Welcome to the Linux Foundation Forum!
RootkitHunter.log
linuxdudex10
Posts: 38
I just installed RootkitHunter.log and decided to use it, I have noticed it alerted me of a few warnings. Can you guys look at it and tell me if I should be worried yet? thanks
0
Comments
-
If you Google "Xzibit rootkit", you'll find pages explaining that is a false positive. Your system is ok.0
-
Thank you, yea Linux is pretty good against malware. I clicked on this Link one guy gave me and it sent me to one of those shock sites that was supposed to make me think I was infected and all. I knew it was running out of the browser and I did yell at myself for not using a VM to use the link. But anyway when I loaded my windows VM and went to the link, MSE found an infection immediately. Linux did not ( Because it doesn't use software that monitors).
Do you think it's possible Linux could still get infected? I forgot the name of the threat but I will open my VM and post the name ASAP because I have to goto bed right now. I'm sure it was just an IE exploit, and exploit was indeed part of the threat name. I used "killall firefox" in a virtual terminal to remedy the situation but im afraid there might still be something on the machine for a few reasons:
1. I was running firefox as root because I was to lazy to open a terminal with lower privilege.
2. I found parts of a pdf that were no doubt left by the shock site, particularly these files were found in the /tmp
directory.
This has nothing to do with what I stated in my earlier post and rootkit hunter, I just wanted to save you guys room on your site and not add unnecessary threads.0 -
I recently Googled "Bloom Energy" when their box was announced, then clicked on the Google trends link, that resulted in the same type of attack you just wrote about. I has to kill the PID of Firefox twice and reboot before Firefox allowed me to start a new session. Luckily I was using Linux and not Windows because the attack tried to install a exe file, which would have infected a Windows machine. Using Noscript would have prevented the obvious JavaScript based attack, but, LOL, I like to live dangerously. Besides, I really thought Google had a better protection filter running on their results.
So we both had a learning experience.
I checked my /home and /tmp folders and looked to see if any new files were left after the attack, I even checked the hidden files but found nothing. These attacks try to install exe files which can't be run on Linux systems, I've never seen a pdf based exploit, but I'm sure they are out there, but then again, they can't install to a Linux system so I wouldn't worry about it.
NEVER run your system with root privileges, unless your doing administration work. Log out of your session and drop to an init level that exits gdm, kdm etc (init 3 in Debian and Fedora), and never open up your DE (Gnome, KDE, etc) with root as the user. The only way malicious code can infect your computer is if you give it the privileges to do so.
BTW - the site has plenty of room, new threads are welcome. :-)0 -
I agree the virus safety in Linux is because of the structure and the understanding that a user will not just do everyday tasks as the administrator. Some viruses exists for Linux based systems that can modify configuration files and download and launch executables like in windows, but the clean separation between admin and users is what protects us.
Ideally in any OS, If you download a virus as a normal user it should not be able to take over the system because the user it is running under has insufficient rights. As I stated this is deal, but zero day vulnerabilities exist in all systems that can lead to privilege escalation.
You are currently running on a system that has less enemies but is not completely invulnerable, please only user the root account for quick modifications and installation and removal of packages, this is why so many distros lock the root account and force the users to use sudo.0 -
