[Risolto] "rkhunter" mi segnala 4 file sospetti

Ciao a tutti, ho appena installato fedora 21 e scansionando il sistema con il programma in oggetto che ha riscontrato 4 file sospetti…qualcuno mi potrebbe dare un occhiata e capire cosa fare? riporto di seguito il log file (/var/log/rkhunter/rkhunter.log):

[root@localhost skiava]# rkhunter --update
 Rootkit Hunter version 1.4.2 ]

Checking rkhunter data files...
  Checking file mirrors.dat                                   Updated ]
  Checking file programs_bad.dat                              Updated ]
  Checking file backdoorports.dat                             No update ]
  Checking file suspscan.dat                                  Updated ]
  Checking file i18n/cn                                       No update ]
  Checking file i18n/de                                       Updated ]
  Checking file i18n/en                                       No update ]
  Checking file i18n/tr                                       Updated ]
  Checking file i18n/tr.utf8                                  Updated ]
  Checking file i18n/zh                                       Updated ]
  Checking file i18n/zh.utf8                                  Updated ]
[root@localhost skiava]# rkhunter --checkall
 Rootkit Hunter version 1.4.2 ]

Checking system commands...

  Performing 'strings' command checks
    Checking 'strings' command                                OK ]

  Performing 'shared libraries' checks
    Checking for preloading variables                         None found ]
    Checking for preloaded libraries                          None found ]
    Checking LD_LIBRARY_PATH variable                         Not found ]

  Performing file properties checks
    Checking for prerequisites                                Warning ]
    /usr/bin/awk                                              OK ]
    /usr/bin/basename                                         OK ]
    /usr/bin/bash                                             OK ]
    /usr/bin/cat                                              OK ]
    /usr/bin/chattr                                           OK ]
    /usr/bin/chmod                                            OK ]
    /usr/bin/chown                                            OK ]
    /usr/bin/cp                                               OK ]
    /usr/bin/curl                                             OK ]
    /usr/bin/cut                                              OK ]
    /usr/bin/date                                             OK ]
    /usr/bin/df                                               OK ]
    /usr/bin/diff                                             OK ]
    /usr/bin/dirname                                          OK ]
    /usr/bin/dmesg                                            OK ]
    /usr/bin/du                                               OK ]
    /usr/bin/echo                                             OK ]
    /usr/bin/egrep                                            Warning ]
    /usr/bin/env                                              OK ]
    /usr/bin/fgrep                                            Warning ]
    /usr/bin/file                                             OK ]
    /usr/bin/find                                             OK ]
    /usr/bin/grep                                             OK ]
    /usr/bin/groups                                           OK ]
    /usr/bin/head                                             OK ]
    /usr/bin/id                                               OK ]
    /usr/bin/kill                                             OK ]
    /usr/bin/killall                                          OK ]
    /usr/bin/last                                             OK ]
    /usr/bin/lastlog                                          OK ]
    /usr/bin/ldd                                              OK ]
    /usr/bin/less                                             OK ]
    /usr/bin/locate                                           OK ]
    /usr/bin/logger                                           OK ]
    /usr/bin/login                                            OK ]
    /usr/bin/ls                                               OK ]
    /usr/bin/lsattr                                           OK ]
    /usr/bin/mail                                             OK ]
    /usr/bin/md5sum                                           OK ]
    /usr/bin/mktemp                                           OK ]
    /usr/bin/more                                             OK ]
    /usr/bin/mount                                            OK ]
    /usr/bin/mv                                               OK ]
    /usr/bin/netstat                                          OK ]
    /usr/bin/newgrp                                           OK ]
    /usr/bin/passwd                                           OK ]
    /usr/bin/perl                                             OK ]
    /usr/bin/pgrep                                            OK ]
    /usr/bin/ping                                             OK ]
    /usr/bin/pkill                                            OK ]
    /usr/bin/ps                                               OK ]
    /usr/bin/pstree                                           OK ]
    /usr/bin/pwd                                              OK ]
    /usr/bin/readlink                                         OK ]
    /usr/bin/rkhunter                                         OK ]
    /usr/bin/rpm                                              OK ]
    /usr/bin/runcon                                           OK ]
    /usr/bin/sed                                              OK ]
    /usr/bin/sh                                               OK ]
    /usr/bin/sha1sum                                          OK ]
    /usr/bin/sha224sum                                        OK ]
    /usr/bin/sha256sum                                        OK ]
    /usr/bin/sha384sum                                        OK ]
    /usr/bin/sha512sum                                        OK ]
    /usr/bin/size                                             OK ]
    /usr/bin/sort                                             OK ]
    /usr/bin/ssh                                              OK ]
    /usr/bin/stat                                             OK ]
    /usr/bin/strings                                          OK ]
    /usr/bin/su                                               OK ]
    /usr/bin/sudo                                             OK ]
    /usr/bin/tail                                             OK ]
    /usr/bin/telnet                                           OK ]
    /usr/bin/test                                             OK ]
    /usr/bin/top                                              OK ]
    /usr/bin/touch                                            OK ]
    /usr/bin/tr                                               OK ]
    /usr/bin/uname                                            OK ]
    /usr/bin/uniq                                             OK ]
    /usr/bin/users                                            OK ]
    /usr/bin/vmstat                                           OK ]
    /usr/bin/w                                                OK ]
    /usr/bin/watch                                            OK ]
    /usr/bin/wc                                               OK ]
    /usr/bin/wget                                             OK ]
    /usr/bin/whatis                                           OK ]
    /usr/bin/whereis                                          OK ]
    /usr/bin/which                                            OK ]
    /usr/bin/who                                              OK ]
    /usr/bin/whoami                                           OK ]
    /usr/bin/gawk                                             OK ]
    /usr/bin/mailx                                            OK ]
    /usr/bin/kmod                                             OK ]
    /usr/bin/systemctl                                        OK ]
    /usr/sbin/adduser                                         OK ]
    /usr/sbin/chkconfig                                       OK ]
    /usr/sbin/chroot                                          OK ]
    /usr/sbin/depmod                                          OK ]
    /usr/sbin/fsck                                            OK ]
    /usr/sbin/fuser                                           OK ]
    /usr/sbin/groupadd                                        OK ]
    /usr/sbin/groupdel                                        OK ]
    /usr/sbin/groupmod                                        OK ]
    /usr/sbin/grpck                                           OK ]
    /usr/sbin/ifconfig                                        OK ]
    /usr/sbin/ifdown                                          Warning ]
    /usr/sbin/ifup                                            Warning ]
    /usr/sbin/init                                            OK ]
    /usr/sbin/insmod                                          OK ]
    /usr/sbin/ip                                              OK ]
    /usr/sbin/lsmod                                           OK ]
    /usr/sbin/lsof                                            OK ]
    /usr/sbin/modinfo                                         OK ]
    /usr/sbin/modprobe                                        OK ]
    /usr/sbin/nologin                                         OK ]
    /usr/sbin/pwck                                            OK ]
    /usr/sbin/rmmod                                           OK ]
    /usr/sbin/route                                           OK ]
    /usr/sbin/runlevel                                        OK ]
    /usr/sbin/sestatus                                        OK ]
    /usr/sbin/sshd                                            OK ]
    /usr/sbin/sulogin                                         OK ]
    /usr/sbin/sysctl                                          OK ]
    /usr/sbin/tcpd                                            OK ]
    /usr/sbin/useradd                                         OK ]
    /usr/sbin/userdel                                         OK ]
    /usr/sbin/usermod                                         OK ]
    /usr/sbin/vipw                                            OK ]
    /usr/lib/systemd/systemd                                  OK ]

[Press <ENTER> to continue]


Checking for rootkits...

