Web lists-archives.com

Re: [rkhunter] coyote.coyote.den - Daily report




On Monday 27 November 2017 17:32:44 deloptes wrote:

> Gene Heskett wrote:
> > Warning: The following suspicious shared
> >
> >> memory segments have been found: Process:
> >> /usr/lib/firefox-esr/firefox-esr    PID: 16994    Owner: gene
> >> Process: /usr/lib/firefox-esr/firefox-esr    PID: 16994    Owner:
> >> gene Warning:
>
> do you have this same today?
>
That is todays. I have it set to scan at nominally 14:30 each day.

So unless I run it by hand, I won't get another email from it till 
Tuesday afternoon.  So we'll see if its a fluke.

> the message is pretty clear - warning: suspicious shared memory
> segments
>
> might be rkhunter got smarter or there was really something messed in
> memory?

Dunno. Ran it by hand, and found this:
Warning: The following suspicious shared memory segments have been found:
[21:15:19]          Process: /usr/lib/firefox-esr/firefox-esr    PID: 
16994    Owner: gene
[21:15:19]          Process: /usr/lib/firefox-esr/firefox-esr    PID: 
16994    Owner: gene

And at the end of the log, "possible rootkits: 3", scanning back up the 
log now. Its fussing about the ports portsentry uses. Running it again 
after a --propupd run.

Didn't change much if anything. System "feels" absolutely normal. Goes 
off to see about an interface card I am changing on one of the other 
machines. If it keeps it up, I'll rejoin the rkhunter list and post it 
there.

rkhunter itself hasn't been updated in yonks, config files, yes, but not 
rkhunter itself.

Sorry bout the noise.

> regards


Cheers Deloptes, Gene Heskett
-- 
"There are four boxes to be used in defense of liberty:
 soap, ballot, jury, and ammo. Please use in that order."
-Ed Howdershelt (Author)
Genes Web page <http://geneslinuxbox.net:6309/gene>