每次我重新安装任何 Linux 系统时,无论是 Ubuntu 版本、Solus 还是 Debian(在救援模式下安装一夜),我似乎都会遇到错误并运行Chkroot工具包总是在安装当天的某个时间点(大多数时候是在第一次扫描时)出现在最后说“未找到以下用户进程的 tty”:
Checking `chkutmp'... The tty of the following user process(es) were not found
in /var/run/utmp !
! RUID PID TTY CMD
! user+ 2123 pts/0 bash
! root 2511 pts/0 /bin/sh /usr/sbin/chkrootkit
! root 3187 pts/0 ./chkutmp
! root 3189 pts/0 ps axk tty,ruser,args -o tty,pid,ruser,args
! root 3188 pts/0 sh -c ps axk "tty,ruser,args" -o "tty,pid,ruser,args"
! root 2510 pts/0 sudo chkrootkit
chkutmp: nothing deleted
Checking `OSX_RSPLUG'... not tested
我尝试过很多方法来解决这个问题,但似乎只能缓解问题而不能完全解决问题,或者到目前为止有几次暂时没有检测到 tty 问题,但在使用 apt 和 snap 商店从终端安装简单的软件包(如 Chromium、VLC、Gparted、Synaptic)后,它在同一天从全新安装中再次出现。
我已经使用Debian在救援模式使用以下命令完全擦除并用随机数据覆盖我的硬盘:
dd if=/dev/urandom of=/dev/sda
dd if=/dev/urandom of=/dev/sdb
还使用以下命令尝试重置我的 RAM,使用以下命令删除所有交换和循环数据:
sync; echo 1 /proc/syn/vm/drop_caches
sync; echo 2 /proc/syn/vm/drop_caches
sync; echo 3 /proc/syn/vm/drop_caches
echo 3 > proc/sys/vm/drop_caches && swapoff -a && swapon -a && printf '\n%s\n' 'Ram-cache and Swap Cleared'
我已经安装并运行硬件探测来自 Snap Store,结果如下:
https://linux-hardware.org/?probe=11cbce30b4
那里的某些结果似乎没有任何意义,即在我看来好像它检测到插入了 SD 卡,但实际上并没有,而且在我执行的任何探测中也没有检测到任何其他可移动媒体。
此外,在页面底部无线的简单地说:'1. Rfkill' 并且没有列出其他内容,也没有提供更多信息的链接,就像我到目前为止查看过的其他用户的所有探测一样,甚至是针对同一东芝 Satellite C660型号范围与我的笔记本电脑相同,但有一些其他差异看起来有点奇怪,虽然不幸的是,其他用户似乎没有和我一模一样的笔记本电脑,从外观上看是东芝 C660D,而我的是C660-2EL。我个人不知道如何理解“无线”下的结果,除了它与大多数(如果不是全部)其他用户的探测不同之外。
接下来,每当我全新安装视窗和没有其他安装了操作系统,可移除设备出现在装置经理当我右击并选择卸载但重启后就会返回。
我不确定,但我认为 SD 卡硬件探测看起来在我的Linux系统上检测到的是相同的神秘可移动设备重新出现在视窗'设备管理器,磁盘驱动器中没有任何剩余内容,也没有任何可移动设备连接根本。
这可能是某种已挂载的内存卷/块设备这可以解释为什么“/dev/sdb' 总是出现在我的硬盘上,与我安装 Linux 操作系统的主分区分开' 在 '/dev/sda“”。
就像从多个不同的 USB 驱动器/DVD 安装时自动出现的额外 Linux 分区一样,额外的无法访问‘磁盘' 假设容量为 0 Mb也出现在 Windows 中命令提示符运行后磁盘分区命令,尽管以管理员身份运行或尝试通过在 BIOS 菜单上按 F8 来通过恢复模式进行访问或通过可启动驱动器加载。
我必须提到,自从我在 2012 年 10 月左右开始使用我的笔记本电脑以来,我从来没有做过任何改装。重申一下,该型号是东芝 C660-2EL, 在制作2012序列号为:XB018145K。我尝试在 Windows 中刷新 BIOS,但无济于事,尽管我确信我做的一切都是正确的,但每种方法都因某种原因失败了。BIOS 在 Linux 硬件监视器上显示为 TOSHIBA,但实际上凤凰就我而言一直都是这样,但其他东芝笔记本电脑探测器也显示同样的情况,所以我认为这很正常。
以下是我最后一次完整的 Chkrootkit 扫描:
ROOTDIR is `/'
Checking `amd'... not found
Checking `basename'... not infected
Checking `biff'... not found
Checking `chfn'... not infected
Checking `chsh'... not infected
Checking `cron'... not infected
Checking `crontab'... not infected
Checking `date'... not infected
Checking `du'... not infected
Checking `dirname'... not infected
Checking `echo'... not infected
Checking `egrep'... not infected
Checking `env'... not infected
Checking `find'... not infected
Checking `fingerd'... not found
Checking `gpm'... not found
Checking `grep'... not infected
Checking `hdparm'... not infected
Checking `su'... not infected
Checking `ifconfig'... not infected
Checking `inetd'... not infected
Checking `inetdconf'... not found
Checking `identd'... not found
Checking `init'... not infected
Checking `killall'... not infected
Checking `ldsopreload'... not infected
Checking `login'... not infected
Checking `ls'... not infected
Checking `lsof'... not infected
Checking `mail'... not found
Checking `mingetty'... not found
Checking `netstat'... not infected
Checking `named'... not found
Checking `passwd'... not infected
Checking `pidof'... not infected
Checking `pop2'... not found
Checking `pop3'... not found
Checking `ps'... not infected
Checking `pstree'... not infected
Checking `rpcinfo'... not found
Checking `rlogind'... not found
Checking `rshd'... not found
Checking `slogin'... not infected
Checking `sendmail'... not found
Checking `sshd'... not found
Checking `syslogd'... not tested
Checking `tar'... not infected
Checking `tcpd'... not found
Checking `tcpdump'... not infected
Checking `top'... not infected
Checking `telnetd'... not found
Checking `timed'... not found
Checking `traceroute'... not found
Checking `vdir'... not infected
Checking `w'... not infected
Checking `write'... not infected
Checking `aliens'... no suspect files
Searching for sniffer's logs, it may take a while... nothing found
Searching for rootkit HiDrootkit's default files... nothing found
Searching for rootkit t0rn's default files... nothing found
Searching for t0rn's v8 defaults... nothing found
Searching for rootkit Lion's default files... nothing found
Searching for rootkit RSHA's default files... nothing found
Searching for rootkit RH-Sharpe's default files... nothing found
Searching for Ambient's rootkit (ark) default files and dirs... nothing found
Searching for suspicious files and dirs, it may take a while... The following suspicious files and directories were found:
/usr/lib/debug/.build-id /usr/lib/libreoffice/share/fonts/truetype/.uuid /usr/lib/modules/5.3.0-19-generic/vdso/.build-id /usr/lib/modules/5.3.0-18-generic/vdso/.build-id /usr/lib/python3/dist-packages/PyQt5/uic/widget-plugins/.noinit
/usr/lib/debug/.build-id /usr/lib/modules/5.3.0-19-generic/vdso/.build-id /usr/lib/modules/5.3.0-18-generic/vdso/.build-id
Searching for LPD Worm files and dirs... nothing found
Searching for Ramen Worm files and dirs... nothing found
Searching for Maniac files and dirs... nothing found
Searching for RK17 files and dirs... nothing found
Searching for Ducoci rootkit... nothing found
Searching for Adore Worm... nothing found
Searching for ShitC Worm... nothing found
Searching for Omega Worm... nothing found
Searching for Sadmind/IIS Worm... nothing found
Searching for MonKit... nothing found
Searching for Showtee... nothing found
Searching for OpticKit... nothing found
Searching for T.R.K... nothing found
Searching for Mithra... nothing found
Searching for LOC rootkit... nothing found
Searching for Romanian rootkit... nothing found
Searching for Suckit rootkit... nothing found
Searching for Volc rootkit... nothing found
Searching for Gold2 rootkit... nothing found
Searching for TC2 Worm default files and dirs... nothing found
Searching for Anonoying rootkit default files and dirs... nothing found
Searching for ZK rootkit default files and dirs... nothing found
Searching for ShKit rootkit default files and dirs... nothing found
Searching for AjaKit rootkit default files and dirs... nothing found
Searching for zaRwT rootkit default files and dirs... nothing found
Searching for Madalin rootkit default files... nothing found
Searching for Fu rootkit default files... nothing found
Searching for ESRK rootkit default files... nothing found
Searching for rootedoor... nothing found
Searching for ENYELKM rootkit default files... nothing found
Searching for common ssh-scanners default files... nothing found
Searching for Linux/Ebury - Operation Windigo ssh... not tested
Searching for 64-bit Linux Rootkit ... nothing found
Searching for 64-bit Linux Rootkit modules... nothing found
Searching for Mumblehard Linux ... nothing found
Searching for Backdoor.Linux.Mokes.a ... nothing found
Searching for Malicious TinyDNS ... nothing found
Searching for Linux.Xor.DDoS ... nothing found
Searching for Linux.Proxy.1.0 ... nothing found
Searching for suspect PHP files... nothing found
Searching for anomalies in shell history files... nothing found
Checking `asp'... not infected
Checking `bindshell'... not infected
Checking `lkm'... chkproc: nothing detected
chkdirs: nothing detected
Checking `rexedcs'... not found
Checking `sniffer'... lo: not promisc and no packet sniffer sockets
wlp6s0: PACKET SNIFFER(/usr/sbin/wpa_supplicant[951], /usr/sbin/wpa_supplicant[951])
tun0: not promisc and no packet sniffer sockets
Checking `w55808'... not infected
Checking `wted'... chkwtmp: nothing deleted
Checking `scalper'... not infected
Checking `slapper'... not infected
Checking `z2'... user jacidious deleted or never logged from lastlog!
Checking `chkutmp'... The tty of the following user process(es) were not found
in /var/run/utmp !
! RUID PID TTY CMD
! user+ 2123 pts/0 bash
! root 2511 pts/0 /bin/sh /usr/sbin/chkrootkit
! root 3187 pts/0 ./chkutmp
! root 3189 pts/0 ps axk tty,ruser,args -o tty,pid,ruser,args
! root 3188 pts/0 sh -c ps axk "tty,ruser,args" -o "tty,pid,ruser,args"
! root 2510 pts/0 sudo chkrootkit