Re: [OT]: possible spyware?
Ron Johnson wrote:
But why would it be *on* a Linux box? Has he been infected with a
worm or rootkit?
So taking cue from your message, I ran rkhunter and got two warnings.
Here they are with some context:
--------------
Performing system configuration file checks
Checking for SSH configuration file [ Found ]
Checking if SSH root access is allowed [ Warning ]
--------------
--------------
Performing filesystem checks
Checking /dev for suspicious file types [ None found ]
Checking for hidden files and directories [ Warning ]
--------------
For hidden files and directories, the rkhunter log gave:
--------------
[13:37:07] Checking for hidden files and directories [ Warning ]
[13:37:07] Warning: Hidden directory found: /dev/.static
[13:37:07] Warning: Hidden directory found: /dev/.udev
[13:37:07] Warning: Hidden directory found: /dev/.initramfs
[13:37:07] Warning: Hidden file found: /dev/.tmp-2-0: block special (2/0)
--------------
Nothing suspicious here, is there?
Regarding the root login via SSH, the log says:
--------------
[13:36:44] Checking if SSH root access is allowed [ Warning ]
[13:36:44] Warning: The SSH and rkhunter configuration options should be
the same:
[13:36:44] SSH configuration option 'PermitRootLogin': yes
[13:36:44] Rkhunter configuration option 'ALLOW_SSH_ROOT_USER': no
--------------
So looks like in Ubuntu root login via SSH is not disabled. But IIRC
root account itself is disabled in Ubuntu. So this warning also is
benign ... looks like.
->HS
Reply to: