rkhunter 扫描结果

rkhunter 扫描结果

我是 Ubuntu 新手,正在寻求帮助。我用 rkhunter 扫描了我的 Ubuntu,得到了一些令人担忧的结果:

Warning: The following processes are using deleted files:
Process: /sbin/init PID: 1 File: /var/log/upstart/systemd-logind.log.1
Process: /usr/sbin/cups-browsed PID: 1168 File: /etc/passwd
Process: /sbin/init PID: 2170 File: /home/pwn20wn/.cache/upstart/indicator-bluetooth.log.1
Process: /usr/lib/x86_64-linux-gnu/bamf/bamfdaemon PID: 2400 File: /home/pwn20wn/.local/share/gvfs-metadata/root
Process: /usr/lib/firefox/firefox PID: 2703 File: /var/tmp/etilqs_F4ZmiXL3Bx5CrjT
Process: /usr/bin/unity-scope-loader PID: 2959 File: /home/pwn20wn/.cache/software-center/software-center-agent.db/record.DB
Warning: Process '/sbin/wpa_supplicant' (PID 1167) is listening on the network.
Warning: Process '/sbin/dhclient' (PID 1349) is listening on the network.
Warning: Suspicious file types found in /dev:
/dev/.udev/rules.d/root.rules: ASCII text
Warning: Hidden directory found: /etc/.java: directory 
Warning: Hidden directory found: /dev/.udev: directory 
Warning: Hidden file found: /dev/.initramfs: symbolic link to `/run/initramfs' 
Warning: Application 'openssl', version '1.0.1f', is out of date, and possibly a security risk.

我想知道这些是误报还是真正的威胁以及如何解决它们。非常感谢!

答案1

RKHunter 因误报率高而闻名。ClamAV 更好一些!

这 3 个隐藏目录并不危险!我从 2010 年起就收到这些通知。

/etc/.java 由 Oracle Java 和 OpenJDK 创建,用于数字证书。

/dev/.udev 由 udevd 守护进程创建。

/run/initramfs 的 /dev/.initramfs 符号链接是系统启动过程中挂载初始 RAM 文件系统的地方。

您可以毫无问题地删除它们,系统会在必要时重新创建它们。

相关内容