rkhunter 警告

tag-icon tag-icon malware antivirus rkhunter rootkit
rkhunter 警告

你好,我刚刚运行了 rkhunters 并收到很多警告,这些警告并不是我第一次运行时发现的。

我将把结果放在这里,看看是否有人可以帮助我并告诉我它们是否是 rootkit。

它说可能存在 rootkit,但没有说可能是哪种警告。

[ Rootkit Hunter version 1.4.6 ]

Checking system commands...

  Performing 'strings' command checks

/usr/sbin/groupadd                                       [ Warning ]
    /usr/sbin/groupdel                                       [ Warning ]
    /usr/sbin/groupmod                                       [ Warning ]
    /usr/sbin/grpck                                          [ Warning ]


/usr/sbin/ifdown                                         [ Warning ]
    /usr/sbin/ifup                                           [ Warning ]

/usr/sbin/nologin                                        [ Warning ]
    /usr/sbin/pwck                                           [ Warning ]


/usr/sbin/useradd                                        [ Warning ]
    /usr/sbin/userdel                                        [ Warning ]
    /usr/sbin/usermod                                        [ Warning ]
    /usr/sbin/vipw                                           [ Warning ]


    /usr/bin/lastlog                                         [ Warning ]


    /usr/bin/login                                           [ Warning ]


/usr/bin/newgrp                                          [ Warning ]
    /usr/bin/passwd                                          [ Warning ]


    /usr/bin/size                                            [ Warning ]


    /usr/bin/strings                                         [ Warning ]


    /usr/bin/lwp-request                                     [ Warning ]


 /usr/bin/x86_64-linux-gnu-size                           [ Warning ]
    /usr/bin/x86_64-linux-gnu-strings                        [ Warning ]


 Performing additional rootkit checks


    Checking for suspicious (large) shared memory segments   [ Warning ]


   Checking for passwd file changes                         [ Warning ]
    Checking for group file changes                          [ Warning ]


    Checking for hidden files and directories                [ Warning ]


System checks summary
=====================

File properties checks...
    Files checked: 145
    Suspect files: 21

Rootkit checks...
    Rootkits checked : 477
    Possible rootkits: 1

Applications checks...
    All checks skipped

The system checks took: 54 seconds

All results have been written to the log file: /var/log/rkhunter.log

One or more warnings have been found while checking the system.
Please check the log file (/var/log/rkhunter.log)

==========================================================================

/var/log/rkhunter.log


[18:38:13]   Checking for enabled inetd services             [ Skipped ]


[18:38:13]   Checking for enabled xinetd services            [ Skipped ]


Checking for local host name                    [ Found ]
[18:38:19]
[18:38:19] Info: Starting test name 'startup_malware'
[18:38:19]   Checking for system startup files               [ Found ]
[18:38:21]   Checking system startup files for malware       [ None found ]
[18:38:21]
[18:38:21] Info: Starting test name 'group_accounts'
[18:38:21] Performing group and account checks
[18:38:21]   Checking for passwd file                        [ Found ]
[18:38:21] Info: Found password file: /etc/passwd
[18:38:21]   Checking for root equivalent (UID 0) accounts   [ None found ]
[18:38:21] Info: Found shadow file: /etc/shadow
[18:38:21]   Checking for passwordless accounts              [ None found ]
[18:38:21]
[18:38:21] Info: Starting test name 'passwd_changes'
[18:38:21]   Checking for passwd file changes                [ Warning ]
[18:38:21] Warning: User 'snapd-range-524288-root' has been added to the passwd file.
[18:38:21] Warning: User 'snap_daemon' has been added to the passwd file.
[18:38:21] Warning: User 'lightdm' has been added to the passwd file.
[18:38:21]
[18:38:21] Info: Starting test name 'group_changes'
[18:38:21]   Checking for group file changes                 [ Warning ]
[18:38:21] Warning: Group 'vboxusers' has been removed from the group file.
[18:38:21] Warning: Group 'snapd-range-524288-root' has been added to the group file.
[18:38:21] Warning: Group 'snap_daemon' has been added to the group file.
[18:38:21] Warning: Group 'lightdm' has been added to the group file.
[18:38:21] Warning: Group 'nopasswdlogin' has been added to the group file.
[18:38:21]   Checking root account shell history files       [ OK ]


[18:38:21] Info: Starting test name 'filesystem'
[18:38:21] Performing filesystem checks
[18:38:21] Info: SCAN_MODE_DEV set to 'THOROUGH'
[18:38:22]   Checking /dev for suspicious file types         [ None found ]
[18:38:22]   Checking for hidden files and directories       [ Warning ]
[18:38:22] Warning: Hidden directory found: /etc/.java
[18:38:22]   Checking for missing log files                  [ Skipped ]
[18:38:22] Info: No missing log file names configured.
[18:38:22]   Checking for empty log files                    [ Skipped ]
[18:38:22] Info: No empty log file names configured.
[18:38:35]
[18:38:35] Info: Test 'apps' disabled at users request.
[18:38:35]
[18:38:35] System checks summary
[18:38:35] =====================
[18:38:35]
[18:38:35] File properties checks...
[18:38:35] Files checked: 145
[18:38:35] Suspect files: 21
[18:38:35]
[18:38:35] Rootkit checks...
[18:38:35] Rootkits checked : 477
[18:38:35] Possible rootkits: 1
[18:38:35]
[18:38:35] Applications checks...
[18:38:35] All checks skipped
[18:38:35]
[18:38:35] The system checks took: 54 seconds
[18:38:35]
[18:38:35] Info: End date is mar 13 dic 2022 18:38:35 CET

相关内容