On Wed, 13 Apr 2022 18:01:22 +0200
François Patte wrote:
> Bonjour,
>
> rkhunter warns me about "suspicious files":
> Warning: Hidden file found: /dev/shm/.org.chromium.Chromium.pZwgHO:
> data
>
> What are these files? Created when I used google-chrome?
Chrome, or chromium, using shared memory
Bonjour,
rkhunter warns me about "suspicious files":
Warning: Hidden file found: /dev/shm/.org.chromium.Chromium.pZwgHO: data
What are these files? Created when I used google-chrome?
And what to do with this warning?
Thank you.
--
François Patte
UFR de mathématiques et informatique
Laboratoi
On Sun, 05 Sep 2021 11:59:42 +0200
François Patte wrote:
> Where do I go to file a bug: on
> https://bugzilla.redhat.com/saml2_metadata.cgi, they want to use my
> Fedora Account but if I try to log in via this fedora account, it is
> unauthorized
>
> I do have a fedora account where I can
Le 2021-08-12 12:50, Sam Varshavchik a écrit :
François Patte writes:
Bonjour,
Since I upgraded to f34, rkhunter is warning me with this file:
Warning: Hidden file found: /usr/share/man/fr/man1/..1.gz: symbolic
link to builtins.1.gz
Asking rpm -qf /usr/share/man/fr/man1/..1.gz, it returns t
Sam Varshavchik wrote on 2021/08/12 19:50:
François Patte writes:
Bonjour,
Since I upgraded to f34, rkhunter is warning me with this file:
Warning: Hidden file found: /usr/share/man/fr/man1/..1.gz: symbolic link to
builtins.1.gz
Asking rpm -qf /usr/share/man/fr/man1/..1.gz, it returns that t
François Patte writes:
Bonjour,
Since I upgraded to f34, rkhunter is warning me with this file:
Warning: Hidden file found: /usr/share/man/fr/man1/..1.gz: symbolic link to
builtins.1.gz
Asking rpm -qf /usr/share/man/fr/man1/..1.gz, it returns that this file
belongs to the man-pages-fr pac
Bonjour,
Since I upgraded to f34, rkhunter is warning me with this file:
Warning: Hidden file found: /usr/share/man/fr/man1/..1.gz: symbolic link
to builtins.1.gz
Asking rpm -qf /usr/share/man/fr/man1/..1.gz, it returns that this file
belongs to the man-pages-fr package.
rkhunter --propupd
(at 6:21pm 2020-01-09, Ed said)
> It is a known false positive. Port 60922 is an upper port
> and can be used randomly by processes. firefox just happened
> to be using it at the time of the check.
I am still curious about what zaRwT.KiT is/does.
But based on Ed's answer, I'm tagging this "CLO
On 2020-01-10 01:50, home user wrote:
> 2. Is rkhunter's warning a false alarm or a real problem?
It is a known false positive. Port 60922 is an upper port and can be used
randomly by processes.
firefox just happened to be using it at the time of the check.
--
The key to getting good answers
(responding to sixpack13's second post)
> after an run of rkhunter --check on my box (with an open firefox) and an
> grep zaRwT.KiT /var/log/rkhunter/rkhunter.log
> =>
> [19:30:42] Checking for zaRwT.KiT Rootkit...
> [19:30:43] zaRwT.KiT Rootkit [ Not found ]
same here.
thanks,
Bill.
__
fferent search engines (including google), a few different
searches, and waded through many pages of hits. No information about
the rootkit itself. Many hits (including this thread!) of people asking
about the rkhunter warning. Seems that maybe firefox just happened to
be launched at the sam
post.
This does seem to answer one of sixpack13's questions:
> - if it survives a reboot,
The rkhunter warning of concern did not recur after the re-boot.
I did a bunch of internet searching regarding zaRwT.KiT; nothing that
seems to me to be useful so far. I'll do more and reply to si
On 09.01.20 19:18, sixpack13 wrote:
On 09.01.20 18:50, home user wrote:
This morning, I got the following warning from rkhunter:
..
update:
==
after an run of rkhunter --check on my box (with an open firefox) and an
grep zaRwT.KiT /var/log/rkhunter/rkhunter.log
=>
[19:30:42] Checking f
On 09.01.20 18:50, home user wrote:
This morning, I got the following warning from rkhunter:
-
-- Start Rootkit Hunter Scan --
Warning: Network TCP port 60922 is being used by
/usr/lib64/firefox/firefox. Possible rootkit: zaRwT.KiT
Use the '
This morning, I got the following warning from rkhunter:
-
-- Start Rootkit Hunter Scan --
Warning: Network TCP port 60922 is being used by
/usr/lib64/firefox/firefox. Possible rootkit: zaRwT.KiT
Use the 'lsof -i' or 'netstat -an' command to c
On Fri, 17 Sep 2010 10:29:07 -0400
Steve Blackwell wrote:
> /etc/.java is definitely a directory
> $ ls -ld /etc/.java
> drwxr-xr-x. 3 root root 4096 2010-08-27 21:01 /etc/.java
>
> I don't have a /etc/rkhunter.conf/local file
> $ ls -al /etc/rkhunter*
> -rw-r-. 1 root root 31048 2010-09-03
On Thu, 16 Sep 2010 18:58:00 -0600
Kevin Fenzi wrote:
> On Thu, 16 Sep 2010 10:19:50 -0400
> Steve Blackwell wrote:
>
> > Hmmm... Well this is strange. Even though I've added
> > ALLOWHIDDENDIR=/etc/.java to my /etc/rkhunter.conf file, I'm still
> > getting warnings. Is there a way to tell what
On Thu, 16 Sep 2010 10:19:50 -0400
Steve Blackwell wrote:
> Hmmm... Well this is strange. Even though I've added
> ALLOWHIDDENDIR=/etc/.java to my /etc/rkhunter.conf file, I'm still
> getting warnings. Is there a way to tell what rkhunter is reading from
> the conf file?
Well, it should read /et
On Fri, 3 Sep 2010 10:25:17 -0400
Steve Blackwell wrote:
> On Fri, 3 Sep 2010 16:16:05 +0200
> Marco Guazzone wrote:
>
> > On Fri, Sep 3, 2010 at 4:08 PM, Steve Blackwell
> > wrote:
> > > This morning I checked out an rkhunter warning I got and found it
> >
Tim wrote:
> On Fri, 2010-09-03 at 10:08 -0400, Steve Blackwell wrote:
>
>> un's (or rather Oracle's) java also have a /etc/.java directory.
>>
>
> I have to ask: Why *hide* a directory inside /etc?
>
Ask Oracle :) .
I agree with your assessment that there is no need to do this. If
On Fri, 2010-09-03 at 10:08 -0400, Steve Blackwell wrote:
> un's (or rather Oracle's) java also have a /etc/.java directory.
I have to ask: Why *hide* a directory inside /etc?
Yes, sure, it's useful to hide some of the clutter in the homespace,
because it's (generally) your own files that you wa
On Fri, 3 Sep 2010 16:16:05 +0200
Marco Guazzone wrote:
> On Fri, Sep 3, 2010 at 4:08 PM, Steve Blackwell
> wrote:
> > This morning I checked out an rkhunter warning I got and found it
> > was because of a hidden directory /etc/.java.
> >
> > I installed Sun&#x
On Fri, Sep 3, 2010 at 4:08 PM, Steve Blackwell wrote:
> This morning I checked out an rkhunter warning I got and found it was
> because of a hidden directory /etc/.java.
>
> I installed Sun's java recently so I expect it's because of that.
> I just wanted to check and
This morning I checked out an rkhunter warning I got and found it was
because of a hidden directory /etc/.java.
I installed Sun's java recently so I expect it's because of that.
I just wanted to check and see that other people who have installed
Sun's (or rather Oracle's) j
24 matches
Mail list logo
