Still on the first of security links.
I have solved the above one, in that it is something internal in distro, and it is not trying access externally. Its common behaviour in many Linux distros.
ufw logs clear.
netstat
shows no foreign connection or any to /bin/sh or /bin/su
trace backs running clear currently. ( I was allowed to connect LL, for this and can show them montoring and ufw results)
rkhunter, I have discovered it is false positive, something to do with package manager, Debian say its been fixed.
rkhunter wiki has this for updates which I had done before using it and since then.
On ubuntu forums notice the help
from this I found a way to update the database
Neither are on the rkhunter wiki it is a different method and commands.
This found and updated the list of false positives in rkhunter that propupd didn't find.
I then edited the rkhunter.conf file as admin saved and used
As per the conf to update rkhunter with these changes.
It now runs with no results detected, only everything Okay, not found, or clear.
I have updated LL and notice that both Perl and Pulse have many updates it may help in chkrootkit which I'll start on tomorrow.
Update -
.bash_profile, .bash_rc, .profile, /etc/profile - all clear of other uses
Update 2 -
samba activity noted above, this is a cron job to back up samba password each day.
no cron jobs set at root
cron.d empty/no issues found
cron.daily / all clean no issues found
cron.hourly, cron.monthly empty/no issues found
cron.weekly all clean no issues found
All checking manually.
no backdoors, hooks escalated priviledges found , all clean.
/etc/ld.so.conf.d
no malicious linkages found
/etc/rc.local clean
/etc/rc0 thru 6 all files checked all clean
/etc/init.d clean
/etc/network all files clean
/etc/NetworkManager all files cleanÂ
I have solved the above one, in that it is something internal in distro, and it is not trying access externally. Its common behaviour in many Linux distros.
ufw logs clear.
netstat
Code:
sudo watch netstat -anlpshows no foreign connection or any to /bin/sh or /bin/su
trace backs running clear currently. ( I was allowed to connect LL, for this and can show them montoring and ufw results)
rkhunter, I have discovered it is false positive, something to do with package manager, Debian say its been fixed.
rkhunter wiki has this for updates which I had done before using it and since then.
Code:
sudo rkhunter --propupdOn ubuntu forums notice the help
Code:
sudo rkhunter - hfrom this I found a way to update the database
Code:
sudo rkhunter --updateNeither are on the rkhunter wiki it is a different method and commands.
This found and updated the list of false positives in rkhunter that propupd didn't find.
I then edited the rkhunter.conf file as admin saved and used
Code:
sudo rkhunter -CAs per the conf to update rkhunter with these changes.
It now runs with no results detected, only everything Okay, not found, or clear.
I have updated LL and notice that both Perl and Pulse have many updates it may help in chkrootkit which I'll start on tomorrow.
Update -
.bash_profile, .bash_rc, .profile, /etc/profile - all clear of other uses
Update 2 -
samba activity noted above, this is a cron job to back up samba password each day.
no cron jobs set at root
cron.d empty/no issues found
cron.daily / all clean no issues found
cron.hourly, cron.monthly empty/no issues found
cron.weekly all clean no issues found
All checking manually.
Code:
printenv/etc/ld.so.conf.d
no malicious linkages found
/etc/rc.local clean
/etc/rc0 thru 6 all files checked all clean
/etc/init.d clean
/etc/network all files clean
/etc/NetworkManager all files cleanÂ