root kit hunter

The place to post if you need help or advice

Moderators: ChrisThornett, LXF moderators

root kit hunter

Postby towy71 » Mon Jun 13, 2005 11:37 am

ok, installed rkhunter and ran it and it came up with the following:

* Filesystem checks
Checking /dev for suspicious files... [ OK ]
Scanning for hidden files... [ Warning! ]
---------------
/dev/.udevdb
/dev/.static /etc/.pwd.lock
---------------
Please inspect: /dev/.udevdb (directory) /dev/.static (directory)

Now what does this mean? And what should I do?
still looking for that door into summer
User avatar
towy71
Moderator
 
Posts: 4276
Joined: Wed Apr 06, 2005 2:11 pm
Location: wild West Wales

RE: root kit hunter

Postby youlikeicecream » Mon Jun 13, 2005 11:39 am

what does root kit hunter do ?
youlikeicecream
LXF regular
 
Posts: 721
Joined: Fri Jun 03, 2005 11:40 am
Location: Oxford

RE: root kit hunter

Postby firefox » Mon Jun 13, 2005 11:58 am

Hunts for root kits.
firefox
 
Posts: 64
Joined: Mon Apr 11, 2005 11:21 am

RE: root kit hunter

Postby Nigel » Mon Jun 13, 2005 12:02 pm

What it means is that you have some "hidden" subdirectories in your /dev directory (ie ones that will show up with ls -a but not with ls).
Now, that may or may not mean anything. You now have to try to find out what these directories were created by and why.

.udevdb looks OK - see http://www.linuxforums.org/forum/topic-43465.html
Can't find anything at the moment on .static

Similarly you have a file in /etc called .pwd.lock that it thinks is suspicious. Again I think it's a false alarm... see http://www.hgmp.mrc.ac.uk/cgi-bin/man.c ... ic=lckpwdf for more details.
Hope this helps,

Nigel.
User avatar
Nigel
LXF regular
 
Posts: 1141
Joined: Fri Apr 08, 2005 8:03 pm
Location: Gloucestershire, UK

RE: root kit hunter

Postby towy71 » Mon Jun 13, 2005 12:33 pm

these directories were created when I plugged in my pen drive and my multicard reader so all is cool :)
thanks Nigel it did help ;-)

Dick
still looking for that door into summer
User avatar
towy71
Moderator
 
Posts: 4276
Joined: Wed Apr 06, 2005 2:11 pm
Location: wild West Wales

RE: root kit hunter

Postby youlikeicecream » Mon Jun 13, 2005 3:33 pm

excuse me for being silly but what is a root kit ?

:)
youlikeicecream
LXF regular
 
Posts: 721
Joined: Fri Jun 03, 2005 11:40 am
Location: Oxford

RE: root kit hunter

Postby towy71 » Mon Jun 13, 2005 3:35 pm

still looking for that door into summer
User avatar
towy71
Moderator
 
Posts: 4276
Joined: Wed Apr 06, 2005 2:11 pm
Location: wild West Wales

RE: root kit hunter

Postby youlikeicecream » Tue Jun 14, 2005 2:46 pm

So a rootkit allows you to use neat tricks to hide nasties on windows machines ?

Mike :)
youlikeicecream
LXF regular
 
Posts: 721
Joined: Fri Jun 03, 2005 11:40 am
Location: Oxford

RE: root kit hunter

Postby nelz » Tue Jun 14, 2005 3:33 pm

A root kit allows you to hide and run nasties on a Linux box.
"Insanity: doing the same thing over and over again and expecting different results." (Albert Einstein)
User avatar
nelz
Site admin
 
Posts: 8577
Joined: Mon Apr 04, 2005 11:52 am
Location: Warrington, UK

RE: root kit hunter

Postby youlikeicecream » Tue Jun 14, 2005 11:39 pm

oh, on a linux box. Is it quite common? I thought linux was quite safe (as long as you know what it is that you run/open/etc) I tried to install an antivirus scanner today and i still haven't sussed it yet !?
youlikeicecream
LXF regular
 
Posts: 721
Joined: Fri Jun 03, 2005 11:40 am
Location: Oxford


Return to Help!

Who is online

Users browsing this forum: Exabot [Bot] and 2 guests