You are not logged in.
- Topics: Active | Unanswered
#1 2018-01-30 00:41:22
- boogiewoogie
- Member
- Registered: 2017-03-30
- Posts: 11
rkhunter warning "PGP Secret Sub-key"
Hey everyone,
upon running rkhunter today, I've got the warning
"/dev/shm/u1000-Shm_4708df24: PGP Secret Sub-key -"
Something I should worry about? Should I just delete the file? What would you do?
Cheers,
boogie
Relevant log snippet here:
[01:33:36] Info: Starting test name 'filesystem'
[01:33:36] Performing filesystem checks
[01:33:36] Info: SCAN_MODE_DEV set to 'THOROUGH'
[01:33:42] Checking /dev for suspicious file types [ Warning ]
[01:33:42] Warning: Suspicious file types found in /dev:
[01:33:42] /dev/shm/u1000-Shm_125376fc: data
[01:33:42] /dev/shm/u1000-Shm_5e6546da: data
[01:33:42] /dev/shm/u1000-Shm_4708df24: PGP Secret Sub-key -
[01:33:43] /dev/shm/u1000-ValveIPCSharedObj5: data
[01:33:43] Checking for hidden files and directories [ Warning ]
[01:33:43] Warning: Hidden file found: /etc/.updated: ASCII text
[01:33:43] Warning: Hidden file found: /usr/share/man/man5/.k5identity.5.gz: gzip compressed data, max compression, from Unix
[01:33:43] Warning: Hidden file found: /usr/share/man/man5/.k5login.5.gz: gzip compressed data, max compression, from Unix
[01:33:43] Checking for missing log files [ Skipped ]
[01:33:43] Checking for empty log files [ Skipped ]
[01:33:49]Edit: Clamscan doesn't drop me a warning on the file. Doesn' say much I guess.
Last edited by boogiewoogie (2018-01-30 00:53:04)
Offline
#2 2018-01-30 02:32:03
- eschwartz
- Fellow
- Registered: 2014-08-08
- Posts: 4,097
Re: rkhunter warning "PGP Secret Sub-key"
That is a manpage for the .k5login configuration file, and see the contents of /etc/.updated for the reason why it exists.
Unfortunately, rkhunter is sort of a foolish program motivated by foolish concepts. As it has demonstrated here, by somehow deciding that dotfiles are a sign of something shady.
There are more than enough programs that use /dev/shm for temporary data files as well, I'm not sure why that is supposed to be meaningful.
Managing AUR repos The Right Way -- aurpublish (now a standalone tool)
Offline
#3 2018-01-30 05:03:50
- Leonid.I
- Member
- From: Aethyr
- Registered: 2009-03-22
- Posts: 999
Re: rkhunter warning "PGP Secret Sub-key"
Yes, rkhunter is like a typical windows antivirus from 90s. It has a fixed list of known exploits and scans against them... On top of that, you *must not* run rkhunter on a machine that you want to test for possible infections, you must do it from a safe live media.
Arch Linux is more than just GNU/Linux -- it's an adventure
pkill -9 systemd
Offline
#4 2018-01-30 10:33:41
- boogiewoogie
- Member
- Registered: 2017-03-30
- Posts: 11
Re: rkhunter warning "PGP Secret Sub-key"
Oh, alright, that's good to know. Thanks a lot!
Offline