1. Përshëndetje dhe mirësevini në forumin e Itshqip.com
    Nëse akoma nuk jeni pjesë e IT komunitetit më të madhë Shqiptarë nga fusha e Teknologjisë Informative, ju ftojmë që të bëheni pjesë e këtij komuniteti që tani duke u regjistruar këtu - procedura është shumë e thjeshtë dhe e lehtë. Gjithashtu ju mund të regjistroheni edhe përmes rrjetit social Facebook, Twitter, Google+.

Problem i Zgjidhur rkhunter ne linux-pc?

Tema tek 'Pyetje dhe Përgjigje' e hapur nga @science, 3 Shkurt 2019.

Tags:
  1. @science

    @science Anëtar Fillestar

    Postimet:
    61
    Pëlqimet:
    15
    Pikë nga trofetë:
    18
    Përshendetje, bëra një scanim ne linux mora këto warning, a është pc në rrezik qfare tregojnë keto warning?

    Performing file properties checks
    /usr/bin/mail [ Warning ]
    /usr/bin/lwp-request [ Warning ]
    /usr/bin/bsd-mailx [ Warning ]


    Checking the local host...

    Performing filesystem checks
    Checking /dev for suspicious file types [ Warning ]
    Checking for hidden files and directories [ Warning ]
     
    wolf_mc12 pëlqen postimin.
  2. Best Answer:
    Post #5 by Jãşhť'Sşeriĕ, 9 Shkurt 2019
  3. @science

    @science Anëtar Fillestar

    Postimet:
    61
    Pëlqimet:
    15
    Pikë nga trofetë:
    18
    Problemi nuk është zgjidhur kush më ka selectuar si 'problem i zgjedhiur', ndonje ndihme?
     
  4. Jãşhť'Sşeriĕ

    Jãşhť'Sşeriĕ Anëtar Legjendë

    Postimet:
    1,508
    Pëlqimet:
    409
    Pikë nga trofetë:
    178
    posto me teper logs se veq prej "Warning" skuptohet gje.

    Gjithsesi tsugjeroj me perdor clamAV

    RKH mund tjapi edhe false-positive alerts..
     
    @science pëlqen postimin.
  5. @science

    @science Anëtar Fillestar

    Postimet:
    61
    Pëlqimet:
    15
    Pikë nga trofetë:
    18
    Code:
    [ Rootkit Hunter version 1.4.2 ]
    
    Checking system commands...
    
      Performing 'strings' command checks
        Checking 'strings' command                               [ OK ]
    
      Performing 'shared libraries' checks
        Checking for preloading variables                        [ None found ]
        Checking for preloaded libraries                         [ None found ]
        Checking LD_LIBRARY_PATH variable                        [ Not found ]
    
