Jump to content


Rootkit Hunter


  • Please log in to reply
121 replies to this topic

#101 OFFLINE   Bruno

Bruno

    Le Professeur Pingouin

  • Admin Emeritus
  • 37,904 posts

Posted 19 February 2005 - 07:15 PM

Once every month will do Shamgar . . .  .and if you suspect something fishy going on with your system and expect that it is compromised ( cracked :D ):thumbsup: Bruno

#102 OFFLINE   Shamgar

Shamgar

    Thread Head

  • Members
  • PipPipPipPipPipPip
  • 545 posts

Posted 19 February 2005 - 07:19 PM

Okay.  Thanks again, Bruno!Posted Image

#103 OFFLINE   Bruno

Bruno

    Le Professeur Pingouin

  • Admin Emeritus
  • 37,904 posts

Posted 19 February 2005 - 07:27 PM

You're welcome Shamgar !!  :D :thumbsup: Burno

#104 OFFLINE   Dard

Dard

    Thread Head

  • Members
  • PipPipPipPipPipPip
  • 626 posts

Posted 09 September 2005 - 12:35 AM

24 May - Version 1.2.7 availableA new version with another update for the databases updater and additional OS support.http://www.rootkit.nl/

#105 OFFLINE   muckshifter

muckshifter

    Topic Cop

  • Members
  • PipPipPipPipPipPipPip
  • 951 posts

Posted 10 July 2006 - 10:19 AM

Hey! don't blame me for the resurrection of this thread ... Scot did it. :thumbsup: Oh, and Suse 10.1 installs rkhunter fine via YaST ... :w00t:  :hysterical:

#106 OFFLINE   BillD

BillD

    Posting Prodigy

  • Members
  • PipPipPipPipPipPipPipPipPipPip
  • 2,236 posts

Posted 10 July 2006 - 10:43 AM

Where is the log file for this thing after you run it?    When I type whereis logfile, it indicates it should be in my home, but where? When I enter "whereis rkhunter" I get: /usr/sbin/rkhunter /etc/rkhunter.conf /lib/rkhunter but in looking in these places, there is no logfile there that I can see.Not to hijack this thread, but this points up a fundamental problem I have run into in Linux:  I cannot find things I am looking for.  Is there some better way, than using "whereis"?Thank you.Bill

Edited by BillD, 10 July 2006 - 11:07 AM.

Register Linux User # 412551

#107 OFFLINE   Bruno

Bruno

    Le Professeur Pingouin

  • Admin Emeritus
  • 37,904 posts

Posted 10 July 2006 - 11:56 AM

Hi BillDid you have a look at the output on your screen ?? At the end it says:

Quote

---------------------------- Scan results ----------------------------MD5MD5 compared: 38Incorrect MD5 checksums: 0File scanScanned files: 342Possible infected files: 0Application scanVulnerable applications: 0Scanning took 130 secondsScan results written to logfile (/var/log/rkhunter.log)-----------------------------------------------------------------------
;):thumbsup: BrunoPS: I just created a special thread for questions about the Newsletter & Linux Explorer: http://forums.scotsn...showtopic=15774 please post your comments over there :hysterical:

#108 OFFLINE   striker

striker

    handyman

  • Honorary Moderators
  • 8,509 posts

Posted 10 July 2006 - 12:05 PM

That was obvious. :hysterical:
Striker
still the same...

#109 OFFLINE   BillD

BillD

    Posting Prodigy

  • Members
  • PipPipPipPipPipPipPipPipPipPip
  • 2,236 posts

Posted 10 July 2006 - 01:26 PM

As I told Bruno, it pays to read.  I had been so busy looking at the stuff as it scrolled down the screen and wondering what a red warning was and also what the yellow on white stuff was, that by the time it reached the end, I failed to note the end.  After finding the original log, I tried it again, and of course, there was the notice.Thank you . . . sorry to ask something that should have been obvious . . . but wasn't to me!Bill
Register Linux User # 412551

#110 OFFLINE   Bruno

Bruno

    Le Professeur Pingouin

  • Admin Emeritus
  • 37,904 posts

Posted 10 July 2006 - 01:28 PM

No problem at all Bill ! ;):hysterical: Bruno

#111 OFFLINE   striker

striker

    handyman

  • Honorary Moderators
  • 8,509 posts

Posted 10 July 2006 - 02:45 PM

It happens to all of us Bill, including me.  :P You should hear me sometimes yelling at my self 'you stupid %$##*:++_), are you blind?' Just last friday I forgot to get in as root before doing a simple /sbin/lilo.... :w00t: never happened before. :thumbsup: We're just human. :hysterical:
Striker
still the same...

