You won't find Rkhunter to be very helpful with macOS. The root kit definitions
it has are very old and there are very few to start with.
Regarding the strings warning, you must install either Xcode from the App Store
or the Command Line Tools from the Apple Developer website to use the strings
command. It doesn't come with the OS.
Sent from my iPad
> On Dec 27, 2017, at 11:35 AM, Ms. Eva <vajratara.h...@gmail.com> wrote:
>
> Hello,
>
> Could anyone help me? I'm new.. just learning ethical hacking for beginners,
> and I was afraid to download Kali and Metasploitable environment because I
> suspected I had intrusion on my system. I've taken the system in to Apple and
> consulted Apple, but they deny they see anything wrong. Yet, I see suspicious
> things. Research lead me to RK hunter with a tutorial on how to download and
> enable it and the terminal commands to use.
>
> I've now DOD-level- erased, repartitioned disks, downloaded and reinstalled
> my operating system 7 times on my Mac over the course of 3 days, but I think
> rootkit or string injection is rebuilding itself. Here are my suspicious
> results. I have summarized below the suspicious findings that appear exactly
> the same each time, regardless of how fresh the OSX High Sierra refresh: Can
> anyone Kindly tell me what they think, and how to go about cleaning this up?
>
> Evas-MacBook-Pro:rkhunter-1.4.4 evadlp$ sudo rkhunter --check
> Checking system commands...
>
> Performing 'strings' command checks
> Checking 'strings' command [ Warning ]
> Performing 'shared libraries' checks
> Checking LD_LIBRARY_PATH variable [ Skipped ]
> Performing file properties checks
> /usr/bin/fuser [ Warning ]
> /usr/bin/whatis [ Warning ]
> /usr/bin/shasum [ Warning ]
> Checking for rootkits...
> Performing check of known rootkit files and directories
> Checking for possible rootkit strings [ Warning ]
> Performing Darwin specific checks [ Skipped ]
> Checking the network...
> Performing checks on the network interfaces
> Checking for promiscuous interfaces [ Warning ]
> Checking the local host...
> Checking for system startup files [ Warning ]
> Performing system configuration file checks
> Checking if SSH root access is allowed [ Warning ]
> Checking if SSH protocol v1 is allowed [ Warning ]
> Checking for hidden files and directories [ Warning ]
> System checks summary
> =====================
>
> File properties checks...
> Files checked: 94
> Suspect files: 3
>
> Rootkit checks...
> Rootkits checked : 364
> Possible rootkits: 0
>
> Seasons greetings, many thanks,
> Eva dip
> ------------------------------------------------------------------------------
> Check out the vibrant tech community on one of the world's most
> engaging tech sites, Slashdot.org! http://sdm.link/slashdot
> _______________________________________________
> Rkhunter-users mailing list
> Rkhunter-users@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/rkhunter-users
------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________
Rkhunter-users mailing list
Rkhunter-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/rkhunter-users
