New Mint19 and rkhunter warnings

Questions about applications and software
Forum rules
Before you post please read how to get help
Post Reply
User avatar
turboscrew
Level 4
Level 4
Posts: 208
Joined: Sat Sep 26, 2009 2:13 pm

New Mint19 and rkhunter warnings

Post by turboscrew » Sun Sep 23, 2018 5:56 am

I've just installed Mint 19 Cinnamon on a laptop. Everything else is from standard repo except Acroread. I run rkhunter and got warnings (replaced the owner names by "xxx").

Code: Select all

[12:23:43]   /usr/bin/lwp-request                            [ Warning ]
[12:23:43] Warning: The command '/usr/bin/lwp-request' has been replaced by a script: /usr/bin/lwp-request: Perl script text executable
...
[12:27:55]   Checking for suspicious (large) shared memory segments [ Warning ]
[12:27:55] Warning: The following suspicious (large) shared memory segments have been found:
[12:27:55]          Process: /usr/lib/x86_64-linux-gnu/cinnamon-settings-daemon/csd-background    PID: 1291    Owner: lea    Size: 32MB (configured size allowed: 1,0MB)
[12:27:55]          Process: /usr/lib/policykit-1-gnome/polkit-gnome-authentication-agent-1    PID: 1475    Owner: lea    Size: 4,0MB (configured size allowed: 1,0MB)
[12:27:55]          Process: /usr/bin/nemo-desktop    PID: 1478    Owner: xxx    Size: 4,0MB (configured size allowed: 1,0MB)
[12:27:55]          Process: /usr/bin/python3.6    PID: 1549    Owner: xxx    Size: 1,0MB (configured size allowed: 1,0MB)
[12:27:55]          Process: /usr/lib/firefox/firefox    PID: 2175    Owner: xxx    Size: 3,7MB (configured size allowed: 1,0MB)
[12:27:55]          Process: /usr/lib/firefox/firefox    PID: 2175    Owner: xxx    Size: 3,7MB (configured size allowed: 1,0MB)
[12:27:55]          Process: /usr/lib/firefox/firefox    PID: 2175    Owner: xxx    Size: 1,9MB (configured size allowed: 1,0MB)
[12:27:55]          Process: /usr/lib/firefox/firefox    PID: 2175    Owner: xxx    Size: 1,9MB (configured size allowed: 1,0MB)
[12:27:55]          Process: /usr/lib/gnome-terminal/gnome-terminal-server    PID: 12656    Owner: xxx    Size: 4,0MB (configured size allowed: 1,0MB)
...
[12:28:25]   Checking for hidden files and directories       [ Warning ]
[12:28:25] Warning: Hidden directory found: /etc/.java

[12:28:36] System checks summary
[12:28:36] =====================
[12:28:36]
[12:28:36] File properties checks...
[12:28:36] Files checked: 145
[12:28:36] Suspect files: 1
[12:28:36]
[12:28:36] Rootkit checks...
[12:28:36] Rootkits checked : 480
[12:28:36] Possible rootkits: 9
Under the "Checking for rootkits" there were no warnings.

There were, however a couple if "infos", like:
[12:23:25] Info: Found file '/usr/sbin/adduser': it is whitelisted for the 'script replacement' check.

Are there any reasons to worry, or are those known false alarms?

[EDIT]
chkrootkit also gave alarms:

Code: Select all

...
Checking `tcpd'...                                          INFECTED
...
Searching for suspicious files and dirs, it may take a while... The following suspicious files and directories were found:  
/usr/lib/jvm/.java-1.11.0-openjdk-amd64.jinfo /usr/lib/debug/.build-id /lib/modules/4.15.0-34-generic/vdso/.build-id /lib/modules/4.15.0-20-generic/vdso/.build-id
/usr/lib/debug/.build-id /lib/modules/4.15.0-34-generic/vdso/.build-id /lib/modules/4.15.0-20-generic/vdso/.build-id
...
Last edited by turboscrew on Sun Sep 23, 2018 6:04 am, edited 1 time in total.

User avatar
kc1di
Level 13
Level 13
Posts: 4774
Joined: Mon Sep 08, 2008 8:44 pm
Location: Maine USA

Re: New Mint19 and rkhunter warnings

Post by kc1di » Sun Sep 23, 2018 6:04 am

I don't think those are reasons to worry much. Linux is much safer than windows.
You may want to read this page: https://sites.google.com/site/easylinux ... t/security
Good luck.
Easy tips : https://sites.google.com/site/easylinuxtipsproject/
Linux Mint Installation Guide: http://linuxmint-installation-guide.rea ... en/latest/
Registered Linux User #462608

User avatar
turboscrew
Level 4
Level 4
Posts: 208
Joined: Sat Sep 26, 2009 2:13 pm

Re: New Mint19 and rkhunter warnings

Post by turboscrew » Sun Sep 23, 2018 6:10 am

Oh, I know Linux is much safer than Windows. I've been Linux user for quite some time (since latter half of 90's).

But it's known to happen that distro sites get compromised. Not so long ago that happened to Mint.
https://blog.linuxmint.com/?p=2994
Rare situations, yes, but still...

Post Reply

Return to “Software & Applications”