3 Open Ports

Questions about networking
Forum rules
Before you post please read this
Habitual
Level 13
Level 13
Posts: 4871
Joined: Sun Nov 21, 2010 8:31 pm
Location: 0.0.0.0

Re: 3 Open Ports

Post by Habitual » Mon Oct 19, 2015 7:00 pm

Bizarre:

Code: Select all

./installer.sh --install
showed me:
Directory /var/lib/rkhunter/db: creating: OK
Directory /var/lib/rkhunter/tmp: creating: OK
Directory /var/lib/rkhunter/db/i18n: creating: OK
and this too?

Code: Select all

ll /etc/rkhunter.conf 
-rw-r----- 1 root root 43971 Oct 19 19:00 /etc/rkhunter.conf
Did you install as root?

Code: Select all

sudo su -
do stuff... :wink:

The reason you don't have an /etc/ssh/sshd_config is because you don't have openssh-server installed. :shock:
Don't worry about editing that file then. :)

New /etc/rkhunter.conf for LM2 Betsy / Cinnamon 2.4.x
http://paste.linuxmint.com/view/tcj4/

Don't forget --proupd after editing.

I'll catch up tomorrow, you should see
No warnings were found while checking the system.
as a result of running rkhunter -c -sk with that config.
Last edited by Habitual on Mon Oct 19, 2015 7:25 pm, edited 1 time in total.

User avatar
Fred Barclay
Level 12
Level 12
Posts: 4147
Joined: Sat Sep 13, 2014 11:12 am
Location: Bumping around in the bush

Re: 3 Open Ports

Post by Fred Barclay » Mon Oct 19, 2015 7:21 pm

I did.
It's got to be that there was already a /etc/rkhunter.conf file, so 1,4,3 created the /etc/rkhunter.conf,datecode file. Of course, my uninstallling version 1,4,2 with the --purge option would have removed the preexisting /etc/rkhunter.conf file.
What if I renamed it to rkhunter.conf?
Image
"Once you can accept the universe as matter expanding into nothing that is something, wearing stripes with plaid comes easy."
- Albert Einstein

Habitual
Level 13
Level 13
Posts: 4871
Joined: Sun Nov 21, 2010 8:31 pm
Location: 0.0.0.0

Re: 3 Open Ports

Post by Habitual » Mon Oct 19, 2015 7:31 pm

Well, let's check your work and re-install. ;)
Nuke that datecode garbage, or move it to /root or other...

Code: Select all

sudo su -
cd /usr/src/rkhunter-1-4-3
./installer.sh --install
rkhunter --update

Code: Select all

vi /etc/rkhunter.conf
and use content from http://paste.linuxmint.com/view/tcj4/

Code: Select all

rkhunter --propupd
That should be it.

See you tomorrow.

User avatar
Fred Barclay
Level 12
Level 12
Posts: 4147
Joined: Sat Sep 13, 2014 11:12 am
Location: Bumping around in the bush

Re: 3 Open Ports

Post by Fred Barclay » Mon Oct 19, 2015 7:38 pm

Nuked, run, reinstalled, and done! No errors this time.

See you tomorrow (though it still may be "today" for me. :) )
Image
"Once you can accept the universe as matter expanding into nothing that is something, wearing stripes with plaid comes easy."
- Albert Einstein

Habitual
Level 13
Level 13
Posts: 4871
Joined: Sun Nov 21, 2010 8:31 pm
Location: 0.0.0.0

Re: 3 Open Ports

Post by Habitual » Tue Oct 20, 2015 11:14 am

Glad that worked out.
Now, gufw...

User avatar
Fred Barclay
Level 12
Level 12
Posts: 4147
Joined: Sat Sep 13, 2014 11:12 am
Location: Bumping around in the bush

Re: 3 Open Ports

Post by Fred Barclay » Tue Oct 20, 2015 12:10 pm

Ready whenever you are!

