Bug#651119: rkhunter: False positives when checking running processes for suspicious files
linux at slavino.sk
Tue Apr 24 17:13:13 UTC 2012
i go to similar problem.
Rootkit Hunter 1.3.6
the rkhunter reports warning:
Warning: Checking running processes for suspicious files [ Warning ]
Warning: One or more of these files were found: backdoor, adore.o,
mod_rootme.so, phide_mod.o, lbk.ko, vlogger.o, cleaner.o, cleaner, ava,
tzava, mod_klgr.o, hydra, hydra.restore, ras2xm, vobiscum, sshd3,
system, t0rnsb, t0rns, t0rnp, rx4u, rx2me, crontab, sshdu, glotzer,
holber, xhide, xh, emech, psybnc, mech, httpd.bin, mh, xl, write,
Phantasmagoria.o, lkt.o, nlkt.o
Check the output of the lsof command 'lsof -F n -w -n'
after check the output of the suggested lsof command i found opened the
file (more precise the directory):
This is directory of my regular samba share and was opened by samba. Other
files from the list are not found on my system.
My suggestion is simply provide the white list for this...
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 490 bytes
Desc: not available
More information about the forensics-devel