Pc en danger?rkhunter
Résolu
Utilisateur anonyme
-
bob031 Messages postés 8158 Date d'inscription Statut Membre Dernière intervention -
bob031 Messages postés 8158 Date d'inscription Statut Membre Dernière intervention -
Bonjour,
Je viens de faire l'anti-rootkit rkhunter.
D'après vous mon ordinateur est-il en danger au vu des résultats ci-joints?
17:32:38] /bin/egrep [ Warning ]
[17:32:38] Warning: The command '/bin/egrep' has been replaced by a script: /bin/egrep: Bourne shell script text executable
[17:32:38] /bin/env [ OK ]
[17:32:38] /bin/fgrep [ Warning ]
[17:32:38] Warning: The command '/bin/fgrep' has been replaced by a script: /bin/fgrep: Bourne shell script text executable
[17:32:43] /usr/bin/GET [ Warning ]
[17:32:43] Warning: The command '/usr/bin/GET' has been replaced by a script: /usr/bin/GET: perl script text executable
[17:32:44] /usr/bin/groups [ Warning ]
[17:32:44] Warning: The command '/usr/bin/groups' has been replaced by a script: /usr/bin/groups: Bourne shell script text executable
[17:32:44] /usr/bin/ldd [ Warning ]
[17:32:45] Warning: The command '/usr/bin/ldd' has been replaced by a script: /usr/bin/ldd: Bourne shell script text executable
[17:32:54] /usr/bin/whatis [ Warning ]
[17:32:54] Warning: The command '/usr/bin/whatis' has been replaced by a script: /usr/bin/whatis: Bourne shell script text executable
[17:32:56] Warning: The command '/sbin/ifdown' has been replaced by a script: /sbin/ifdown: Bourne-Again shell script text executable
[17:32:56] /sbin/ifup [ Warning ]
[17:32:56] Warning: The command '/sbin/ifup' has been replaced by a script: /sbin/ifup: Bourne-Again shell script text executable
[17:35:46] Checking for hidden files and directories [ Warning ]
[17:35:46] Warning: Hidden directory found: /etc/.java
[17:35:48] Warning: Hidden directory found: /dev/.udev
[17:35:48] Warning: Hidden directory found: /dev/.udevdb
[17:35:49] Warning: Hidden file found: /usr/share/man/man1/..1.bz2: bzip2 compressed data, block size = 900k
Merci pour votre attention
Je viens de faire l'anti-rootkit rkhunter.
D'après vous mon ordinateur est-il en danger au vu des résultats ci-joints?
17:32:38] /bin/egrep [ Warning ]
[17:32:38] Warning: The command '/bin/egrep' has been replaced by a script: /bin/egrep: Bourne shell script text executable
[17:32:38] /bin/env [ OK ]
[17:32:38] /bin/fgrep [ Warning ]
[17:32:38] Warning: The command '/bin/fgrep' has been replaced by a script: /bin/fgrep: Bourne shell script text executable
[17:32:43] /usr/bin/GET [ Warning ]
[17:32:43] Warning: The command '/usr/bin/GET' has been replaced by a script: /usr/bin/GET: perl script text executable
[17:32:44] /usr/bin/groups [ Warning ]
[17:32:44] Warning: The command '/usr/bin/groups' has been replaced by a script: /usr/bin/groups: Bourne shell script text executable
[17:32:44] /usr/bin/ldd [ Warning ]
[17:32:45] Warning: The command '/usr/bin/ldd' has been replaced by a script: /usr/bin/ldd: Bourne shell script text executable
[17:32:54] /usr/bin/whatis [ Warning ]
[17:32:54] Warning: The command '/usr/bin/whatis' has been replaced by a script: /usr/bin/whatis: Bourne shell script text executable
[17:32:56] Warning: The command '/sbin/ifdown' has been replaced by a script: /sbin/ifdown: Bourne-Again shell script text executable
[17:32:56] /sbin/ifup [ Warning ]
[17:32:56] Warning: The command '/sbin/ifup' has been replaced by a script: /sbin/ifup: Bourne-Again shell script text executable
[17:35:46] Checking for hidden files and directories [ Warning ]
[17:35:46] Warning: Hidden directory found: /etc/.java
[17:35:48] Warning: Hidden directory found: /dev/.udev
[17:35:48] Warning: Hidden directory found: /dev/.udevdb
[17:35:49] Warning: Hidden file found: /usr/share/man/man1/..1.bz2: bzip2 compressed data, block size = 900k
Merci pour votre attention
A voir également:
- Pc en danger?rkhunter
- Reinitialiser pc - Guide
- Test performance pc - Guide
- Pc lent - Guide
- Downloader for pc - Télécharger - Téléchargement & Transfert
- Forcer demarrage pc - Guide
5 réponses
bonjour,
moi j'ai ceci :
ce petit lien m'indique la voie :
https://lists.ubuntu.com/archives/ubuntu-fr/2007-December/018695.html
Ces logs indiquent que les fichiers exécutables find et locate ont été
modifiés depuis le dernier scan (tout du moins leur inode), ce qui est
le cas si ils ont été mis à jour (ils font tous les deux parti du paquet
findutils).
