Linux Format forums Forum Index Linux Format forums
Help, discussion, magazine feedback and more
 
 FAQFAQ   SearchSearch   MemberlistMemberlist   UsergroupsUsergroups   RegisterRegister 
 ProfileProfile   Log in to check your private messagesLog in to check your private messages   Log inLog in 

root kit hunter

 
Post new topic   Reply to topic    Linux Format forums Forum Index -> Help!
View previous topic :: View next topic  
Author Message
towy71
Moderator


Joined: Wed Apr 06, 2005 3:11 pm
Posts: 4242
Location: wild West Wales

PostPosted: Mon Jun 13, 2005 12:37 pm    Post subject: root kit hunter Reply with quote

ok, installed rkhunter and ran it and it came up with the following:

* Filesystem checks
Checking /dev for suspicious files... [ OK ]
Scanning for hidden files... [ Warning! ]
---------------
/dev/.udevdb
/dev/.static /etc/.pwd.lock
---------------
Please inspect: /dev/.udevdb (directory) /dev/.static (directory)

Now what does this mean? And what should I do?
_________________
still looking for that door into summer
Back to top
View user's profile Send private message
youlikeicecream
LXF regular


Joined: Fri Jun 03, 2005 12:40 pm
Posts: 721
Location: Oxford

PostPosted: Mon Jun 13, 2005 12:39 pm    Post subject: RE: root kit hunter Reply with quote

what does root kit hunter do ?
Back to top
View user's profile Send private message Yahoo Messenger MSN Messenger
firefox



Joined: Mon Apr 11, 2005 12:21 pm
Posts: 64

PostPosted: Mon Jun 13, 2005 12:58 pm    Post subject: RE: root kit hunter Reply with quote

Hunts for root kits.
Back to top
View user's profile Send private message
Nigel
LXF regular


Joined: Fri Apr 08, 2005 9:03 pm
Posts: 1141
Location: Gloucestershire, UK

PostPosted: Mon Jun 13, 2005 1:02 pm    Post subject: RE: root kit hunter Reply with quote

What it means is that you have some "hidden" subdirectories in your /dev directory (ie ones that will show up with ls -a but not with ls).
Now, that may or may not mean anything. You now have to try to find out what these directories were created by and why.

.udevdb looks OK - see http://www.linuxforums.org/forum/topic-43465.html
Can't find anything at the moment on .static

Similarly you have a file in /etc called .pwd.lock that it thinks is suspicious. Again I think it's a false alarm... see http://www.hgmp.mrc.ac.uk/cgi-bin/man.cgi?section=3C&topic=lckpwdf for more details.
_________________
Hope this helps,

Nigel.
Back to top
View user's profile Send private message
towy71
Moderator


Joined: Wed Apr 06, 2005 3:11 pm
Posts: 4242
Location: wild West Wales

PostPosted: Mon Jun 13, 2005 1:33 pm    Post subject: RE: root kit hunter Reply with quote

these directories were created when I plugged in my pen drive and my multicard reader so all is cool Smile
thanks Nigel it did help Wink

Dick
_________________
still looking for that door into summer
Back to top
View user's profile Send private message
youlikeicecream
LXF regular


Joined: Fri Jun 03, 2005 12:40 pm
Posts: 721
Location: Oxford

PostPosted: Mon Jun 13, 2005 4:33 pm    Post subject: RE: root kit hunter Reply with quote

excuse me for being silly but what is a root kit ?

Smile
Back to top
View user's profile Send private message Yahoo Messenger MSN Messenger
towy71
Moderator


Joined: Wed Apr 06, 2005 3:11 pm
Posts: 4242
Location: wild West Wales

PostPosted: Mon Jun 13, 2005 4:35 pm    Post subject: RE: root kit hunter Reply with quote

http://www.rootkit.com/index.php
_________________
still looking for that door into summer
Back to top
View user's profile Send private message
youlikeicecream
LXF regular


Joined: Fri Jun 03, 2005 12:40 pm
Posts: 721
Location: Oxford

PostPosted: Tue Jun 14, 2005 3:46 pm    Post subject: RE: root kit hunter Reply with quote

So a rootkit allows you to use neat tricks to hide nasties on windows machines ?

Mike Smile
Back to top
View user's profile Send private message Yahoo Messenger MSN Messenger
nelz
Site admin


Joined: Mon Apr 04, 2005 12:52 pm
Posts: 8364
Location: Warrington, UK

PostPosted: Tue Jun 14, 2005 4:33 pm    Post subject: RE: root kit hunter Reply with quote

A root kit allows you to hide and run nasties on a Linux box.
_________________
"Insanity: doing the same thing over and over again and expecting different results." (Albert Einstein)
Back to top
View user's profile Send private message
youlikeicecream
LXF regular


Joined: Fri Jun 03, 2005 12:40 pm
Posts: 721
Location: Oxford

PostPosted: Wed Jun 15, 2005 12:39 am    Post subject: RE: root kit hunter Reply with quote

oh, on a linux box. Is it quite common? I thought linux was quite safe (as long as you know what it is that you run/open/etc) I tried to install an antivirus scanner today and i still haven't sussed it yet !?
Back to top
View user's profile Send private message Yahoo Messenger MSN Messenger
View previous topic :: View next topic  
Display posts from previous:   
Post new topic   Reply to topic    Linux Format forums Forum Index -> Help! All times are GMT
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
Linux Format forums topic RSS feed 


Powered by phpBB © 2001, 2005 phpBB Group


Copyright 2011 Future Publishing, all rights reserved.


Web hosting by UKFast