      Performing file properties checks
        Checking for prerequisites                               [ OK ]
        /usr/sbin/adduser                                        [ OK ]
        /usr/sbin/chroot                                         [ OK ]
        /usr/sbin/cron                                           [ OK ]
        /usr/sbin/groupadd                                       [ OK ]
        /usr/sbin/groupdel                                       [ OK ]
        /usr/sbin/groupmod                                       [ OK ]
        /usr/sbin/grpck                                          [ OK ]
        /usr/sbin/nologin                                        [ OK ]
        /usr/sbin/pwck                                           [ OK ]
        /usr/sbin/rsyslogd                                       [ OK ]
        /usr/sbin/tcpd                                           [ OK ]
        /usr/sbin/useradd                                        [ OK ]
        /usr/sbin/userdel                                        [ OK ]
        /usr/sbin/usermod                                        [ OK ]
        /usr/sbin/vipw                                           [ OK ]
        /usr/sbin/unhide                                         [ OK ]
        /usr/sbin/unhide-linux                                   [ OK ]
        /usr/sbin/unhide-posix                                   [ OK ]
        /usr/sbin/unhide-tcp                                     [ OK ]
        /usr/bin/awk                                             [ OK ]
        /usr/bin/basename                                        [ OK ]
        /usr/bin/chattr                                          [ OK ]
        /usr/bin/cut                                             [ OK ]
        /usr/bin/diff                                            [ OK ]
        /usr/bin/dirname                                         [ OK ]
        /usr/bin/dpkg                                            [ OK ]
        /usr/bin/dpkg-query                                      [ OK ]
        /usr/bin/du                                              [ OK ]
        /usr/bin/env                                             [ OK ]
        /usr/bin/file                                            [ OK ]
        /usr/bin/find                                            [ OK ]
        /usr/bin/GET                                             [ OK ]
        /usr/bin/groups                                          [ OK ]
        /usr/bin/head                                            [ OK ]
        /usr/bin/id                                              [ OK ]
        /usr/bin/killall                                         [ OK ]
        /usr/bin/last                                            [ OK ]
        /usr/bin/lastlog                                         [ OK ]
        /usr/bin/ldd                                             [ OK ]
        /usr/bin/less                                            [ OK ]
        /usr/bin/locate                                          [ OK ]
        /usr/bin/logger                                          [ OK ]
        /usr/bin/lsattr                                          [ OK ]
        /usr/bin/lsof                                            [ OK ]
        /usr/bin/mail                                            [ Warning ]
        /usr/bin/md5sum                                          [ OK ]
        /usr/bin/mlocate                                         [ OK ]
        /usr/bin/newgrp                                          [ OK ]
        /usr/bin/passwd                                          [ OK ]
        /usr/bin/perl                                            [ OK ]
        /usr/bin/pgrep                                           [ OK ]
        /usr/bin/pkill                                           [ OK ]
        /usr/bin/pstree                                          [ OK ]
        /usr/bin/rkhunter                                        [ OK ]
        /usr/bin/runcon                                          [ OK ]
        /usr/bin/sha1sum                                         [ OK ]
        /usr/bin/sha224sum                                       [ OK ]
        /usr/bin/sha256sum                                       [ OK ]
        /usr/bin/sha384sum                                       [ OK ]
        /usr/bin/sha512sum                                       [ OK ]
        /usr/bin/size                                            [ OK ]
        /usr/bin/sort                                            [ OK ]
        /usr/bin/ssh                                             [ Warning ]
        /usr/bin/stat                                            [ OK ]
        /usr/bin/strace                                          [ OK ]
        /usr/bin/strings                                         [ OK ]
        /usr/bin/sudo                                            [ OK ]
        /usr/bin/tail                                            [ OK ]
        /usr/bin/telnet                                          [ OK ]
        /usr/bin/test                                            [ OK ]
        /usr/bin/top                                             [ OK ]
        /usr/bin/touch                                           [ OK ]
        /usr/bin/tr                                              [ OK ]
        /usr/bin/uniq                                            [ OK ]
        /usr/bin/users                                           [ OK ]
        /usr/bin/vmstat                                          [ OK ]
        /usr/bin/w                                               [ OK ]
        /usr/bin/watch                                           [ OK ]
        /usr/bin/wc                                              [ OK ]
        /usr/bin/wget                                            [ OK ]
        /usr/bin/whatis                                          [ OK ]
        /usr/bin/whereis                                         [ OK ]
        /usr/bin/which                                           [ OK ]
        /usr/bin/who                                             [ OK ]
        /usr/bin/whoami                                          [ OK ]
        /usr/bin/mawk                                            [ OK ]
        /usr/bin/lwp-request                                     [ Warning ]
        /usr/bin/x86_64-linux-gnu-size                           [ OK ]
        /usr/bin/x86_64-linux-gnu-strings                        [ OK ]
        /usr/bin/telnet.netkit                                   [ OK ]
        /usr/bin/w.procps                                        [ OK ]
        /sbin/depmod                                             [ OK ]
        /sbin/fsck                                               [ OK ]
        /sbin/ifconfig                                           [ OK ]
        /sbin/ifdown                                             [ OK ]
        /sbin/ifup                                               [ OK ]
        /sbin/init                                               [ OK ]
        /sbin/insmod                                             [ OK ]
        /sbin/ip                                                 [ OK ]
        /sbin/lsmod                                              [ OK ]
        /sbin/modinfo                                            [ OK ]
        /sbin/modprobe                                           [ OK ]
        /sbin/rmmod                                              [ OK ]
        /sbin/route                                              [ OK ]
        /sbin/runlevel                                           [ OK ]
        /sbin/sulogin                                            [ OK ]
        /sbin/sysctl                                             [ OK ]
        /bin/bash                                                [ OK ]
        /bin/cat                                                 [ OK ]
        /bin/chmod                                               [ OK ]
        /bin/chown                                               [ OK ]
        /bin/cp                                                  [ OK ]
        /bin/date                                                [ OK ]
        /bin/df                                                  [ OK ]
        /bin/dmesg                                               [ OK ]
        /bin/echo                                                [ OK ]
        /bin/ed                                                  [ OK ]
        /bin/egrep                                               [ OK ]
        /bin/fgrep                                               [ OK ]
        /bin/fuser                                               [ OK ]
        /bin/grep                                                [ OK ]
        /bin/ip                                                  [ OK ]
        /bin/kill                                                [ OK ]
        /bin/less                                                [ OK ]
        /bin/login                                               [ OK ]
        /bin/ls                                                  [ OK ]
        /bin/lsmod                                               [ OK ]
        /bin/mktemp                                              [ OK ]
        /bin/more                                                [ OK ]
        /bin/mount                                               [ OK ]
        /bin/mv                                                  [ OK ]
        /bin/netstat                                             [ OK ]
        /bin/ping                                                [ OK ]
        /bin/ps                                                  [ OK ]
        /bin/pwd                                                 [ OK ]
        /bin/readlink                                            [ OK ]
        /bin/sed                                                 [ OK ]
        /bin/sh                                                  [ OK ]
        /bin/su                                                  [ OK ]
        /bin/touch                                               [ OK ]
        /bin/uname                                               [ OK ]
        /bin/which                                               [ OK ]
        /bin/kmod                                                [ OK ]
        /bin/systemd                                             [ OK ]
        /bin/systemctl                                           [ OK ]
        /bin/dash                                                [ OK ]
        /lib/systemd/systemd                                     [ OK ]
        /usr/bin/bsd-mailx                                       [ Warning ]
    