Is it okay to scan with rkhunter now? I'd avoided doing it since I didn't want to mess up any log files you might need.
Image
"Once you can accept the universe as matter expanding into nothing that is something, wearing stripes with plaid comes easy."
- Albert Einstein

Habitual
Level 13
Level 13
Posts: 4871
Joined: Sun Nov 21, 2010 8:31 pm
Location: 0.0.0.0

Re: 3 Open Ports

Post by Habitual » Tue Oct 20, 2015 12:17 pm

Fred Barclay wrote:Is it okay to scan with rkhunter now? I'd avoided doing it since I didn't want to mess up any log files you might need.
Sure!

Code: Select all

rkhunter -c -sk

User avatar
Fred Barclay
Level 12
Level 12
Posts: 4147
Joined: Sat Sep 13, 2014 11:12 am
Location: Bumping around in the bush

Re: 3 Open Ports

Post by Fred Barclay » Tue Oct 20, 2015 12:43 pm

I did get one warning, "Checking for suspicious shared memory segments" under "Malware Check."
Scan results[/url
[url=http://paste.linuxmint.com/view/87w5]rkhunter.log

rkhunter.conf

I'm checking the log file now for more info.
Image
"Once you can accept the universe as matter expanding into nothing that is something, wearing stripes with plaid comes easy."
- Albert Einstein

Habitual
Level 13
Level 13
Posts: 4871
Joined: Sun Nov 21, 2010 8:31 pm
Location: 0.0.0.0

Re: 3 Open Ports

Post by Habitual » Tue Oct 20, 2015 12:54 pm

Fred Barclay wrote:I did get one warning, "Checking for suspicious shared memory segments" under "Malware Check."

Yes. I saw one also in my VM...wrt: something cinnamon...
Use the short version to recheck only malware. :idea:

Code: Select all

rkhunter -c -sk --enable malware
I think you're good.
No warnings were found while checking the system.

User avatar
Fred Barclay
Level 12
Level 12
Posts: 4147
Joined: Sat Sep 13, 2014 11:12 am
Location: Bumping around in the bush

Re: 3 Open Ports

Post by Fred Barclay » Tue Oct 20, 2015 12:56 pm

Same result, which is weird. A warning was returned. :? Anyhow, if you're not worried I'm not.
Image
"Once you can accept the universe as matter expanding into nothing that is something, wearing stripes with plaid comes easy."
- Albert Einstein

Habitual
Level 13
Level 13
Posts: 4871
Joined: Sun Nov 21, 2010 8:31 pm
Location: 0.0.0.0

Re: 3 Open Ports

Post by Habitual » Tue Oct 20, 2015 1:05 pm

Fred Barclay wrote:Same result, which is weird. A warning was returned. :? Anyhow, if you're not worried I'm not.

Code: Select all

[13:04:15] Warning: The following suspicious shared memory segments have been found:
[13:04:15]          Process: /usr/lib/cinnamon-settings-daemon/cinnamon-settings-daemon    PID: 3218    Owner: fred
[13:04:15]          Process: /usr/bin/nemo    PID: 3327    Owner: fred
[13:04:15]          Process: /usr/bin/cinnamon-screensaver    PID: 3452    Owner: fred
[13:04:15]          Process: /usr/bin/cinnamon    PID: 3312    Owner: fred
[13:04:15]          Process: /usr/bin/gnome-terminal    PID: 23694    Owner: fred
looks ok.
It's an 'expected' hit, in my book.
No warnings were found while checking the system.
using

Code: Select all

rkhunter -c -sk --enable malware
/usr/lib/cinnamon-settings-daemon/cinnamon-settings-daemon

User avatar
Fred Barclay
Level 12
Level 12
Posts: 4147
Joined: Sat Sep 13, 2014 11:12 am
Location: Bumping around in the bush

Re: 3 Open Ports

Post by Fred Barclay » Tue Oct 20, 2015 2:03 pm

Good by me, then. :D
Image
"Once you can accept the universe as matter expanding into nothing that is something, wearing stripes with plaid comes easy."
- Albert Einstein

Habitual
Level 13
Level 13
Posts: 4871
Joined: Sun Nov 21, 2010 8:31 pm
Location: 0.0.0.0

Re: 3 Open Ports

Post by Habitual » Tue Oct 20, 2015 2:59 pm

Fred:

I am rather tied up doing my day job (linux sysadmin, go figure)
so, unless someone else here has some gufw.fu (gufw kung-fu), I'll be tied up for a bit.

Likely tomorrow.

User avatar
Fred Barclay
Level 12
Level 12
Posts: 4147
Joined: Sat Sep 13, 2014 11:12 am
Location: Bumping around in the bush

Re: 3 Open Ports

Post by Fred Barclay » Tue Oct 20, 2015 3:13 pm

No worries! Seriously! I just appreciate all you've done so far. :D

Sounds like a great job. ;)
Image
"Once you can accept the universe as matter expanding into nothing that is something, wearing stripes with plaid comes easy."
- Albert Einstein

Habitual
Level 13
Level 13
Posts: 4871
Joined: Sun Nov 21, 2010 8:31 pm
Location: 0.0.0.0

Re: 3 Open Ports

Post by Habitual » Mon Oct 26, 2015 1:23 pm

Earth to Fred:

What's the status?

User avatar
Fred Barclay
Level 12
Level 12
Posts: 4147
Joined: Sat Sep 13, 2014 11:12 am
Location: Bumping around in the bush

Re: 3 Open Ports

Post by Fred Barclay » Mon Oct 26, 2015 2:30 pm

beep...beep...beep: INCOMING TRANSMISSION.....

Well, rkhunter 1,4,3 seems to be working nicely, gufw still crashes but shows up in the Cinnamon menu (I went ahead and upgraded to Cinnamon 2,8) so I'm thinking about removing it and just going with ufw, and...uh...that's about it...
SIGNAL LOST!
SIGNAL LOST!

BTW: when did you add your sig?
Image
"Once you can accept the universe as matter expanding into nothing that is something, wearing stripes with plaid comes easy."
- Albert Einstein

Habitual
Level 13
Level 13
Posts: 4871
Joined: Sun Nov 21, 2010 8:31 pm
Location: 0.0.0.0

Re: 3 Open Ports

Post by Habitual » Mon Oct 26, 2015 2:36 pm

Have we purged ufw?

I change sigs when I want to get my points across to the newbs.
Present company excepted.

User avatar
Fred Barclay
Level 12
Level 12
Posts: 4147
Joined: Sat Sep 13, 2014 11:12 am
Location: Bumping around in the bush

Re: 3 Open Ports

Post by Fred Barclay » Mon Oct 26, 2015 3:08 pm

I haven't touched ufw as it seems to be working nicely. Gufw, on the other hand, I've purged and reinstalled about 4 times. I've also tried (on a different install, but same machine and same problems) install gufw from Debian Stretch and then upgrading to the current version via Update Manager.
Image
"Once you can accept the universe as matter expanding into nothing that is something, wearing stripes with plaid comes easy."
- Albert Einstein

Habitual
Level 13
Level 13
Posts: 4871
Joined: Sun Nov 21, 2010 8:31 pm
Location: 0.0.0.0

Re: 3 Open Ports

Post by Habitual » Mon Oct 26, 2015 3:11 pm

Can you use Debian with gufw (which is what I meant on my last post) for the foreign wifi?

User avatar
Fred Barclay
Level 12
Level 12
Posts: 4147
Joined: Sat Sep 13, 2014 11:12 am
Location: Bumping around in the bush

Re: 3 Open Ports

Post by Fred Barclay » Mon Oct 26, 2015 3:39 pm

I don't have Debian installed. I have downloaded the .debs from the Debian website, if that's what you mean. Gufw is version 12.10.0-1 from Wheezy up.
Image
"Once you can accept the universe as matter expanding into nothing that is something, wearing stripes with plaid comes easy."
- Albert Einstein

Post Reply

Return to “Networking”