我是否应该担心 rkhunter 的这些扫描结果?
[22:09:40] Info: Starting test name 'passwd_changes'
[22:09:40] Checking for passwd file changes [ Warning ]
[22:09:40] Warning: User 'usermetrics' has been added to the passwd file.
[22:09:40] Warning: User 'clickpkg' has been added to the passwd file.
[22:09:40]
[22:09:40] Info: Starting test name 'group_changes'
[22:09:40] Checking for group file changes [ Warning ]
[22:09:40] Warning: Group 'usermetrics' has been added to the group file.
[22:09:40] Warning: Group 'clickpkg' has been added to the group file.
[22:09:40] Checking root account shell history files [ None found ]
正如 rkhunter 报告的那样,我在 /etc/passwd 文件末尾看到了 usermetrics 行和 clickpkg 行。
答案1
没有必要担心。因为 rkhunter 在安装过程中会保留每个文件的数据库,并将文件与其数据库进行比较以查看更改...如果文件已更改,则会发出警告。我不确定你在安装过程中创建了哪个组或任何程序,请务必查看 sudo gedit /var/log/rkhunter.log 并查找更改,并且大多数组中的脚本更改和 passwd 文件都列入白名单,这意味着如果你更改用户的密码,它会显示警告,这是误报