Re: /usr/sbin/unhide , /usr/sbin/unhide-linux26 - ч то за подозрительные файлы?
У меня тоже rkhunter gодозрительно себя ведет: # rkhunter --update [ Rootkit Hunter version 1.3.0 ] Checking rkhunter data files... Checking file mirrors.dat [ No update ] Checking file programs_bad.dat [ No update ] Checking file backdoorports.dat[ No update ] Checking file suspscan.dat [ No update ] Checking file i18n/cn [ Update failed ] Checking file i18n/en [ Update failed ] Checking file i18n/zh [ Update failed ] Checking file i18n/zhutf [ No update ] Please check the log file (/var/log/rkhunter.log) # cat /var/log/rkhunter.log [14:40:08] Running Rootkit Hunter version 1.3.0 on aginskoe [14:40:08] [14:40:08] Info: Start date is Чтв Дек 24 14:40:08 YAKT 2009 [14:40:08] [14:40:08] Checking configuration file and command-line options... [14:40:08] Info: Detected operating system is 'Linux' [14:40:08] Info: Found O/S name: Ubuntu 8.04.3 LTS [14:40:08] Info: Command line is /usr/bin/rkhunter --update [14:40:08] Info: Environment shell is /bin/bash; rkhunter is using dash [14:40:08] Info: Using configuration file '/etc/rkhunter.conf' [14:40:08] Info: Installation directory is '/usr' [14:40:08] Info: Using language 'en' [14:40:08] Info: Using '/var/lib/rkhunter/db' as the database directory [14:40:08] Info: Using '/usr/share/rkhunter/scripts' as the support script directory [14:40:08] Info: Using '/usr/local/sbin /usr/local/bin /usr/sbin /usr/bin /sbin /bin /usr/games /bin /usr/bin /sbin /usr/sbin /usr/local/bin /usr/local/sbin /usr/libexec /usr/local/libexec' as the command directories [14:40:08] Info: Using '/' as the root directory [14:40:08] Info: Using '/var/lib/rkhunter/tmp' as the temporary directory [14:40:08] Info: No mail-on-warning address configured [14:40:08] Info: X will automatically be detected [14:40:08] Info: Found the 'diff' command: /usr/bin/diff [14:40:08] Info: Found the 'file' command: /usr/bin/file [14:40:08] Info: Found the 'find' command: /usr/bin/find [14:40:08] Info: Found the 'ifconfig' command: /sbin/ifconfig [14:40:08] Info: Found the 'ip' command: /sbin/ip [14:40:08] Info: Found the 'ldd' command: /usr/bin/ldd [14:40:08] Info: Found the 'lsattr' command: /usr/bin/lsattr [14:40:08] Info: Found the 'lsmod' command: /sbin/lsmod [14:40:08] Info: Found the 'lsof' command: /usr/bin/lsof [14:40:08] Info: Found the 'mktemp' command: /bin/mktemp [14:40:08] Info: Found the 'netstat' command: /bin/netstat [14:40:08] Info: Found the 'perl' command: /usr/bin/perl [14:40:08] Info: Found the 'ps' command: /bin/ps [14:40:08] Info: Found the 'pwd' command: /bin/pwd [14:40:08] Info: Found the 'readlink' command: /bin/readlink [14:40:08] Info: Found the 'sort' command: /usr/bin/sort [14:40:08] Info: Found the 'stat' command: /usr/bin/stat [14:40:08] Info: Found the 'strings' command: /usr/bin/strings [14:40:08] Info: Found the 'uniq' command: /usr/bin/uniq [14:40:08] Info: Found the 'wget' command: /usr/bin/wget [14:40:08] Info: The mirrors file will be rotated [14:40:08] Info: Both local and remote mirrors will be used [14:40:08] Info: The mirrors file will be updated [14:40:08] [14:40:08] Checking rkhunter data files... [14:40:08] Info: Created temporary file '/var/lib/rkhunter/tmp/rkhunter.upd.b29552' [14:40:09] Info: Created temporary file '/var/lib/rkhunter/tmp/mirrors.dat.h29584' [14:40:09] Info: Mirrors file '/var/lib/rkhunter/db/mirrors.dat' has been rotated. [14:40:09] Info: Executing download command '/usr/bin/wget -q -O /var/lib/rkhunter/tmp/rkhunter.upd.b29552 http://rkhunter.sourceforge.net/1.3/mirrors.dat' [14:40:09] Info: This version : 2007060601 [14:40:09] Info: Latest version: 2007060601 [14:40:09] Checking file mirrors.dat [ No update ] [14:40:09] Info: Executing download command '/usr/bin/wget -q -O /var/lib/rkhunter/tmp/rkhunter.upd.b29552 http://rkhunter.sourceforge.net/1.3/programs_bad.dat' [14:40:10] Info: This version : 2009112801 [14:40:10] Info: Latest version: 2009112801 [14:40:10] Checking file programs_bad.dat[ No update ] [14:40:10] Info: Executing download command '/usr/bin/wget -q -O /var/lib/rkhunter/tmp/rkhunter.upd.b29552 http://rkhunter.sourceforge.net/1.3/backdoorports.dat' [14:40:11] Info: This version : 2009110901 [14:40:11] Info: Latest version: 2009110901 [14:40:11] Checking file backdoorports.dat [ No update ] [14:40:11] Info: Executing download command '/usr/bin/wget -q -O /var/lib/rkhunter/tmp/rkhunter.upd.b29552 http://rkhunter.sourceforge.net/1.3/suspscan.dat' [14:40:11] Info: This version : 2009112901 [14:40:11] Info: Latest version: 2009112901 [14:40:11] Checking file suspscan.dat[ No update ] [14:40:11] Info: Executing download command '/usr/bin/wget -q -O
Re: /usr/sbin/unhide , /usr/sbin/unhide-linux26 - ч то за подозрительные файлы?
первый файл это симлинк на второй они ставятся вместе с rkhunter # apt-cache show rkhunter|grep Recom Recommends: iproute, libmd5-perl, unhide, wget | curl | links | elinks | lynx сама утилита показывает скрытые процессы # apt-cache show unhide|grep Desc Description: Forensic tool to find hidden processes and ports