#112 OFFLINE   teacher

teacher

    Acute Mac

  • Honorary Moderators
  • 13,854 posts

Posted 10 July 2006 - 05:11 PM

Glad to see I am not the only one that does things like this.  ;)
Teacher
Beach Bum Extraordinaire

#113 OFFLINE   striker

striker

    handyman

  • Honorary Moderators
  • 8,509 posts

Posted 10 July 2006 - 05:45 PM

pssst Julia ... the others don't have the guts to admit ... ;)
Striker
still the same...

#114 OFFLINE   teacher

teacher

    Acute Mac

  • Honorary Moderators
  • 13,854 posts

Posted 10 July 2006 - 08:37 PM

There is no point in me not admiting it.  If you go back through this forum to three years ago (yikes already 3 years???) you will find threads where I asked 1000 questions and did a lot of dumb things!  I can usually go awhile without doing something dumb these days.  :D :(
Teacher
Beach Bum Extraordinaire

#115 OFFLINE   striker

striker

    handyman

  • Honorary Moderators
  • 8,509 posts

Posted 11 July 2006 - 03:21 AM

:D  :(
Striker
still the same...

#116 OFFLINE   Frank Golden

Frank Golden

    Migrant Nuclear Worker

  • Forum MVP
  • 1,516 posts

Posted 11 July 2006 - 05:41 AM

View Poststriker, on Jul 11 2006, 03:21 AM, said:

:D  :(
Neat tool No GUI but I made launcher for program. Terminal shuts down at end of scan.But I can see problems before it does. If I see problems I can always re-runin terminal proper.found some hidden files outside /home/dev/.static/dev/./dev/.initramfs/dev/.udev/dev/.initramfs-tools /etc/.pwd.lock/etc/.javaand one unknown GnuPG 1.4.2.2Don't see log in /var/log
Frank Golden

Acer Aspire as5672WLMi, Core 2 Duo Merom (T7200/2.0 GHz) Centrino, 500 GB Seagate Momentus 7200 rpm (SATA) HDD,   4 GB Corsair DDR2-PC5300 ram, ATi Radeon X1400 (128 MB built-in vram/384 MB system ram),
Win 7 Home Premium | Ubuntu 10.04 LTS  & Ultimate Edition 2.8 | Mandriva 2010.2 Gnome | PCLinuxOS 2010 Gnome & KDE ]
Registered Linux User #423741
Registered Ubuntu User # 6235


"Any sufficiently advanced technology is indistinguishable from magic"-Arthur C. Clarke

#117 OFFLINE   striker

striker

    handyman

  • Honorary Moderators
  • 8,509 posts

Posted 11 July 2006 - 07:23 AM

View PostFrank Golden, on Jul 11 2006, 11:41 AM, said:

Neat tool No GUI but I made launcher for program. Terminal shuts down at end of scan.But I can see problems before it does. If I see problems I can always re-runin terminal proper.found some hidden files outside /home/dev/.static/dev/./dev/.initramfs/dev/.udev/dev/.initramfs-tools /etc/.pwd.lock/etc/.javaand one unknown GnuPG 1.4.2.2Don't see log in /var/log
Frank, Try this:rkhunter -c --createlogfile --nocolorsThis checks the system, performs all tests,creates a logfile in /var/log/rkhunter.log,  anddoesn't use colors for the output (some terminals don't like colors or extended layout characters).
Striker
still the same...

