我进行了 chrootkit 扫描。它发现了一些东西,但没有对文件或目录的检测提出任何建议。有什么建议吗?
结果是:
The following suspicious files and directories were found:
/usr/lib/debug/.build-id
/lib/modules/4.4.0-93-generic/vdso/.build-id
/lib/modules/4.4.0-92-generic/vdso/.build-id
/lib/modules/4.4.0-91-generic/vdso/.build-id
答案1
这些文件/目录是否与一个软件包(或几个软件包)相关?
for thing in /usr/lib/debug/.build-id /lib/modules/4.4.0-93-generic/vdso/.build-id /lib/modules/4.4.0-92-generic/vdso/.build-id /lib/modules/4.4.0-91-generic/vdso/.build-id ; do
/bin/ls -ld $thing
/usr/bin/dpkg -S $thing
done
YMMV,但我的Ubuntu 16.04.3LTS,显示:
$ for thing in /usr/lib/debug/.build-id /lib/modules/4.4.0-93-generic/vdso/.build-id /lib/modules/4.4.0-92-generic/vdso/.build-id /lib/modules/4.4.0-91-generic/vdso/.build-id ; do
> /bin/ls -ld $thing
> /usr/bin/dpkg -S $thing
> done
drwxr-xr-x 229 root root 4096 Aug 14 17:54 /usr/lib/debug/.build-id
python-bzrlib-dbg, tclcl-dbg, python2.7-dbg, libfltk1.3-dbg, graphicsmagick-dbg, python3-tk-dbg, python3-gdbm-dbg:amd64, libglib2.0-0-dbg:amd64, libkf5wallet5-dbg:amd64, libtk8.6-dbg:amd64, libtcl8.6-dbg:amd64, libc6-dbg:amd64, atanks-dbg, ballz-dbg, lyx-dbg, liblqr-1-0-dbg, ntfs-3g-dbg, python3.5-dbg, evolution-dbg, freeglut3-dbg:amd64, libgd-dbg:amd64, libgdk-pixbuf2.0-0-dbg:amd64: /usr/lib/debug/.build-id
drwxr-xr-x 5 root root 4096 Aug 28 18:31 /lib/modules/4.4.0-93-generic/vdso/.build-id
linux-image-4.4.0-93-generic: /lib/modules/4.4.0-93-generic/vdso/.build-id
drwxr-xr-x 5 root root 4096 Aug 15 19:30 /lib/modules/4.4.0-92-generic/vdso/.build-id
linux-image-4.4.0-92-generic: /lib/modules/4.4.0-92-generic/vdso/.build-id
/bin/ls: cannot access '/lib/modules/4.4.0-91-generic/vdso/.build-id': No such file or directory
dpkg-query: no path found matching pattern /lib/modules/4.4.0-91-generic/vdso/.build-id
我没linux-image-4.4.0-91-generic安装。
这是 的误报结果chkrootkit,表明任何预先打包的“我是否已扎根?”测试都存在困难。虽然测试在打包时可能没有问题,但它们落后于被检查环境的变化。鉴于出现误报结果的可能性很高,这种类型的工具应仅用作第一步,作为进一步调查的触发因素。必须先了解情况,然后采取行动。
答案2
不,这不是病毒!:) 不要删除它,它可能是系统文件夹。希望有帮助!