Re: [rkhunter] coyote.coyote.den - Daily report
On Monday 27 November 2017 17:32:44 deloptes wrote:
> Gene Heskett wrote:
> > Warning: The following suspicious shared
> >
> >> memory segments have been found: Process:
> >> /usr/lib/firefox-esr/firefox-esr PID: 16994 Owner: gene
> >> Process: /usr/lib/firefox-esr/firefox-esr PID: 16994 Owner:
> >> gene Warning:
>
> do you have this same today?
>
That is todays. I have it set to scan at nominally 14:30 each day.
So unless I run it by hand, I won't get another email from it till
Tuesday afternoon. So we'll see if its a fluke.
> the message is pretty clear - warning: suspicious shared memory
> segments
>
> might be rkhunter got smarter or there was really something messed in
> memory?
Dunno. Ran it by hand, and found this:
Warning: The following suspicious shared memory segments have been found:
[21:15:19] Process: /usr/lib/firefox-esr/firefox-esr PID:
16994 Owner: gene
[21:15:19] Process: /usr/lib/firefox-esr/firefox-esr PID:
16994 Owner: gene
And at the end of the log, "possible rootkits: 3", scanning back up the
log now. Its fussing about the ports portsentry uses. Running it again
after a --propupd run.
Didn't change much if anything. System "feels" absolutely normal. Goes
off to see about an interface card I am changing on one of the other
machines. If it keeps it up, I'll rejoin the rkhunter list and post it
there.
rkhunter itself hasn't been updated in yonks, config files, yes, but not
rkhunter itself.
Sorry bout the noise.
> regards
Cheers Deloptes, Gene Heskett
--
"There are four boxes to be used in defense of liberty:
soap, ballot, jury, and ammo. Please use in that order."
-Ed Howdershelt (Author)
Genes Web page <http://geneslinuxbox.net:6309/gene>
Reply to: