3 Open Ports

Archived topics about LMDE 1 and LMDE 2
Habitual

Re: 3 Open Ports

Post by Habitual »

Bizarre:

Code: Select all

./installer.sh --install
showed me:
Directory /var/lib/rkhunter/db: creating: OK
Directory /var/lib/rkhunter/tmp: creating: OK
Directory /var/lib/rkhunter/db/i18n: creating: OK
and this too?

Code: Select all

ll /etc/rkhunter.conf 
-rw-r----- 1 root root 43971 Oct 19 19:00 /etc/rkhunter.conf
Did you install as root?

Code: Select all

sudo su -
do stuff... :wink:

The reason you don't have an /etc/ssh/sshd_config is because you don't have openssh-server installed. :shock:
Don't worry about editing that file then. :)

New /etc/rkhunter.conf for LM2 Betsy / Cinnamon 2.4.x
http://paste.linuxmint.com/view/tcj4/

Don't forget --proupd after editing.

I'll catch up tomorrow, you should see
No warnings were found while checking the system.
as a result of running rkhunter -c -sk with that config.
Last edited by Habitual on Mon Oct 19, 2015 7:25 pm, edited 1 time in total.
User avatar
Fred Barclay
Level 12
Level 12
Posts: 4185
Joined: Sat Sep 13, 2014 11:12 am
Location: USA primarily

Re: 3 Open Ports

Post by Fred Barclay »

I did.
It's got to be that there was already a /etc/rkhunter.conf file, so 1,4,3 created the /etc/rkhunter.conf,datecode file. Of course, my uninstallling version 1,4,2 with the --purge option would have removed the preexisting /etc/rkhunter.conf file.
What if I renamed it to rkhunter.conf?
Image
"Once you can accept the universe as matter expanding into nothing that is something, wearing stripes with plaid comes easy."
- Albert Einstein
Habitual

Re: 3 Open Ports

Post by Habitual »

Well, let's check your work and re-install. ;)
Nuke that datecode garbage, or move it to /root or other...

Code: Select all

sudo su -
cd /usr/src/rkhunter-1-4-3
./installer.sh --install
rkhunter --update

Code: Select all

vi /etc/rkhunter.conf
and use content from http://paste.linuxmint.com/view/tcj4/

Code: Select all

rkhunter --propupd
That should be it.

See you tomorrow.
User avatar
Fred Barclay
Level 12
Level 12
Posts: 4185
Joined: Sat Sep 13, 2014 11:12 am
Location: USA primarily

Re: 3 Open Ports

Post by Fred Barclay »

Nuked, run, reinstalled, and done! No errors this time.

See you tomorrow (though it still may be "today" for me. :) )
Image
"Once you can accept the universe as matter expanding into nothing that is something, wearing stripes with plaid comes easy."
- Albert Einstein
Habitual

Re: 3 Open Ports

Post by Habitual »

Glad that worked out.
Now, gufw...
User avatar
Fred Barclay
Level 12
Level 12
Posts: 4185
Joined: Sat Sep 13, 2014 11:12 am
Location: USA primarily

Re: 3 Open Ports

Post by Fred Barclay »

Ready whenever you are!

Is it okay to scan with rkhunter now? I'd avoided doing it since I didn't want to mess up any log files you might need.
Image
"Once you can accept the universe as matter expanding into nothing that is something, wearing stripes with plaid comes easy."
- Albert Einstein
Habitual

Re: 3 Open Ports

Post by Habitual »

Fred Barclay wrote:Is it okay to scan with rkhunter now? I'd avoided doing it since I didn't want to mess up any log files you might need.
Sure!

Code: Select all

rkhunter -c -sk
User avatar
Fred Barclay
Level 12
Level 12
Posts: 4185
Joined: Sat Sep 13, 2014 11:12 am
Location: USA primarily

Re: 3 Open Ports

Post by Fred Barclay »

I did get one warning, "Checking for suspicious shared memory segments" under "Malware Check."
Scan results[/url
[url=http://paste.linuxmint.com/view/87w5]rkhunter.log

rkhunter.conf

I'm checking the log file now for more info.
Image
"Once you can accept the universe as matter expanding into nothing that is something, wearing stripes with plaid comes easy."
- Albert Einstein
Habitual

Re: 3 Open Ports

Post by Habitual »

Fred Barclay wrote:I did get one warning, "Checking for suspicious shared memory segments" under "Malware Check."

