Page 3 of 4
Re: 3 Open Ports
Posted: Mon Oct 19, 2015 7:00 pm
by Habitual
Bizarre:
showed me:
Directory /var/lib/rkhunter/db: creating: OK
Directory /var/lib/rkhunter/tmp: creating: OK
Directory /var/lib/rkhunter/db/i18n: creating: OK
and this too?
Code: Select all
ll /etc/rkhunter.conf
-rw-r----- 1 root root 43971 Oct 19 19:00 /etc/rkhunter.conf
Did you install as root?
do stuff...
The reason you don't have an /etc/ssh/sshd_config is because you don't have openssh-server installed.
Don't worry about editing that file then.
New /etc/rkhunter.conf for LM2 Betsy / Cinnamon 2.4.x
http://paste.linuxmint.com/view/tcj4/
Don't forget --proupd after editing.
I'll catch up tomorrow, you should see
No warnings were found while checking the system.
as a result of running rkhunter -c -sk with that config.
Re: 3 Open Ports
Posted: Mon Oct 19, 2015 7:21 pm
by Fred Barclay
I did.
It's got to be that there was already a /etc/rkhunter.conf file, so 1,4,3 created the /etc/rkhunter.conf,datecode file. Of course, my uninstallling version 1,4,2 with the --purge option would have removed the preexisting /etc/rkhunter.conf file.
What if I renamed it to rkhunter.conf?
Re: 3 Open Ports
Posted: Mon Oct 19, 2015 7:31 pm
by Habitual
Well, let's check your work and re-install.
Nuke that datecode garbage, or move it to /root or other...
Code: Select all
sudo su -
cd /usr/src/rkhunter-1-4-3
./installer.sh --install
rkhunter --update
and use content from
http://paste.linuxmint.com/view/tcj4/
That should be it.
See you tomorrow.
Re: 3 Open Ports
Posted: Mon Oct 19, 2015 7:38 pm
by Fred Barclay
Nuked, run, reinstalled, and done! No errors this time.
See you tomorrow (though it still may be "today" for me.
)
Re: 3 Open Ports
Posted: Tue Oct 20, 2015 11:14 am
by Habitual
Glad that worked out.
Now, gufw...
Re: 3 Open Ports
Posted: Tue Oct 20, 2015 12:10 pm
by Fred Barclay
Ready whenever you are!
Is it okay to scan with rkhunter now? I'd avoided doing it since I didn't want to mess up any log files you might need.
Re: 3 Open Ports
Posted: Tue Oct 20, 2015 12:17 pm
by Habitual
Fred Barclay wrote:Is it okay to scan with rkhunter now? I'd avoided doing it since I didn't want to mess up any log files you might need.
Sure!
Re: 3 Open Ports
Posted: Tue Oct 20, 2015 12:43 pm
by Fred Barclay
I did get one warning, "Checking for suspicious shared memory segments" under "Malware Check."
Scan results[/url
[url=http://paste.linuxmint.com/view/87w5]rkhunter.log
rkhunter.conf
I'm checking the log file now for more info.
Re: 3 Open Ports
Posted: Tue Oct 20, 2015 12:54 pm
by Habitual
Fred Barclay wrote:I did get one warning, "Checking for suspicious shared memory segments" under "Malware Check."
Yes. I saw one also in my VM...wrt: something cinnamon...
Use the short version to recheck only malware.
I think you're good.
No warnings were found while checking the system.
Re: 3 Open Ports
Posted: Tue Oct 20, 2015 12:56 pm
by Fred Barclay
Same result, which is weird. A warning
was returned.
Anyhow, if you're not worried I'm not.
Re: 3 Open Ports
Posted: Tue Oct 20, 2015 1:05 pm
by Habitual
Fred Barclay wrote:Same result, which is weird. A warning
was returned.
Anyhow, if you're not worried I'm not.
Code: Select all
[13:04:15] Warning: The following suspicious shared memory segments have been found:
[13:04:15] Process: /usr/lib/cinnamon-settings-daemon/cinnamon-settings-daemon PID: 3218 Owner: fred
[13:04:15] Process: /usr/bin/nemo PID: 3327 Owner: fred
[13:04:15] Process: /usr/bin/cinnamon-screensaver PID: 3452 Owner: fred
[13:04:15] Process: /usr/bin/cinnamon PID: 3312 Owner: fred
[13:04:15] Process: /usr/bin/gnome-terminal PID: 23694 Owner: fred
looks ok.
It's an 'expected' hit, in my book.
No warnings were found while checking the system.
using
/usr/lib/cinnamon-settings-daemon/cinnamon-settings-daemon
Re: 3 Open Ports
Posted: Tue Oct 20, 2015 2:03 pm
by Fred Barclay
Good by me, then.
Re: 3 Open Ports
Posted: Tue Oct 20, 2015 2:59 pm
by Habitual
Fred:
I am rather tied up doing my day job (linux sysadmin, go figure)
so, unless someone else here has some gufw.fu (gufw kung-fu), I'll be tied up for a bit.
Likely tomorrow.
Re: 3 Open Ports
Posted: Tue Oct 20, 2015 3:13 pm
by Fred Barclay
No worries! Seriously! I just appreciate all you've done so far.
Sounds like a great job.
Re: 3 Open Ports
Posted: Mon Oct 26, 2015 1:23 pm
by Habitual
Earth to Fred:
What's the status?
Re: 3 Open Ports
Posted: Mon Oct 26, 2015 2:30 pm
by Fred Barclay
beep...beep...beep: INCOMING TRANSMISSION.....
Well, rkhunter 1,4,3 seems to be working nicely, gufw still crashes but shows up in the Cinnamon menu (I went ahead and upgraded to Cinnamon 2,8) so I'm thinking about removing it and just going with ufw, and...uh...that's about it...
SIGNAL LOST!
SIGNAL LOST!
BTW: when did you add your sig?
Re: 3 Open Ports
Posted: Mon Oct 26, 2015 2:36 pm
by Habitual
Have we purged ufw?
I change sigs when I want to get my points across to the newbs.
Present company excepted.
Re: 3 Open Ports
Posted: Mon Oct 26, 2015 3:08 pm
by Fred Barclay
I haven't touched ufw as it seems to be working nicely. Gufw, on the other hand, I've purged and reinstalled about 4 times. I've also tried (on a different install, but same machine and same problems) install gufw from Debian Stretch and then upgrading to the current version via Update Manager.
Re: 3 Open Ports
Posted: Mon Oct 26, 2015 3:11 pm
by Habitual
Can you use Debian with gufw (which is what I meant on my last post) for the foreign wifi?
Re: 3 Open Ports
Posted: Mon Oct 26, 2015 3:39 pm
by Fred Barclay
I don't have Debian installed. I have downloaded the .debs from the Debian website, if that's what you mean. Gufw is version 12.10.0-1 from Wheezy up.