我的 rkhunter 扫描有一些误报。然而我今天做了扫描,这些结果确实让我有点担心,我现在有 8 个警告。我将发布我不确定的警告。
/usr/sbin/runlevel [ Warning
/usr/bin/sudo [ Warning
/usr/bin/systemd [ Warning ]
/usr/bin/systemctl [ Warning ]
/usr/lib/systemd/systemd [ Warning ]
这些是出现的新警告。我查看了日志并发现了这一点。
[23:25:11] /usr/sbin/runlevel [ Warning ]
[23:25:11] Warning: The file properties have changed:
[23:25:11] File: /usr/sbin/runlevel
[23:25:11] Current hash: f48396b4d8fbf906a0a12ec5f9581a119fe266b0d61919c251e8320bd099327a
[23:25:11] Stored hash : a9c198f924de92ab40633d345c55b6e84986e6e58f5569220871af3edeaca069
[23:25:11] Current inode: 25954758 Stored inode: 25954035
[23:25:11] Current file modification time: 1679322728 (20-Mar-2023 10:32:08)
[23:25:11] Stored file modification time : 1677761882 (02-Mar-2023 07:58:02)
[23:25:18] /usr/bin/sudo [ Warning ]
[23:25:18] Warning: The file properties have changed:
[23:25:18] File: /usr/bin/sudo
[23:25:18] Current hash: 7d3c2983ad2f278d9e799b5792f13f57bf890bd3b03d10b36e53bf0b6677895e
[23:25:18] Stored hash : 49278c0ebbc089cc04cfa6136a8011519fbaca9d99106443212e43c2141a7ff9
[23:25:18] Current inode: 25957682 Stored inode: 25953068
[23:25:18] Current file modification time: 1680544844 (03-Apr-2023 14:00:44)
[23:25:18] Stored file modification time : 1677679177 (01-Mar-2023 08:59:37)
[23:25:19] Warning: The file properties have changed:
[23:25:19] File: /usr/bin/systemd
[23:25:19] Current hash: 477209848fabcaf52c060d98287f880845cb07fc9696216dbcfe9b6ea8e72bcd
[23:25:19] Stored hash : c76a78e1572f62e0b28e0e5c459bd475917eb92177bdbeedf965d22c261b0f82
[23:25:19] Current inode: 25957781 Stored inode: 25956458
[23:25:19] Current file modification time: 1679322728 (20-Mar-2023 10:32:08)
[23:25:19] Stored file modification time : 1677761882 (02-Mar-2023 07:58:02)
[23:25:19] /usr/bin/systemctl [ Warning ]
[23:25:19] Warning: The file properties have changed:
[23:25:19] File: /usr/bin/systemctl
[23:25:19] Current hash: f48396b4d8fbf906a0a12ec5f9581a119fe266b0d61919c251e8320bd099327a
[23:25:19] Stored hash : a9c198f924de92ab40633d345c55b6e84986e6e58f5569220871af3edeaca069
[23:25:19] Current inode: 25953751 Stored inode: 25954081
[23:25:19] Current size: 1119856 Stored size: 1115760
[23:25:19] Current file modification time: 1679322728 (20-Mar-2023 10:32:08)
[23:25:19] Stored file modification time : 1677761882 (02-Mar-2023 07:58:02)
23:25:22] /usr/lib/systemd/systemd [ Warning ]
[23:25:22] Warning: The file properties have changed:
[23:25:22] File: /usr/lib/systemd/systemd
[23:25:22] Current hash: 477209848fabcaf52c060d98287f880845cb07fc9696216dbcfe9b6ea8e72bcd
[23:25:22] Stored hash : c76a78e1572f62e0b28e0e5c459bd475917eb92177bdbeedf965d22c261b0f82
[23:25:22] Current inode: 25954768 Stored inode: 25956371
[23:25:22] Current file modification time: 1679322728 (20-Mar-2023 10:32:08)
[23:25:22] Stored file modification time : 1677761882 (02-Mar-2023 07:58:02)
我真的需要这方面的帮助来查明这是否是误报。 Systemd 确实与其他警告一起引起了我的关注。谢谢。
更新
一位用户告诉我查看最近的更新,我记得我确实做了一些 linux 希望我在过去 2 天做的更新,我在更新历史中发现了一些行 libsystemd0、systemd-coredump、libnss-systemd、systemd、libpam- systemd 和其他更新。看到所有这些涉及 systemd 的更新肯定是误报的迹象。在这些扫描之后,我需要更多地查看我的更新历史记录。我要查看 rkhunter 中的手册页,将每个警告恢复为 OK。它解决了。
答案1
当系统使用apt-get或进行更新时通常会出现这种情况apt。使用以下任一方法更新 rkhunter 文件属性数据库后再次尝试扫描:
sudo rkhunter --propupd
或者,
sudo rkhunter --update --propupd