Most malware that targets Linux/Unix systems per se are those looking for hosting spam or botnet servers they can pwn, or are digging for corporate IP. These usually try to get in thru unprotected TCP/IP ports that may be exposed to the internet either because your firewall is misconfigured, or because you have allowed access to those ports without properly protecting them. In any case, any server-type system that I would expose to the internet would be running SELinux and have no remote root access if at all possible. Then I would make sure that any servers that are looking for connections are configured to properly patched and secured.0
Categories
- All Categories
- 218 LFX Mentorship
- 218 LFX Mentorship: Linux Kernel
- 791 Linux Foundation IT Professional Programs
- 353 Cloud Engineer IT Professional Program
- 178 Advanced Cloud Engineer IT Professional Program
- 82 DevOps Engineer IT Professional Program
- 147 Cloud Native Developer IT Professional Program
- 137 Express Training Courses
- 137 Express Courses - Discussion Forum
- 6.2K Training Courses
- 47 LFC110 Class Forum - Discontinued
- 71 LFC131 Class Forum
- 42 LFD102 Class Forum
- 226 LFD103 Class Forum
- 18 LFD110 Class Forum
- 38 LFD121 Class Forum
- 18 LFD133 Class Forum
- 7 LFD134 Class Forum
- 18 LFD137 Class Forum
- 71 LFD201 Class Forum
- 4 LFD210 Class Forum
- 5 LFD210-CN Class Forum
- 2 LFD213 Class Forum - Discontinued
- 128 LFD232 Class Forum - Discontinued
- 2 LFD233 Class Forum
- 4 LFD237 Class Forum
- 24 LFD254 Class Forum
- 697 LFD259 Class Forum
- 111 LFD272 Class Forum
- 4 LFD272-JP クラス フォーラム
- 12 LFD273 Class Forum
- 148 LFS101 Class Forum
- 1 LFS111 Class Forum
- 3 LFS112 Class Forum
- 2 LFS116 Class Forum
- 4 LFS118 Class Forum
- LFS120 Class Forum
- 7 LFS142 Class Forum
- 5 LFS144 Class Forum
- 4 LFS145 Class Forum
- 2 LFS146 Class Forum
- 3 LFS147 Class Forum
- 1 LFS148 Class Forum
- 15 LFS151 Class Forum
- 2 LFS157 Class Forum
- 29 LFS158 Class Forum
- 7 LFS162 Class Forum
- 2 LFS166 Class Forum
- 4 LFS167 Class Forum
- 3 LFS170 Class Forum
- 2 LFS171 Class Forum
- 3 LFS178 Class Forum
- 3 LFS180 Class Forum
- 2 LFS182 Class Forum
- 5 LFS183 Class Forum
- 31 LFS200 Class Forum
- 737 LFS201 Class Forum - Discontinued
- 3 LFS201-JP クラス フォーラム
- 18 LFS203 Class Forum
- 134 LFS207 Class Forum
- 2 LFS207-DE-Klassenforum
- 1 LFS207-JP クラス フォーラム
- 302 LFS211 Class Forum
- 56 LFS216 Class Forum
- 52 LFS241 Class Forum
- 48 LFS242 Class Forum
- 38 LFS243 Class Forum
- 15 LFS244 Class Forum
- 2 LFS245 Class Forum
- LFS246 Class Forum
- 49 LFS250 Class Forum
- 2 LFS250-JP クラス フォーラム
- 1 LFS251 Class Forum
- 153 LFS253 Class Forum
- 1 LFS254 Class Forum
- 1 LFS255 Class Forum
- 7 LFS256 Class Forum
- 1 LFS257 Class Forum
- 1.3K LFS258 Class Forum
- 10 LFS258-JP クラス フォーラム
- 118 LFS260 Class Forum
- 159 LFS261 Class Forum
- 42 LFS262 Class Forum
- 82 LFS263 Class Forum - Discontinued
- 15 LFS264 Class Forum - Discontinued
- 11 LFS266 Class Forum - Discontinued
- 24 LFS267 Class Forum
- 22 LFS268 Class Forum
- 30 LFS269 Class Forum
- LFS270 Class Forum
- 202 LFS272 Class Forum
- 2 LFS272-JP クラス フォーラム
- 1 LFS274 Class Forum
- 4 LFS281 Class Forum
- 9 LFW111 Class Forum
- 259 LFW211 Class Forum
- 181 LFW212 Class Forum
- 13 SKF100 Class Forum
- 1 SKF200 Class Forum
- 1 SKF201 Class Forum
- 796 Hardware
- 199 Drivers
- 68 I/O Devices
- 37 Monitors
- 103 Multimedia
- 174 Networking
- 91 Printers & Scanners
- 85 Storage
- 758 Linux Distributions
- 82 Debian
- 67 Fedora
- 17 Linux Mint
- 13 Mageia
- 23 openSUSE
- 148 Red Hat Enterprise
- 31 Slackware
- 13 SUSE Enterprise
- 353 Ubuntu
- 468 Linux System Administration
- 39 Cloud Computing
- 71 Command Line/Scripting
- Github systems admin projects
- 93 Linux Security
- 78 Network Management
- 102 System Management
- 47 Web Management
- 63 Mobile Computing
- 18 Android
- 33 Development
- 1.2K New to Linux
- 1K Getting Started with Linux
- 371 Off Topic
- 114 Introductions
- 174 Small Talk
- 22 Study Material
- 805 Programming and Development
- 303 Kernel Development
- 484 Software Development
- 1.8K Software
- 261 Applications
- 183 Command Line
- 3 Compiling/Installing
- 987 Games
- 317 Installation
- 97 All In Program
- 97 All In Forum
Upcoming Training
-
August 20, 2018
Kubernetes Administration (LFS458)
-
August 20, 2018
Linux System Administration (LFS301)
-
August 27, 2018
Open Source Virtualization (LFS462)
-
August 27, 2018
Linux Kernel Debugging and Security (LFD440)