[Risolto] [Kernel] scansione rkhunter

[MixEnd]

ciao a tutti,
rkhunter mi restituisce questi "warning":

Codice: Seleziona tutto

/usr/bin/sudo                                            [ Warning ]
/usr/sbin/unhide                                         [ Warning ]
/usr/sbin/unhide-linux26                                 [ Warning ]
Checking /dev for suspicious file types                  [ Warning ]

Codice: Seleziona tutto

File properties checks...
    Files checked: 127
    Suspect files: 3

Rootkit checks...
    Rootkits checked : 109
    Possible rootkits: 0

Applications checks...
    Applications checked: 3
    Suspect applications: 0

devo preoccuparmi?
posto anche output di chkrootkit:

Codice: Seleziona tutto

ROOTDIR is `/'
Checking `amd'... not found
Checking `basename'... not infected
Checking `biff'... not found
Checking `chfn'... not infected
Checking `chsh'... not infected
Checking `cron'... not infected
Checking `crontab'... not infected
Checking `date'... not infected
Checking `du'... not infected
Checking `dirname'... not infected
Checking `echo'... not infected
Checking `egrep'... not infected
Checking `env'... not infected
Checking `find'... not infected
Checking `fingerd'... not found
Checking `gpm'... not found
Checking `grep'... not infected
Checking `hdparm'... not infected
Checking `su'... not infected
Checking `ifconfig'... not infected
Checking `inetd'... not infected
Checking `inetdconf'... not infected
Checking `identd'... not found
Checking `init'... not infected
Checking `killall'... not infected
Checking `ldsopreload'... not infected
Checking `login'... not infected
Checking `ls'... not infected
Checking `lsof'... not infected
Checking `mail'... not infected
Checking `mingetty'... not found
Checking `netstat'... not infected
Checking `named'... not found
Checking `passwd'... not infected
Checking `pidof'... not infected
Checking `pop2'... not found
Checking `pop3'... not found
Checking `ps'... not infected
Checking `pstree'... not infected
Checking `rpcinfo'... not infected
Checking `rlogind'... not found
Checking `rshd'... not found
Checking `slogin'... not infected
Checking `sendmail'... not infected
Checking `sshd'... not found
Checking `syslogd'... not infected
Checking `tar'... not infected
Checking `tcpd'... not infected
Checking `tcpdump'... not infected
Checking `top'... not infected
Checking `telnetd'... not found
Checking `timed'... not found
Checking `traceroute'... not found
Checking `vdir'... not infected
Checking `w'... not infected
Checking `write'... not infected
Checking `aliens'... no suspect files
Searching for sniffer's logs, it may take a while... nothing found
Searching for HiDrootkit's default dir... nothing found
Searching for t0rn's default files and dirs... nothing found
Searching for t0rn's v8 defaults... nothing found
Searching for Lion Worm default files and dirs... nothing found
Searching for RSHA's default files and dir... nothing found
Searching for RH-Sharpe's default files... nothing found
Searching for Ambient's rootkit (ark) default files and dirs... nothing found
Searching for suspicious files and dirs, it may take a while... 
/usr/lib/firefox-3.0.6/.autoreg /usr/lib/xulrunner-1.9.0.6/.autoreg /lib/init/rw/.ramfs /lib/modules/fglrx/build_mod/2.6.x/.libfglrx_ip.a.GCC4.cmd /lib/modules/fglrx/build_mod/2.6.x/.tmp_versions /lib/modules/fglrx/build_mod/2.6.x/.firegl_public.o.cmd /lib/modules/fglrx/build_mod/2.6.x/.kcl_acpi.o.cmd /lib/modules/fglrx/build_mod/2.6.x/.kcl_agp.o.cmd /lib/modules/fglrx/build_mod/2.6.x/.kcl_debug.o.cmd /lib/modules/fglrx/build_mod/2.6.x/.kcl_ioctl.o.cmd /lib/modules/fglrx/build_mod/2.6.x/.kcl_io.o.cmd /lib/modules/fglrx/build_mod/2.6.x/.kcl_pci.o.cmd /lib/modules/fglrx/build_mod/2.6.x/.kcl_str.o.cmd /lib/modules/fglrx/build_mod/2.6.x/.kcl_wait.o.cmd /lib/modules/fglrx/build_mod/2.6.x/.fglrx.o.cmd /lib/modules/fglrx/build_mod/2.6.x/.fglrx.mod.o.cmd /lib/modules/fglrx/build_mod/2.6.x/.fglrx.ko.cmd /lib/modules/2.6.27-11-generic/volatile/.mounted
/lib/modules/fglrx/build_mod/2.6.x/.tmp_versions
Searching for LPD Worm files and dirs... nothing found
Searching for Ramen Worm files and dirs... nothing found
Searching for Maniac files and dirs... nothing found
Searching for RK17 files and dirs... nothing found
Searching for Ducoci rootkit... nothing found
Searching for Adore Worm... nothing found
Searching for ShitC Worm... nothing found
Searching for Omega Worm... nothing found
Searching for Sadmind/IIS Worm... nothing found
Searching for MonKit... nothing found
Searching for Showtee... nothing found
Searching for OpticKit... nothing found
Searching for T.R.K... nothing found
Searching for Mithra... nothing found
Searching for LOC rootkit... nothing found
Searching for Romanian rootkit... nothing found
Searching for Suckit rootkit... nothing found
Searching for Volc rootkit... nothing found
Searching for Gold2 rootkit... nothing found
Searching for TC2 Worm default files and dirs... nothing found
Searching for Anonoying rootkit default files and dirs... nothing found
Searching for ZK rootkit default files and dirs... nothing found
Searching for ShKit rootkit default files and dirs... nothing found
Searching for AjaKit rootkit default files and dirs... nothing found
Searching for zaRwT rootkit default files and dirs... nothing found
Searching for Madalin rootkit default files... nothing found
Searching for Fu rootkit default files... nothing found
Searching for ESRK rootkit default files... nothing found
Searching for rootedoor... nothing found
Searching for ENYELKM rootkit default files... nothing found
Searching for common ssh-scanners default files... nothing found
Searching for suspect PHP files... nothing found
Searching for anomalies in shell history files... nothing found
Checking `asp'... not infected
Checking `bindshell'... not infected
Checking `lkm'... chkproc: nothing detected
chkdirs: nothing detected
Checking `rexedcs'... not found
Checking `sniffer'... lo: not promisc and no packet sniffer sockets
eth1: PACKET SNIFFER(/sbin/dhclient3[7438])
Checking `w55808'... not infected
Checking `wted'... chkwtmp: nothing deleted
Checking `scalper'... not infected
Checking `slapper'... not infected

grazie mille

[MixEnd]

up 

[MixEnd]

up!  ::)

[Guiodic]

devo preoccuparmi?

No.

[AirPort]

Unhide tra l'altro lo installa proprio rkhunter! Comunque, come ti segnala anche lui, sono solo warning e non rootkit, nel senso che, eventualmente, potrebbero essere stati installati da un eventuale malware. Nel tuo caso è tutto normale. Tieni comunque presente che rkhunter è pensato più per i server, che sono naturalmente molto più vulnerabili a quel genere di problemi rispetto a un sistema desktop. Ti consiglio di leggere il link nella firma di Guiodic, a me ha aiutato molto.

[Mozo]

Inoltre, se leggi ciò che hai postato:

Possible rootkits: 0

Suspect applications: 0

e tutti i vari

...not infected
...not found
...no suspect files
...nothing found
...not promisc and no packet sniffer sockets

Tutto negativo. 

[MixEnd]

ok grazie mille
pensavo anch'io non ci fosse niente da preoccuparsi ma è sempre meglio chiedere.
ciao e grazie ancora a tutti