On Wed, Apr 23, 2014 at 07:12:46AM -0700, dean germeten wrote: > Hello. > > My local cable high-speed internet providor told me something > malicious is originating from my system and to clean it up. > > I'm using Ubuntu 12.04 LTS, I just installed rkhunter from the soft- > ware center. I ran it from a terminal, it worked fine but gave me > > maybe half-dozen warnings and referred me to the log file, which > > when I tried to open, told me I don't have permissions, and I can't > > change them because the file isn't mine. > > I'm well familiar and periodically do login when authentications are > required but this one has me stumped. > > If/when I do gain the necessary access, can I just delete the offending > files? Thanks.
Hi Dean In my Ubuntu installation rkhunter log files are owned by root with group adm. Both these have read capability on the log file with root only having write capability. I can view these files with the sudo command e.g. /usr/bin/sudo /bin/less /var/log/rkhunter.log and entering my own password when the password prompt appears. Simply deleteing files rkhunter warns you about simply isn't appropriate. FWIW I have some warnings in my rkhunter.log but I'm hardly likely to delete something like /sbin/ifconfig. But I don't think rkhunter is going to solve your problems. I suggest you try man rkhunter to familiarise yourself with what it does. Personally I'd verify what's going across my interfaces first using wireshark or tcpdump. I also run tripwire to keep an eye on what gets updated on my system and compare it against any updates run that day. But then I installed my intrusion detection software right after I installed the operating system and initialised all of it on a clean system. You might be better off taking data backups and then re-installing your Ubuntu system then adding such things as rkhunter, tripwire, samhain etc. and initialising them on a clean system. Good luck with your problem. Lesley ------------------------------------------------------------------------------ Start Your Social Network Today - Download eXo Platform Build your Enterprise Intranet with eXo Platform Software Java Based Open Source Intranet - Social, Extensible, Cloud Ready Get Started Now And Turn Your Intranet Into A Collaboration Platform http://p.sf.net/sfu/ExoPlatform _______________________________________________ Rkhunter-users mailing list Rkhunter-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/rkhunter-users
