Re: rkhunter -c, doesnt show any rootkit
David Wright wrote: > On Wed 08 Jun 2016 at 22:16:03 (-), Dan Purgert wrote: >> David Wright wrote: >> > On Wed 08 Jun 2016 at 20:51:55 (+0300), Nikos Macheras wrote: >> >> On 06/07/2016 01:50 PM, to...@tuxteam.de wrote: >> >> >On Tue, Jun 07, 2016 at 01:29:28PM +0300, perlj...@gmail.com wrote: >> >> >>There is a problem to a computer, >> >> >>It loses files, not very often, files downloaded from internet. >> >> >It *only* loses files downloaded from the internet? How do you download >> >> >those files? >> >> >Are you sure that this isn't something (perhaps the browser) cleaning >> >> >up old files? >> >> The last time, was with httrack, after download files (45 files), >> >> after some minutes dissapeared. repeated three times. The computer >> >> has not any port open on external interfaces (eth0,wlan0), it runs >> >> debian wheezy .On cron i dont see something that could remove theese >> >> files. >> >> Any suggestion? >> > >> > [also] >> > >> >> The Download target was $HOME >> > >> > Whose $HOME? It would be bizarre to download a website into your own >> > home directory. Someone changing files on the other side of the world >> > could change files in your own home directory. >> >> Well, if he's /Downloading/ something (e.g. the latest *.tgz for some >> sourcecode), one would imagine it's HIS $HOME (or at least $HOME of the >> currently logged in user). This is the default action in Iceweasel -- >> or, at least on my install it was. >> >> Or have I missed something somewhere? Seems the thread got broken >> somewhere, so not 100% certain if this is the latest info ... > > The OP hasn't posted a lot of information, so I made some assumptions. > > He mentions httrack and 45 files, so I assumed he was downloading a website > rather than, say, a single tgz. httrack would be overkill for that. > But how would you like someone else's website to determine your own > home directory's files and folder structure. Ah, I see what you're getting at now -- the split in the thread threw me off what you were getting at with "someone else determining file/folder structure". I mean, if the intention was "download some remote directory in its entirety", you would pretty much start at "what they decided", and go from there (or at least I do when running wget / curl). -- |_|O|_| Registered Linux user #585947 |_|_|O| Github: https://github.com/dpurgert |O|O|O|
Re: rkhunter -c, doesnt show any rootkit
On Wed 08 Jun 2016 at 22:16:03 (-), Dan Purgert wrote: > David Wright wrote: > > On Wed 08 Jun 2016 at 20:51:55 (+0300), Nikos Macheras wrote: > >> On 06/07/2016 01:50 PM, to...@tuxteam.de wrote: > >> >On Tue, Jun 07, 2016 at 01:29:28PM +0300, perlj...@gmail.com wrote: > >> >>There is a problem to a computer, > >> >>It loses files, not very often, files downloaded from internet. > >> >It *only* loses files downloaded from the internet? How do you download > >> >those files? > >> >Are you sure that this isn't something (perhaps the browser) cleaning > >> >up old files? > >> The last time, was with httrack, after download files (45 files), > >> after some minutes dissapeared. repeated three times. The computer > >> has not any port open on external interfaces (eth0,wlan0), it runs > >> debian wheezy .On cron i dont see something that could remove theese > >> files. > >> Any suggestion? > > > > [also] > > > >> The Download target was $HOME > > > > Whose $HOME? It would be bizarre to download a website into your own > > home directory. Someone changing files on the other side of the world > > could change files in your own home directory. > > Well, if he's /Downloading/ something (e.g. the latest *.tgz for some > sourcecode), one would imagine it's HIS $HOME (or at least $HOME of the > currently logged in user). This is the default action in Iceweasel -- > or, at least on my install it was. > > Or have I missed something somewhere? Seems the thread got broken > somewhere, so not 100% certain if this is the latest info ... The OP hasn't posted a lot of information, so I made some assumptions. He mentions httrack and 45 files, so I assumed he was downloading a website rather than, say, a single tgz. httrack would be overkill for that. But how would you like someone else's website to determine your own home directory's files and folder structure. The httrack manual documents this option: X *purge old files after update where * is the default value. This does imply that httrack can remove files as well as download them (ie it tracks the files hosted somewhere else). The FAQ contains at one point: "Therefore, all other files have been deleted to show the current state of the website!" Hence my suggestion, as requested. Cheers, David.