  Performing check of known rootkit files and directories
    55808 Trojan - Variant A                                  Not found ]
    ADM Worm                                                  Not found ]
    AjaKit Rootkit                                            Not found ]
    Adore Rootkit                                             Not found ]
    aPa Kit                                                   Not found ]
    Apache Worm                                               Not found ]
    Ambient (ark) Rootkit                                     Not found ]
    Balaur Rootkit                                            Not found ]
    BeastKit Rootkit                                          Not found ]
    beX2 Rootkit                                              Not found ]
    BOBKit Rootkit                                            Not found ]
    cb Rootkit                                                Not found ]
    CiNIK Worm (Slapper.B variant)                            Not found ]
    Danny-Boy's Abuse Kit                                     Not found ]
    Devil RootKit                                             Not found ]
    Dica-Kit Rootkit                                          Not found ]
    Dreams Rootkit                                            Not found ]
    Duarawkz Rootkit                                          Not found ]
    Enye LKM                                                  Not found ]
    Flea Linux Rootkit                                        Not found ]
    Fu Rootkit                                                Not found ]
    Fuck`it Rootkit                                           Not found ]
    GasKit Rootkit                                            Not found ]
    Heroin LKM                                                Not found ]
    HjC Kit                                                   Not found ]
    ignoKit Rootkit                                           Not found ]
    IntoXonia-NG Rootkit                                      Not found ]
    Irix Rootkit                                              Not found ]
    Jynx Rootkit                                              Not found ]
    KBeast Rootkit                                            Not found ]
    Kitko Rootkit                                             Not found ]
    Knark Rootkit                                             Not found ]
    ld-linuxv.so Rootkit                                      Not found ]
    Li0n Worm                                                 Not found ]
    Lockit / LJK2 Rootkit                                     Not found ]
    Mood-NT Rootkit                                           Not found ]
    MRK Rootkit                                               Not found ]
    Ni0 Rootkit                                               Not found ]
    Ohhara Rootkit                                            Not found ]
    Optic Kit (Tux) Worm                                      Not found ]
    Oz Rootkit                                                Not found ]
    Phalanx Rootkit                                           Not found ]
    Phalanx2 Rootkit                                          Not found ]
    Phalanx2 Rootkit (extended tests)                         Not found ]
    Portacelo Rootkit                                         Not found ]
    R3dstorm Toolkit                                          Not found ]
    RH-Sharpe's Rootkit                                       Not found ]
    RSHA's Rootkit                                            Not found ]
    Scalper Worm                                              Not found ]
    Sebek LKM                                                 Not found ]
    Shutdown Rootkit                                          Not found ]
    SHV4 Rootkit                                              Not found ]
    SHV5 Rootkit                                              Not found ]
    Sin Rootkit                                               Not found ]
    Slapper Worm                                              Not found ]
    Sneakin Rootkit                                           Not found ]
    'Spanish' Rootkit                                         Not found ]
    Suckit Rootkit                                            Not found ]
    Superkit Rootkit                                          Not found ]
    TBD (Telnet BackDoor)                                     Not found ]
    TeLeKiT Rootkit                                           Not found ]
    T0rn Rootkit                                              Not found ]
    trNkit Rootkit                                            Not found ]
    Trojanit Kit                                              Not found ]
    Tuxtendo Rootkit                                          Not found ]
    URK Rootkit                                               Not found ]
    Vampire Rootkit                                           Not found ]
    VcKit Rootkit                                             Not found ]
    Volc Rootkit                                              Not found ]
    Xzibit Rootkit                                            Not found ]
    zaRwT.KiT Rootkit                                         Not found ]
    ZK Rootkit                                                Not found ]

[Press <ENTER> to continue]


  Performing additional rootkit checks
    Suckit Rookit additional checks                           OK ]
    Checking for possible rootkit files and directories       None found ]
    Checking for possible rootkit strings                     None found ]

  Performing malware checks
    Checking running processes for suspicious files           None found ]
    Checking for hidden processes                             Skipped ]
    Checking for login backdoors                              None found ]
    Checking for suspicious directories                       None found ]
    Checking for sniffer log files                            None found ]
    Suspicious Shared Memory segments                         None found ]
    Checking for Apache backdoor                              Not found ]

  Performing Linux specific checks
    Checking loaded kernel modules                            OK ]
    Checking kernel module names                              OK ]

[Press <ENTER> to continue]


Checking the network...

  Performing checks on the network ports
    Checking for backdoor ports                               None found ]

  Performing checks on the network interfaces
    Checking for promiscuous interfaces                       None found ]

Checking the local host...

  Performing system boot checks
    Checking for local host name                              Found ]
    Checking for system startup files                         Found ]
    Checking system startup files for malware                 None found ]

  Performing group and account checks
    Checking for passwd file                                  Found ]
    Checking for root equivalent (UID 0) accounts             None found ]
    Checking for passwordless accounts                        None found ]
    Checking for passwd file changes                          Warning ]
    Checking for group file changes                           Warning ]
    Checking root account shell history files                 OK ]

  Performing system configuration file checks
    Checking for an SSH configuration file                    Found ]
    Checking if SSH root access is allowed                    Not set ]
    Checking if SSH protocol v1 is allowed                    Not set ]
    Checking for a running system logging daemon              Found ]
    Checking for a system logging configuration file          Found ]

  Performing filesystem checks
    Checking /dev for suspicious file types                   None found ]
    Checking for hidden files and directories                 None found ]

[Press <ENTER> to continue]



System checks summary
=====================

File properties checks...
    Required commands check failed
    Files checked: 129
    Suspect files: 4

Rootkit checks...
    Rootkits checked : 383
    Possible rootkits: 0

Applications checks...
    All checks skipped

The system checks took: 4 minutes and 48 seconds

All results have been written to the log file: /var/log/rkhunter/rkhunter.log

One or more warnings have been found while checking the system.
Please check the log file (/var/log/rkhunter/rkhunter.log)

[root@localhost skiava]#

scusate per la lunghezza del file…
attendo una risposta.
Grazie.

Ciao prova a dare :

# rkhunter  --propupd

e rifare la scansione

Ciao, riporto di seguito il responso di:

[root@localhost skiava]# rkhunter  --propupd
 Rootkit Hunter version 1.4.2 ]
File created: searched for 172 files, found 129
[root@localhost skiava]# 

Adesso prova :

# rkhunter -c -x --sk

scansiona e vediamo

Ciao, riporto il responso di:

[root@localhost skiava]# rkhunter -c -x --sk
 Rootkit Hunter version 1.4.2 ]

Checking system commands...

  Performing 'strings' command checks
    Checking 'strings' command                                OK ]

  Performing 'shared libraries' checks
    Checking for preloading variables                         None found ]
    Checking for preloaded libraries                          None found ]
    Checking LD_LIBRARY_PATH variable                         Not found ]

  Performing file properties checks
    Checking for prerequisites                                OK ]
    /usr/bin/awk                                              OK ]
    /usr/bin/basename                                         OK ]
    /usr/bin/bash                                             OK ]
    /usr/bin/cat                                              OK ]
    /usr/bin/chattr                                           OK ]
    /usr/bin/chmod                                            OK ]
    /usr/bin/chown                                            OK ]
    /usr/bin/cp                                               OK ]
    /usr/bin/curl                                             OK ]
    /usr/bin/cut                                              OK ]
    /usr/bin/date                                             OK ]
    /usr/bin/df                                               OK ]
    /usr/bin/diff                                             OK ]
    /usr/bin/dirname                                          OK ]
    /usr/bin/dmesg                                            OK ]
    /usr/bin/du                                               OK ]
    /usr/bin/echo                                             OK ]
    /usr/bin/egrep                                            OK ]
    /usr/bin/env                                              OK ]
    /usr/bin/fgrep                                            OK ]
    /usr/bin/file                                             OK ]
    /usr/bin/find                                             OK ]
    /usr/bin/grep                                             OK ]
    /usr/bin/groups                                           OK ]
    /usr/bin/head                                             OK ]
    /usr/bin/id                                               OK ]
    /usr/bin/kill                                             OK ]
    /usr/bin/killall                                          OK ]
    /usr/bin/last                                             OK ]
    /usr/bin/lastlog                                          OK ]
    /usr/bin/ldd                                              OK ]
    /usr/bin/less                                             OK ]
    /usr/bin/locate                                           OK ]
    /usr/bin/logger                                           OK ]
    /usr/bin/login                                            OK ]
    /usr/bin/ls                                               OK ]
    /usr/bin/lsattr                                           OK ]
    /usr/bin/mail                                             OK ]
    /usr/bin/md5sum                                           OK ]
    /usr/bin/mktemp                                           OK ]
    /usr/bin/more                                             OK ]
    /usr/bin/mount                                            OK ]
    /usr/bin/mv                                               OK ]
    /usr/bin/netstat                                          OK ]
    /usr/bin/newgrp                                           OK ]
    /usr/bin/passwd                                           OK ]
    /usr/bin/perl                                             OK ]
    /usr/bin/pgrep                                            OK ]
    /usr/bin/ping                                             OK ]
    /usr/bin/pkill                                            OK ]
    /usr/bin/ps                                               OK ]
    /usr/bin/pstree                                           OK ]
    /usr/bin/pwd                                              OK ]
    /usr/bin/readlink                                         OK ]
    /usr/bin/rkhunter                                         OK ]
    /usr/bin/rpm                                              OK ]
    /usr/bin/runcon                                           OK ]
    /usr/bin/sed                                              OK ]
    /usr/bin/sh                                               OK ]
    /usr/bin/sha1sum                                          OK ]
    /usr/bin/sha224sum                                        OK ]
    /usr/bin/sha256sum                                        OK ]
    /usr/bin/sha384sum                                        OK ]
    /usr/bin/sha512sum                                        OK ]
    /usr/bin/size                                             OK ]
    /usr/bin/sort                                             OK ]
    /usr/bin/ssh                                              OK ]
    /usr/bin/stat                                             OK ]
    /usr/bin/strings                                          OK ]
    /usr/bin/su                                               OK ]
    /usr/bin/sudo                                             OK ]
    /usr/bin/tail                                             OK ]
    /usr/bin/telnet                                           OK ]
    /usr/bin/test                                             OK ]
    /usr/bin/top                                              OK ]
    /usr/bin/touch                                            OK ]
    /usr/bin/tr                                               OK ]
    /usr/bin/uname                                            OK ]
    /usr/bin/uniq                                             OK ]
    /usr/bin/users                                            OK ]
    /usr/bin/vmstat                                           OK ]
    /usr/bin/w                                                OK ]
    /usr/bin/watch                                            OK ]
    /usr/bin/wc                                               OK ]
    /usr/bin/wget                                             OK ]
    /usr/bin/whatis                                           OK ]
    /usr/bin/whereis                                          OK ]
    /usr/bin/which                                            OK ]
    /usr/bin/who                                              OK ]
    /usr/bin/whoami                                           OK ]
    /usr/bin/gawk                                             OK ]
    /usr/bin/mailx                                            OK ]
    /usr/bin/kmod                                             OK ]
    /usr/bin/systemctl                                        OK ]
    /usr/sbin/adduser                                         OK ]
    /usr/sbin/chkconfig                                       OK ]
    /usr/sbin/chroot                                          OK ]
    /usr/sbin/depmod                                          OK ]
    /usr/sbin/fsck                                            OK ]
    /usr/sbin/fuser                                           OK ]
    /usr/sbin/groupadd                                        OK ]
    /usr/sbin/groupdel                                        OK ]
    /usr/sbin/groupmod                                        OK ]
    /usr/sbin/grpck                                           OK ]
    /usr/sbin/ifconfig                                        OK ]
    /usr/sbin/ifdown                                          OK ]
    /usr/sbin/ifup                                            OK ]
    /usr/sbin/init                                            OK ]
    /usr/sbin/insmod                                          OK ]
    /usr/sbin/ip                                              OK ]
    /usr/sbin/lsmod                                           OK ]
    /usr/sbin/lsof                                            OK ]
    /usr/sbin/modinfo                                         OK ]
    /usr/sbin/modprobe                                        OK ]
    /usr/sbin/nologin                                         OK ]
    /usr/sbin/pwck                                            OK ]
    /usr/sbin/rmmod                                           OK ]
    /usr/sbin/route                                           OK ]
    /usr/sbin/runlevel                                        OK ]
    /usr/sbin/sestatus                                        OK ]
    /usr/sbin/sshd                                            OK ]
    /usr/sbin/sulogin                                         OK ]
    /usr/sbin/sysctl                                          OK ]
    /usr/sbin/tcpd                                            OK ]
    /usr/sbin/useradd                                         OK ]
    /usr/sbin/userdel                                         OK ]
    /usr/sbin/usermod                                         OK ]
    /usr/sbin/vipw                                            OK ]
    /usr/lib/systemd/systemd                                  OK ]

Checking for rootkits...

  Performing check of known rootkit files and directories
    55808 Trojan - Variant A                                  Not found ]
    ADM Worm                                                  Not found ]
    AjaKit Rootkit                                            Not found ]
    Adore Rootkit                                             Not found ]
    aPa Kit                                                   Not found ]
    Apache Worm                                               Not found ]
    Ambient (ark) Rootkit                                     Not found ]
    Balaur Rootkit                                            Not found ]
    BeastKit Rootkit                                          Not found ]
    beX2 Rootkit                                              Not found ]
    BOBKit Rootkit                                            Not found ]
    cb Rootkit                                                Not found ]
    CiNIK Worm (Slapper.B variant)                            Not found ]
    Danny-Boy's Abuse Kit                                     Not found ]
    Devil RootKit                                             Not found ]
    Dica-Kit Rootkit                                          Not found ]
    Dreams Rootkit                                            Not found ]
    Duarawkz Rootkit                                          Not found ]
    Enye LKM                                                  Not found ]
    Flea Linux Rootkit                                        Not found ]
    Fu Rootkit                                                Not found ]
    Fuck`it Rootkit                                           Not found ]
    GasKit Rootkit                                            Not found ]
    Heroin LKM                                                Not found ]
    HjC Kit                                                   Not found ]
    ignoKit Rootkit                                           Not found ]
    IntoXonia-NG Rootkit                                      Not found ]
    Irix Rootkit                                              Not found ]
    Jynx Rootkit                                              Not found ]
    KBeast Rootkit                                            Not found ]
    Kitko Rootkit                                             Not found ]
    Knark Rootkit                                             Not found ]
    ld-linuxv.so Rootkit                                      Not found ]
    Li0n Worm                                                 Not found ]
    Lockit / LJK2 Rootkit                                     Not found ]
    Mood-NT Rootkit                                           Not found ]
    MRK Rootkit                                               Not found ]
    Ni0 Rootkit                                               Not found ]
    Ohhara Rootkit                                            Not found ]
    Optic Kit (Tux) Worm                                      Not found ]
    Oz Rootkit                                                Not found ]
    Phalanx Rootkit                                           Not found ]
    Phalanx2 Rootkit                                          Not found ]
    Phalanx2 Rootkit (extended tests)                         Not found ]
    Portacelo Rootkit                                         Not found ]
    R3dstorm Toolkit                                          Not found ]
    RH-Sharpe's Rootkit                                       Not found ]
    RSHA's Rootkit                                            Not found ]
    Scalper Worm                                              Not found ]
    Sebek LKM                                                 Not found ]
    Shutdown Rootkit                                          Not found ]
    SHV4 Rootkit                                              Not found ]
    SHV5 Rootkit                                              Not found ]
    Sin Rootkit                                               Not found ]
    Slapper Worm                                              Not found ]
    Sneakin Rootkit                                           Not found ]
    'Spanish' Rootkit                                         Not found ]
    Suckit Rootkit                                            Not found ]
    Superkit Rootkit                                          Not found ]
    TBD (Telnet BackDoor)                                     Not found ]
    TeLeKiT Rootkit                                           Not found ]
    T0rn Rootkit                                              Not found ]
    trNkit Rootkit                                            Not found ]
    Trojanit Kit                                              Not found ]
    Tuxtendo Rootkit                                          Not found ]
    URK Rootkit                                               Not found ]
    Vampire Rootkit                                           Not found ]
    VcKit Rootkit                                             Not found ]
    Volc Rootkit                                              Not found ]
    Xzibit Rootkit                                            Not found ]
    zaRwT.KiT Rootkit                                         Not found ]
    ZK Rootkit                                                Not found ]

  Performing additional rootkit checks
    Suckit Rookit additional checks                           OK ]
    Checking for possible rootkit files and directories       None found ]
    Checking for possible rootkit strings                     None found ]

  Performing malware checks
    Checking running processes for suspicious files           None found ]
    Checking for hidden processes                             Skipped ]
    Checking for login backdoors                              None found ]
    Checking for suspicious directories                       None found ]
    Checking for sniffer log files                            None found ]
    Suspicious Shared Memory segments                         None found ]
    Checking for Apache backdoor                              Not found ]

  Performing Linux specific checks
    Checking loaded kernel modules                            OK ]
    Checking kernel module names                              OK ]

Checking the network...

  Performing checks on the network ports
    Checking for backdoor ports                               None found ]

  Performing checks on the network interfaces
    Checking for promiscuous interfaces                       None found ]

Checking the local host...

  Performing system boot checks
    Checking for local host name                              Found ]
    Checking for system startup files                         Found ]
    Checking system startup files for malware                 None found ]

  Performing group and account checks
    Checking for passwd file                                  Found ]
    Checking for root equivalent (UID 0) accounts             None found ]
    Checking for passwordless accounts                        None found ]
    Checking for passwd file changes                          None found ]
    Checking for group file changes                           None found ]
    Checking root account shell history files                 OK ]

  Performing system configuration file checks
    Checking for an SSH configuration file                    Found ]
    Checking if SSH root access is allowed                    Not set ]
    Checking if SSH protocol v1 is allowed                    Not set ]
    Checking for a running system logging daemon              Found ]
    Checking for a system logging configuration file          Found ]

  Performing filesystem checks
    Checking /dev for suspicious file types                   None found ]
    Checking for hidden files and directories                 None found ]


System checks summary
=====================

File properties checks...
    Files checked: 129
    Suspect files: 0

Rootkit checks...
    Rootkits checked : 383
    Possible rootkits: 0

Applications checks...
    All checks skipped

The system checks took: 4 minutes and 47 seconds

All results have been written to the log file: /var/log/rkhunter/rkhunter.log

No warnings were found while checking the system.

[root@localhost skiava]# 

Sembra apposto

ma non capisco quei 4 file sospetti a cosa si riferivano?

Quando hai installato rkhunter dovevi aggiornarlo e poi dare il comando propupd poi la scansione tutto li niente di grave spero di esserti stato utile ciao

ok grazie e sei stato utilissimo.
ciao

Di niente ciao

Ciao a tutti, ho scansionato nuovamente rkhunter e vorrei sapere se è tutto in regola…riporto di seguito il responso di:

[root@skiava]# rkhunter  --propupd
 Rootkit Hunter version 1.4.2 ]
File updated: searched for 172 files, found 131
[root@Schiavariello skiava]# rkhunter -c -x --sk
 Rootkit Hunter version 1.4.2 ]

Checking system commands...

  Performing 'strings' command checks
    Checking 'strings' command                                OK ]

  Performing 'shared libraries' checks
    Checking for preloading variables                         None found ]
    Checking for preloaded libraries                          None found ]
    Checking LD_LIBRARY_PATH variable                         Not found ]

  Performing file properties checks
    Checking for prerequisites                                OK ]
    /usr/bin/awk                                              OK ]
    /usr/bin/basename                                         OK ]
    /usr/bin/bash                                             OK ]
    /usr/bin/cat                                              OK ]
    /usr/bin/chattr                                           OK ]
    /usr/bin/chmod                                            OK ]
    /usr/bin/chown                                            OK ]
    /usr/bin/cp                                               OK ]
    /usr/bin/curl                                             OK ]
    /usr/bin/cut                                              OK ]
    /usr/bin/date                                             OK ]
    /usr/bin/df                                               OK ]
    /usr/bin/diff                                             OK ]
    /usr/bin/dirname                                          OK ]
    /usr/bin/dmesg                                            OK ]
    /usr/bin/du                                               OK ]
    /usr/bin/echo                                             OK ]
    /usr/bin/ed                                               OK ]
    /usr/bin/egrep                                            OK ]
    /usr/bin/env                                              OK ]
    /usr/bin/fgrep                                            OK ]
    /usr/bin/file                                             OK ]
    /usr/bin/find                                             OK ]
    /usr/bin/GET                                              OK ]
    /usr/bin/grep                                             OK ]
    /usr/bin/groups                                           OK ]
    /usr/bin/head                                             OK ]
    /usr/bin/id                                               OK ]
    /usr/bin/kill                                             OK ]
    /usr/bin/killall                                          OK ]
    /usr/bin/last                                             OK ]
    /usr/bin/lastlog                                          OK ]
    /usr/bin/ldd                                              OK ]
    /usr/bin/less                                             OK ]
    /usr/bin/locate                                           OK ]
    /usr/bin/logger                                           OK ]
    /usr/bin/login                                            OK ]
    /usr/bin/ls                                               OK ]
    /usr/bin/lsattr                                           OK ]
    /usr/bin/mail                                             OK ]
    /usr/bin/md5sum                                           OK ]
    /usr/bin/mktemp                                           OK ]
    /usr/bin/more                                             OK ]
    /usr/bin/mount                                            OK ]
    /usr/bin/mv                                               OK ]
    /usr/bin/netstat                                          OK ]
    /usr/bin/newgrp                                           OK ]
    /usr/bin/passwd                                           OK ]
    /usr/bin/perl                                             OK ]
    /usr/bin/pgrep                                            OK ]
    /usr/bin/ping                                             OK ]
    /usr/bin/pkill                                            OK ]
    /usr/bin/ps                                               OK ]
    /usr/bin/pstree                                           OK ]
    /usr/bin/pwd                                              OK ]
    /usr/bin/readlink                                         OK ]
    /usr/bin/rkhunter                                         OK ]
    /usr/bin/rpm                                              OK ]
    /usr/bin/runcon                                           OK ]
    /usr/bin/sed                                              OK ]
    /usr/bin/sh                                               OK ]
    /usr/bin/sha1sum                                          OK ]
    /usr/bin/sha224sum                                        OK ]
    /usr/bin/sha256sum                                        OK ]
    /usr/bin/sha384sum                                        OK ]
    /usr/bin/sha512sum                                        OK ]
    /usr/bin/size                                             OK ]
    /usr/bin/sort                                             OK ]
    /usr/bin/ssh                                              OK ]
    /usr/bin/stat                                             OK ]
    /usr/bin/strings                                          OK ]
    /usr/bin/su                                               OK ]
    /usr/bin/sudo                                             OK ]
    /usr/bin/tail                                             OK ]
    /usr/bin/telnet                                           OK ]
    /usr/bin/test                                             OK ]
    /usr/bin/top                                              OK ]
    /usr/bin/touch                                            OK ]
    /usr/bin/tr                                               OK ]
    /usr/bin/uname                                            OK ]
    /usr/bin/uniq                                             OK ]
    /usr/bin/users                                            OK ]
    /usr/bin/vmstat                                           OK ]
    /usr/bin/w                                                OK ]
    /usr/bin/watch                                            OK ]
    /usr/bin/wc                                               OK ]
    /usr/bin/wget                                             OK ]
    /usr/bin/whatis                                           OK ]
    /usr/bin/whereis                                          OK ]
    /usr/bin/which                                            OK ]
    /usr/bin/who                                              OK ]
    /usr/bin/whoami                                           OK ]
    /usr/bin/gawk                                             OK ]
    /usr/bin/mailx                                            OK ]
    /usr/bin/kmod                                             OK ]
    /usr/bin/systemctl                                        OK ]
    /usr/sbin/adduser                                         OK ]
    /usr/sbin/chkconfig                                       OK ]
    /usr/sbin/chroot                                          OK ]
    /usr/sbin/depmod                                          OK ]
    /usr/sbin/fsck                                            OK ]
    /usr/sbin/fuser                                           OK ]
    /usr/sbin/groupadd                                        OK ]
    /usr/sbin/groupdel                                        OK ]
    /usr/sbin/groupmod                                        OK ]
    /usr/sbin/grpck                                           OK ]
    /usr/sbin/ifconfig                                        OK ]
    /usr/sbin/ifdown                                          OK ]
    /usr/sbin/ifup                                            OK ]
    /usr/sbin/init                                            OK ]
    /usr/sbin/insmod                                          OK ]
    /usr/sbin/ip                                              OK ]
    /usr/sbin/lsmod                                           OK ]
    /usr/sbin/lsof                                            OK ]
    /usr/sbin/modinfo                                         OK ]
    /usr/sbin/modprobe                                        OK ]
    /usr/sbin/nologin                                         OK ]
    /usr/sbin/pwck                                            OK ]
    /usr/sbin/rmmod                                           OK ]
    /usr/sbin/route                                           OK ]
    /usr/sbin/runlevel                                        OK ]
    /usr/sbin/sestatus                                        OK ]
    /usr/sbin/sshd                                            OK ]
    /usr/sbin/sulogin                                         OK ]
    /usr/sbin/sysctl                                          OK ]
    /usr/sbin/tcpd                                            OK ]
    /usr/sbin/useradd                                         OK ]
    /usr/sbin/userdel                                         OK ]
    /usr/sbin/usermod                                         OK ]
    /usr/sbin/vipw                                            OK ]
    /usr/lib/systemd/systemd                                  OK ]

