Ubuntu Suomen keskustelualueet
Ubuntun käyttö => Asentaminen ja käyttöönotto => Aiheen aloitti: Mummeli - 26.11.07 - klo:11.28
-
Tämä nyt saattaa olla tosi tyhmä juttu, vaan kun ei ymmärrä.
Olen käynyt koneen läpi rkhunterilla, koska koneessa on tuntunut mielestäni olevan ylimääräistä toimintaa.
Tuossa osa tarkistuslistasta:
Checking for local host name [ Found ]
Checking for local startup files [ Found ]
Checking local startup files for malware [ None found ]
Checking system startup files for malware [ None found ]
Performing group and account checks
Checking for passwd file [ Found ]
Checking for root equivalent (UID 0) accounts [ None found ]
Checking for passwordless accounts [ None found ]
Checking for passwd file changes [ None found ]
Checking for group file changes [None found ]
Checking root account shell history files [ None found ]
Performing system configuration file checks
Checking for SSH configuration file [ Not found ]
Checking for running syslog daemon [ Found ]
Checking for syslog configuration file [ Found ]
Checking if syslog remote logging is allowed [ Not allowed ]
Performing filesystem checks
Checking /dev for suspicious file types [ None found ]
Checking for hidden files and directories [ Warning ]
One or more warnings have been found while checking the system.
Please check the log file (/var/log/rkhunter.log)
Ei kai tuo tarkoita sitä, että minulla on jotain hämärää koneellani? Jos on, niin mitä siinä tapauksessa tehtävissä? Tarvitsisin yksinkertaiset ohjeet, jos jotain on syytä tehdä.
Kiitos vastauksesta.
-
Voitko lähettää vielä tuon /var/log/rkhunter.log tiedoston sisällön?
-
Mitä sanoo tuo ehdotettu rkhunter.log?
-
Voitko lähettää vielä tuon /var/log/rkhunter.log tiedoston sisällön?
Mitä sanoo tuo ehdotettu rkhunter.log
Anteeksi tyhmyyteni, mutta miten saan näkyviin tiedoston sisällön?
-
esim. päätteessä komentaen
cat /var/log/rkhunter.log
-
Tervehdys.
Asensin rkhunterin koneeseen.
Mistä se laitetaan käyntiin asennuksen jälkeen?
Sitä nimittäin ei löydy mistään.
ubuntu 7.10 käytössä.
-
komenna päätteessä
sudo rkhunteranna salasana, älä huolehdi, sitä ei näy kirjoitettaessa :) ja enter
-
esim. päätteessä komentaen
cat /var/log/rkhunter.log
Tuossa tuo sisältö siitä lähtien, kun ensimmäinen found esiintyi:
Performing system boot checks
[11:17:10] Info: Starting test name 'startup_files'
[11:17:10] Checking for local host name [ Found ]
[11:17:10] Info: Starting test name 'startup_malware'
[11:17:10] Info: Found local startup file: /etc/rc.local
[11:17:11] Info: Found local startup file: /etc/inittab
[11:17:11] Checking for local startup files [ Found ]
[11:17:11] Checking local startup files for malware [ None found ]
[11:17:11] Info: Found system startup directory: /etc/init.d
[11:17:13] Checking system startup files for malware [ None found ]
[11:17:13]
[11:17:13] Performing group and account checks
[11:17:13] Info: Starting test name 'group_accounts'
[11:17:13] Checking for passwd file [ Found ]
[11:17:13] Info: Found password file: /etc/passwd
[11:17:13] Checking for root equivalent (UID 0) accounts [ None found ]
[11:17:13] Info: Found shadow file: /etc/shadow
[11:17:13] Checking for passwordless accounts [ None found ]
[11:17:13] Info: Starting test name 'passwd_changes'
[11:17:13] Checking for passwd file changes [ None found ]
[11:17:13] Info: Starting test name 'group_changes'
[11:17:13] Checking for group file changes [ None found ]
[11:17:13] Checking root account shell history files [ None found ]
[11:17:13]
[11:17:13] Performing system configuration file checks
[11:17:13] Info: Starting test name 'system_configs'
[11:17:14] Checking for SSH configuration file [ Not found ]
[11:17:14] Checking for running syslog daemon [ Found ]
[11:17:14] Checking for syslog configuration file [ Found ]
[11:17:14] Info: Found syslog configuration file: /etc/syslog.conf
[11:17:14] Checking if syslog remote logging is allowed [ Not allowed ]
[11:17:14]
[11:17:14] Performing filesystem checks
[11:17:14] Info: Starting test name 'filesystem'
[11:17:14] Info: SCAN_MODE_DEV set to 'THOROUGH'
[11:17:29] Checking /dev for suspicious file types [ None found ]
[11:17:30] Checking for hidden files and directories [ Warning ]
[11:17:30] Warning: Hidden directory found: /etc/.java
[11:17:30] Warning: Hidden directory found: /dev/.static
[11:17:30] Warning: Hidden directory found: /dev/.udev
[11:17:30] Warning: Hidden directory found: /dev/.initramfs
[11:18:43]
[11:18:43] Checking application versions...
[11:18:44] Info: Starting test name 'apps'
[11:18:44] Checking version of Exim MTA [ OK ]
[11:18:44] Info: Application 'exim' version '4.67' found.
[11:18:45] Checking version of GnuPG [ OK ]
[11:18:45] Info: Application 'gpg' version '1.4.6' found.
[11:18:45] Info: Application 'httpd' not found.
[11:18:45] Info: Application 'named' not found.
[11:18:45] Checking version of OpenSSL [ OK ]
[11:18:45] Info: Application 'openssl' version '0.9.8e' found.
[11:18:45] Info: Application 'php' not found.
[11:18:45] Info: Application 'procmail' not found.
[11:18:45] Info: Application 'proftpd' not found.
[11:18:45] Info: Application 'sshd' not found.
[11:18:45] Info: Applications checked: 3 out of 9
[11:18:45]
[11:18:45] System checks summary
[11:18:45] =====================
[11:18:45]
[11:18:45] File properties checks...
[11:18:45] Files checked: 122
[11:18:45] Suspect files: 0
[11:18:45]
[11:18:45] Rootkit checks...
[11:18:45] Rootkits checked : 109
[11:18:45] Possible rootkits: 0
[11:18:45]
[11:18:45] Applications checks...
[11:18:45] Applications checked: 3
[11:18:45] Suspect applications: 0
[11:18:45]
[11:18:45] The system checks took: 2 minutes and 31 seconds
[11:18:45]
[11:18:45] Info: End date is ma 26.11.2007 11:18:45 +0200
Kaikki ilmeisesti kunnossa???
Kiitos vastauksista!
-
Kiitos kaikille avusta .