You usually get such results when you first run rkhunter. It is recommended
that you run it on a fresh install and clear up any warnings found. If it is
not a fresh install then it is hard to say whether you should be worried or
not. The vim swap file suggests you were perhaps editing the fstab file while
running rkhunter. Rkhunter gives warnings when it finds hidden directories such
as .java. This is probably ok and if it were a clean install you would add an
exclusion to the rkhunter.conf file. Details of how to do this are in the
documentation and there are probably examples in the conf file. You would
certainly get such results on a first run so unless you have reasons to believe
you have been infected you are probably all right. Can't give you more info at
the moment as I don't have access to my system.
On Sunday, 17 January 2016, 21:56, Al Varnell <[email protected]> wrote:
I doubt it, but if you don’t know enough about Ubuntu to know whether or not
those files should be found, then perhaps RKHunter isn’t the right tool for you
to be using.
-Al-
On Sun, Jan 17, 2016 at 01:45 PM, sok wrote:
>
>
> Dear frients,
> this is the first time I am running Rkhunter.
> I am using Ubuntu 14.04.This is what I have found after running Rkhunger:
>
> [23:32:57] /usr/bin/rpm [ Warning ]
> [23:32:57] Warning: The file '/usr/bin/rpm' exists on the system, but it
> is not present in the rkhunter.dat file.
> [23:32:59] /usr/bin/unhide.rb [ Warning ]
> [23:32:59] Warning: The command '/usr/bin/unhide.rb' has been replaced
> by a script: /usr/bin/unhide.rb: Ruby script, ASCII text
> [23:34:24] Checking /dev for suspicious file types [ Warning ]
> [23:34:24] Warning: Suspicious file types found in /dev:
> [23:34:24] Checking for hidden files and directories [ Warning ]
> [23:34:24] Warning: Hidden directory found: '/etc/.java: directory '
> [23:34:24] Warning: Hidden directory found: '/dev/.udev: directory '
> [23:34:24] Warning: Hidden file found: /etc/.fstab.swp: Vim swap file,
> version 7.4
> [23:34:24] Warning: Hidden file found: /dev/.initramfs: symbolic link to
> `/run/initramfs'
>
> Do you think that I am inftected?What can I do for this?thanks
------------------------------------------------------------------------------
Site24x7 APM Insight: Get Deep Visibility into Application Performance
APM + Mobile APM + RUM: Monitor 3 App instances at just $35/Month
Monitor end-to-end web transactions and take corrective actions now
Troubleshoot faster and improve end-user experience. Signup Now!
http://pubads.g.doubleclick.net/gampad/clk?id=267308311&iu=/4140
_______________________________________________
Rkhunter-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/rkhunter-users
------------------------------------------------------------------------------
Site24x7 APM Insight: Get Deep Visibility into Application Performance
APM + Mobile APM + RUM: Monitor 3 App instances at just $35/Month
Monitor end-to-end web transactions and take corrective actions now
Troubleshoot faster and improve end-user experience. Signup Now!
http://pubads.g.doubleclick.net/gampad/clk?id=267308311&iu=/4140
_______________________________________________
Rkhunter-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/rkhunter-users
