主页 / ubuntu / 问题 / 520703
Accepted
user250155
Asked: 2014-09-06 19:29:46 +0800 CST

我应该担心 rkhunter 的这些扫描结果吗?

  • 772

我应该担心 rkhunter 的这些扫描结果吗?

[22:09:40] Info: Starting test name 'passwd_changes'
[22:09:40]   Checking for passwd file changes                [ Warning ]
[22:09:40] Warning: User 'usermetrics' has been added to the passwd file.
[22:09:40] Warning: User 'clickpkg' has been added to the passwd file.
[22:09:40]
[22:09:40] Info: Starting test name 'group_changes'
[22:09:40]   Checking for group file changes                 [ Warning ]
[22:09:40] Warning: Group 'usermetrics' has been added to the group file.
[22:09:40] Warning: Group 'clickpkg' has been added to the group file.
[22:09:40]   Checking root account shell history files       [ None found ]

正如 rkhunter 报告的那样,我在 /etc/passwd 文件的末尾看到了 usermetrics 行和 clickpkg 行。

rkhunter

1 个回答

  1. Best Answer

    没有必要担心。因为 rkhunter 在安装期间保留了 eveyfile 的数据库,并将该文件与其数据库进行比较以进行更改......如果文件已更改,它会发出警告。我不确定你创建了哪个组或安装过程中创建的任何程序,一定要查看 sudo gedit /var/log/rkhunter.log 并查找更改,主要是组和密码文件中的脚本更改已列入白名单意味着如果您更改用户的密码,它会显示错误的警告

    • 0

相关问题