    Checking for rootkits...
    
      Performing check of known rootkit files and directories
        55808 Trojan - Variant A                                 [ Not found ]
        ADM Worm                                                 [ Not found ]
        AjaKit Rootkit                                           [ Not found ]
        Adore Rootkit                                            [ Not found ]
        aPa Kit                                                  [ Not found ]
        Apache Worm                                              [ Not found ]
        Ambient (ark) Rootkit                                    [ Not found ]
        Balaur Rootkit                                           [ Not found ]
        BeastKit Rootkit                                         [ Not found ]
        beX2 Rootkit                                             [ Not found ]
        BOBKit Rootkit                                           [ Not found ]
        cb Rootkit                                               [ Not found ]
        CiNIK Worm (Slapper.B variant)                           [ Not found ]
        Danny-Boy's Abuse Kit                                    [ Not found ]
        Devil RootKit                                            [ Not found ]
        Dica-Kit Rootkit                                         [ Not found ]
        Dreams Rootkit                                           [ Not found ]
        Duarawkz Rootkit                                         [ Not found ]
        Enye LKM                                                 [ Not found ]
        Flea Linux Rootkit                                       [ Not found ]
        Fu Rootkit                                               [ Not found ]
        Fuck`it Rootkit                                          [ Not found ]
        GasKit Rootkit                                           [ Not found ]
        Heroin LKM                                               [ Not found ]
        HjC Kit                                                  [ Not found ]
        ignoKit Rootkit                                          [ Not found ]
        IntoXonia-NG Rootkit                                     [ Not found ]
        Irix Rootkit                                             [ Not found ]
        Jynx Rootkit                                             [ Not found ]
        KBeast Rootkit                                           [ Not found ]
        Kitko Rootkit                                            [ Not found ]
        Knark Rootkit                                            [ Not found ]
        ld-linuxv.so Rootkit                                     [ Not found ]
        Li0n Worm                                                [ Not found ]
        Lockit / LJK2 Rootkit                                    [ Not found ]
        Mood-NT Rootkit                                          [ Not found ]
        MRK Rootkit                                              [ Not found ]
        Ni0 Rootkit                                              [ Not found ]
        Ohhara Rootkit                                           [ Not found ]
        Optic Kit (Tux) Worm                                     [ Not found ]
        Oz Rootkit                                               [ Not found ]
        Phalanx Rootkit                                          [ Not found ]
        Phalanx2 Rootkit                                         [ Not found ]
        Phalanx2 Rootkit (extended tests)                        [ Not found ]
        Portacelo Rootkit                                        [ Not found ]
        R3dstorm Toolkit                                         [ Not found ]
        RH-Sharpe's Rootkit                                      [ Not found ]
        RSHA's Rootkit                                           [ Not found ]
        Scalper Worm                                             [ Not found ]
        Sebek LKM                                                [ Not found ]
        Shutdown Rootkit                                         [ Not found ]
        SHV4 Rootkit                                             [ Not found ]
        SHV5 Rootkit                                             [ Not found ]
        Sin Rootkit                                              [ Not found ]
        Slapper Worm                                             [ Not found ]
        Sneakin Rootkit                                          [ Not found ]
        'Spanish' Rootkit                                        [ Not found ]
        Suckit Rootkit                                           [ Not found ]
        Superkit Rootkit                                         [ Not found ]
        TBD (Telnet BackDoor)                                    [ Not found ]
        TeLeKiT Rootkit                                          [ Not found ]
        T0rn Rootkit                                             [ Not found ]
        trNkit Rootkit                                           [ Not found ]
        Trojanit Kit                                             [ Not found ]
        Tuxtendo Rootkit                                         [ Not found ]
        URK Rootkit                                              [ Not found ]
        Vampire Rootkit                                          [ Not found ]
        VcKit Rootkit                                            [ Not found ]
        Volc Rootkit                                             [ Not found ]
        Xzibit Rootkit                                           [ Not found ]
        zaRwT.KiT Rootkit                                        [ Not found ]
        ZK Rootkit                                               [ Not found ]
    
      Performing additional rootkit checks
        Suckit Rookit additional checks                          [ OK ]
        Checking for possible rootkit files and directories      [ None found ]
        Checking for possible rootkit strings                    [ None found ]
    
      Performing malware checks
        Checking running processes for suspicious files          [ None found ]
        Checking for login backdoors                             [ None found ]
        Checking for suspicious directories                      [ None found ]
        Checking for sniffer log files                           [ None found ]
        Suspicious Shared Memory segments                        [ None found ]
    
      Performing Linux specific checks
        Checking loaded kernel modules                           [ OK ]
        Checking kernel module names                             [ OK ]
    
    Checking the network...
    
      Performing checks on the network ports
        Checking for backdoor ports                              [ None found ]
        Checking for hidden ports                                [ None found ]
    
      Performing checks on the network interfaces
        Checking for promiscuous interfaces                      [ None found ]
    
    Checking the local host...
    
      Performing system boot checks
        Checking for local host name                             [ Found ]
        Checking for system startup files                        [ Found ]
        Checking system startup files for malware                [ None found ]
    
      Performing group and account checks
        Checking for passwd file                                 [ Found ]
        Checking for root equivalent (UID 0) accounts            [ None found ]
        Checking for passwordless accounts                       [ None found ]
        Checking for passwd file changes                         [ None found ]
        Checking for group file changes                          [ None found ]
        Checking root account shell history files                [ OK ]
    
      Performing system configuration file checks
        Checking for an SSH configuration file                   [ Not found ]
        Checking for a running system logging daemon             [ Found ]
        Checking for a system logging configuration file         [ Found ]
        Checking if syslog remote logging is allowed             [ Not allowed ]
    
      Performing filesystem checks
        Checking /dev for suspicious file types                  [ Warning ]
        Checking for hidden files and directories                [ Warning ]
    
    
    System checks summary
    =====================
    
    File properties checks...
        Files checked: 147
        Suspect files: 4
    
    Rootkit checks...
        Rootkits checked : 365
        Possible rootkits: 0
    
    Applications checks...
        All checks skipped
    
    The system checks took: 1 minute and 16 seconds
    
     
  6. Jãşhť'Sşeriĕ

    Jãşhť'Sşeriĕ Anëtar Legjendë

    Postimet:
    1,508
    Pëlqimet:
    409
    Pikë nga trofetë:
    178
    Best Answer
    Ska asgjo per tu shqetsu! Mundesh me provu edhe ClamAV sepse bon check files nese ndonjera esht e infektuar apo dicka tjeter.. Nqs t`intereson siguria.

    Nqs nuk ke ip statike/publike me porta te hapura nuk ke pse shqetsohesh shum, sepse nuk mundet me te sulmu naj kush apo me provu naj exploit, Edhe viruse/keylogger etj jan kriju me teper per windows jan t`rrall qe i shef kto gjona per linux OS. Gjithsesi ka lloj lloj gjonash me clamAV mundesh me i bo scan fileve nese mendon se ka naj gjo qe nuk shkon. Normal si n`windows ashtu edhe n`linux duhet tkesh kujdes se cfar shkarkon dhe nga ku e shkarkon.

    U bo kaq vite qe perdor linux dhe kurr nuk ka ndodh qe t`infektohet naj file apo tkem pa naj virus nuk flasim vec per server po edhe per Desktop/Ubuntu.

    Nqs ke ip publike apo e perdor ket si server duhet tkesh siguri tjeter normal.

    Per pergjigje me t`sakt warning qe ke mar jan thjesht nga filet e /dev qe RKH nuk mund ti lexoj dhe te tjerat jan sepse programet si mail, ssh nuk jan konfiguru sic duhet
     
    @science pëlqen postimin.
  7. @science

    @science Anëtar Fillestar

    Postimet:
    61
    Pëlqimet:
    15
    Pikë nga trofetë:
    18
    Kjo ishte përgjigjja që kërkoja, flm bro.
     

Shpërndaje faqen

Loading...