Re: rkhunter -c, doesnt show any rootkit
David Wright wrote: > On Wed 08 Jun 2016 at 20:51:55 (+0300), Nikos Macheras wrote: >> On 06/07/2016 01:50 PM, to...@tuxteam.de wrote: >> >On Tue, Jun 07, 2016 at 01:29:28PM +0300, perlj...@gmail.com wrote: >> >>There is a problem to a computer, >> >>It loses files, not very often, files downloaded from internet. >> >It *only* loses files downloaded from the internet? How do you download >> >those files? >> >Are you sure that this isn't something (perhaps the browser) cleaning >> >up old files? >> The last time, was with httrack, after download files (45 files), >> after some minutes dissapeared. repeated three times. The computer >> has not any port open on external interfaces (eth0,wlan0), it runs >> debian wheezy .On cron i dont see something that could remove theese >> files. >> Any suggestion? > > [also] > >> The Download target was $HOME > > Whose $HOME? It would be bizarre to download a website into your own > home directory. Someone changing files on the other side of the world > could change files in your own home directory. Well, if he's /Downloading/ something (e.g. the latest *.tgz for some sourcecode), one would imagine it's HIS $HOME (or at least $HOME of the currently logged in user). This is the default action in Iceweasel -- or, at least on my install it was. Or have I missed something somewhere? Seems the thread got broken somewhere, so not 100% certain if this is the latest info ... -- |_|O|_| Registered Linux user #585947 |_|_|O| Github: https://github.com/dpurgert |O|O|O|
Re: rkhunter -c, doesnt show any rootkit
Dnia 2016-06-08, śro o godzinie 20:51 +0300, Nikos Macheras pisze: > > On 06/07/2016 01:50 PM, to...@tuxteam.de wrote: > > -BEGIN PGP SIGNED MESSAGE- > > Hash: SHA1 > > > > On Tue, Jun 07, 2016 at 01:29:28PM +0300, perlj...@gmail.com wrote: > >> Hello to list, > >> > >> There is a problem to a computer, > >> It loses files, not very often, files downloaded from internet. > > It *only* loses files downloaded from the internet? How do you download > > those files? > > > > Are you sure that this isn't something (perhaps the browser) cleaning > > up old files? > > > > Is there any other repeatable pattern? > > > >> rkhunter -c, doesnt show any rootkit, smartctl --all /dev/sdX , > >> shows a healthy hard disk. > >> > >> Any suggestion? > > Tell us more :-) > > > > regards > > - -- t > > -BEGIN PGP SIGNATURE- > > Version: GnuPG v1.4.12 (GNU/Linux) > > > > iEYEARECAAYFAldWpvwACgkQBcgs9XrR2kaulACeL60hjXFXbl2GxyQKbmxw9Y/n > > lWoAn36op+WknedtUx+eUVC1StQ8PgJe > > =zGyk > > -END PGP SIGNATURE- > > > > > Hello, > The last time, was with httrack, after download files (45 files), after > some minutes dissapeared. repeated three times. The computer has not any > port open on external interfaces (eth0,wlan0), it runs debian wheezy .On > cron i dont see something that could remove theese files. > Any suggestion? > > 1. Check logs. 2. Which fs on home?
Re: rkhunter -c, doesnt show any rootkit
On Wed 08 Jun 2016 at 20:51:55 (+0300), Nikos Macheras wrote: > On 06/07/2016 01:50 PM, to...@tuxteam.de wrote: > >On Tue, Jun 07, 2016 at 01:29:28PM +0300, perlj...@gmail.com wrote: > >>There is a problem to a computer, > >>It loses files, not very often, files downloaded from internet. > >It *only* loses files downloaded from the internet? How do you download > >those files? > >Are you sure that this isn't something (perhaps the browser) cleaning > >up old files? > The last time, was with httrack, after download files (45 files), > after some minutes dissapeared. repeated three times. The computer > has not any port open on external interfaces (eth0,wlan0), it runs > debian wheezy .On cron i dont see something that could remove theese > files. > Any suggestion? [also] > The Download target was $HOME Whose $HOME? It would be bizarre to download a website into your own home directory. Someone changing files on the other side of the world could change files in your own home directory. How familiar are you with httrack? One of its own abilities is to remove downloaded files without any specific action by yourself. That's because it tracks. What's in the logs (httrack's, that is)? Cheers, David.
