On Monday 27 November 2017 14:35:17 root wrote: Installed new firefox-esr yesterday, from the wheezy repos. Today, rkhunter has a cow:
> Warning: The command '/sbin/chkconfig' has been replaced by a script: > /sbin/chkconfig: Perl script, ASCII text executable Warning: The > command '/bin/which' has been replaced by a script: /bin/which: POSIX > shell script, ASCII text executable Warning: The command > '/usr/sbin/adduser' has been replaced by a script: /usr/sbin/adduser: > Perl script, ASCII text executable Warning: The command '/usr/bin/ldd' > has been replaced by a script: /usr/bin/ldd: Bourne-Again shell > script, ASCII text executable Warning: The following suspicious shared > memory segments have been found: Process: > /usr/lib/firefox-esr/firefox-esr PID: 16994 Owner: gene Process: > /usr/lib/firefox-esr/firefox-esr PID: 16994 Owner: gene Warning: > Found enabled xinetd service: /etc/xinetd.d/amanda > Warning: Found enabled xinetd service: /etc/xinetd.d/saned > Warning: Found enabled xinetd service: /etc/xinetd.d/sshd-xinetd > Warning: Network TCP port 1524 is being used by /usr/sbin/portsentry. > Possible rootkit: Possible FreeBSD (FBRK) Rootkit backdoor Use the > 'lsof -i' or 'netstat -an' command to check this. Warning: Network TCP > port 6667 is being used by /usr/sbin/portsentry. Possible rootkit: > Possible rogue IRC bot Use the 'lsof -i' or 'netstat -an' command to > check this. Warning: Network TCP port 31337 is being used by > /usr/sbin/portsentry. Possible rootkit: Historical backdoor port Use > the 'lsof -i' or 'netstat -an' command to check this. Warning: The SSH > and rkhunter configuration options should be the same: SSH > configuration option 'PermitRootLogin': yes > Rkhunter configuration option 'ALLOW_SSH_ROOT_USER': no > Warning: Hidden directory found: /etc/.java How should I restore? Cheers, Gene Heskett -- "There are four boxes to be used in defense of liberty: soap, ballot, jury, and ammo. Please use in that order." -Ed Howdershelt (Author) Genes Web page <http://geneslinuxbox.net:6309/gene>