#118 OFFLINE   Frank Golden

Frank Golden

    Migrant Nuclear Worker

  • Forum MVP
  • 1,516 posts

Posted 11 July 2006 - 04:55 PM

View Poststriker, on Jul 11 2006, 07:23 AM, said:

Frank, Try this:rkhunter -c --createlogfile --nocolorsThis checks the system, performs all tests,creates a logfile in /var/log/rkhunter.log,  anddoesn't use colors for the output (some terminals don't like colors or extended layout characters).
Thanks Striker worked charm. Didn't need --nocolors, terminal has no problem colors etc.
Frank Golden

Acer Aspire as5672WLMi, Core 2 Duo Merom (T7200/2.0 GHz) Centrino, 500 GB Seagate Momentus 7200 rpm (SATA) HDD,   4 GB Corsair DDR2-PC5300 ram, ATi Radeon X1400 (128 MB built-in vram/384 MB system ram),
Win 7 Home Premium | Ubuntu 10.04 LTS  & Ultimate Edition 2.8 | Mandriva 2010.2 Gnome | PCLinuxOS 2010 Gnome & KDE ]
Registered Linux User #423741
Registered Ubuntu User # 6235


"Any sufficiently advanced technology is indistinguishable from magic"-Arthur C. Clarke

#119 OFFLINE   Urmas

Urmas

    GUI Penguin

  • Forum Moderators
  • 4,060 posts

Posted 11 July 2006 - 05:28 PM

View PostFrank Golden, on Jul 11 2006, 12:41 PM, said:

found some hidden files outside /home/dev/.static/dev/./dev/.initramfs/dev/.udev/dev/.initramfs-tools /etc/.pwd.lock/etc/.javaand one unknown GnuPG 1.4.2.2Don't see log in /var/log
About the underlined stuff:http://www.ubuntufor...hlight=rkhunter :thumbsdown:

Posted Image


#120 OFFLINE   Frank Golden

Frank Golden

    Migrant Nuclear Worker

  • Forum MVP
  • 1,516 posts

Posted 11 July 2006 - 07:34 PM

View PostUrmas, on Jul 11 2006, 05:28 PM, said:

About the underlined stuff:http://www.ubuntufor...hlight=rkhunter :thumbsdown:
Thanks Urmas,    Didn't think there was a problem.I run a tight ship so to speak, would have been very surprised if rkhunter had found any realproblems.
Frank Golden

Acer Aspire as5672WLMi, Core 2 Duo Merom (T7200/2.0 GHz) Centrino, 500 GB Seagate Momentus 7200 rpm (SATA) HDD,   4 GB Corsair DDR2-PC5300 ram, ATi Radeon X1400 (128 MB built-in vram/384 MB system ram),
Win 7 Home Premium | Ubuntu 10.04 LTS  & Ultimate Edition 2.8 | Mandriva 2010.2 Gnome | PCLinuxOS 2010 Gnome & KDE ]
Registered Linux User #423741
Registered Ubuntu User # 6235


"Any sufficiently advanced technology is indistinguishable from magic"-Arthur C. Clarke

#121 OFFLINE   charlie

charlie

    Message Mogul

  • Members
  • PipPipPipPipPip
  • 428 posts

Posted 12 July 2006 - 10:55 AM

Used rkhunter on my two regular OS's  Mandriva 2006 and Ubuntu 6.06  I found error messages in both systems. did '/usr/local/bin/rkhunter --update '  and then /usr/local/bin/rkhunter -c   Both commands were run as root Listed are the results.....................Mandriva 2006
* Application version scan   - GnuPG 1.4.2.2											[ OK ]   - OpenSSL 0.9.7g										   [ Vulnerable ]   - Procmail MTA 3.22										[ OK ]MD5MD5 compared: 0Incorrect MD5 checksums: 0File scanScanned files: 342Possible infected files: 0Application scanVulnerable applications: 1Scanning took 183 seconds
And Ubuntu  
* Filesystem checks   Checking /dev for suspicious files...					  [ OK ]   Scanning for hidden files...							   [ Warning! ]--------------- /dev/.static/dev/.udev/dev/.initramfs/dev/.initramfs-tools /etc/.pwd.lock/etc/.java---------------Please inspect:  /dev/.static (directory)  /dev/.udev (directory)  /dev/.initramfs (directory)  /etc/.java (directory)
In both cases what should I be looking forCharlie

#122 OFFLINE   Bruno

Bruno

    Le Professeur Pingouin

  • Admin Emeritus
  • 37,904 posts

Posted 12 July 2006 - 01:06 PM

Hi CharlieBoth those outputs look okay . . . . . it is the standard kind of warnings you get with those 2 distros . . . . Congrats, you can sleep without worries :DB) Bruno




2 user(s) are reading this topic

0 members, 2 guests, 0 anonymous users