My RKhuter caught 3 rootkits inside my good Manajaro, and I want to weed them out like dry weed.
Until today I had only found warning, but it seems that Manajaro has added a bit more pepper to the game.
Well, now I’ve found them, but can I just eradicate them? Is it possible to disinfect the file they bind to not lose it?
Rkhunter you want to know has an additional command to delete the threat?
How can I tell if it is a false positive?
And last but not least, how do I kill these fu**ing rootkits?
Performing system configuration file checks
Checking for an SSH configuration file [ Found ]
Checking for a running system logging daemon [ Found ]
Checking for a system logging configuration file [ Found ]
Ps. The files in question look really suspicious, also because there is ssh and they are activated with the system boot, should I worry?
Should I also publish all the warnings I received?
No, edit out personal info and post the log…we need to see the context of the warning, not the warning itself. Won’t do you any good to selectively copy/paste, either.
LOL. If you RTF[W/M], you’ll probably discover that these are not rootkits.
Ok guys I try to answer both of you for the things you need.
The system is always the same that I use in general, but if there is some particular command to type always at each asrticle I will be happy to type it if you tell me.
But how do you remove the hostname with the button at the bottom? I did not know this function.
I guarantee you that I formatted the code twice with the code button, but I don’t know why it didn’t go either way, I thought in the end it was so because it wasn’t code, i.e. it didn’t have a real command inside it but just some words coming from the terminal.
Probably the warning of having found 3 different rootkits and nothing, or probably the computer is infected, I mean I explain, until the contrary proof the anti-rootkit is there to find these malicious programs, so if you tell me that there are, and I have no other way to verify it because it was not provided by anyone “not even requesting it” I do not understand how I could think that the search for the softwere wrong, it is as if a mine identifier sounds in an area that should be decontaminated, but it should be, is not to be.
In conclusion, whether or not I know what the file system is, ssh or even if I had shaken Boole’s hand in person, it doesn’t change the fact that my humility has exposed itself here not as one who knows, but as one who learns, so instead of making a theme about computer science if we succeed, together, we can instead either expose what these elements are or directly solve the problem, that maybe as it is solved I learn it, I don’t see what I need to know who is the producer of a mine, if I still don’t know if that mine is there, if my foot on it is a problem, and if the click I just heard, could somehow do me harm.
@cscs gave you a link on how to post information. I asked you to provide the rkhunter.log. We both gave you anecdotal evidence that you do not have rootkits installed; yet your next post still does not provide any useful information, and you still seem to think that you have rootkits installed.
Look, you’re going to have to take some initiative and learn for yourself. Speaking only for myself, I am not going to just give you lists of commands to type:
You don’t learn anything that way.
You’re asking me to invest my time (searching, RTF[W/M], etc. trying to fix your problems, because it seems you can’t be bothered to do so yourself.
So, until you actually post the info you’ve been requested to post…good luck.
Guys someone who chews a little security is there? If you happen to read the post and want to find a solution together to pass the time you are welcome.
