Re: Should I install chkrootkit?

To: debian-user@lists.debian.org
Subject: Re: Should I install chkrootkit?
From: Joe <joe@jretrading.com>
Date: Sun, 8 Jun 2014 23:09:24 +0100
Message-id: <[🔎] 20140608230924.5b82e63c@jretrading.com>
In-reply-to: <[🔎] bvk1spFgaklU1@mid.individual.net>
References: <[🔎] 1401881925.65741.YahooMailNeo@web141002.mail.bf1.yahoo.com> <[🔎] 20140604122920.GU5101@europecamions-interactive.com> <[🔎] bvc9b2Fs5t6U1@mid.individual.net> <[🔎] 20140606073708.GJ31467@europecamions-interactive.com> <[🔎] bvk1spFgaklU1@mid.individual.net>

On Sun, 8 Jun 2014 17:11:53 -0400
Charles Kroeger <ckrogrr@frankensteinface.com> wrote:

> On Fri, 06 Jun 2014 09:40:02 +0200
> David Guyot <david.guyot@europecamions-interactive.com> wrote:
> 
> > I would suggest you to reinstall sysvinit,
> 
> Just to follow up on your suggestion of yesterday after a reboot
> today, yes the 'infected' warning in chkrootkit still appears after
> the sysvinit re-install.
> 
> Since however as stated last night, rkhunter says no, so I'm inclined
> to want to believe in the false positive results here and go with
> 'not found' in rkhunter.
> 
> next question: how does one see a 'hidden file' if one receives a
> warning in rkhunter about having two on your system? I can always
> delete /etc/.java and /etc/.fstab but what then? (why the 'dot' in
> front of the .java and .fstab)
> 
> Warning: Hidden directory found: '/etc/.java'
> Warning: Hidden file found: /etc/.fstab: ASCII text
> 
> thanks for your considerable comment so far
> 

Most GUI file managers have a setting in the View menu or Preferences
for displaying hidden files, the dotted files are normally some kind of
system or configuration file, which you usually don't want cluttering a
display of work files. You'll find plenty of dotted files and
directories in your home directory.

You might want to install mc, the Midnight Commander, and run it from
the command line for this kind of task. It shows everything and has a
simple and fairly robust text editor built in, as well as many file
processing commands. It's also easy to run as root using su or sudo,
with a GUI file manager you'll have to call it from the command line or
locate a 'File Manager as Root' menu entry. I don't like running GUI
file managers as root because I may forget, but I know if I'm using
mc, I'm doing something a bit non-standard, and I need to be careful.

I also don't have complete faith in GUI text editors to show me what's
really there, and I don't really like resorting to a hex editor for
what are basically text files, so mc is a good compromise. For me,
anyway.

-- 
Joe

Reply to:

Follow-Ups:
- Re: Should I install chkrootkit?
  - From: Filip <filip@fbvnet.be>

References:
- Should I install chkrootkit?
  - From: Horatio Leragon <hleragon@yahoo.com>
- Re: Should I install chkrootkit?
  - From: David Guyot <david.guyot@europecamions-interactive.com>
- Re: Should I install chkrootkit?
  - From: Charles Kroeger <ckrogrr@frankensteinface.com>
- Re: Should I install chkrootkit?
  - From: David Guyot <david.guyot@europecamions-interactive.com>
- Re: Should I install chkrootkit?
  - From: Charles Kroeger <ckrogrr@frankensteinface.com>

Prev by Date: Re: [OFF-TOPIC technically, but relevant to this group]
Next by Date: Re: GPG Keys..... was Re: Should I install chkrootkit?
Previous by thread: Re: Should I install chkrootkit?
Next by thread: Re: Should I install chkrootkit?
Index(es):
- Date
- Thread