Warning Log RKhunter

Status
Not open for further replies.
ezequielsousa

ezequielsousa

New Member
Joined
Sep 1, 2023
Messages
3
Reaction score
0
Credits
27
Rkhunter is reporting that the following processes are experiencing higher than normal memory shares. Should I be concerned? Any additional tests to find possible backdoors or Keyloogers on the system? I'm using a public city hall computer.

Markdown (GitHub flavored): 
[10:20:58] Info: Starting test name 'ipc_shared_mem'
[10:20:58] Info: The minimum shared memory segment size to be checked (in bytes): 1048576 (1,0MB)
[10:20:58]   Checking for suspicious (large) shared memory segments [ Warning ]
[10:20:58] Warning: The following suspicious (large) shared memory segments have been found:
[10:20:58]          Process: /usr/bin/xfdesktop    PID: 2251    Owner: usuario7    Size: 32MB (configured size allowed: 1,0MB)
[10:20:58]          Process: /usr/lib/firefox/firefox    PID: 2613    Owner: usuario7    Size: 2,9MB (configured size allowed: 1,0MB)
[10:20:58]          Process: /usr/lib/firefox/firefox    PID: 2613    Owner: usuario7    Size: 2,9MB (configured size allowed: 1,0MB)
[10:20:58]          Process: /usr/bin/xfce4-terminal    PID: 3163    Owner: usuario7    Size: 1,0MB (configured size allowed: 1,0MB)
 


That's your desktop (which is probably pretty busy during this process), your browser, and the terminal.

I would guess that the terminal was where you were running rkhunter from.

So, those results look okay to me. It's a warning, but you can see what it's warning you about and safely ignore that.
 
KGIII said:
That's your desktop (which is probably pretty busy during this process), your browser, and the terminal.

I would guess that the terminal was where you were running rkhunter from.

So, those results look okay to me. It's a warning, but you can see what it's warning you about and safely ignore that.
Click to expand...
I'm using a public computer (Library Prefecture - Government). How can I stay secure on this computer since dns is all gov? How do I know if I am not being monitored or observed?
 
ezequielsousa said:
I'm using a public computer (Library Prefecture - Government). How can I stay secure on this computer since dns is all gov? How do I know if I am not being monitored or observed?
Click to expand...
Simple answer is - you don't - most Libraries or City governments I have seen run Windows not Linux and since it is a Library/City computer assume you are - at least being tracked - most Libraries at least in the City Library I visit - run some kind of site blocker software like Veridium, which is mostly used to block porn sites and questionable or dangerous sites, so it racks you - The Library I use requires you to scan your library card at login - so they know who you are - you will not have admin privileges - The bottom line is it is their computers they can do what they want.

You can try to use TAILS on an USB Drive providing they leave the USB Ports on and open - simply reboot the machine to the TAILS USB, but it may not grant you Internet access since the IP Address won't match and it may set off warnings of a unauthorized access.

The best answer is if you have to use it 1) Do not surf anything that may be questionable, do not use any websites that require a password to log-in they may have keyloggers installed - most people I have seen do not even consider this to be a possibility - but then again we are talking Government and all governments want to control by there very nature
 
Last edited by a moderator:
Lord Boltar said:
Simple answer is - you don't - most Libraries or City governments I have seen run Windows not Linux and since it is a Library/City computer assume you are - at least being tracked - most Libraries at least in the City Library I visit - run some kind of site blocker software like Veridium, which is mostly used to block porn sites and questionable or dangerous sites, so it racks you - The Library I use requires you to scan your library card at login - so they know who you are - you will not have admin privileges - The bottom line is it is their computers they can do what they want.

You can try to use TAILS on an USB Drive providing they leave the USB Ports on and open - simply reboot the machine to the TAILS USB, but it may not grant you Internet access since the IP Address won't match and it may set off warnings of a unauthorized access.

The best answer is if you have to use it 1) Do not surf anything that may be questionable, do not use any websites that require a password to log-in they may have keyloggers installed - most people I have seen do not even consider this to be a possibility - but then again we are talking Government and all governments want to control by there very nature
Click to expand...
Exactly. My concern is with Keyloggers. Here where I access there is a machine that I discovered the administrator password (root) - Library with Linux Ubuntu Operating Systems.
I usually look at processes and daemons on machines I don't have root access to. In the one where I have root access, I've already installed rkhunter to make it easier to perform a pentest on the system. My biggest concern is with Keyloggers as I have to access an online password database all the time.
 
ezequielsousa said:
Here where I access there is a machine that I discovered the administrator password (root)
Click to expand...
ezequielsousa said:
In the one where I have root access, I've already installed rkhunter to make it easier to perform a pentest on the system.
Click to expand...
"Discovered" the root password? Installing software on a computer that does not belong to you?

Sounds... maybe... criminal? Are you prepared for the possible consequences of your actions?

@KGIII? @wizardfromoz?
 
ezequielsousa said:
I'm using a public computer (Library Prefecture - Government). How can I stay secure on this computer since dns is all gov?
Click to expand...

You don't. There's no safety to be had on a device you down own.

atanere said:
Sounds... maybe... criminal? Are you prepared for the possible consequences of your actions?
Click to expand...

Tampering with devices you don't own is a criminal act in pretty much every country.

We do not support illegal activities, nor condone illegal activities. As such, I'm going to lock this thread to prevent it from going any further.

Remember, don't break the law. And, if you do, don't be the kind of person that tries to do it on a computer operated by a government agency.
 
Agreed

Lord Boltar said:
most Libraries or City governments I have seen run Windows not Linux
Click to expand...

There is a lot greater penetration and usage of Linux in Brasil than most people realise.

A number of years ago they converted a considerable number of ATMs to LInux.

Wizard
 
Status
Not open for further replies.

Staff online

Members online

Total: 760 (members: 5, guests: 755)

Latest posts

Top