rkhunter says apps not checked at users request. Thats ews to me.
I just ran rkhunter for the first time on a new system. I noticed that the
log noted that apps and hidden apps were disabled at the users request. Am
I missing something in the logic or is there something wrong here. Here's
a relevant part of the log. What caused rkhunter to not check hidden
processes and the apps? Or is this normal behavior?
[15:56:55] Info: Test 'hidden_procs' disabled at users request. [15:56:55]
[15:56:55] Info: Test 'suspscan' disabled at users request. [15:56:55]
[15:56:55] Info: Starting test name 'other_malware' [15:56:55] Performing
check for login backdoors [15:56:55] Checking for '/bin/.login' [ Not
found ] [15:56:55] Checking for '/sbin/.login' [ Not found ] [15:56:55]
Checking for login backdoors [ None found ] [15:56:55] [15:56:55]
Performing check for suspicious directories [15:56:55] Checking for
directory '/usr/X11R6/bin/.,/copy' [ Not found ] [15:56:55] Checking for
directory '/dev/rd/cdb' [ Not found ] [15:56:55] Checking for suspicious
directories [ None found ] [15:56:55] [15:56:55] Checking for software
intrusions [ Skipped ] [15:56:55] Info: Check skipped - tripwire not
installed [15:56:55] [15:56:55] Performing check for sniffer log files
[15:56:55] Checking for file '/usr/lib/libice.log' [ Not found ]
[15:56:55] Checking for file '/dev/prom/sn.l' [ Not found ] [15:56:55]
Checking for file '/dev/fd/.88/zxsniff.log' [ Not found ] [15:56:55]
Checking for sniffer log files [ None found ] [15:56:55] [15:56:55] Info:
Starting test name 'trojans' [15:56:55] Performing trojan specific checks
[15:56:55] Checking for enabled inetd services [ Skipped ] [15:56:55]
Info: Check skipped - file '/etc/inetd.conf' does not exist. [15:56:55]
[15:56:55] Performing check for enabled xinetd services [15:56:55]
Checking for enabled xinetd services [ Skipped ] [15:56:55] Info: Check
skipped - file '/etc/xinetd.conf' does not exist. [15:56:55] Info: Apache
backdoor check skipped: Apache modules and configuration directories not
found. [15:56:55] [15:56:55] Info: Starting test name 'os_specific'
[15:56:55] Performing Linux specific checks [15:56:55] Checking loaded
kernel modules [ OK ] [15:56:56] Info: Using modules pathname of
'/lib/modules/3.2.0-54-generic' [15:56:56] Checking kernel module names [
OK ] [15:56:58] [15:56:58] Info: Starting test name 'network' [15:56:58]
Checking the network... [15:56:58] [15:56:58] Performing checks on the
network ports [15:56:58] Info: Starting test name 'ports' [15:56:58]
Performing check for backdoor ports [15:56:58] Checking for TCP port 1524
[ Not found ] [15:56:58] Checking for TCP port 1984 [ Not found ]
[15:56:59] Checking for UDP port 2001 [ Not found ] [15:56:59] Checking
for TCP port 2006 [ Not found ] [15:56:59] Checking for TCP port 2128 [
Not found ] [15:56:59] Checking for TCP port 6666 [ Not found ] [15:56:59]
Checking for TCP port 6667 [ Not found ] [15:56:59] Checking for TCP port
6668 [ Not found ] [15:56:59] Checking for TCP port 6669 [ Not found ]
[15:56:59] Checking for TCP port 7000 [ Not found ] [15:56:59] Checking
for TCP port 13000 [ Not found ] [15:56:59] Checking for TCP port 14856 [
Not found ] [15:56:59] Checking for TCP port 25000 [ Not found ]
[15:56:59] Checking for TCP port 29812 [ Not found ] [15:57:00] Checking
for TCP port 31337 [ Not found ] [15:57:00] Checking for TCP port 32982 [
Not found ] [15:57:00] Checking for TCP port 33369 [ Not found ]
[15:57:00] Checking for TCP port 47107 [ Not found ] [15:57:00] Checking
for TCP port 47018 [ Not found ] [15:57:00] Checking for TCP port 60922 [
Not found ] [15:57:00] Checking for TCP port 62883 [ Not found ]
[15:57:00] Checking for TCP port 65535 [ Not found ] [15:57:00] Checking
for backdoor ports [ None found ] [15:57:00] [15:57:00] Info: Starting
test name 'hidden_ports' [15:57:00] Checking for hidden ports [ Skipped ]
[15:57:00] Info: Unable to find the 'unhide-tcp' command [15:57:00]
[15:57:00] Performing checks on the network interfaces [15:57:00] Info:
Starting test name 'promisc' [15:57:00] Checking for promiscuous
interfaces [ None found ] [15:57:00] [15:57:00] Info: Test
'packet_cap_apps' disabled at users request. [15:57:00] [15:57:00] Info:
Starting test name 'local_host' [15:57:00] Checking the local host...
[15:57:00] [15:57:00] Info: Starting test name 'startup_files' [15:57:00]
Performing system boot checks [15:57:01] Checking for local host name [
Found ] [15:57:01] [15:57:01] Info: Starting test name 'startup_malware'
[15:57:01] Checking for system startup files [ Found ] [15:57:02] Checking
system startup files for malware [ None found ] [15:57:02] [15:57:02]
Info: Starting test name 'group_accounts' [15:57:02] Performing group and
account checks [15:57:02] Checking for passwd file [ Found ] [15:57:02]
Info: Found password file: /etc/passwd [15:57:02] Checking for root
equivalent (UID 0) accounts [ None found ] [15:57:02] Info: Found shadow
file: /etc/shadow [15:57:02] Checking for passwordless accounts [ None
found ] [15:57:02] [15:57:02] Info: Starting test name 'passwd_changes'
[15:57:02] Checking for passwd file changes [ None found ] [15:57:02]
[15:57:02] Info: Starting test name 'group_changes' [15:57:02] Checking
for group file changes [ None found ] [15:57:02] Checking root account
shell history files [ None found ] [15:57:02] [15:57:02] Info: Starting
test name 'system_configs' [15:57:02] Performing system configuration file
checks [15:57:03] Checking for SSH configuration file [ Not found ]
[15:57:03] Checking for running syslog daemon [ Found ] [15:57:03] Info:
Found rsyslog configuration file: /etc/rsyslog.conf [15:57:03] Checking
for syslog configuration file [ Found ] [15:57:03] Checking if syslog
remote logging is allowed [ Not allowed ] [15:57:03] [15:57:03] Info:
Starting test name 'filesystem' [15:57:03] Performing filesystem checks
[15:57:03] Info: SCAN_MODE_DEV set to 'THOROUGH' [15:57:03] Checking /dev
for suspicious file types [ None found ] [15:57:03] Checking for hidden
files and directories [ Warning ] [15:57:03] Warning: Hidden directory
found: /etc/.java [15:57:03] Warning: Hidden directory found: /dev/.udev
[15:57:03] Warning: Hidden file found: /dev/.initramfs: symbolic link to
`/run/initramfs' [15:57:08] [15:57:08] Info: Test 'apps' disabled at users
request. [15:57:08] [15:57:08] System checks summary [15:57:08]
===================== [15:57:08] [15:57:08] File properties checks...
[15:57:09] Files checked: 135 [15:57:09] Suspect files: 1 [15:57:09]
[15:57:09] Rootkit checks... [15:57:09] Rootkits checked : 242 [15:57:09]
Possible rootkits: 0 [15:57:09] [15:57:09] Applications checks...
[15:57:09] All checks skipped [15:57:09] [15:57:09] The system checks
took: 1 minute and 22 seconds [15:57:09] [15:57:09] Info: End date is Mon
Sep 30 15:57:09 EDT 2013
No comments:
Post a Comment