Hello and thanks for the stickies - as well as your patience and time. I have a lot to learn about Ubuntu Security, so I've been doing a lot of reading lately.
I'm posting for both chkrootkit and rkhunter here because results from both also have references to java and I have a general security question that covers both, in addition to a request for info/help.
I've just run chkrootkit and rkhunter. I got a couple odd results (read warnings and suspicious) in both results and have prowled the threads for answers. I'm still left with questions...
PART 1: RKHUNTER
(I ran a full check earlier). Ran this for the post:
Code:
sudo rkhunter -c --rwo --summary
yielded the following results:
Code:
Warning: The command '/usr/bin/unhide.rb' has been replaced by a script: /usr/bin/unhide.rb: Ruby script, ASCII text
Warning: Suspicious file types found in /dev:
/dev/.udev/rules.d/root.rules: ASCII text
Warning: Hidden directory found: '/etc/.java'
Warning: Hidden directory found: '/dev/.udev'
Warning: Hidden file found: /dev/.initramfs: symbolic link to `/run/initramfs'
System checks summary
=====================
File properties checks...
Files checked: 135
Suspect files: 1
Rootkit checks...
Rootkits checked : 292
Possible rootkits: 0
Applications checks...
All checks skipped
The system checks took: 53 seconds
All results have been written to the log file (/var/log/rkhunter.log)
I've seen several thread responses to the Ruby Script, pointing OP to using --propupd; that this is likely the result of distro changes.
QUESTION: How can the user (or in my case, me, as a novice) know that this is genuine and reliable? What steps can I take to verify this before I --propupd?
QUESTION: Should the hidden directories and file be any cause for alarm?
PART 2: CHKROOTKIT (TL;DR version)
A lot "nothing found", "not infected" and "no suspect files", etc. results, but I have no idea what to do with this information:
Code:
The following suspicious files and directories were found:
/usr/lib/jvm/.java-1.6.0-openjdk-amd64.jinfo /usr/lib/jvm/.java-1.7.0-openjdk-amd64.jinfo /usr/lib/python2.7/dist-packages/PyQt4/uic/widget-plugins/.noinit /usr/lib/pymodules/python2.7/.path
Any info will be useful. Thank you to all who read and respond.
Bookmarks