Gentoo Forums
Gentoo Forums
Gentoo Forums
Quick Search: in

  FAQ | Search | Memberlist | Usergroups | Statistics | Profile | Log in to check your private messages | Log in | Register

rkhunter suspicious file types found
 View unanswered posts
View posts from last 24 hours

 
Reply to topic    Gentoo Forums Forum Index Networking & Security
View previous topic :: View next topic  
Author Message
kernelOfTruth
Watchman
Watchman


Joined: 20 Dec 2005
Posts: 6111
Location: Vienna, Austria; Germany; hello world :)
PostPosted: Sat Oct 25, 2014 9:38 pm    Post subject: rkhunter suspicious file types found Reply with quote
Hi guys,


haven't used rkhunter for a very long time on my system (this install is basically ported over [stage4] from my old Core i7 computer -> now a Xeon Haswell) and the following really caught my eye:

Quote:
rkhunter -c --report-warnings-only
Warning: The command '/bin/egrep' has been replaced by a script: /bin/egrep: POSIX shell script, ASCII text executable
Warning: The command '/bin/fgrep' has been replaced by a script: /bin/fgrep: POSIX shell script, ASCII text executable
Warning: The command '/usr/bin/ldd' has been replaced by a script: /usr/bin/ldd: Bourne-Again shell script, ASCII text executable
Warning: The command '/usr/bin/whatis' has been replaced by a script: /usr/bin/whatis: POSIX shell script, ASCII text executable
Warning: Suspicious file types found in /dev:
/dev/shm/pulse-shm-293298847: dBase IV DBT of \300B!\326.DBF, next free block index 1, 1st item "\363\375`\377\360\375_\377\354\375]\377\350\375Y\377\345\375W\377\340\375S\377\333\375N\377\327\375H\377\322\375B\377\315\375<\377\306\3756\377\277\375/\377\271\375(\377\263\375!\377\254\375\377\244\375"
/dev/shm/pulse-shm-1773822240: data
/dev/shm/pulse-shm-1077928820: data
/dev/shm/mono.18427: data
/dev/shm/pulse-shm-3113141672: data
/dev/shm/pulse-shm-23993973: data
/dev/shm/pulse-shm-3641810469: data
Warning: Hidden file found: /usr/share/man/man5/.k5login.5: troff or preprocessor input, ASCII text
Warning: Hidden file found: /usr/share/man/man5/.k5identity.5: troff or preprocessor input, ASCII text



what does pulseaudio do with a .dbf file ?

I don't even have dev-db/xbase installed :?


edit:

this also seems to occur on Manjaro,

that's the only other occurence I found on the web so far:

http://pastebin.com/3u25YTyZ


edit2:

I'm using tomboy notes again since switching to app-misc/gnote was awfully slow with the number of notes I'm working with

is tomboy notes or mono known to use these type of databases ?


if yes - why is it interfering or sharing this with pulseaudio ?
_________________
https://github.com/kernelOfTruth/ZFS-for-SystemRescueCD/tree/ZFS-for-SysRescCD-4.9.0
https://github.com/kernelOfTruth/pulseaudio-equalizer-ladspa

Hardcore Gentoo Linux user since 2004 :D
Back to top
View user's profile Send private message
eccerr0r
Watchman
Watchman


Joined: 01 Jul 2004
Posts: 9883
Location: almost Mile High in the USA
PostPosted: Sat Oct 25, 2014 10:34 pm    Post subject: Reply with quote
Quite possibly it's just luck of the draw that pulseaudo /dev/shm shared memory files look like a corrupt dbase file, mine looks like that as well, using the sys-apps/file's magic.
_________________
Intel Core i7 2700K/Radeon R7 250/24GB DDR3/256GB SSD
What am I supposed watching?
Back to top
View user's profile Send private message
kernelOfTruth
Watchman
Watchman


Joined: 20 Dec 2005
Posts: 6111
Location: Vienna, Austria; Germany; hello world :)
PostPosted: Sun Oct 26, 2014 4:05 pm    Post subject: Reply with quote
Thanks, eccerr0r !

It only seems to appear occasionally - been running with/without tomboy several times and it didn't show

maybe it only is there when music is playing (plus/minus flash) - will further observe this ...


edit:

didn't appear this time with chromium & adobe-flash (chrome-binary-plugins)
_________________
https://github.com/kernelOfTruth/ZFS-for-SystemRescueCD/tree/ZFS-for-SysRescCD-4.9.0
https://github.com/kernelOfTruth/pulseaudio-equalizer-ladspa

Hardcore Gentoo Linux user since 2004 :D
Back to top
View user's profile Send private message
Display posts from previous:   
Reply to topic    Gentoo Forums Forum Index Networking & Security All times are GMT
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum



 Links: forums.gentoo.org | www.gentoo.org | bugs.gentoo.org | wiki.gentoo.org | forum-mods@gentoo.org

Copyright 2001-2025 Gentoo Foundation, Inc. Designed by Kyle Manna © 2003; Style derived from original subSilver theme. | Hosting by Gossamer Threads Inc. © | Powered by phpBB 2.0.23-gentoo-p11 © 2001, 2002 phpBB Group
Privacy Policy