. If you're worried about them, you can use Synaptic Package Manager to reinstall "unhide".

    Rkhunter also has a log file that gives more information; at the end of your scan it should tell you the location of it.

    If you're running an up-to-date system, and you don't have any outward-facing services accessible from the Internet (i.e. your router has a firewall that doesn't have any ports allowed), then there is no realistic way you can get a rootkit.
    See... I said I didn't know anything about rkhunter, didn't I? The OP said viruses, so... *shrug*


  6. #6
    Join Date
    Jul 2008
    Location
    Atlanta, GA
    Beans
    623
    Distro
    Ubuntu 12.04 Precise Pangolin

    Re: rkhunter warnings, virus?

    There is no realistic way you can get a rootkit I am told

    Since I got trojan viruses on windows xp just after I copied pictures for my avatar I have gotten a little paranoid. Thus I like scan my computer at times.

  7. #7
    Join Date
    Jan 2008
    Location
    /dev/null
    Beans
    2,793
    Distro
    Ubuntu 8.04 Hardy Heron

    Re: rkhunter warnings, virus?

    Moved from general help

  8. #8
    Join Date
    Dec 2007
    Location
    California
    Beans
    4,900
    Distro
    Ubuntu 13.04 Raring Ringtail

    Re: rkhunter warnings, virus?

    Quote Originally Posted by Camilia View Post
    There is no realistic way you can get a rootkit I am told

    Since I got trojan viruses on windows xp just after I copied pictures for my avatar I have gotten a little paranoid. Thus I like scan my computer at times.
    Generally you'd have to either install the root kit, or an attacker gain access to your system and install the root kit. Root kits get installed into a system that has already been compromised to guarantee the attacker has a back door in and to cover their tracks.

    This is more of a concern for servers, do you have any servers installed, like openssh? Is it avaible to the internet? If not I wouldn't worry about rootkits, really.

    Viruses not so much either.

    Phishing sites, yes, browsers security yes, for firefox addons like noscript and adblock help alot.
    "You can't expect to hold supreme executive power just because some watery tart lobbed a sword at you"

    "Don't let your mind wander -- it's too little to be let out alone."

  9. #9
    Join Date
    Jul 2008
    Location
    Atlanta, GA
    Beans
    623
    Distro
    Ubuntu 12.04 Precise Pangolin

    Re: rkhunter warnings, virus?

    No I don't have a server. My computer is simply connected via cable to the internet.

    Now I am certain I don't need to worry about roots.

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •