Questions tagged [chkrootkit]
The chkrootkit tag has no summary.
25 questions
0
votes
1
answer
131
views
WARNING: /etc/chkrootkit.conf is deprecated. Please put your settings in /etc/chkrootkit/chkrootkit.conf instead
I just went through a few hundred messages in root's mail, there were plenty of these:
/etc/cron.daily/chkrootkit: WARNING: /etc/chkrootkit.conf is deprecated. Please put your settings in /etc/...
- 31.1k
0
votes
1
answer
240
views
Searching for rootkits with chkrootkit return unexpected results
I ran the rootkit program after his suggestion and noticed something on 1 line that said
Searching for Linux.Xor.DDoS ... INFECTED: Possible Malicious Linux.Xor.DDoS installed /tmp/...
0
votes
1
answer
73
views
Help in interpreting chkrootkit analysis for MS Teams package
I run from time to time a chkrootkit to make sure my install does not get infected. Today I ran it while MS team was on (I need to use it for my classes).
Here is what I found:
Checking `chkutmp'...
...
1
vote
2
answers
1k
views
chkrootkit reports possible malicious Linux.Xor.DDoS installed - how do I verify?
The files of concern it reports are below.
I'm not worried about the ones in /tmp/yarn* as I believe that's the package manager for NodeJS but the ones in tmp/_MEI* are concerning.
The other issue it ...
- 111
1
vote
1
answer
580
views
CentOS 7 Malware? - User "impress+" executes a command ("cron") with a high CPU consumption
One of my "CentOS 7" servers is showing very strange behavior. A user named "impress+" executes a command called "cron". This "cron" command is executed with a high CPU consumption.
I worry because I ...
- 713
18
votes
4
answers
31k
views
Invalid WEB_CMD configuration option: Relative pathname: "/bin/false"
I am on Ubuntu, I am trying to install rkhunter.
I've tried
apt-get install rkhunter
success
But then, I did
rkhunter --update
I kept getting
Invalid WEB_CMD configuration option: ...
- 482
1
vote
0
answers
170
views
What process is accessing this laptops webcam? Is it a rootkit?
Old laptop, running minecraft for the kids. Noticed the webcam light blinking for half a second randomly. Assumed it was a minecraft mod, nuked everything off and did a fresh Ubuntu install.
Sure ...
- 111
-1
votes
1
answer
244
views
Mint 19 tcpd INFECTED sha1sum
When I use rkhunter it always shows two warnings and possible 4 rootkit information:
Checking for suspicious (large) shared memory segments [ Warning ]
Checking for hidden files and directories ...
- 1
1
vote
0
answers
1k
views
What is "invalid argument" by a rootkit check?
I thought I should run a rootkit in connection to the recent Debian apt vulnerability, which I think I have fixed though. I used chkrootkit and get these two lines, which I'm not sure what to do with:
...
user147505
1
vote
1
answer
2k
views
How to treat supposed chkrootkit false positive
I installed chkrootkit with apt-install in a freshly installed Ubuntu server 16.04.3.
chkrootkit found suspicious files and directories after first run:
Searching for suspicious files and dirs, it ...
- 337
0
votes
2
answers
561
views
Better latest version or the package for rkhunter and chkrootkit?
The rkhunter version of the ubuntu package is currently 1.4.0, while the installer is version 1.4.4
The repo version of chkrootkit is 0.49, while its installer is 0.52
Since security is a major ...
- 337
0
votes
3
answers
3k
views
Can I remove "Linux/Ebury Operation Windigo" without wiping the entire drive?
I used chkrootkit, which told me that I had "Linux/Ebury Operation Windigo" installed, I doubled checked by running ssh -G which printed out usage, without "illegal option". I removed all ssh files ...
- 12k
0
votes
6
answers
5k
views
Linux Mint: I'm infected with a rootkit
I tried logging in to my admin account and it said password incorrect. There is no way it could have been incorrect since I copy-pasted it from a usb drive. I reset my password, installed chkrootkit ...
- 115
0
votes
1
answer
489
views
chkrootkit unable to execute by shell
I installed chkrootkit with yum (CentOS 6.5) server with plesk 12.5
but I'm unable to execute it.
[root@~]# chkrootkit
-bash: chkrootkit: command not found
[root@~]#
I cannot locate the application, ...
- 101
5
votes
0
answers
6k
views
The "chkproc: Warning: Possible LKM Trojan installed" appears and disappears
I have chkrootkit version 0.49 installed on Debian 6.5.
When I run sudo chkrootkit, I keep getting variable warnings about the LKM trojan, when I run the command repeatedly.
First run
Checking `lkm'...
- 807