You are not logged in.

#1 2018-01-30 00:41:22

boogiewoogie
Member
Registered: 2017-03-30
Posts: 11

rkhunter warning "PGP Secret Sub-key"

Hey everyone,

upon running rkhunter today, I've got the warning

"/dev/shm/u1000-Shm_4708df24: PGP    Secret Sub-key -"

Something I should worry about? Should I just delete the file? What would you do?

Cheers,

boogie


Relevant log snippet here:

[01:33:36] Info: Starting test name 'filesystem'
[01:33:36] Performing filesystem checks
[01:33:36] Info: SCAN_MODE_DEV set to 'THOROUGH'
[01:33:42]   Checking /dev for suspicious file types         [ Warning ]
[01:33:42] Warning: Suspicious file types found in /dev:
[01:33:42]          /dev/shm/u1000-Shm_125376fc: data
[01:33:42]          /dev/shm/u1000-Shm_5e6546da: data
[01:33:42]          /dev/shm/u1000-Shm_4708df24: PGP	Secret Sub-key -
[01:33:43]          /dev/shm/u1000-ValveIPCSharedObj5: data
[01:33:43]   Checking for hidden files and directories       [ Warning ]
[01:33:43] Warning: Hidden file found: /etc/.updated: ASCII text
[01:33:43] Warning: Hidden file found: /usr/share/man/man5/.k5identity.5.gz: gzip compressed data, max compression, from Unix
[01:33:43] Warning: Hidden file found: /usr/share/man/man5/.k5login.5.gz: gzip compressed data, max compression, from Unix
[01:33:43]   Checking for missing log files                  [ Skipped ]
[01:33:43]   Checking for empty log files                    [ Skipped ]
[01:33:49]

Edit: Clamscan doesn't drop me a warning on the file. Doesn' say much I guess.

Last edited by boogiewoogie (2018-01-30 00:53:04)

Offline

#2 2018-01-30 02:32:03

eschwartz
Fellow
Registered: 2014-08-08
Posts: 4,097

Re: rkhunter warning "PGP Secret Sub-key"

That is a manpage for the .k5login configuration file, and see the contents of /etc/.updated for the reason why it exists.

Unfortunately, rkhunter is sort of a foolish program motivated by foolish concepts. As it has demonstrated here, by somehow deciding that dotfiles are a sign of something shady.

There are more than enough programs that use /dev/shm for temporary data files as well, I'm not sure why that is supposed to be meaningful.


Managing AUR repos The Right Way -- aurpublish (now a standalone tool)

Offline

#3 2018-01-30 05:03:50

Leonid.I
Member
From: Aethyr
Registered: 2009-03-22
Posts: 999

Re: rkhunter warning "PGP Secret Sub-key"

Yes, rkhunter is like a typical windows antivirus from 90s. It has a fixed list of known exploits and scans against them... On top of that, you *must not* run rkhunter on a machine that you want to test for possible infections, you must do it from a safe live media.


Arch Linux is more than just GNU/Linux -- it's an adventure
pkill -9 systemd

Offline

#4 2018-01-30 10:33:41

boogiewoogie
Member
Registered: 2017-03-30
Posts: 11

Re: rkhunter warning "PGP Secret Sub-key"

Oh, alright, that's good to know. Thanks a lot!

Offline

Board footer

Powered by FluxBB