On peut verifier l'historique des mises à jours dans le fichier
/var/log/dpkg.log
or le dernier scan indique :
et la commande suivante indique :
debian:~# grep findutils /var/log/dpkg.log
2008-04-15 18:31:08 upgrade findutils 4.2.33-1 4.4.0-2
2008-04-15 18:31:08 status half-configured findutils 4.2.33-1
2008-04-15 18:31:09 status unpacked findutils 4.2.33-1
2008-04-15 18:31:09 status half-installed findutils 4.2.33-1
2008-04-15 18:31:10 status half-installed findutils 4.2.33-1
2008-04-15 18:31:11 status unpacked findutils 4.4.0-2
2008-04-15 18:31:11 status unpacked findutils 4.4.0-2
2008-04-15 18:31:13 status unpacked findutils 4.4.0-2
2008-04-15 18:31:13 status half-configured findutils 4.4.0-2
2008-04-15 18:31:13 status installed findutils 4.4.0-2
debian:~#
et là je comprends pas bien : pas de MAJ entre les 2 scan et pourtant j'ai le warning .....quelque chose m'échappe !
:-))
moi j'ai ceci :
De: root <root@debian.me.com>
À: root@debian.me.com
Sujet: [rkhunter] debian.me.com - Daily report
Date: Mon, 21 Apr 2008 12:14:05 +0200 (CEST)
Warning: The file properties have changed:
File: /usr/bin/find
Current hash: 10809bffe6f8477f195e00bf1a3fbb64589064f3
Stored hash : 2d6635093ec109398392c9b5b73a64f7d4ef84c1
Current inode: 229008 Stored inode: 230179
Current size: 134588 Stored size: 84016
Current file modification time: 1207244482
Stored file modification time : 1203165062
ce petit lien m'indique la voie :
https://lists.ubuntu.com/archives/ubuntu-fr/2007-December/018695.html
Ces logs indiquent que les fichiers exécutables find et locate ont été
modifiés depuis le dernier scan (tout du moins leur inode), ce qui est
le cas si ils ont été mis à jour (ils font tous les deux parti du paquet
findutils).
On peut verifier l'historique des mises à jours dans le fichier
/var/log/dpkg.log
or le dernier scan indique :
De: root <root@debian.me.com>
À: root@debian.me.com
Sujet: [rkhunter] debian.me.com - Daily report
Date: Sun, 20 Apr 2008 00:29:54 +0200 (CEST)
Warning: The file properties have changed:
File: /usr/bin/find
Current hash: 10809bffe6f8477f195e00bf1a3fbb64589064f3
Stored hash : 2d6635093ec109398392c9b5b73a64f7d4ef84c1
Current inode: 229008 Stored inode: 230179
Current size: 134588 Stored size: 84016
Current file modification time: 1207244482
Stored file modification time : 1203165062
et la commande suivante indique :
debian:~# grep findutils /var/log/dpkg.log
2008-04-15 18:31:08 upgrade findutils 4.2.33-1 4.4.0-2
2008-04-15 18:31:08 status half-configured findutils 4.2.33-1
2008-04-15 18:31:09 status unpacked findutils 4.2.33-1
2008-04-15 18:31:09 status half-installed findutils 4.2.33-1
2008-04-15 18:31:10 status half-installed findutils 4.2.33-1
2008-04-15 18:31:11 status unpacked findutils 4.4.0-2
2008-04-15 18:31:11 status unpacked findutils 4.4.0-2
2008-04-15 18:31:13 status unpacked findutils 4.4.0-2
2008-04-15 18:31:13 status half-configured findutils 4.4.0-2
2008-04-15 18:31:13 status installed findutils 4.4.0-2
debian:~#
et là je comprends pas bien : pas de MAJ entre les 2 scan et pourtant j'ai le warning .....quelque chose m'échappe !
:-))
Vous n’avez pas trouvé la réponse que vous recherchez ?
Posez votre question