Checking for rootkits...

  Performing check of known rootkit files and directories
    55808 Trojan - Variant A                                  Not found ]
    ADM Worm                                                  Not found ]
    AjaKit Rootkit                                            Not found ]
    Adore Rootkit                                             Not found ]
    aPa Kit                                                   Not found ]
    Apache Worm                                               Not found ]
    Ambient (ark) Rootkit                                     Not found ]
    Balaur Rootkit                                            Not found ]
    BeastKit Rootkit                                          Not found ]
    beX2 Rootkit                                              Not found ]
    BOBKit Rootkit                                            Not found ]
    cb Rootkit                                                Not found ]
    CiNIK Worm (Slapper.B variant)                            Not found ]
    Danny-Boy's Abuse Kit                                     Not found ]
    Devil RootKit                                             Not found ]
    Dica-Kit Rootkit                                          Not found ]
    Dreams Rootkit                                            Not found ]
    Duarawkz Rootkit                                          Not found ]
    Enye LKM                                                  Not found ]
    Flea Linux Rootkit                                        Not found ]
    Fu Rootkit                                                Not found ]
    Fuck`it Rootkit                                           Not found ]
    GasKit Rootkit                                            Not found ]
    Heroin LKM                                                Not found ]
    HjC Kit                                                   Not found ]
    ignoKit Rootkit                                           Not found ]
    IntoXonia-NG Rootkit                                      Not found ]
    Irix Rootkit                                              Not found ]
    Jynx Rootkit                                              Not found ]
    KBeast Rootkit                                            Not found ]
    Kitko Rootkit                                             Not found ]
    Knark Rootkit                                             Not found ]
    ld-linuxv.so Rootkit                                      Not found ]
    Li0n Worm                                                 Not found ]
    Lockit / LJK2 Rootkit                                     Not found ]
    Mood-NT Rootkit                                           Not found ]
    MRK Rootkit                                               Not found ]
    Ni0 Rootkit                                               Not found ]
    Ohhara Rootkit                                            Not found ]
    Optic Kit (Tux) Worm                                      Not found ]
    Oz Rootkit                                                Not found ]
    Phalanx Rootkit                                           Not found ]
    Phalanx2 Rootkit                                          Not found ]
    Phalanx2 Rootkit (extended tests)                         Not found ]
    Portacelo Rootkit                                         Not found ]
    R3dstorm Toolkit                                          Not found ]
    RH-Sharpe's Rootkit                                       Not found ]
    RSHA's Rootkit                                            Not found ]
    Scalper Worm                                              Not found ]
    Sebek LKM                                                 Not found ]
    Shutdown Rootkit                                          Not found ]
    SHV4 Rootkit                                              Not found ]
    SHV5 Rootkit                                              Not found ]
    Sin Rootkit                                               Not found ]
    Slapper Worm                                              Not found ]
    Sneakin Rootkit                                           Not found ]
    'Spanish' Rootkit                                         Not found ]
    Suckit Rootkit                                            Not found ]
    Superkit Rootkit                                          Not found ]
    TBD (Telnet BackDoor)                                     Not found ]
    TeLeKiT Rootkit                                           Not found ]
    T0rn Rootkit                                              Not found ]
    trNkit Rootkit                                            Not found ]
    Trojanit Kit                                              Not found ]
    Tuxtendo Rootkit                                          Not found ]
    URK Rootkit                                               Not found ]
    Vampire Rootkit                                           Not found ]
    VcKit Rootkit                                             Not found ]
    Volc Rootkit                                              Not found ]
    Xzibit Rootkit                                            Not found ]
    zaRwT.KiT Rootkit                                         Not found ]
    ZK Rootkit                                                Not found ]

  Performing additional rootkit checks
    Suckit Rookit additional checks                           OK ]
    Checking for possible rootkit files and directories       None found ]
    Checking for possible rootkit strings                     None found ]

  Performing malware checks
    Checking running processes for suspicious files           None found ]
    Checking for hidden processes                             Skipped ]
    Checking for login backdoors                              None found ]
    Checking for suspicious directories                       None found ]
    Checking for sniffer log files                            None found ]
    Suspicious Shared Memory segments                         None found ]
    Checking for Apache backdoor                              Not found ]

  Performing Linux specific checks
    Checking loaded kernel modules                            OK ]
    Checking kernel module names                              OK ]

Checking the network...

  Performing checks on the network ports
    Checking for backdoor ports                               None found ]

  Performing checks on the network interfaces
    Checking for promiscuous interfaces                       None found ]

Checking the local host...

  Performing system boot checks
    Checking for local host name                              Found ]
    Checking for system startup files                         Found ]
    Checking system startup files for malware                 None found ]

  Performing group and account checks
    Checking for passwd file                                  Found ]
    Checking for root equivalent (UID 0) accounts             None found ]
    Checking for passwordless accounts                        None found ]
    Checking for passwd file changes                          None found ]
    Checking for group file changes                           None found ]
    Checking root account shell history files                 OK ]

  Performing system configuration file checks
    Checking for an SSH configuration file                    Found ]
    Checking if SSH root access is allowed                    Warning ]
    Checking if SSH protocol v1 is allowed                    Not set ]
    Checking for a running system logging daemon              Found ]
    Checking for a system logging configuration file          Found ]

  Performing filesystem checks
    Checking /dev for suspicious file types                   None found ]
    Checking for hidden files and directories                 None found ]


System checks summary
=====================

File properties checks...
    Files checked: 131
    Suspect files: 0

Rootkit checks...
    Rootkits checked : 383
    Possible rootkits: 0

Applications checks...
    All checks skipped

The system checks took: 5 minutes and 18 seconds

All results have been written to the log file: /var/log/rkhunter/rkhunter.log

One or more warnings have been found while checking the system.
Please check the log file (/var/log/rkhunter/rkhunter.log)

[root@skiava]# exit

Alla riga che segnala:Performing system configuration file checks e “Checking if SSH root access is allowed” come “warning” dovrei preocuuparmi?
riporto di seguito i servizi che ho attivi sulla mia macchina e come vedete ssh è stato mascherato…come mai mi compare quella scritta “warning”? forse si riferiva ad altro servizio che ho attivo? consigli? suggerimenti?

