Ciao a tutti, ho appena installato fedora 21 e scansionando il sistema con il programma in oggetto che ha riscontrato 4 file sospetti…qualcuno mi potrebbe dare un occhiata e capire cosa fare? riporto di seguito il log file (/var/log/rkhunter/rkhunter.log):
[root@localhost skiava]# rkhunter --update
Rootkit Hunter version 1.4.2 ]
Checking rkhunter data files...
Checking file mirrors.dat Updated ]
Checking file programs_bad.dat Updated ]
Checking file backdoorports.dat No update ]
Checking file suspscan.dat Updated ]
Checking file i18n/cn No update ]
Checking file i18n/de Updated ]
Checking file i18n/en No update ]
Checking file i18n/tr Updated ]
Checking file i18n/tr.utf8 Updated ]
Checking file i18n/zh Updated ]
Checking file i18n/zh.utf8 Updated ]
[root@localhost skiava]# rkhunter --checkall
Rootkit Hunter version 1.4.2 ]
Checking system commands...
Performing 'strings' command checks
Checking 'strings' command OK ]
Performing 'shared libraries' checks
Checking for preloading variables None found ]
Checking for preloaded libraries None found ]
Checking LD_LIBRARY_PATH variable Not found ]
Performing file properties checks
Checking for prerequisites Warning ]
/usr/bin/awk OK ]
/usr/bin/basename OK ]
/usr/bin/bash OK ]
/usr/bin/cat OK ]
/usr/bin/chattr OK ]
/usr/bin/chmod OK ]
/usr/bin/chown OK ]
/usr/bin/cp OK ]
/usr/bin/curl OK ]
/usr/bin/cut OK ]
/usr/bin/date OK ]
/usr/bin/df OK ]
/usr/bin/diff OK ]
/usr/bin/dirname OK ]
/usr/bin/dmesg OK ]
/usr/bin/du OK ]
/usr/bin/echo OK ]
/usr/bin/egrep Warning ]
/usr/bin/env OK ]
/usr/bin/fgrep Warning ]
/usr/bin/file OK ]
/usr/bin/find OK ]
/usr/bin/grep OK ]
/usr/bin/groups OK ]
/usr/bin/head OK ]
/usr/bin/id OK ]
/usr/bin/kill OK ]
/usr/bin/killall OK ]
/usr/bin/last OK ]
/usr/bin/lastlog OK ]
/usr/bin/ldd OK ]
/usr/bin/less OK ]
/usr/bin/locate OK ]
/usr/bin/logger OK ]
/usr/bin/login OK ]
/usr/bin/ls OK ]
/usr/bin/lsattr OK ]
/usr/bin/mail OK ]
/usr/bin/md5sum OK ]
/usr/bin/mktemp OK ]
/usr/bin/more OK ]
/usr/bin/mount OK ]
/usr/bin/mv OK ]
/usr/bin/netstat OK ]
/usr/bin/newgrp OK ]
/usr/bin/passwd OK ]
/usr/bin/perl OK ]
/usr/bin/pgrep OK ]
/usr/bin/ping OK ]
/usr/bin/pkill OK ]
/usr/bin/ps OK ]
/usr/bin/pstree OK ]
/usr/bin/pwd OK ]
/usr/bin/readlink OK ]
/usr/bin/rkhunter OK ]
/usr/bin/rpm OK ]
/usr/bin/runcon OK ]
/usr/bin/sed OK ]
/usr/bin/sh OK ]
/usr/bin/sha1sum OK ]
/usr/bin/sha224sum OK ]
/usr/bin/sha256sum OK ]
/usr/bin/sha384sum OK ]
/usr/bin/sha512sum OK ]
/usr/bin/size OK ]
/usr/bin/sort OK ]
/usr/bin/ssh OK ]
/usr/bin/stat OK ]
/usr/bin/strings OK ]
/usr/bin/su OK ]
/usr/bin/sudo OK ]
/usr/bin/tail OK ]
/usr/bin/telnet OK ]
/usr/bin/test OK ]
/usr/bin/top OK ]
/usr/bin/touch OK ]
/usr/bin/tr OK ]
/usr/bin/uname OK ]
/usr/bin/uniq OK ]
/usr/bin/users OK ]
/usr/bin/vmstat OK ]
/usr/bin/w OK ]
/usr/bin/watch OK ]
/usr/bin/wc OK ]
/usr/bin/wget OK ]
/usr/bin/whatis OK ]
/usr/bin/whereis OK ]
/usr/bin/which OK ]
/usr/bin/who OK ]
/usr/bin/whoami OK ]
/usr/bin/gawk OK ]
/usr/bin/mailx OK ]
/usr/bin/kmod OK ]
/usr/bin/systemctl OK ]
/usr/sbin/adduser OK ]
/usr/sbin/chkconfig OK ]
/usr/sbin/chroot OK ]
/usr/sbin/depmod OK ]
/usr/sbin/fsck OK ]
/usr/sbin/fuser OK ]
/usr/sbin/groupadd OK ]
/usr/sbin/groupdel OK ]
/usr/sbin/groupmod OK ]
/usr/sbin/grpck OK ]
/usr/sbin/ifconfig OK ]
/usr/sbin/ifdown Warning ]
/usr/sbin/ifup Warning ]
/usr/sbin/init OK ]
/usr/sbin/insmod OK ]
/usr/sbin/ip OK ]
/usr/sbin/lsmod OK ]
/usr/sbin/lsof OK ]
/usr/sbin/modinfo OK ]
/usr/sbin/modprobe OK ]
/usr/sbin/nologin OK ]
/usr/sbin/pwck OK ]
/usr/sbin/rmmod OK ]
/usr/sbin/route OK ]
/usr/sbin/runlevel OK ]
/usr/sbin/sestatus OK ]
/usr/sbin/sshd OK ]
/usr/sbin/sulogin OK ]
/usr/sbin/sysctl OK ]
/usr/sbin/tcpd OK ]
/usr/sbin/useradd OK ]
/usr/sbin/userdel OK ]
/usr/sbin/usermod OK ]
/usr/sbin/vipw OK ]
/usr/lib/systemd/systemd OK ]
[Press <ENTER> to continue]
Checking for rootkits...
