Just curious if anyone has encountered this warning before, I have not been
able to find any reports online. I have a server hosted in AWS that has been
generating rkhunter warnings for the following files almost since it was built:
---------------------- Start Rootkit Hunter Scan ----------------------
Warning: Suspicious file types found in /dev:
/dev/shm/mongoc-15989: 8086 relocatable (Microsoft)
/dev/shm/mongoc-16053: 8086 relocatable (Microsoft)
----------------------- End Rootkit Hunter Scan -----------------------
The file names change, and they gradually increase over time. If I run strings
against one of the files, it is just filled with data like:
The number of disposed cursors.
Clients
Active
The number of active clients.
Clients
Disposed
The number of disposed clients.
Streams
Active
The number of active streams.
Streams
Disposed
The number of disposed streams.
Streams
Egress Bytes
The number of bytes sent.
Streams
Ingress Bytes
The number of bytes received.
Streams
N Socket Timeouts
The number of socket timeouts.
The server scans clean using other tools, i.e. chkrootkit, but I can't find
what is generating these files. Any feedback is appreciated.
Regards,
-John
------------------------------------------------------------------------------
New Year. New Location. New Benefits. New Data Center in Ashburn, VA.
GigeNET is offering a free month of service with a new server in Ashburn.
Choose from 2 high performing configs, both with 100TB of bandwidth.
Higher redundancy.Lower latency.Increased capacity.Completely compliant.
http://p.sf.net/sfu/gigenet
_______________________________________________
Rkhunter-users mailing list
Rkhunter-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/rkhunter-users
