Ubuntu: rkhunter psswd and group file changes warning



Question:

Today I did a scan of my machine with rkhunter:

sudo rkhunter --checkall  

And these were the warnings that I got:

Checking for passwd file changes                         [ Warning ]  Checking for group file changes                          [ Warning ]  

Is this anything to worry about? And if it is then how should I proceed?

OS Information:

Description:    Ubuntu 14.10  Release:    14.10  


Solution:1

You need to ask yourself:

  • did I add a user?
  • did I install software that might have added a user?

Best method to use is to list the /etc/passwd file on your screen with

more /etc/passwd  

and to check for unexpected usernames.

These notices from rkhunter are more than likely caused by an out of date reference file. You might want to do a ...

sudo rkhunter --update  sudo rkhunter --propupd  

after you install new software. The 1st creates a new database reference file and the 2nd marks that reference file as a starting point.

If a rootkit is found it is likely to throw more alarms than just a notice regarding /etc/passwd. That is just a file holding your "users" and it is not enough to start a rootkit.


Note:If u also have question or solution just comment us below or mail us on toontricks1994@gmail.com
Previous
Next Post »