[skiava@ ~]$ systemctl -t service
UNIT                                                                                      LOAD   ACTIVE SUB     DESCRIPTION
abrt-ccpp.service                                                                         loaded active exited  Install ABRT coredump hook
abrt-oops.service                                                                         loaded active running ABRT kernel log watcher
abrt-xorg.service                                                                         loaded active running ABRT Xorg log watcher
abrtd.service                                                                             loaded active running ABRT Automated Bug Reporting Tool
accounts-daemon.service                                                                   loaded active running Accounts Service
akmods-shutdown.service                                                                   loaded active exited  Builds and install new kmods from akmod packages
akmods.service                                                                            loaded active exited  Builds and install new kmods from akmod packages
alsa-state.service                                                                        loaded active running Manage Sound Card State (restore and store)
auditd.service                                                                            loaded active running Security Auditing Service
chronyd.service                                                                           loaded active running NTP client/server
colord.service                                                                            loaded active running Manage, Install and Generate Color Profiles
crond.service                                                                             loaded active running Command Scheduler
cups.service                                                                              loaded active running CUPS Scheduler
dbus.service                                                                              loaded active running D-Bus System Message Bus
dracut-shutdown.service                                                                   loaded active exited  Restore /run/initramfs on shutdown
fedora-import-state.service                                                               loaded active exited  Import network configuration from initramfs
fedora-readonly.service                                                                   loaded active exited  Configure read-only root support
firewalld.service                                                                         loaded active running firewalld - dynamic firewall daemon
iscsi-shutdown.service                                                                    loaded active exited  Logout off all iSCSI sessions on shutdown
kmod-static-nodes.service                                                                 loaded active exited  Create list of required static device nodes for the current kernel
lightdm.service                                                                           loaded active running Light Display Manager
lvm2-lvmetad.service                                                                      loaded active running LVM2 metadata daemon
lvm2-monitor.service                                                                      loaded active exited  Monitoring of LVM2 mirrors, snapshots etc. using dmeventd or progress polling
lvm2-pvscan@8:2.service                                                                   loaded active exited  LVM2 PV scan on device 8:2
mcelog.service                                                                            loaded active running Machine Check Exception Logging Daemon
ModemManager.service                                                                      loaded active running Modem Manager
netcf-transaction.service                                                                 loaded active exited  Rollback uncommitted netcf network config change transactions
NetworkManager.service                                                                    loaded active running Network Manager
packagekit.service                                                                        loaded active running PackageKit Daemon
polkit.service                                                                            loaded active running Authorization Manager
rtkit-daemon.service                                                                      loaded active running RealtimeKit Scheduling Policy Service
systemd-binfmt.service                                                                    loaded active exited  Set Up Additional Binary Formats
systemd-fsck-root.service                                                                 loaded active exited  File System Check on Root Device
systemd-fsck@dev-disk-by\x2duuid-3d9fb24e\x2d047c\x2d46c7\x2db45a\x2d36272f0a2720.service loaded active exited  File System Check on /dev/disk/by-uuid/3d9fb24e-047c-46c7-b45a-36272f0a2720
systemd-fsck@dev-mapper-fedora\x2dhome.service                                            loaded active exited  File System Check on /dev/mapper/fedora-home
systemd-journal-flush.service                                                             loaded active exited  Flush Journal to Persistent Storage
systemd-journald.service                                                                  loaded active running Journal Service
systemd-logind.service                                                                    loaded active running Login Service
systemd-modules-load.service                                                              loaded active exited  Load Kernel Modules
systemd-random-seed.service                                                               loaded active exited  Load/Save Random Seed
systemd-remount-fs.service                                                                loaded active exited  Remount Root and Kernel File Systems
systemd-sysctl.service                                                                    loaded active exited  Apply Kernel Variables
systemd-tmpfiles-setup-dev.service                                                        loaded active exited  Create Static Device Nodes in /dev
systemd-tmpfiles-setup.service                                                            loaded active exited  Create Volatile Files and Directories
systemd-udev-settle.service                                                               loaded active exited  udev Wait for Complete Device Initialization
systemd-udev-trigger.service                                                              loaded active exited  udev Coldplug all Devices
systemd-udevd.service                                                                     loaded active running udev Kernel Device Manager
systemd-update-utmp.service                                                               loaded active exited  Update UTMP about System Boot/Shutdown
systemd-user-sessions.service                                                             loaded active exited  Permit User Sessions
systemd-vconsole-setup.service                                                            loaded active exited  Setup Virtual Console
udisks2.service                                                                           loaded active running Disk Manager
upower.service                                                                            loaded active running Daemon for power management
[email protected]                                                                         loaded active running User Manager for UID 1000
[email protected]                                                                          loaded active running User Manager for UID 986
wpa_supplicant.service                                                                    loaded active running WPA supplicant

LOAD   = Reflects whether the unit definition was properly loaded.
ACTIVE = The high-level unit activation state, i.e. generalization of SUB.
SUB    = The low-level unit activation state, values depend on unit type.

55 loaded units listed. Pass --all to see loaded but inactive units, too.
To show all installed unit files use 'systemctl list-unit-files'.
lines 39-63/63 (END)
[skiava@ ~]$

Ciao hai per caso guardato openssh-server che non sia aperto ?

systemctl status sshd.service

poi scusa ma non ricordo più il DE che usi per caso usi gnome e hai installato lightdm ? se si la scansione che avevi fatto tempo indietro avevi già abilitato il servizio lightdm ? perché potrebbe essere quello che segnala il warning

Ciao, riporto di seguito il responso di:

[skiava@ ~]$ systemctl status sshd.service
● sshd.service
   Loaded: masked (/dev/null)
   Active: inactive (dead)
[skiava@ ~]$

come vedi il servizio è stato disattivato e mascherato…ed ho eseguito nuovamente la scansione,come sotto riportato, ma il problema non è stato risolto:

[root@ skiava]# rkhunter  --propupd
 Rootkit Hunter version 1.4.2 ]
File updated: searched for 172 files, found 131
[root@ skiava]# rkhunter -c -x --sk
 Rootkit Hunter version 1.4.2 ]

Checking system commands...

