Re: Should I install chkrootkit?
On Sun, 8 Jun 2014 17:11:53 -0400
Charles Kroeger <email@example.com> wrote:
> On Fri, 06 Jun 2014 09:40:02 +0200
> David Guyot <firstname.lastname@example.org> wrote:
> > I would suggest you to reinstall sysvinit,
> Just to follow up on your suggestion of yesterday after a reboot
> today, yes the 'infected' warning in chkrootkit still appears after
> the sysvinit re-install.
> Since however as stated last night, rkhunter says no, so I'm inclined
> to want to believe in the false positive results here and go with
> 'not found' in rkhunter.
> next question: how does one see a 'hidden file' if one receives a
> warning in rkhunter about having two on your system? I can always
> delete /etc/.java and /etc/.fstab but what then? (why the 'dot' in
> front of the .java and .fstab)
> Warning: Hidden directory found: '/etc/.java'
> Warning: Hidden file found: /etc/.fstab: ASCII text
> thanks for your considerable comment so far
Most GUI file managers have a setting in the View menu or Preferences
for displaying hidden files, the dotted files are normally some kind of
system or configuration file, which you usually don't want cluttering a
display of work files. You'll find plenty of dotted files and
directories in your home directory.
You might want to install mc, the Midnight Commander, and run it from
the command line for this kind of task. It shows everything and has a
simple and fairly robust text editor built in, as well as many file
processing commands. It's also easy to run as root using su or sudo,
with a GUI file manager you'll have to call it from the command line or
locate a 'File Manager as Root' menu entry. I don't like running GUI
file managers as root because I may forget, but I know if I'm using
mc, I'm doing something a bit non-standard, and I need to be careful.
I also don't have complete faith in GUI text editors to show me what's
really there, and I don't really like resorting to a hex editor for
what are basically text files, so mc is a good compromise. For me,