Re: Suspicious file found in /dev/shm with Rkhunter
On Fri, 20 Feb 2015 11:47:02 +0100 Marko Randjelovic marko...@eunet.rs wrote: On Fri, 20 Feb 2015 09:44:27 +0100 Petter Adsen pet...@synth.no wrote: On Fri, 20 Feb 2015 08:18:37 +0100 Marko Randjelovic marko...@eunet.rs wrote: While trying to find out how to eliminate messages: Warning: Hidden directory found: /etc/.java Warning: Hidden directory found: /dev/.udev Warning: Hidden directory found: /dev/.initramfs which are made by rkhunter every morning as cron job, one more message appeared (when ran /etc/cron.daily/rkhunter manualy). Warning: Suspicious file types found in /dev: /dev/shm/suspscan.21242.strings: ASCII text You can find the file attached. Besides editing /etc/rkhunter.conf, man rkhunter, run rkhunter from command line and run /etc/cron.daily/rkhunter, I was reading https://lists.debian.org and debian mailing lists messages from my email client. I visited http://www.turkoglu.me/ which was listed in one of emails with links2 web browser. Look at: http://sourceforge.net/p/rkhunter/mailman/rkhunter-users/thread/1193180950.2751.143.ca...@ash.trees99.org.uk/ It is a file created by rkhunter. Petter I upgraded rkhunter to 1.3.8-10~bpo60+1 and am trying to see if the problem disappeared. Regards Unfortunately, even with Wheezy version, the problem persists. -- http://markorandjelovic.hopto.org One should not be afraid of humans. Well, I am not afraid of humans, but of what is inhuman in them. Ivo Andric, Signs near the travel-road -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/20150220122434.44a25...@eunet.rs
Re: Suspicious file found in /dev/shm with Rkhunter
On Fri, 20 Feb 2015 09:44:27 +0100 Petter Adsen pet...@synth.no wrote: On Fri, 20 Feb 2015 08:18:37 +0100 Marko Randjelovic marko...@eunet.rs wrote: While trying to find out how to eliminate messages: Warning: Hidden directory found: /etc/.java Warning: Hidden directory found: /dev/.udev Warning: Hidden directory found: /dev/.initramfs which are made by rkhunter every morning as cron job, one more message appeared (when ran /etc/cron.daily/rkhunter manualy). Warning: Suspicious file types found in /dev: /dev/shm/suspscan.21242.strings: ASCII text You can find the file attached. Besides editing /etc/rkhunter.conf, man rkhunter, run rkhunter from command line and run /etc/cron.daily/rkhunter, I was reading https://lists.debian.org and debian mailing lists messages from my email client. I visited http://www.turkoglu.me/ which was listed in one of emails with links2 web browser. Look at: http://sourceforge.net/p/rkhunter/mailman/rkhunter-users/thread/1193180950.2751.143.ca...@ash.trees99.org.uk/ It is a file created by rkhunter. Petter I upgraded rkhunter to 1.3.8-10~bpo60+1 and am trying to see if the problem disappeared. Regards -- http://markorandjelovic.hopto.org One should not be afraid of humans. Well, I am not afraid of humans, but of what is inhuman in them. Ivo Andric, Signs near the travel-road signature.asc Description: PGP signature
Re: Suspicious file found in /dev/shm with Rkhunter
On Fri, 20 Feb 2015 12:24:34 +0100 Marko Randjelovic marko...@eunet.rs wrote: On Fri, 20 Feb 2015 11:47:02 +0100 Marko Randjelovic marko...@eunet.rs wrote: On Fri, 20 Feb 2015 09:44:27 +0100 Petter Adsen pet...@synth.no wrote: On Fri, 20 Feb 2015 08:18:37 +0100 Marko Randjelovic marko...@eunet.rs wrote: While trying to find out how to eliminate messages: Warning: Hidden directory found: /etc/.java Warning: Hidden directory found: /dev/.udev Warning: Hidden directory found: /dev/.initramfs which are made by rkhunter every morning as cron job, one more message appeared (when ran /etc/cron.daily/rkhunter manualy). Warning: Suspicious file types found in /dev: /dev/shm/suspscan.21242.strings: ASCII text You can find the file attached. Besides editing /etc/rkhunter.conf, man rkhunter, run rkhunter from command line and run /etc/cron.daily/rkhunter, I was reading https://lists.debian.org and debian mailing lists messages from my email client. I visited http://www.turkoglu.me/ which was listed in one of emails with links2 web browser. Look at: http://sourceforge.net/p/rkhunter/mailman/rkhunter-users/thread/1193180950.2751.143.ca...@ash.trees99.org.uk/ It is a file created by rkhunter. Petter I upgraded rkhunter to 1.3.8-10~bpo60+1 and am trying to see if the problem disappeared. Regards Unfortunately, even with Wheezy version, the problem persists. Odd. Did you (manually) delete the file first? rkhunter probably won't delete any files previous runs have created. Also, you could try to grab the latest version (1.4.2) from http://rkhunter.sourceforge.net/ and install that. It doesn't come in a .deb, however, which is unfortunate. Petter -- I'm ionized Are you sure? I'm positive. pgpzvzlhvgu4z.pgp Description: OpenPGP digital signature
Re: Suspicious file found in /dev/shm with Rkhunter
On Fri, 20 Feb 2015 08:18:37 +0100 Marko Randjelovic marko...@eunet.rs wrote: While trying to find out how to eliminate messages: Warning: Hidden directory found: /etc/.java Warning: Hidden directory found: /dev/.udev Warning: Hidden directory found: /dev/.initramfs which are made by rkhunter every morning as cron job, one more message appeared (when ran /etc/cron.daily/rkhunter manualy). Warning: Suspicious file types found in /dev: /dev/shm/suspscan.21242.strings: ASCII text You can find the file attached. Besides editing /etc/rkhunter.conf, man rkhunter, run rkhunter from command line and run /etc/cron.daily/rkhunter, I was reading https://lists.debian.org and debian mailing lists messages from my email client. I visited http://www.turkoglu.me/ which was listed in one of emails with links2 web browser. Look at: http://sourceforge.net/p/rkhunter/mailman/rkhunter-users/thread/1193180950.2751.143.ca...@ash.trees99.org.uk/ It is a file created by rkhunter. Petter -- I'm ionized Are you sure? I'm positive. pgpGH__CU0m9o.pgp Description: OpenPGP digital signature
Re: Suspicious file found in /dev/shm with Rkhunter
On Fri, 20 Feb 2015 12:42:13 +0100 Petter Adsen pet...@synth.no wrote: Odd. Did you (manually) delete the file first? rkhunter probably won't delete any files previous runs have created. Also, you could try to grab the latest version (1.4.2) from http://rkhunter.sourceforge.net/ and install that. It doesn't come in a .deb, however, which is unfortunate. Petter It's no problem to remove them, but rkhunter should do it. I can write a wrapper as well. No need for sourceforge, 1.4.2 is in testing currently. Regards -- http://markorandjelovic.hopto.org One should not be afraid of humans. Well, I am not afraid of humans, but of what is inhuman in them. Ivo Andric, Signs near the travel-road signature.asc Description: PGP signature
Suspicious file found in /dev/shm with Rkhunter
While trying to find out how to eliminate messages: Warning: Hidden directory found: /etc/.java Warning: Hidden directory found: /dev/.udev Warning: Hidden directory found: /dev/.initramfs which are made by rkhunter every morning as cron job, one more message appeared (when ran /etc/cron.daily/rkhunter manualy). Warning: Suspicious file types found in /dev: /dev/shm/suspscan.21242.strings: ASCII text You can find the file attached. Besides editing /etc/rkhunter.conf, man rkhunter, run rkhunter from command line and run /etc/cron.daily/rkhunter, I was reading https://lists.debian.org and debian mailing lists messages from my email client. I visited http://www.turkoglu.me/ which was listed in one of emails with links2 web browser. Regards -- http://markorandjelovic.hopto.org One should not be afraid of humans. Well, I am not afraid of humans, but of what is inhuman in them. Ivo Andric, Signs near the travel-road suspscan.21242.strings Description: Binary data