Hi all,
can someone give me some indications about these warning I received after a
RKHunter scan?
Are these warnings really true or I can suppose these as false positive?
Thanks & Regards...
---------------------------------------------------------------------------------------------------------------------------------------------
Warning: The following processes are using deleted files:
Process: /sbin/upstart PID: 1536 File:
/home/angelo/.cache/upstart/indicator-sound.log.1
Process: /usr/bin/nautilus PID: 1932 File:
/home/angelo/.local/share/gvfs-metadata/home
Process: /usr/lib/speech-dispatcher-modules/sd_cicero PID: 4657
File: /run/user/1000/speech-dispatcher/pid/speech-dispatcher.pid
Process: /usr/lib/speech-dispatcher-modules/sd_espeak PID: 4661
File: /run/user/1000/speech-dispatcher/pid/speech-dispatcher.pid
Process: /usr/lib/speech-dispatcher-modules/sd_dummy PID: 4666
File: /run/user/1000/speech-dispatcher/pid/speech-dispatcher.pid
Process: /usr/lib/speech-dispatcher-modules/sd_generic PID: 4669
File: /run/user/1000/speech-dispatcher/pid/speech-dispatcher.pid
Process: /usr/bin/speech-dispatcher PID: 4672 File:
/run/user/1000/speech-dispatcher/pid/speech-dispatcher.pid
Process: /usr/lib/gnome-terminal/gnome-terminal-server PID: 8307
File: /tmp/#20185134
Process: /usr/lib/firefox/firefox PID: 9301 File:
/dev/shm/org.chromium.QMgFyX
Process: /usr/bin/unity-scope-loader PID: 20235 File:
/tmp/tmpf2q3uhK
Warning: The following suspicious shared memory segments have been found:
Process: /usr/bin/compiz PID: 1953 Owner: angelo
Process: /usr/lib/x86_64-linux-gnu/notify-osd PID: 2004 Owner:
angelo
Process: /usr/bin/nautilus PID: 1932 Owner: angelo
Process: /usr/lib/gnome-terminal/gnome-terminal-server PID: 8307
Owner: angelo
Process: /usr/lib/firefox/firefox PID: 9301 Owner: angelo
Process: /usr/lib/firefox/firefox PID: 9301 Owner: angelo
Warning: Process '/sbin/wpa_supplicant' (PID 1181) is listening on the network.
Warning: Process '/sbin/wpa_supplicant' (PID 1181) is listening on the network.
Warning: Process '/sbin/dhclient' (PID 8002) is listening on the network.
Warning: The SSH and rkhunter configuration options should be the same:
SSH configuration option 'PermitRootLogin': prohibit-password
Rkhunter configuration option 'ALLOW_SSH_ROOT_USER': yes
Warning: Suspicious file types found in /dev:
/dev/shm/pulse-shm-2721663159: data
/dev/shm/pulse-shm-4063495218: data
/dev/shm/pulse-shm-794406050: data
/dev/shm/pulse-shm-4154426652: data
/dev/shm/pulse-shm-2348398892: data
/dev/shm/pulse-shm-1809420734: data
/dev/shm/pulse-shm-3005158254: data
/dev/shm/pulse-shm-2558054030: data
/dev/shm/pulse-shm-633127431: data
/dev/shm/pulse-shm-1518369476: data
/dev/shm/pulse-shm-3961342065: data
/dev/shm/pulse-shm-2732924553: data
/dev/shm/pulse-shm-2411461603: data
/dev/shm/pulse-shm-2392925032: data
/dev/shm/pulse-shm-1376269972: data
Warning: Hidden directory found: /etc/.java
------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________
Rkhunter-users mailing list
Rkhunter-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/rkhunter-users
