Re: rkhunter -c, doesnt show any rootkit

To: debian-user@lists.debian.org
Subject: Re: rkhunter -c, doesnt show any rootkit
From: David Wright <deblis@lionunicorn.co.uk>
Date: Thu, 9 Jun 2016 00:00:11 -0500
Message-id: <[🔎] 20160609050011.GC21352@alum>
Mail-followup-to: debian-user@lists.debian.org
Reply-to: debian-user@lists.debian.org
In-reply-to: <[🔎] slrnnlh695.qun.dan@xps-linux.djph.net>
References: <[🔎] 5756A208.9020709@gmail.com> <[🔎] 20160607105036.GA11553@tuxteam.de> <[🔎] 57585B3B.7050503@gmail.com> <[🔎] 20160608195204.GA14791@alum> <[🔎] slrnnlh695.qun.dan@xps-linux.djph.net>

On Wed 08 Jun 2016 at 22:16:03 (-0000), Dan Purgert wrote:
> David Wright wrote:
> > On Wed 08 Jun 2016 at 20:51:55 (+0300), Nikos Macheras wrote:
> >> On 06/07/2016 01:50 PM, tomas@tuxteam.de wrote:
> >> >On Tue, Jun 07, 2016 at 01:29:28PM +0300, perljpes@gmail.com wrote:
> >> >>There is a problem to a computer,
> >> >>It loses files, not very often, files downloaded from internet.
> >> >It *only* loses files downloaded from the internet? How do you download
> >> >those files?
> >> >Are you sure that this isn't something (perhaps the browser) cleaning
> >> >up old files?
> >> The last time, was with httrack, after download files (45 files),
> >> after some minutes dissapeared. repeated three times. The computer
> >> has not any port open on external interfaces (eth0,wlan0), it runs
> >> debian wheezy .On cron i dont see something that could remove theese
> >> files.
> >> Any suggestion?
> >
> > [also]
> >
> >> The Download target was $HOME
> >
> > Whose $HOME? It would be bizarre to download a website into your own
> > home directory. Someone changing files on the other side of the world
> > could change files in your own home directory.
> 
> Well, if he's /Downloading/ something (e.g. the latest *.tgz for some
> sourcecode), one would imagine it's HIS $HOME (or at least $HOME of the
> currently logged in user).  This is the default action in Iceweasel --
> or, at least on my install it was.
> 
> Or have I missed something somewhere?  Seems the thread got broken
> somewhere, so not 100% certain if this is the latest info ... 

The OP hasn't posted a lot of information, so I made some assumptions.

He mentions httrack and 45 files, so I assumed he was downloading a website
rather than, say, a single tgz. httrack would be overkill for that.
But how would you like someone else's website to determine your own
home directory's files and folder structure.

The httrack manual documents this option:

 X *purge old files after update

where * is the default value.

This does imply that httrack can remove files as well as download them
(ie it tracks the files hosted somewhere else). The FAQ contains at
one point:
"Therefore, all other files have been deleted to show the current
state of the website!"

Hence my suggestion, as requested.

Cheers,
David.

Reply to:

Follow-Ups:
- Re: rkhunter -c, doesnt show any rootkit
  - From: Dan Purgert <dan@djph.net>

References:
- rkhunter -c, doesnt show any rootkit
  - From: perljpes@gmail.com
- Re: rkhunter -c, doesnt show any rootkit
  - From: <tomas@tuxteam.de>
- Re: rkhunter -c, doesnt show any rootkit
  - From: Nikos Macheras <perljpes@gmail.com>
- Re: rkhunter -c, doesnt show any rootkit
  - From: David Wright <deblis@lionunicorn.co.uk>
- Re: rkhunter -c, doesnt show any rootkit
  - From: Dan Purgert <dan@djph.net>

Prev by Date: Re: console fonts and systemd (was ... Re: What can AppArmor do?)
Next by Date: Re: curl and form submission
Previous by thread: Re: rkhunter -c, doesnt show any rootkit
Next by thread: Re: rkhunter -c, doesnt show any rootkit
Index(es):
- Date
- Thread