You are not logged in.

Pages: 1

#1 2018-01-21 15:32:42

boogiewoogie
Member
Registered: 2017-03-30
Posts: 11

rkhunter warning - how to interpret? how to proceed?

Hey folks,

today's daily rkhunter run dropped me this snippet in the log (everything else was clean, except for the obligatory egrep, fgrep, ldd warnings):

[16:19:06] Info: Starting test name 'filesystem'
[16:19:06] Performing filesystem checks
[16:19:06] Info: SCAN_MODE_DEV set to 'THOROUGH'
[16:19:12]   Checking /dev for suspicious file types         [ Warning ]
[16:19:12] Warning: Suspicious file types found in /dev:
[16:19:12]          /dev/shm/u1000-Shm_7c9b7179: data
[16:19:12]          /dev/shm/u1000-Shm_65f6e887: data
[16:19:12]          /dev/shm/u1000-Shm_69cf49e: data
[16:19:12]          /dev/shm/u1000-Shm_1ff16d60: data
[16:19:12]          /dev/shm/u1000-Shm_e2d3ef07: data
[16:19:12]          /dev/shm/u1000-Shm_f52f10a1: data
[16:19:12]          /dev/shm/u1000-Shm_d9261e01: data
[16:19:12]          /dev/shm/u1000-Shm_1d6b56a6: data
[16:19:12]          /dev/shm/u1000-Shm_8b6e4819: dBase III DBT, version number 0, next free block index 39
[16:19:12]          /dev/shm/u1000-Shm_9203d1e7: data
[16:19:13]          /dev/shm/u1000-Shm_ae0a5073: data
[16:19:13]          /dev/shm/u1000-Shm_b767c98d: data
[16:19:13]          /dev/shm/u1000-Shm_125376fc: dBase III DBT, version number 0, next free block index 290
[16:19:13]          /dev/shm/u1000-Shm_d51b763c: data
[16:19:13]          /dev/shm/u1000-Shm_cc76efc2: data
[16:19:13]          /dev/shm/u1000-Shm_11b8dc07: data
[16:19:13]          /dev/shm/u1000-Shm_bd857ed0: data
[16:19:13]          /dev/shm/u1000-Shm_3c3a3c3d: data
[16:19:13]          /dev/shm/u1000-Shm_c9edbd50: data
[16:19:13]          /dev/shm/u1000-Shm_32550313: data
[16:19:13]          /dev/shm/u1000-ValveIPCSharedObj5: data

Is this something I should worry about? What's that directory /dev/shm/ for and what are rkhunter's suspicions about?

Hope, someone knows a thing about this. smile

greetings,
boogiewoogie

Offline

#2 2018-01-21 16:26:42

robg
Member
Registered: 2015-03-05
Posts: 218

Re: rkhunter warning - how to interpret? how to proceed?

Find out what process this is associated with. This seems to be a good resource to get you started: https://gerardnico.com/wiki/linux/shared_memory

Offline

Pages: 1

Board footer

Powered by FluxBB