Performing check of known rootkit files and directories
55808 Trojan - Variant A Not found ]
ADM Worm Not found ]
AjaKit Rootkit Not found ]
Adore Rootkit Not found ]
aPa Kit Not found ]
Apache Worm Not found ]
Ambient (ark) Rootkit Not found ]
Balaur Rootkit Not found ]
BeastKit Rootkit Not found ]
beX2 Rootkit Not found ]
BOBKit Rootkit Not found ]
cb Rootkit Not found ]
CiNIK Worm (Slapper.B variant) Not found ]
Danny-Boy's Abuse Kit Not found ]
Devil RootKit Not found ]
Dica-Kit Rootkit Not found ]
Dreams Rootkit Not found ]
Duarawkz Rootkit Not found ]
Enye LKM Not found ]
Flea Linux Rootkit Not found ]
Fu Rootkit Not found ]
Fuck`it Rootkit Not found ]
GasKit Rootkit Not found ]
Heroin LKM Not found ]
HjC Kit Not found ]
ignoKit Rootkit Not found ]
IntoXonia-NG Rootkit Not found ]
Irix Rootkit Not found ]
Jynx Rootkit Not found ]
KBeast Rootkit Not found ]
Kitko Rootkit Not found ]
Knark Rootkit Not found ]
ld-linuxv.so Rootkit Not found ]
Li0n Worm Not found ]
Lockit / LJK2 Rootkit Not found ]
Mood-NT Rootkit Not found ]
MRK Rootkit Not found ]
Ni0 Rootkit Not found ]
Ohhara Rootkit Not found ]
Optic Kit (Tux) Worm Not found ]
Oz Rootkit Not found ]
Phalanx Rootkit Not found ]
Phalanx2 Rootkit Not found ]
Phalanx2 Rootkit (extended tests) Not found ]
Portacelo Rootkit Not found ]
R3dstorm Toolkit Not found ]
RH-Sharpe's Rootkit Not found ]
RSHA's Rootkit Not found ]
Scalper Worm Not found ]
Sebek LKM Not found ]
Shutdown Rootkit Not found ]
SHV4 Rootkit Not found ]
SHV5 Rootkit Not found ]
Sin Rootkit Not found ]
Slapper Worm Not found ]
Sneakin Rootkit Not found ]
'Spanish' Rootkit Not found ]
Suckit Rootkit Not found ]
Superkit Rootkit Not found ]
TBD (Telnet BackDoor) Not found ]
TeLeKiT Rootkit Not found ]
T0rn Rootkit Not found ]
trNkit Rootkit Not found ]
Trojanit Kit Not found ]
Tuxtendo Rootkit Not found ]
URK Rootkit Not found ]
Vampire Rootkit Not found ]
VcKit Rootkit Not found ]
Volc Rootkit Not found ]
Xzibit Rootkit Not found ]
zaRwT.KiT Rootkit Not found ]
ZK Rootkit Not found ]
[Press <ENTER> to continue]
Performing additional rootkit checks
Suckit Rookit additional checks OK ]
Checking for possible rootkit files and directories None found ]
Checking for possible rootkit strings None found ]
Performing malware checks
Checking running processes for suspicious files None found ]
Checking for hidden processes Skipped ]
Checking for login backdoors None found ]
Checking for suspicious directories None found ]
Checking for sniffer log files None found ]
Suspicious Shared Memory segments None found ]
Checking for Apache backdoor Not found ]
Performing Linux specific checks
Checking loaded kernel modules OK ]
Checking kernel module names OK ]
[Press <ENTER> to continue]
Checking the network...
Performing checks on the network ports
Checking for backdoor ports None found ]
Performing checks on the network interfaces
Checking for promiscuous interfaces None found ]
Checking the local host...
Performing system boot checks
Checking for local host name Found ]
Checking for system startup files Found ]
Checking system startup files for malware None found ]
Performing group and account checks
Checking for passwd file Found ]
Checking for root equivalent (UID 0) accounts None found ]
Checking for passwordless accounts None found ]
Checking for passwd file changes Warning ]
Checking for group file changes Warning ]
Checking root account shell history files OK ]
Performing system configuration file checks
Checking for an SSH configuration file Found ]
Checking if SSH root access is allowed Not set ]
Checking if SSH protocol v1 is allowed Not set ]
Checking for a running system logging daemon Found ]
Checking for a system logging configuration file Found ]
Performing filesystem checks
Checking /dev for suspicious file types None found ]
Checking for hidden files and directories None found ]
[Press <ENTER> to continue]
System checks summary
=====================
File properties checks...
Required commands check failed
Files checked: 129
Suspect files: 4
Rootkit checks...
Rootkits checked : 383
Possible rootkits: 0
Applications checks...
All checks skipped
The system checks took: 4 minutes and 48 seconds
All results have been written to the log file: /var/log/rkhunter/rkhunter.log
One or more warnings have been found while checking the system.
Please check the log file (/var/log/rkhunter/rkhunter.log)
[root@localhost skiava]#
scusate per la lunghezza del file…
attendo una risposta.
Grazie.