<SOLVED>help analyzing rkhunter.log info --tyia

[ordawgg]

hello all! first time forum poster, though been using LM well over 1yr.
just used rkhunter for first time.
my lowly understanding of the massive amount of info provided, has left me overwhelmed and unable to reach a definitive conclusion on the state of my system and how i should proceed (e.g. new install, other "housecleaning", do nothing?, etc.).
ill add attachment for rkhunter.log below and any feedback, opinions, suggestion, questions are immensely appreciated

oh and here's a little about my system:

Code: Select all

peekaboo@inspee ~ $ inxi -Fxzd
System:    Host: inspee Kernel: 4.13.0-39-generic x86_64 (64 bit gcc: 5.4.0)
           Desktop: Cinnamon 3.6.7 (Gtk 3.18.9-1ubuntu3.3)
           Distro: Linux Mint 18.3 Sylvia
Machine:   System: Dell product: Inspiron 3647
           Mobo: Dell model: 02YRK5 v: A02 Bios: Dell v: A04 date: 04/03/2014
CPU:       Dual core Intel Core i3-4130 (-HT-MCP-) cache: 3072 KB
           flags: (lm nx sse sse2 sse3 sse4_1 sse4_2 ssse3 vmx) bmips: 13568
           clock speeds: max: 3400 MHz 1: 3182 MHz 2: 3104 MHz 3: 3347 MHz
           4: 3183 MHz
Graphics:  Card: Intel 4th Generation Core Processor Family Integrated Graphics Controller
           bus-ID: 00:02.0
           Display Server: X.Org 1.18.4 driver: N/A
           Resolution: 1920x1080@60.00hz
           GLX Renderer: Mesa DRI Intel Haswell
           GLX Version: 3.0 Mesa 17.2.8 Direct Rendering: Yes
Audio:     Card-1 Intel 8 Series/C220 Series High Definition Audio Controller
           driver: snd_hda_intel bus-ID: 00:1b.0
           Card-2 Intel Xeon E3-1200 v3/4th Gen Core Processor HD Audio Controller
           driver: snd_hda_intel bus-ID: 00:03.0
           Sound: Advanced Linux Sound Architecture v: k4.13.0-39-generic
Network:   Card-1: Realtek RTL8111/8168/8411 PCI Express Gigabit Ethernet Controller
           driver: r8169 v: 2.3LK-NAPI port: e000 bus-ID: 02:00.0
           IF: enp2s0 state: up speed: 1000 Mbps duplex: full mac: <filter>
           Card-2: Qualcomm Atheros QCA9565 / AR9565 Wireless Network Adapter
           driver: ath9k bus-ID: 03:00.0
           IF: wlp3s0 state: down mac: <filter>
           Card-3: Atheros usb-ID: 003-006
           IF: null-if-id state: N/A speed: N/A duplex: N/A mac: N/A
Drives:    HDD Total Size: 1000.2GB (4.4% used)
           ID-1: /dev/sda model: WDC_WD10EADS size: 1000.2GB
           Optical: /dev/sr0 model: HL-DT-ST DVD+-RW GHB0N
           rev: A100 dev-links: cdrom,cdrw,dvd,dvdrw
           Features: speed: 12x multisession: yes
           audio: yes dvd: yes rw: cd-r,cd-rw,dvd-r,dvd-ram state: running
Partition: ID-1: / size: 909G used: 34G (4%) fs: ext4 dev: /dev/dm-1
           ID-2: /boot size: 473M used: 205M (46%) fs: ext2 dev: /dev/sda2
           ID-3: swap-1 size: 8.50GB used: 0.00GB (0%) fs: swap dev: /dev/dm-3
RAID:      No RAID devices: /proc/mdstat, md_mod kernel module present
Sensors:   System Temperatures: cpu: 29.8C mobo: 27.8C
           Fan Speeds (in rpm): cpu: N/A
Info:      Processes: 237 Uptime: 6:22 Memory: 2326.1/7894.7MB
           Init: systemd runlevel: 5 Gcc sys: 5.4.0
           Client: Shell (bash 4.3.481) inxi: 2.2.35 
[*]

[catweazel]

my lowly understanding of the massive amount of info provided, has left me overwhelmed and unable to reach a definitive conclusion on the state of my system and how i should proceed (e.g. new install, other "housecleaning", do nothing?, etc.).

The answer is in the the attachment.

Code: Select all

[13:00:29] Rootkit checks...
[13:00:29] Rootkits checked : 365
[13:00:29] Possible rootkits: 0

[ordawgg]

Thank you for your reply catweazel. and formatting assist JeremyB.

I had noticed the bit:
[13:00:29] Possible rootkits: 0
...before posting to forum, mainly driven by:

Code: Select all

[12:58:51] Warning: The command '/usr/bin/lwp-request' has been replaced by a script: /usr/bin/lwp-request: a /usr/bin/perl -w script, ASCII text executable
[12:59:32] Info: Starting test name 'malware'
[12:59:32] Performing malware checks
[12:59:32] Info: Test 'deleted_files' disabled at users request.
[12:59:36] Info: Test 'hidden_procs' disabled at users request.
[12:59:36] Info: Test 'suspscan' disabled at users request.
[12:59:45] Info: Starting test name 'group_changes'
[12:59:45]   Checking for group file changes                 [ Warning ]
[12:59:45] Warning: Group 'postfix' has been added to the group file.
[12:59:45] Warning: Group 'postdrop' has been added to the group file.
[12:59:45] Performing filesystem checks
[12:59:45] Info: SCAN_MODE_DEV set to 'THOROUGH'
[12:59:47]   Checking /dev for suspicious file types         [ Warning ]
[12:59:47] Warning: Suspicious file types found in /dev:
[12:59:47]          /dev/shm/pulse-shm-1937715378: data
[12:59:47]          /dev/shm/pulse-shm-2311399799: data
[12:59:47]          /dev/shm/pulse-shm-703393562: data
[12:59:47]          /dev/shm/pulse-shm-1191485740: data
[12:59:47]          /dev/shm/pulse-shm-2616818744: data
[12:59:47]          /dev/shm/pulse-shm-3291180507: data
[12:59:47]          /dev/shm/pulse-shm-3531043206: data
[12:59:47]          /dev/shm/ecryptfs-peekaboo-Private: ASCII text
[12:59:47]   Checking for hidden files and directories       [ Warning ]
[12:59:47] Warning: Hidden directory found: /etc/.java
[13:00:29] Suspect files: 1

is any of that cause for concern?

[catweazel]

is any of that cause for concern?

No.

[ordawgg]

sweet. thankya much