Yes. I saw one also in my VM...wrt: something cinnamon...
Use the short version to recheck only malware. :idea:

Code: Select all

rkhunter -c -sk --enable malware
I think you're good.
No warnings were found while checking the system.
User avatar
Fred Barclay
Level 12
Level 12
Posts: 4185
Joined: Sat Sep 13, 2014 11:12 am
Location: USA primarily

Re: 3 Open Ports

Post by Fred Barclay »

Same result, which is weird. A warning was returned. :? Anyhow, if you're not worried I'm not.
Image
"Once you can accept the universe as matter expanding into nothing that is something, wearing stripes with plaid comes easy."
- Albert Einstein
Habitual

Re: 3 Open Ports

Post by Habitual »

Fred Barclay wrote:Same result, which is weird. A warning was returned. :? Anyhow, if you're not worried I'm not.

Code: Select all

[13:04:15] Warning: The following suspicious shared memory segments have been found:
[13:04:15]          Process: /usr/lib/cinnamon-settings-daemon/cinnamon-settings-daemon    PID: 3218    Owner: fred
[13:04:15]          Process: /usr/bin/nemo    PID: 3327    Owner: fred
[13:04:15]          Process: /usr/bin/cinnamon-screensaver    PID: 3452    Owner: fred
[13:04:15]          Process: /usr/bin/cinnamon    PID: 3312    Owner: fred
[13:04:15]          Process: /usr/bin/gnome-terminal    PID: 23694    Owner: fred
looks ok.
It's an 'expected' hit, in my book.
No warnings were found while checking the system.
using

Code: Select all

rkhunter -c -sk --enable malware
/usr/lib/cinnamon-settings-daemon/cinnamon-settings-daemon
User avatar
Fred Barclay
Level 12
Level 12
Posts: 4185
Joined: Sat Sep 13, 2014 11:12 am
Location: USA primarily

Re: 3 Open Ports

Post by Fred Barclay »

Good by me, then. :D
Image
"Once you can accept the universe as matter expanding into nothing that is something, wearing stripes with plaid comes easy."
- Albert Einstein
Habitual

Re: 3 Open Ports

Post by Habitual »

Fred:

I am rather tied up doing my day job (linux sysadmin, go figure)
so, unless someone else here has some gufw.fu (gufw kung-fu), I'll be tied up for a bit.

Likely tomorrow.
User avatar
Fred Barclay
Level 12
Level 12
Posts: 4185
Joined: Sat Sep 13, 2014 11:12 am
Location: USA primarily

Re: 3 Open Ports

Post by Fred Barclay »

No worries! Seriously! I just appreciate all you've done so far. :D

Sounds like a great job. ;)
Image
"Once you can accept the universe as matter expanding into nothing that is something, wearing stripes with plaid comes easy."
- Albert Einstein
Habitual

Re: 3 Open Ports

Post by Habitual »

Earth to Fred:

What's the status?
User avatar
Fred Barclay
Level 12
Level 12
Posts: 4185
Joined: Sat Sep 13, 2014 11:12 am
Location: USA primarily

Re: 3 Open Ports

Post by Fred Barclay »

beep...beep...beep: INCOMING TRANSMISSION.....

Well, rkhunter 1,4,3 seems to be working nicely, gufw still crashes but shows up in the Cinnamon menu (I went ahead and upgraded to Cinnamon 2,8) so I'm thinking about removing it and just going with ufw, and...uh...that's about it...
SIGNAL LOST!
SIGNAL LOST!

BTW: when did you add your sig?
Image
"Once you can accept the universe as matter expanding into nothing that is something, wearing stripes with plaid comes easy."
- Albert Einstein
Habitual

Re: 3 Open Ports

Post by Habitual »

Have we purged ufw?

I change sigs when I want to get my points across to the newbs.
Present company excepted.
User avatar
Fred Barclay
Level 12
Level 12
Posts: 4185
Joined: Sat Sep 13, 2014 11:12 am
Location: USA primarily

Re: 3 Open Ports

Post by Fred Barclay »

I haven't touched ufw as it seems to be working nicely. Gufw, on the other hand, I've purged and reinstalled about 4 times. I've also tried (on a different install, but same machine and same problems) install gufw from Debian Stretch and then upgrading to the current version via Update Manager.
Image
"Once you can accept the universe as matter expanding into nothing that is something, wearing stripes with plaid comes easy."
- Albert Einstein
Habitual

Re: 3 Open Ports

Post by Habitual »

Can you use Debian with gufw (which is what I meant on my last post) for the foreign wifi?
User avatar
Fred Barclay
Level 12
Level 12
Posts: 4185
Joined: Sat Sep 13, 2014 11:12 am
Location: USA primarily

Re: 3 Open Ports

Post by Fred Barclay »

I don't have Debian installed. I have downloaded the .debs from the Debian website, if that's what you mean. Gufw is version 12.10.0-1 from Wheezy up.
Image
"Once you can accept the universe as matter expanding into nothing that is something, wearing stripes with plaid comes easy."
- Albert Einstein
Locked

Return to “LMDE Archive”