  Performing 'strings' command checks
    Checking 'strings' command                                OK ]

  Performing 'shared libraries' checks
    Checking for preloading variables                         None found ]
    Checking for preloaded libraries                          None found ]
    Checking LD_LIBRARY_PATH variable                         Not found ]

  Performing file properties checks
    Checking for prerequisites                                OK ]
    /usr/bin/awk                                              OK ]
    /usr/bin/basename                                         OK ]
    /usr/bin/bash                                             OK ]
    /usr/bin/cat                                              OK ]
    /usr/bin/chattr                                           OK ]
    /usr/bin/chmod                                            OK ]
    /usr/bin/chown                                            OK ]
    /usr/bin/cp                                               OK ]
    /usr/bin/curl                                             OK ]
    /usr/bin/cut                                              OK ]
    /usr/bin/date                                             OK ]
    /usr/bin/df                                               OK ]
    /usr/bin/diff                                             OK ]
    /usr/bin/dirname                                          OK ]
    /usr/bin/dmesg                                            OK ]
    /usr/bin/du                                               OK ]
    /usr/bin/echo                                             OK ]
    /usr/bin/ed                                               OK ]
    /usr/bin/egrep                                            OK ]
    /usr/bin/env                                              OK ]
    /usr/bin/fgrep                                            OK ]
    /usr/bin/file                                             OK ]
    /usr/bin/find                                             OK ]
    /usr/bin/GET                                              OK ]
    /usr/bin/grep                                             OK ]
    /usr/bin/groups                                           OK ]
    /usr/bin/head                                             OK ]
    /usr/bin/id                                               OK ]
    /usr/bin/kill                                             OK ]
    /usr/bin/killall                                          OK ]
    /usr/bin/last                                             OK ]
    /usr/bin/lastlog                                          OK ]
    /usr/bin/ldd                                              OK ]
    /usr/bin/less                                             OK ]
    /usr/bin/locate                                           OK ]
    /usr/bin/logger                                           OK ]
    /usr/bin/login                                            OK ]
    /usr/bin/ls                                               OK ]
    /usr/bin/lsattr                                           OK ]
    /usr/bin/mail                                             OK ]
    /usr/bin/md5sum                                           OK ]
    /usr/bin/mktemp                                           OK ]
    /usr/bin/more                                             OK ]
    /usr/bin/mount                                            OK ]
    /usr/bin/mv                                               OK ]
    /usr/bin/netstat                                          OK ]
    /usr/bin/newgrp                                           OK ]
    /usr/bin/passwd                                           OK ]
    /usr/bin/perl                                             OK ]
    /usr/bin/pgrep                                            OK ]
    /usr/bin/ping                                             OK ]
    /usr/bin/pkill                                            OK ]
    /usr/bin/ps                                               OK ]
    /usr/bin/pstree                                           OK ]
    /usr/bin/pwd                                              OK ]
    /usr/bin/readlink                                         OK ]
    /usr/bin/rkhunter                                         OK ]
    /usr/bin/rpm                                              OK ]
    /usr/bin/runcon                                           OK ]
    /usr/bin/sed                                              OK ]
    /usr/bin/sh                                               OK ]
    /usr/bin/sha1sum                                          OK ]
    /usr/bin/sha224sum                                        OK ]
    /usr/bin/sha256sum                                        OK ]
    /usr/bin/sha384sum                                        OK ]
    /usr/bin/sha512sum                                        OK ]
    /usr/bin/size                                             OK ]
    /usr/bin/sort                                             OK ]
    /usr/bin/ssh                                              OK ]
    /usr/bin/stat                                             OK ]
    /usr/bin/strings                                          OK ]
    /usr/bin/su                                               OK ]
    /usr/bin/sudo                                             OK ]
    /usr/bin/tail                                             OK ]
    /usr/bin/telnet                                           OK ]
    /usr/bin/test                                             OK ]
    /usr/bin/top                                              OK ]
    /usr/bin/touch                                            OK ]
    /usr/bin/tr                                               OK ]
    /usr/bin/uname                                            OK ]
    /usr/bin/uniq                                             OK ]
    /usr/bin/users                                            OK ]
    /usr/bin/vmstat                                           OK ]
    /usr/bin/w                                                OK ]
    /usr/bin/watch                                            OK ]
    /usr/bin/wc                                               OK ]
    /usr/bin/wget                                             OK ]
    /usr/bin/whatis                                           OK ]
    /usr/bin/whereis                                          OK ]
    /usr/bin/which                                            OK ]
    /usr/bin/who                                              OK ]
    /usr/bin/whoami                                           OK ]
    /usr/bin/gawk                                             OK ]
    /usr/bin/mailx                                            OK ]
    /usr/bin/kmod                                             OK ]
    /usr/bin/systemctl                                        OK ]
    /usr/sbin/adduser                                         OK ]
    /usr/sbin/chkconfig                                       OK ]
    /usr/sbin/chroot                                          OK ]
    /usr/sbin/depmod                                          OK ]
    /usr/sbin/fsck                                            OK ]
    /usr/sbin/fuser                                           OK ]
    /usr/sbin/groupadd                                        OK ]
    /usr/sbin/groupdel                                        OK ]
    /usr/sbin/groupmod                                        OK ]
    /usr/sbin/grpck                                           OK ]
    /usr/sbin/ifconfig                                        OK ]
    /usr/sbin/ifdown                                          OK ]
    /usr/sbin/ifup                                            OK ]
    /usr/sbin/init                                            OK ]
    /usr/sbin/insmod                                          OK ]
    /usr/sbin/ip                                              OK ]
    /usr/sbin/lsmod                                           OK ]
    /usr/sbin/lsof                                            OK ]
    /usr/sbin/modinfo                                         OK ]
    /usr/sbin/modprobe                                        OK ]
    /usr/sbin/nologin                                         OK ]
    /usr/sbin/pwck                                            OK ]
    /usr/sbin/rmmod                                           OK ]
    /usr/sbin/route                                           OK ]
    /usr/sbin/runlevel                                        OK ]
    /usr/sbin/sestatus                                        OK ]
    /usr/sbin/sshd                                            OK ]
    /usr/sbin/sulogin                                         OK ]
    /usr/sbin/sysctl                                          OK ]
    /usr/sbin/tcpd                                            OK ]
    /usr/sbin/useradd                                         OK ]
    /usr/sbin/userdel                                         OK ]
    /usr/sbin/usermod                                         OK ]
    /usr/sbin/vipw                                            OK ]
    /usr/lib/systemd/systemd                                  OK ]

Checking for rootkits...

  Performing check of known rootkit files and directories
    55808 Trojan - Variant A                                  Not found ]
    ADM Worm                                                  Not found ]
    AjaKit Rootkit                                            Not found ]
    Adore Rootkit                                             Not found ]
    aPa Kit                                                   Not found ]
    Apache Worm                                               Not found ]
    Ambient (ark) Rootkit                                     Not found ]
    Balaur Rootkit                                            Not found ]
    BeastKit Rootkit                                          Not found ]
    beX2 Rootkit                                              Not found ]
    BOBKit Rootkit                                            Not found ]
    cb Rootkit                                                Not found ]
    CiNIK Worm (Slapper.B variant)                            Not found ]
    Danny-Boy's Abuse Kit                                     Not found ]
    Devil RootKit                                             Not found ]
    Dica-Kit Rootkit                                          Not found ]
    Dreams Rootkit                                            Not found ]
    Duarawkz Rootkit                                          Not found ]
    Enye LKM                                                  Not found ]
    Flea Linux Rootkit                                        Not found ]
    Fu Rootkit                                                Not found ]
    Fuck`it Rootkit                                           Not found ]
    GasKit Rootkit                                            Not found ]
    Heroin LKM                                                Not found ]
    HjC Kit                                                   Not found ]
    ignoKit Rootkit                                           Not found ]
    IntoXonia-NG Rootkit                                      Not found ]
    Irix Rootkit                                              Not found ]
    Jynx Rootkit                                              Not found ]
    KBeast Rootkit                                            Not found ]
    Kitko Rootkit                                             Not found ]
    Knark Rootkit                                             Not found ]
    ld-linuxv.so Rootkit                                      Not found ]
    Li0n Worm                                                 Not found ]
    Lockit / LJK2 Rootkit                                     Not found ]
    Mood-NT Rootkit                                           Not found ]
    MRK Rootkit                                               Not found ]
    Ni0 Rootkit                                               Not found ]
    Ohhara Rootkit                                            Not found ]
    Optic Kit (Tux) Worm                                      Not found ]
    Oz Rootkit                                                Not found ]
    Phalanx Rootkit                                           Not found ]
    Phalanx2 Rootkit                                          Not found ]
    Phalanx2 Rootkit (extended tests)                         Not found ]
    Portacelo Rootkit                                         Not found ]
    R3dstorm Toolkit                                          Not found ]
    RH-Sharpe's Rootkit                                       Not found ]
    RSHA's Rootkit                                            Not found ]
    Scalper Worm                                              Not found ]
    Sebek LKM                                                 Not found ]
    Shutdown Rootkit                                          Not found ]
    SHV4 Rootkit                                              Not found ]
    SHV5 Rootkit                                              Not found ]
    Sin Rootkit                                               Not found ]
    Slapper Worm                                              Not found ]
    Sneakin Rootkit                                           Not found ]
    'Spanish' Rootkit                                         Not found ]
    Suckit Rootkit                                            Not found ]
    Superkit Rootkit                                          Not found ]
    TBD (Telnet BackDoor)                                     Not found ]
    TeLeKiT Rootkit                                           Not found ]
    T0rn Rootkit                                              Not found ]
    trNkit Rootkit                                            Not found ]
    Trojanit Kit                                              Not found ]
    Tuxtendo Rootkit                                          Not found ]
    URK Rootkit                                               Not found ]
    Vampire Rootkit                                           Not found ]
    VcKit Rootkit                                             Not found ]
    Volc Rootkit                                              Not found ]
    Xzibit Rootkit                                            Not found ]
    zaRwT.KiT Rootkit                                         Not found ]
    ZK Rootkit                                                Not found ]

