Unix and Linux Stack Exchange
Unix and Linux Stack Exchange

Questions tagged [chkrootkit]

23 questions
16
votes
2 answers

rkhunter warns me about root.rules

I run : :~$ sudo rkhunter --checkall --report-warnings-only One of the warnings I've got : Warning: Suspicious file types found in /dev: /dev/.udev/rules.d/root.rules: ASCII text and the root.rules contains : SUBSYSTEM=="block",…
4m1nh4j1
  • 1,823
  • 8
  • 29
  • 40
12
votes
3 answers

Invalid WEB_CMD configuration option: Relative pathname: "/bin/false"

I am on Ubuntu, I am trying to install rkhunter. I've tried apt-get install rkhunter success But then, I did rkhunter --update I kept getting Invalid WEB_CMD configuration option: Relative pathname: "/bin/false"
code-8
  • 412
  • 1
  • 6
  • 18
4
votes
0 answers

The "chkproc: Warning: Possible LKM Trojan installed" appears and disappears

I have chkrootkit version 0.49 installed on Debian 6.5. When I run sudo chkrootkit, I keep getting variable warnings about the LKM trojan, when I run the command repeatedly. First run Checking `lkm'... You…
OtagoHarbour
  • 785
  • 4
  • 13
  • 26
3
votes
2 answers

Chkrootkit warning about infected port 600

I run the Tiger Automatic Auditor on my Debian Linux system, and recently got emailed the following: # Running chkrootkit (/usr/sbin/chkrootkit) to perform further checks... OLD: --ALERT-- [rootkit005a] Chkrootkit has found a file which seems to be…
jrdioko
  • 860
  • 1
  • 9
  • 18
3
votes
2 answers

rkhunter /usr/bin/ssh && /usr/sbin/sshd [Warning]

My last rkhunter scan reported a couple of warnings that deserve to be checked. Main reason for my suspect is that I wasn't on the machine at (03-Apr-2014 01:12:12) ->AM I googled for understand what's the purpose of the 2 files I mentioned in…
lese
  • 2,716
  • 5
  • 19
  • 30
3
votes
2 answers

Cannot understand chkrootkit's result

I couldn't understand the output of chkrootkit command: $ chkrootkit -q -r…
Dharmit
  • 4,220
  • 7
  • 28
  • 37
2
votes
1 answer

Chkrootkit found a lot of suspicious files and directories, and /sbin/init INFECTED

I was just running chkrootkit on my Fedora 20 x86_64. Here are some dubious results. Anyone know if these are false positives? Do I have a compromised system? Here are the suspect files and directories: Searching for suspicious files and dirs, it…
somethingSomething
  • 5,721
  • 18
  • 58
  • 98
2
votes
1 answer

Verifying Debian/Ubuntu packages integrity when booting from a read-only DVD?

Is there an easy way to boot a Debian-based Linux system from a read-only medium (say a Live Linux read-only DVD) and then use Debian's .deb checksums / signatures (?) to verify that the files installed do indeed come from properly signed Debian…
user57725
  • 123
  • 1
  • 5
1
vote
1 answer

CentOS 7 Malware? - User "impress+" executes a command ("cron") with a high CPU consumption

One of my "CentOS 7" servers is showing very strange behavior. A user named "impress+" executes a command called "cron". This "cron" command is executed with a high CPU consumption. I worry because I suspect it may be malware... This server has…
Eduardo Lucio
  • 664
  • 2
  • 13
  • 34
1
vote
0 answers

What process is accessing this laptops webcam? Is it a rootkit?

Old laptop, running minecraft for the kids. Noticed the webcam light blinking for half a second randomly. Assumed it was a minecraft mod, nuked everything off and did a fresh Ubuntu install. Sure enough, the webcam light starting coming on randomly…
dtbaker
  • 111
  • 3
1
vote
0 answers

What is "invalid argument" by a rootkit check?

I thought I should run a rootkit in connection to the recent Debian apt vulnerability, which I think I have fixed though. I used chkrootkit and get these two lines, which I'm not sure what to do with: Checking `lkm'... …
user147505
1
vote
1 answer

How to treat supposed chkrootkit false positive

I installed chkrootkit with apt-install in a freshly installed Ubuntu server 16.04.3. chkrootkit found suspicious files and directories after first run: Searching for suspicious files and dirs, it may take a while... The following suspicious files…
Asarluhi
  • 317
  • 2
  • 5
  • 13
1
vote
1 answer

chkrootkit checking sniffer's log takes ages

On my server chkrootkit hangs on Searching for sniffer's logs, it may take a while... After half an hour, I stopped this, so how can I find out what chkrootkit is trying to achieve in this step? I looked at the code and it seems this is the part…
rubo77
  • 27,777
  • 43
  • 130
  • 199
1
vote
1 answer

How to install a shared library in Linux

As part of my research work I have to study a rootkit. So I downloaded ncom rootkit and tried installing. It didn't have any installation files.
user3539
  • 4,288
  • 9
  • 34
  • 44
1
vote
1 answer

I need find 1 simple rootkit to test chkrootkit in centos?

I want to find 1 simple rootkit to test chkrootkit (a tool used to detect rootkit). Please recommend to me 1 rootkit and show me how to set it up or install it.
TrungTrung
  • 11
  • 3
1
2