Понимание предупреждений rkhunter

Question

Понимание предупреждений rkhunter

Я стал параноиком и запустил chkrootkit и rkhunter для поиска руткитов. Не похоже, что chkrootkit нашел что-то, но rkhunter вернул некоторые предупреждения. Я думаю, что многие могут быть ложными срабатываниями, но меня больше всего волнуют "возможные строки руткита" и три подозрительных файла. Любые объяснения будут с благодарностью! Спасибо!

Performing file properties checks
/usr/bin/fuser                                           [ Warning ]
/usr/bin/whatis                                          [ Warning ]
/usr/bin/shasum                                          [ Warning ]

Performing additional rootkit checks
Checking for possible rootkit strings                    [ Warning ]

Performing checks on the network interfaces
Checking for promiscuous interfaces                      [ Warning ]

Performing system boot checks
Checking for system startup files                        [ Warning ]

Performing system configuration file checks
Checking if SSH root access is allowed                   [ Warning ]
Checking if SSH protocol v1 is allowed                   [ Warning ]

Performing filesystem checks
Checking for hidden files and directories                [ Warning ]

Предупреждения в лог-файле:

[17:00:44] Info: No mail-on-warning address configured
[17:01:25]   /usr/bin/fuser                                  [ Warning ]
[17:01:25] Warning: The command '/usr/bin/fuser' has been replaced by a script: /usr/bin/fuser: a /usr/bin/perl -w script text executable, ASCII text
[17:01:36]   /usr/bin/whatis                                 [ Warning ]
[17:01:36] Warning: The command '/usr/bin/whatis' has been replaced by a script: /usr/bin/whatis: POSIX shell script text executable, ASCII text
[17:01:37]   /usr/bin/shasum                                 [ Warning ]
[17:01:37] Warning: The command '/usr/bin/shasum' has been replaced by a script: /usr/bin/shasum: a /usr/bin/perl script text executable, ASCII text
[17:03:28] Warning: Checking for possible rootkit strings    [ Warning ]
[17:04:07]   Checking for promiscuous interfaces             [ Warning ]
[17:04:07] Warning: Possible promiscuous interfaces:
[17:04:09]   Checking for system startup files               [ Warning ]
[17:04:09] Warning: No system startup files found.
[17:04:10]   Checking if SSH root access is allowed          [ Warning ]
[17:04:10] Warning: The SSH configuration option 'PermitRootLogin' has not been set.
[17:04:10]   Checking if SSH protocol v1 is allowed          [ Warning ]
[17:04:10] Warning: The SSH configuration option 'Protocol' has not been set.
[17:04:17]   Checking for hidden files and directories       [ Warning ]
[17:04:17] Warning: Hidden file found: /usr/share/man/man5/.rhosts.5: troff or preprocessor input text, ASCII text

6

macos rootkit

Источник

user5182305 28 мар '17 в 22:24

0 ответов

Другие вопросы по тегам macos rootkit