  Performing additional rootkit checks
    Suckit Rookit additional checks                           OK ]
    Checking for possible rootkit files and directories       None found ]
    Checking for possible rootkit strings                     None found ]

  Performing malware checks
    Checking running processes for suspicious files           None found ]
    Checking for hidden processes                             Skipped ]
    Checking for login backdoors                              None found ]
    Checking for suspicious directories                       None found ]
    Checking for sniffer log files                            None found ]
    Suspicious Shared Memory segments                         None found ]
    Checking for Apache backdoor                              Not found ]

  Performing Linux specific checks
    Checking loaded kernel modules                            OK ]
    Checking kernel module names                              OK ]

Checking the network...

  Performing checks on the network ports
    Checking for backdoor ports                               None found ]

  Performing checks on the network interfaces
    Checking for promiscuous interfaces                       None found ]

Checking the local host...

  Performing system boot checks
    Checking for local host name                              Found ]
    Checking for system startup files                         Found ]
    Checking system startup files for malware                 None found ]

  Performing group and account checks
    Checking for passwd file                                  Found ]
    Checking for root equivalent (UID 0) accounts             None found ]
    Checking for passwordless accounts                        None found ]
    Checking for passwd file changes                          None found ]
    Checking for group file changes                           None found ]
    Checking root account shell history files                 OK ]

  Performing system configuration file checks
    Checking for an SSH configuration file                    Found ]
    Checking if SSH root access is allowed                    Warning ]
    Checking if SSH protocol v1 is allowed                    Not set ]
    Checking for a running system logging daemon              Found ]
    Checking for a system logging configuration file          Found ]

  Performing filesystem checks
    Checking /dev for suspicious file types                   None found ]
    Checking for hidden files and directories                 None found ]


System checks summary
=====================

File properties checks...
    Files checked: 131
    Suspect files: 0

Rootkit checks...
    Rootkits checked : 383
    Possible rootkits: 0

Applications checks...
    All checks skipped

The system checks took: 7 minutes and 56 seconds

All results have been written to the log file: /var/log/rkhunter/rkhunter.log

One or more warnings have been found while checking the system.
Please check the log file (/var/log/rkhunter/rkhunter.log)

[root@ skiava]# 

Scusa per la risposta in ritardo iniziamo a indagare prova a dare il comando :

netstat -tulpan 

e riporta

Ciao

 [skiava@ ~]$ netstat -tulpan 
(Not all processes could be identified, non-owned process info
 will not be shown, you would have to be root to see it all.)
Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address           Foreign Address         State       PID/Program name    
tcp        0      0 127.0.0.1:17600         0.0.0.0:*               LISTEN      2304/dropbox        
tcp        0      0 127.0.0.1:17603         0.0.0.0:*               LISTEN      2304/dropbox        
tcp        0      0 127.0.0.1:631           0.0.0.0:*               LISTEN      -                   
tcp        0      0 0.0.0.0:17500           0.0.0.0:*               LISTEN      2304/dropbox        
tcp        0      0 193.xxx.xxx.xx:46364    54.191.11.118:443       TIME_WAIT   -                   
tcp        0      0 193.xxx.xxx.xx:39828    66.102.1.108:993        ESTABLISHED 2461/evolution      
tcp        0      0 193.xxx.xxx.xx:33670    52.24.217.21:443        ESTABLISHED 2417/firefox        
tcp        0      0 193.xxx.xxx.xx:46362    54.191.11.118:443       TIME_WAIT   -                   
tcp        0      0 193.xxx.xxx.xx:46352    54.191.11.118:443       TIME_WAIT   -                   
tcp        0      0 193.xxx.xxx.xx:46358    54.191.11.118:443       TIME_WAIT   -                   
tcp        0      0 193.xxx.xxx.xx:46360    54.191.11.118:443       TIME_WAIT   -                   
tcp        0      0 193.xxx.xxx.xx:53220    23.111.9.31:80          TIME_WAIT   -                   
tcp       32      0 193.xxx.xxx.xx:49054    108.160.172.204:443     CLOSE_WAIT  2304/dropbox        
tcp        0      0 193.xxx.xxx.xx:39822    66.102.1.108:993        ESTABLISHED 2461/evolution      
tcp6       0      0 ::1:631                 :::*                    LISTEN      -                   
tcp6       0      0 :::17500                :::*                    LISTEN      2304/dropbox        
udp        0      0 193.xxx.xxx.xx:41549    83.103.98.242:123       ESTABLISHED -                   
udp        0      0 0.0.0.0:17500           0.0.0.0:*                           2304/dropbox        
udp        0      0 193.xxx.xxx.xx:49459    212.45.144.88:123       ESTABLISHED -                   
udp        0      0 127.0.0.1:323           0.0.0.0:*                           -                   
udp        0      0 193.xxx.xxx.xx:47574    5.249.146.81:123        ESTABLISHED -                   
udp6       0      0 ::1:323                 :::*                                -                   
[skiava@ ~]$ 

Prova a staccare il cavo lan o wifi e poi riavvii e tentiamo una strada che a mè risolse il problema , dopo il riavvio dai :

su -c' passwd tuo_nome ' (e invio cambia la password anche di una lettera)

poi stessa cosa con root

su -c' passwd root'  (e invio cambia la password anche di una lettera)

poi dopo il riavvio e collegato la lan o wifi apri il terminale e rilancia :

su -c' rkhunter --update'
su -c' rkhunter --propupd'
su -c' rkhunter  -c -x --sk'

e riporta

non ho capito quello che devo fare:
1.stacco il cavo di rete lan (nel caso mio)
2.riavvio il sistema
3.apro shell

[skiava@ ~]$ su
Password:

e poi…

Poi cambi la password senza usare il comando (su) basta che dai i comandi come sono scritti ovvero :

su -c'passwd skiava '
su -c'passwd root'

metto skiava dando per scontato che è il tuo logging grafico
poi dopo che hai eseguito questi due passi riavvii e quando entri dai i comandi :

su -c' rkhunter --update'
su -c' rkhunter --propupd'
su -c' rkhunter  -c -x --sk'

e ricontrolla il sistema ovviamente riattacca il cavo lan dopo il riavvio

Ho provato ma mi restituisce:

[skiava@localhost]$ su -c 'passwd skiava'
Password:
su:Autenticazione fallita
[skiava@localhost]$

dove sbaglio?

P.s.:il mio nome come profilo utente è skiava. :thumb:

Strano però possibile prova allora con :

su    (e metti la password)

poi quando sei root dai :

#passwd skiava ( e vediamo che errore dà)

stessa cosa per root:

#passwd root  

tentiamo così se no altra soluzione è entrare in rescue mode e fare la stessa procedura descritta adesso