noob-buntu_orangeJoe
New Member
Hi! super-new-to-linux user here! Upgraded due to some longstanding security issues.
I've had a few issues running ubuntu since installation which need troubleshooting, one of them however is checking for rootkits.
ive run both chkrootkit and rkhunter and im not fully understanding what exactly im looking at when i look at the warning flags. a few of these file directories ive seen in other forums where it was stated that chkrootkit needs to know what package manager the user was running (still figuring out what that is other than of course...a program....which manages....packages???). other file directories i havent found at all.
the chkrootkit "suspicious files and dirs" list seems to get longer with each thing i download to my computer so ive been assuming it's got to do with that.
then there's "packet sniffer"/ifpromisc :
rkhunter's warnings start with usr/bin/lwp-request, which several other forums have said seems like a false positive- I'm curious as to what this file is and why it throws a warning.
Other warning is SSH root access being allowed. I configured my firewall to allow connectivity to certain SSH ports so i could play a specific game intended for teaching SSH? (its not port 22.) i dont know if this is referring specifically to that or if i should be tighter with my firewall security when im not actively playing bash wargames?
and finally the last warning is for hidden files and directories, which... i wouldnt know the first thing about what to check out or what my concerns should be there.
i guess the main question is 1) how concerned should i really be? and 2) how do i get rid of warnings for items that aren't a threat?
I've had a few issues running ubuntu since installation which need troubleshooting, one of them however is checking for rootkits.
ive run both chkrootkit and rkhunter and im not fully understanding what exactly im looking at when i look at the warning flags. a few of these file directories ive seen in other forums where it was stated that chkrootkit needs to know what package manager the user was running (still figuring out what that is other than of course...a program....which manages....packages???). other file directories i havent found at all.
the chkrootkit "suspicious files and dirs" list seems to get longer with each thing i download to my computer so ive been assuming it's got to do with that.
then there's "packet sniffer"/ifpromisc :
rkhunter's warnings start with usr/bin/lwp-request, which several other forums have said seems like a false positive- I'm curious as to what this file is and why it throws a warning.
Other warning is SSH root access being allowed. I configured my firewall to allow connectivity to certain SSH ports so i could play a specific game intended for teaching SSH? (its not port 22.) i dont know if this is referring specifically to that or if i should be tighter with my firewall security when im not actively playing bash wargames?
and finally the last warning is for hidden files and directories, which... i wouldnt know the first thing about what to check out or what my concerns should be there.
i guess the main question is 1) how concerned should i really be? and 2) how do i get rid of warnings for items that aren't a threat?
Last edited: