Jump to content
Scot's Newsletter Forums
Sign in to follow this  
Bruno

Rootkit Hunter

Recommended Posts

Once every month will do Shamgar . . . .and if you suspect something fishy going on with your system and expect that it is compromised ( cracked :D ):thumbsup: Bruno

Share this post


Link to post
Share on other sites
24 May - Version 1.2.7 availableA new version with another update for the databases updater and additional OS support.[url="http://www.rootkit.nl/"]http://www.rootkit.nl/[/url]

Share this post


Link to post
Share on other sites
Where [u]is[/u] the log file for this thing after you run it? When I type whereis logfile, it indicates it should be in my home, but [u]where[/u]? When I enter "whereis rkhunter" I get: /usr/sbin/rkhunter /etc/rkhunter.conf /lib/rkhunter but in looking in these places, there is no logfile there that I can see.Not to hijack this thread, but this points up a fundamental problem I have run into in Linux: I cannot find things I am looking for. Is there some better way, than using "whereis"?Thank you.Bill Edited by BillD

Share this post


Link to post
Share on other sites
Hi BillDid you have a look at the output on your screen ?? At the end it says:[quote]---------------------------- Scan results ----------------------------MD5MD5 compared: 38Incorrect MD5 checksums: 0File scanScanned files: 342Possible infected files: 0Application scanVulnerable applications: 0Scanning took 130 seconds[color="red"][b]Scan results written to logfile (/var/log/rkhunter.log)[/b][/color]-----------------------------------------------------------------------[/quote];):thumbsup: BrunoPS: I just created a special thread for questions about the Newsletter & Linux Explorer: [url="http://forums.scotsnewsletter.com/index.php?showtopic=15774"]http://forums.scotsnewsletter.com/index.php?showtopic=15774[/url] please post your comments over there :hysterical:

Share this post


Link to post
Share on other sites
That was obvious. :hysterical:

Share this post


Link to post
Share on other sites
As I told Bruno, it pays to read. I had been so busy looking at the stuff as it scrolled down the screen and wondering what a red warning was and also what the yellow on white stuff was, that by the time it reached the end, I failed to note the end. After finding the original log, I tried it again, and of course, there was the notice.Thank you . . . sorry to ask something that should have been obvious . . . but wasn't to me!Bill

Share this post


Link to post
Share on other sites
It happens to all of us Bill, including me. :P You should hear me sometimes yelling at my self 'you stupid %$##*:++_), are you blind?' Just last friday I forgot to get in as root before doing a simple /sbin/lilo.... :w00t: never happened before. :thumbsup: We're just human. :hysterical:

Share this post


Link to post
Share on other sites
[color="#C0C0C0"]pssst Julia ... the others don't have the guts to admit ... ;) [/color]

Share this post


Link to post
Share on other sites
There is no point in me not admiting it. If you go back through this forum to three years ago (yikes already 3 years???) you will find threads where I asked 1000 questions and did a lot of dumb things! I can usually go awhile without doing something dumb these days. :D :(

Share this post


Link to post
Share on other sites

Share this post


Link to post
Share on other sites
[quote name='striker' post='192492' date='Jul 11 2006, 03:21 AM']:D :([/quote]Neat tool No GUI but I made launcher for program. Terminal shuts down at end of scan.But I can see problems before it does. If I see problems I can always re-runin terminal proper.found some hidden files outside /home/dev/.static/dev/./dev/.initramfs/dev/.udev/dev/.initramfs-tools /etc/.pwd.lock/etc/.javaand one unknown GnuPG 1.4.2.2Don't see log in /var/log

Share this post


Link to post
Share on other sites
[quote name='Frank Golden' post='192500' date='Jul 11 2006, 11:41 AM']Neat tool No GUI but I made launcher for program. Terminal shuts down at end of scan.But I can see problems before it does. If I see problems I can always re-runin terminal proper.found some hidden files outside /home/dev/.static/dev/./dev/.initramfs/dev/.udev/dev/.initramfs-tools /etc/.pwd.lock/etc/.javaand one unknown GnuPG 1.4.2.2Don't see log in /var/log[/quote]Frank, Try this:rkhunter -c --createlogfile --nocolorsThis checks the system, performs all tests,creates a logfile in /var/log/rkhunter.log, anddoesn't use colors for the output (some terminals don't like colors or extended layout characters).

Share this post


Link to post
Share on other sites
[quote name='striker' post='192504' date='Jul 11 2006, 07:23 AM']Frank, Try this:rkhunter -c --createlogfile --nocolorsThis checks the system, performs all tests,creates a logfile in /var/log/rkhunter.log, anddoesn't use colors for the output (some terminals don't like colors or extended layout characters).[/quote] Thanks Striker worked charm. Didn't need --nocolors, terminal has no problem colors etc.

Share this post


Link to post
Share on other sites
[quote name='Frank Golden' post='192500' date='Jul 11 2006, 12:41 PM']found some hidden files outside /home[u]/dev/.static[/u]/dev/.[u]/dev/.initramfs[/u][u]/dev/.udev[/u][u]/dev/.initramfs-tools /etc/.pwd.lock[/u]/etc/.javaand one unknown GnuPG 1.4.2.2Don't see log in /var/log[/quote]About the underlined stuff:[url="http://www.ubuntuforums.org/showthread.php?t=199157&highlight=rkhunter"]http://www.ubuntuforums.org/showthread.php...hlight=rkhunter[/url] :thumbsdown:

Share this post


Link to post
Share on other sites
[quote name='Urmas' post='192574' date='Jul 11 2006, 05:28 PM']About the underlined stuff:[url="http://www.ubuntuforums.org/showthread.php?t=199157&highlight=rkhunter"]http://www.ubuntuforums.org/showthread.php...hlight=rkhunter[/url] :thumbsdown:[/quote]Thanks Urmas, Didn't think there was a problem.I run a tight ship so to speak, would have been very surprised if rkhunter had found any realproblems.

Share this post


Link to post
Share on other sites
Used rkhunter on my two regular OS's Mandriva 2006 and Ubuntu 6.06 I found error messages in both systems. did '/usr/local/bin/rkhunter --update ' and then /usr/local/bin/rkhunter -c Both commands were run as root Listed are the results.....................Mandriva 2006[code]* Application version scan - GnuPG 1.4.2.2 [ OK ] - OpenSSL 0.9.7g [ Vulnerable ] - Procmail MTA 3.22 [ OK ]MD5MD5 compared: 0Incorrect MD5 checksums: 0File scanScanned files: 342Possible infected files: 0Application scanVulnerable applications: 1Scanning took 183 seconds[/code]And Ubuntu [code]* Filesystem checks Checking /dev for suspicious files... [ OK ] Scanning for hidden files... [ Warning! ]--------------- /dev/.static/dev/.udev/dev/.initramfs/dev/.initramfs-tools /etc/.pwd.lock/etc/.java---------------Please inspect: /dev/.static (directory) /dev/.udev (directory) /dev/.initramfs (directory) /etc/.java (directory)[/code]In both cases what should I be looking forCharlie

Share this post


Link to post
Share on other sites
Hi CharlieBoth those outputs look okay . . . . . it is the standard kind of warnings you get with those 2 distros . . . . Congrats, you can sleep without worries :DB) Bruno

Share this post


Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...
Sign in to follow this  

×
×
  • Create New...