Re: Lose Files, rkhunter -c, doesnt show any rootkit, healthy hard disk
Dnia 2016-06-08, śro o godzinie 21:20 +0300, Nikos Macheras pisze: > > On 06/07/2016 02:52 PM, Dan Purgert wrote: > > perlj...@gmail.com wrote: > >> Hello to list, > >> > >> There is a problem to a computer, > >> It loses files, not very often, files downloaded from internet. > >> rkhunter -c, doesnt show any rootkit, smartctl --all /dev/sdX , shows a > >> healthy hard disk. > >> > >> Any suggestion? > > Where's your "Download" target? $HOME/Downloads, $HOME, somewhere else? > > > > > > > Hello, > The Download target was $HOME > > thank you > Nikos Macheras > In this case, my every time first checkpoint is to check /usr/sbin/sshd - is it changed to another file? - check for size, md5/sha sum or ev. do binary diff. BTW. Did You checked syslog/dmesg/messages/etc? Exim is installed? What version?
Re: Lose Files, rkhunter -c, doesnt show any rootkit, healthy hard disk
On 06/07/2016 02:52 PM, Dan Purgert wrote: perlj...@gmail.com wrote: Hello to list, There is a problem to a computer, It loses files, not very often, files downloaded from internet. rkhunter -c, doesnt show any rootkit, smartctl --all /dev/sdX , shows a healthy hard disk. Any suggestion? Where's your "Download" target? $HOME/Downloads, $HOME, somewhere else? Hello, The Download target was $HOME thank you Nikos Macheras
Re: rkhunter -c, doesnt show any rootkit
On 06/07/2016 01:50 PM, to...@tuxteam.de wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On Tue, Jun 07, 2016 at 01:29:28PM +0300, perlj...@gmail.com wrote: Hello to list, There is a problem to a computer, It loses files, not very often, files downloaded from internet. It *only* loses files downloaded from the internet? How do you download those files? Are you sure that this isn't something (perhaps the browser) cleaning up old files? Is there any other repeatable pattern? rkhunter -c, doesnt show any rootkit, smartctl --all /dev/sdX , shows a healthy hard disk. Any suggestion? Tell us more :-) regards - -- t -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.12 (GNU/Linux) iEYEARECAAYFAldWpvwACgkQBcgs9XrR2kaulACeL60hjXFXbl2GxyQKbmxw9Y/n lWoAn36op+WknedtUx+eUVC1StQ8PgJe =zGyk -END PGP SIGNATURE- Hello, The last time, was with httrack, after download files (45 files), after some minutes dissapeared. repeated three times. The computer has not any port open on external interfaces (eth0,wlan0), it runs debian wheezy .On cron i dont see something that could remove theese files. Any suggestion?
Re: Lose Files, rkhunter -c, doesnt show any rootkit, healthy hard disk
perlj...@gmail.com wrote: > Hello to list, > > There is a problem to a computer, > It loses files, not very often, files downloaded from internet. > rkhunter -c, doesnt show any rootkit, smartctl --all /dev/sdX , shows a > healthy hard disk. > > Any suggestion? Where's your "Download" target? $HOME/Downloads, $HOME, somewhere else? -- |_|O|_| Registered Linux user #585947 |_|_|O| Github: https://github.com/dpurgert |O|O|O|
Lose Files, rkhunter -c, doesnt show any rootkit, healthy hard disk
Hello to list, There is a problem to a computer, It loses files, not very often, files downloaded from internet. rkhunter -c, doesnt show any rootkit, smartctl --all /dev/sdX , shows a healthy hard disk. Any suggestion? Thank you Nikos Macheras
Re: rkhunter -c, doesnt show any rootkit
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On Tue, Jun 07, 2016 at 01:29:28PM +0300, perlj...@gmail.com wrote: > Hello to list, > > There is a problem to a computer, > It loses files, not very often, files downloaded from internet. It *only* loses files downloaded from the internet? How do you download those files? Are you sure that this isn't something (perhaps the browser) cleaning up old files? Is there any other repeatable pattern? > rkhunter -c, doesnt show any rootkit, smartctl --all /dev/sdX , > shows a healthy hard disk. > > Any suggestion? Tell us more :-) regards - -- t -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.12 (GNU/Linux) iEYEARECAAYFAldWpvwACgkQBcgs9XrR2kaulACeL60hjXFXbl2GxyQKbmxw9Y/n lWoAn36op+WknedtUx+eUVC1StQ8PgJe =zGyk -END PGP SIGNATURE-
rkhunter -c, doesnt show any rootkit
Hello to list, There is a problem to a computer, It loses files, not very often, files downloaded from internet. rkhunter -c, doesnt show any rootkit, smartctl --all /dev/sdX , shows a healthy hard disk. Any suggestion? Thank you Nikos Macheras