understanding chkrootkit and rkhunter logs
- From: acattelan@xxxxxxxxx
- Date: 8 May 2007 09:56:10 -0000
Hi,
I'm sorry for asking a totally newbie question but I haven't found an answer to this. I'm really curious and concerned about what is reported by the chkrootkit and rkhunter on my Debian Etch home server.
Here's what I get when I run them:
CHKROOTKIT:
Searching for suspicious files and dirs, it may take a while...
/usr/lib/xulrunner/.autoreg
/lib/init/rw/.ramfs
Checking `sniffer'... lo: not promisc and no packet sniffer sockets
eth0: PACKET SNIFFER(/sbin/dhclient[2181])
In the system mail I also get this:
/etc/cron.daily/chkrootkit:
The following suspicious files and directories were found:
/usr/lib/xulrunner/.autoreg
/lib/init/rw/.ramfs
eth0: PACKET SNIFFER(/sbin/dhclient[2136])
RKHUNTER reports this:
* Filesystem checks
Checking /dev for suspicious files... [ OK ]
Scanning for hidden files... [ Warning! ]
---------------
/etc/.pwd.lock /dev/.static
/dev/.udev
/dev/.initramfs
/dev/.initramfs-tools
---------------
Please inspect: /dev/.static (directory) /dev/.udev (directory) /dev/.initramfs (directory)
Is this something to be worried about? How can I investigate further into these two issues?
Thanks,
Ale.
- Follow-Ups:
- Re: understanding chkrootkit and rkhunter logs
- From: Clinton E. Troutman
- Re: understanding chkrootkit and rkhunter logs
- From: Juergen Repolusk
- Re: understanding chkrootkit and rkhunter logs
- From: Oren Held
- Re: understanding chkrootkit and rkhunter logs
- From: SZTANYIK Bence Tamas
- Re: understanding chkrootkit and rkhunter logs
- Next by Date: Center for Internet Security - Call for Participation
- Next by thread: Re: understanding chkrootkit and rkhunter logs
- Index(es):
