Installed rkhunter today and ran a check ..
then viewed the log file. As the size of the logfile is large, will post the warnings ..Code:sudo rkhunter -c
Seems those 10 files, all 64 Mb each, are from pulse-audio ? They have todays date and the only audio was playing 2 videos, and I used "ffmpeg" to cut a video.Code:[16:00:45] Info: No mail-on-warning address configured [16:00:45] Info: X will be automatically detected [16:00:45] Info: Using syslog for some logging - facility/priority level is 'authpriv.warning'. [16:00:55] /usr/bin/lwp-request [ Warning ] [16:00:55] Warning: The command '/usr/bin/lwp-request' has been replaced by a script: /usr/bin/lwp-request: a /usr/bin/perl -w script, ASCII text executable [16:03:16] Info: Starting test name 'passwd_changes' [16:03:16] Checking for passwd file changes [ Warning ] [16:03:16] Warning: User 'postfix' has been added to the passwd file. [16:03:16] [16:03:16] Info: Starting test name 'group_changes' [16:03:16] Checking for group file changes [ Warning ] [16:03:16] Warning: Group 'postfix' has been added to the group file. [16:03:16] Warning: Group 'postdrop' has been added to the group file. [16:03:16] Checking root account shell history files [ None found ] [16:03:16] [16:03:16] Info: Starting test name 'system_configs' [16:03:16] Performing system configuration file checks [16:03:16] Checking for an SSH configuration file [ Found ] [16:03:16] Info: Found an SSH configuration file: /etc/ssh/sshd_config [16:03:16] Info: Rkhunter option ALLOW_SSH_ROOT_USER set to 'no'. [16:03:16] Info: Rkhunter option ALLOW_SSH_PROT_V1 set to '0'. [16:03:16] Checking if SSH root access is allowed [ Warning ] [16:03:16] Warning: The SSH and rkhunter configuration options should be the same: [16:03:16] SSH configuration option 'PermitRootLogin': prohibit-password [16:03:16] Rkhunter configuration option 'ALLOW_SSH_ROOT_USER': no [16:03:16] Checking if SSH protocol v1 is allowed [ Not allowed ] [16:03:16] Checking for a running system logging daemon [ Found ] [16:03:16] Info: A running 'rsyslog' daemon has been found. [16:03:16] Info: Starting test name 'filesystem' [16:03:16] Performing filesystem checks [16:03:16] Info: SCAN_MODE_DEV set to 'THOROUGH' [16:03:17] Checking /dev for suspicious file types [ Warning ] [16:03:17] Warning: Suspicious file types found in /dev: [16:03:17] /dev/shm/pulse-shm-2530832173: data [16:03:17] /dev/shm/pulse-shm-3471548845: data [16:03:17] /dev/shm/pulse-shm-2417026077: data [16:03:17] /dev/shm/pulse-shm-1389230103: data [16:03:17] /dev/shm/pulse-shm-2172323307: data [16:03:18] /dev/shm/pulse-shm-3031592724: data [16:03:18] /dev/shm/pulse-shm-8717739: data [16:03:18] /dev/shm/pulse-shm-2264548606: data [16:03:18] /dev/shm/pulse-shm-3112176386: data [16:03:18] /dev/shm/pulse-shm-2764677997: AmigaOS bitmap font [16:03:18] Checking for hidden files and directories [ Warning ] [16:03:18] Warning: Hidden directory found: /etc/.java [16:03:18] Checking for missing log files [ Skipped ] [16:03:18] Checking for empty log files [ Skipped ] [16:04:31] [16:04:31] Info: Test 'apps' disabled at users request. [16:04:31] [16:04:31] System checks summary [16:04:31] ===================== [16:04:31] [16:04:31] File properties checks... [16:04:31] Files checked: 149 [16:04:31] Suspect files: 1 [16:04:31] [16:04:31] Rootkit checks... [16:04:31] Rootkits checked : 380 [16:04:31] Possible rootkits: 0 [16:04:31] [16:04:31] Applications checks... [16:04:31] All checks skipped [16:04:31] [16:04:31] The system checks took: 3 minutes and 46 seconds [16:04:31] [16:04:31] Info: End date is Tuesday 9 January 16:04:31 AEDT 2018
Bookmarks