possible rootkit (false possitive???)
up vote
1
down vote
favorite
good day:
when I do a rkhunter --check shows me that I have possible rootkits:
/usr/bin/rkhunter: 14795: [: /usr/lib/firefox/firefox: unexpected operator
/usr/bin/rkhunter: 14795: [: /usr/lib/firefox/firefox: unexpected operator
/usr/bin/rkhunter: 14795: [: /usr/bin/konsole: unexpected operator
Checking for suspicious (large) shared memory segments [ Warning ]
In /var/log/rkhunter.log show me this:
Warning: The following suspicious (large) shared memory segments have been found:
[21:17:06] Process: /usr/lib/firefox/firefox (deleted) PID: 9750 Owner: louie Size: 4,0MB (configured size allowed: 1,0MB)
[21:17:07] Process: /usr/lib/firefox/firefox (deleted) PID: 9750 Owner: louie Size: 4,0MB (configured size allowed: 1,0MB)
[21:17:07] Process: /usr/bin/konsole (deleted) PID: 11415 Owner: louie Size: 1,7MB (configured size allowed: 1,0MB)
With Chkrootkit only show me an infection: "tcpd" I have read in several places that it is a false positive.
Rkhunter can also be false positives? Thanks.
kde5 rootkit rkhunter chkrootkit
add a comment |
up vote
1
down vote
favorite
good day:
when I do a rkhunter --check shows me that I have possible rootkits:
/usr/bin/rkhunter: 14795: [: /usr/lib/firefox/firefox: unexpected operator
/usr/bin/rkhunter: 14795: [: /usr/lib/firefox/firefox: unexpected operator
/usr/bin/rkhunter: 14795: [: /usr/bin/konsole: unexpected operator
Checking for suspicious (large) shared memory segments [ Warning ]
In /var/log/rkhunter.log show me this:
Warning: The following suspicious (large) shared memory segments have been found:
[21:17:06] Process: /usr/lib/firefox/firefox (deleted) PID: 9750 Owner: louie Size: 4,0MB (configured size allowed: 1,0MB)
[21:17:07] Process: /usr/lib/firefox/firefox (deleted) PID: 9750 Owner: louie Size: 4,0MB (configured size allowed: 1,0MB)
[21:17:07] Process: /usr/bin/konsole (deleted) PID: 11415 Owner: louie Size: 1,7MB (configured size allowed: 1,0MB)
With Chkrootkit only show me an infection: "tcpd" I have read in several places that it is a false positive.
Rkhunter can also be false positives? Thanks.
kde5 rootkit rkhunter chkrootkit
rkhunter does indeed encounter false positives, notablytcpd
– Nonny Moose
Jun 6 at 1:59
add a comment |
up vote
1
down vote
favorite
up vote
1
down vote
favorite
good day:
when I do a rkhunter --check shows me that I have possible rootkits:
/usr/bin/rkhunter: 14795: [: /usr/lib/firefox/firefox: unexpected operator
/usr/bin/rkhunter: 14795: [: /usr/lib/firefox/firefox: unexpected operator
/usr/bin/rkhunter: 14795: [: /usr/bin/konsole: unexpected operator
Checking for suspicious (large) shared memory segments [ Warning ]
In /var/log/rkhunter.log show me this:
Warning: The following suspicious (large) shared memory segments have been found:
[21:17:06] Process: /usr/lib/firefox/firefox (deleted) PID: 9750 Owner: louie Size: 4,0MB (configured size allowed: 1,0MB)
[21:17:07] Process: /usr/lib/firefox/firefox (deleted) PID: 9750 Owner: louie Size: 4,0MB (configured size allowed: 1,0MB)
[21:17:07] Process: /usr/bin/konsole (deleted) PID: 11415 Owner: louie Size: 1,7MB (configured size allowed: 1,0MB)
With Chkrootkit only show me an infection: "tcpd" I have read in several places that it is a false positive.
Rkhunter can also be false positives? Thanks.
kde5 rootkit rkhunter chkrootkit
good day:
when I do a rkhunter --check shows me that I have possible rootkits:
/usr/bin/rkhunter: 14795: [: /usr/lib/firefox/firefox: unexpected operator
/usr/bin/rkhunter: 14795: [: /usr/lib/firefox/firefox: unexpected operator
/usr/bin/rkhunter: 14795: [: /usr/bin/konsole: unexpected operator
Checking for suspicious (large) shared memory segments [ Warning ]
In /var/log/rkhunter.log show me this:
Warning: The following suspicious (large) shared memory segments have been found:
[21:17:06] Process: /usr/lib/firefox/firefox (deleted) PID: 9750 Owner: louie Size: 4,0MB (configured size allowed: 1,0MB)
[21:17:07] Process: /usr/lib/firefox/firefox (deleted) PID: 9750 Owner: louie Size: 4,0MB (configured size allowed: 1,0MB)
[21:17:07] Process: /usr/bin/konsole (deleted) PID: 11415 Owner: louie Size: 1,7MB (configured size allowed: 1,0MB)
With Chkrootkit only show me an infection: "tcpd" I have read in several places that it is a false positive.
Rkhunter can also be false positives? Thanks.
kde5 rootkit rkhunter chkrootkit
kde5 rootkit rkhunter chkrootkit
edited Nov 22 at 22:22
abu_bua
3,03881023
3,03881023
asked Jun 5 at 19:35
louiesanchezdj
9218
9218
rkhunter does indeed encounter false positives, notablytcpd
– Nonny Moose
Jun 6 at 1:59
add a comment |
rkhunter does indeed encounter false positives, notablytcpd
– Nonny Moose
Jun 6 at 1:59
rkhunter does indeed encounter false positives, notably
tcpd
– Nonny Moose
Jun 6 at 1:59
rkhunter does indeed encounter false positives, notably
tcpd
– Nonny Moose
Jun 6 at 1:59
add a comment |
active
oldest
votes
active
oldest
votes
active
oldest
votes
active
oldest
votes
active
oldest
votes
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2faskubuntu.com%2fquestions%2f1043922%2fpossible-rootkit-false-possitive%23new-answer', 'question_page');
}
);
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
rkhunter does indeed encounter false positives, notably
tcpd
– Nonny Moose
Jun 6 at 1:59