Hi Some days back i posted a problem / warnings reported by chkrootkit
A port 4000 came up with this error message Checking `bindshell'... INFECTED (PORTS: 4000) I also ran rkhunter these were the "warnings" i got [11:03:54] /usr/sbin/unhide [ Warning ] [11:03:54] Warning: The file '/usr/sbin/unhide' exists on the system, but it is not present in the rkhunter.dat file. [11:03:55] /usr/sbin/unhide-linux26 [ Warning ] [11:03:55] Warning: The file '/usr/sbin/unhide-linux26' exists on the system, but it is not present in the rkhunter.dat file. and the following [11:06:53] Checking /dev for suspicious file types [ Warning ] [11:06:53] Warning: Suspicious file types found in /dev: [11:06:53] /dev/shm/pulse-shm-2140383202: data [11:06:53] /dev/shm/pulse-shm-3707541799: data [11:06:53] /dev/shm/pulse-shm-797584089: data [11:06:54] /dev/shm/pulse-shm-1322839818: data [11:06:54] /dev/shm/pulse-shm-1033208539: data [11:06:54] /dev/shm/pulse-shm-2106326488: data [11:06:54] /dev/shm/pulse-shm-743709925: data [11:06:54] /dev/shm/pulse-shm-351083088: data [11:06:54] /dev/shm/pulse-shm-1331942024: data [11:06:54] /dev/shm/pulse-shm-1912260521: data [11:06:54] /dev/shm/mono.2443: data [11:06:54] /dev/shm/mono.2467: data [11:06:54] /dev/shm/pulse-shm-2905615276: data [11:06:54] /dev/shm/pulse-shm-1210813197: data [11:06:54] /dev/shm/pulse-shm-289830629: data [11:06:54] /dev/shm/pulse-shm-4191095999: data [11:06:54] Checking for hidden files and directories [ Warning ] [11:06:54] Warning: Hidden directory found: /etc/.java [11:06:54] Warning: Hidden directory found: /dev/.udev [11:06:54] Warning: Hidden directory found: /dev/.initramfs [11:07:05] [11:07:05] Checking application versions... [11:07:05] Checking version of GnuPG [ Warning ] [11:07:05] Warning: Application 'gpg', version '1.4.9', is out of date, and possibly a security risk. [11:07:06] Checking version of OpenSSL [ Warning ] [11:07:06] Warning: Application 'openssl', version '0.9.8g', is out of date, and possibly a security risk. I don't use opengpg and openssl so i guess thats ok but whats the trip with the hiddenn files i .java /.udev an .initramfs ?? ** one suggestion i got was to deny inbound traffic how does one do that in firestarter it only provides options to allow inbound traffic not deny ?? and from Ubuntu forums (thread http://ubuntuforums.org/showthread.php?t=1674668) i was suggested this ( Quote" did you update your firewall rules? (in any case block everything inbound "sudo ufw deny in from any" , "sudo ufw default deny")" how does one do this because i get any error when applying "sudo ufw deny in from any" , while this works but asks me to update m firewall rules "sudo ufw default deny" ** Am running 9.10 am wondering if older versions are more vulnerble to being attacked ?? look forward to responses and advice ram -- ubuntu-in mailing list ubuntu-in@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-in
