rkhunter warnings [RESOLVIDO]

biggycheese
(usa Linux Mint)

Enviado em 23/06/2014 - 06:13h

passei o rkhunter e veio com alguns warnings, segue abaixo o log, será necessário alguma medida de segurança?

[06:06:31]
[06:06:31] Info: Starting test name 'network'
[06:06:31] Checking the network...
[06:06:31]
[06:06:31] Performing checks on the network ports
[06:06:31] Info: Starting test name 'ports'
[06:06:31] Performing check for backdoor ports
[06:06:31] Checking for TCP port 1524 [ Not found ]
[06:06:31] Checking for TCP port 1984 [ Not found ]
[06:06:31] Checking for UDP port 2001 [ Not found ]
[06:06:31] Checking for TCP port 2006 [ Not found ]
[06:06:31] Checking for TCP port 2128 [ Not found ]
[06:06:31] Checking for TCP port 6666 [ Not found ]
[06:06:32] Checking for TCP port 6667 [ Not found ]
[06:06:32] Checking for TCP port 6668 [ Not found ]
[06:06:32] Checking for TCP port 6669 [ Not found ]
[06:06:32] Checking for TCP port 7000 [ Not found ]
[06:06:32] Checking for TCP port 13000 [ Not found ]
[06:06:32] Checking for TCP port 14856 [ Not found ]
[06:06:32] Checking for TCP port 25000 [ Not found ]
[06:06:32] Checking for TCP port 29812 [ Not found ]
[06:06:32] Checking for TCP port 31337 [ Not found ]
[06:06:32] Checking for TCP port 32982 [ Not found ]
[06:06:32] Checking for TCP port 33369 [ Not found ]
[06:06:32] Checking for TCP port 47107 [ Not found ]
[06:06:32] Checking for TCP port 47018 [ Not found ]
[06:06:32] Checking for TCP port 60922 [ Not found ]
[06:06:32] Checking for TCP port 62883 [ Not found ]
[06:06:32] Checking for TCP port 65535 [ Not found ]
[06:06:32] Checking for backdoor ports [ None found ]
[06:06:32]
[06:06:32] Info: Starting test name 'hidden_ports'
[06:06:32] Checking for hidden ports [ Skipped ]
[06:06:32] Info: Unable to find the 'unhide-tcp' command
[06:06:32]
[06:06:32] Performing checks on the network interfaces
[06:06:32] Info: Starting test name 'promisc'
[06:06:33] Checking for promiscuous interfaces [ None found ]
[06:06:33]
[06:06:33] Info: Test 'packet_cap_apps' disabled at users request.
[06:06:33]
[06:06:33] Info: Starting test name 'local_host'
[06:06:33] Checking the local host...
[06:06:33]
[06:06:33] Info: Starting test name 'startup_files'
[06:06:33] Performing system boot checks
[06:06:33] Checking for local host name [ Found ]
[06:06:33]
[06:06:33] Info: Starting test name 'startup_malware'
[06:06:33] Checking for system startup files [ Found ]
[06:06:34] Checking system startup files for malware [ None found ]
[06:06:34]
[06:06:34] Info: Starting test name 'group_accounts'
[06:06:34] Performing group and account checks
[06:06:34] Checking for passwd file [ Found ]
[06:06:34] Info: Found password file: /etc/passwd
[06:06:34] Checking for root equivalent (UID 0) accounts [ None found ]
[06:06:34] Info: Found shadow file: /etc/shadow
[06:06:34] Checking for passwordless accounts [ None found ]
[06:06:34]
[06:06:34] Info: Starting test name 'passwd_changes'
[06:06:34] Checking for passwd file changes [ None found ]
[06:06:34]
[06:06:34] Info: Starting test name 'group_changes'
[06:06:34] Checking for group file changes [ None found ]
[06:06:34] Checking root account shell history files [ None found ]
[06:06:34]
[06:06:34] Info: Starting test name 'system_configs'
[06:06:34] Performing system configuration file checks
[06:06:34] Checking for SSH configuration file [ Not found ]
[06:06:34] Checking for running syslog daemon [ Found ]
[06:06:34] Info: Found rsyslog configuration file: /etc/rsyslog.conf
[06:06:34] Checking for syslog configuration file [ Found ]
[06:06:34] Checking if syslog remote logging is allowed [ Not allowed ]
[06:06:34]
[06:06:34] Info: Starting test name 'filesystem'
[06:06:34] Performing filesystem checks
[06:06:34] Info: SCAN_MODE_DEV set to 'THOROUGH'
[06:06:34] Checking /dev for suspicious file types [ Warning ]
[06:06:34] Warning: Suspicious file types found in /dev:
[06:06:34] /dev/.udev/rules.d/root.rules: ASCII text
[06:06:35] Checking for hidden files and directories [ Warning ]
[06:06:35] Warning: Hidden directory found: '/etc/.java'
[06:06:35] Warning: Hidden directory found: '/dev/.udev'
[06:06:35] Warning: Hidden file found: /dev/.initramfs: symbolic link to `/run/initramfs'
[06:06:38]
[06:06:38] Info: Test 'apps' disabled at users request.
[06:06:38]
[06:06:38] System checks summary
[06:06:38] =====================
[06:06:38]
[06:06:38] File properties checks...
[06:06:38] Files checked: 132
[06:06:38] Suspect files: 4
[06:06:38]
[06:06:38] Rootkit checks...
[06:06:38] Rootkits checked : 292
[06:06:38] Possible rootkits: 0
[06:06:38]
[06:06:38] Applications checks...
[06:06:38] All checks skipped
[06:06:38]
[06:06:38] The system checks took: 201 minutes and 34 seconds
[06:06:38]
[06:06:38] Info: End date is Seg Jun 23 06:06:38 BRT 2014

removido
(usa Nenhuma)

Enviado em 23/06/2014 - 12:22h

Para exibir todos os "Warnings" de forma mais sucinta use o seguinte comando:

# cat /var/log/rkhunter.log | grep Warning

Aparentemente não há com que se preocupar não!

Obs: Sempre que instalar novos programas faça uma atualização do banco de dados do rkhunter:

# rkhunter --propupd

albfneto
(usa openSUSE)

Enviado em 23/06/2014 - 14:53h

não parece haver nada, os arquivos "suspeitos" são normais, de Java e Udev.

biggycheese
(usa Linux Mint)

Enviado em 23/06/2014 - 16:34h

Obrigado pelas dicas!! me ajudou muito aqui.