8

I was reading some texts about rootkits and the tools used to remove them.

I have Ubuntu 12.04.1 and rkhunter reported various warnings. I'm wondering what those are. BTW I install only original software, no suspicious programs except avast4workstation which the Software Center reports as bad file (because it doesn't say how much disk space it'll use)

So, using Ubuntu with original files only and some music downloads, what's the risk? How rootkits get installed?

EDIT: I just installed and updated Ubuntu, no software (besides hunters) installed.

The warnings I got from rkhunter

/usr/bin/unhide.rb [ Warning ]  
Checking for hidden files and directories [ Warning ]
guntbert
  • 13,134
Amanda
  • 1,017
  • You question is way too general too answer meaningfully. How can anyone know if you should, or should not, be concerned? ...and no, Linux is not malware free. Who told you such nonsense? – mikewhatever Jan 31 '13 at 21:01
  • Hehehehehe. I read that most malware are not active. Sorry if I'm wrong, I'll edit my question so no one will harsh on me. – Amanda Jan 31 '13 at 21:03
  • You need to tell us specifically what rkhunter reported, in order for anyone to be able to answer this. – Eliah Kagan Jan 31 '13 at 21:05
  • /usr/bin/unhide.rb [ Warning ] - Checking for hidden files and directories [ Warning ] – Amanda Jan 31 '13 at 21:08
  • Eliah - Actually those are the 2 warnings. I wouldn't put the whole log here. – Amanda Jan 31 '13 at 21:21
  • 2
    @Amanda rkhunter is not the kind of tool you'd run to make yourself feel safe. It's a tool, written by nerds for geeks, so to speak. If it finds hidden files (Linux distros have many of those), or that a file's been changed, it throughs a warning. Look up an rkhunter tutorial if you want to learn how to interpret those warning. PS: I am sorry your question's been down-voted, ... I've actually voted it up. – mikewhatever Jan 31 '13 at 21:46
  • @Amanda Is what you added to your question the complete output of rkhunter? – Eliah Kagan Jan 31 '13 at 22:32

1 Answers1

7

rkhunter will trigger a warning any time you add an application. In this case, it's getting upset about (ironically) the security tool unhide.rb.

When you knowingly install software, you'll need to run sudo rkhunter --propupd in order to update rkhunter, so it knows what you've "okayed".

That said, rkhunter is largely for servers, which don't typically have a lot of system changes beyond initial setup. If you want something to protect against malware, you might want to consider something like BitDefender or ClamAV, something designed for desktop use.

Additionally, you may be interested in this related question, which goes into detail about Linux and malware, and why Linux is generally less prone to getting infected.

Community
  • 1
Shauna
  • 3,024
  • Thanks Shauna. ClamAV and BitDefender would scan for Windows viruses, right? While chkrootkit and rkhunter would scan Linux ones. BTW I use Clamtk + avast – Amanda Jan 31 '13 at 21:51
  • @Amanda - According to the question I linked, Clam also scans for Linux ones. – Shauna Jan 31 '13 at 21:54