RKhunter - Warning: Suspicious file types found in /dev:
Installed RKhunter
Getting this warning in an email
Warning: Suspicious file types found in /dev:
/dev/shm/apache_title_shm_665337_665337_000000000000000: ASCII text, with no line terminators
/dev/shm/apache_title_shm_615769_615769_000000000000000: ASCII text, with no line terminators
/dev/shm/apache_title_shm_614636_614636_000000000000000: ASCII text, with no line terminators
/dev/shm/apache_title_shm_613505_613505_000000000000000: ASCII text, with no line terminators
/dev/shm/apache_title_shm_613190_613190_000000000000000: ASCII text, with no line terminators
[then continues for a couple of hundred Lines then this last line below]
/dev/shm/sem.lsphp[hash=98c36f06ec8802cdd2f9cce01157ee44].is_ready: data
Mitch
-
Hey there! This just means that rkhunter thinks files without line terminators could be potential malicious code. It's important to note that rkhunter hasn't been updated since 2018, as we can see the last stable release was 20 Feb 2018: The Rootkit Hunter project Since that is the case, I wouldn't recommend that as a reliable tool to detect things properly on a system 5 years later. The best thing to do would be to check any files it flags and make sure they don't look like malicious code. 0 -
Hey there! This just means that rkhunter thinks files without line terminators could be potential malicious code. It's important to note that rkhunter hasn't been updated since 2018, as we can see the last stable release was 20 Feb 2018: ftp://ftp.pangeia.com.br/pub/seg/pac/chkrootkit.tar.gz wget ftp://ftp.chkrootkit.org/pub/seg/pac/chkrootkit.tar.gz Do you or anyone else know if this one is dead also?
0 -
All of those rootkit hunters are generally pointless. Rootkits can be easily modified, and those kits only look for specific things based on the original signatures of certain root kits. With that said, I had no problem downloading from chkrootkit -- locally checks for signs of a rootkit. 0
Please sign in to leave a comment.
Comments
3 comments