[Freeipa-users] FreeIPA, rkhunter & "unknown rootkit"
Anthony Messina
amessina at messinet.com
Mon Jul 23 09:08:25 UTC 2012
I have installed freeipa-server-2.2.0-1.fc17.x86_64 and it's running
well. I have also installed rkhunter-1.4.0-1.fc17.noarch on the IPA
server and each morning I receive the following report from rkhunter.
I imagine/hope that these are not actual rootkits and was wondering if
anyone knew of a way to inform rkhunter/rkhunter.conf to "never mind"
these as they seem like they would be a normal part of the IPA/CA process.
By the way, UID 995 is the pkiuser on my IPA system.
Thanks for any input. -A
rkhunter warning output follows:
Warning: The following processes are using suspicious files:
Command: java
UID: 995 PID: 1513
Pathname: /var/log/pki-ca/system
Possible Rootkit: Unknown rootkit
Command: java
UID: 1518 PID: 1513
Pathname: 14287633
Possible Rootkit: Unknown rootkit
Command: java
UID: 1523 PID: 1513
Pathname: 14287633
Possible Rootkit: Unknown rootkit
Command: java
UID: 1524 PID: 1513
Pathname: 14287633
Possible Rootkit: Unknown rootkit
Command: java
UID: 1525 PID: 1513
Pathname: 14287633
Possible Rootkit: Unknown rootkit
Command: java
UID: 1526 PID: 1513
Pathname: 14287633
Possible Rootkit: Unknown rootkit
Command: java
UID: 1527 PID: 1513
Pathname: 14287633
Possible Rootkit: Unknown rootkit
Command: java
UID: 1528 PID: 1513
Pathname: 14287633
Possible Rootkit: Unknown rootkit
Command: java
UID: 1529 PID: 1513
Pathname: 14287633
Possible Rootkit: Unknown rootkit
Command: java
UID: 1530 PID: 1513
Pathname: 14287633
Possible Rootkit: Unknown rootkit
Command: java
UID: 1531 PID: 1513
Pathname: 14287633
Possible Rootkit: Unknown rootkit
Command: java
UID: 1540 PID: 1513
Pathname: 14287633
Possible Rootkit: Unknown rootkit
Command: java
UID: 1541 PID: 1513
Pathname: 14287633
Possible Rootkit: Unknown rootkit
Command: java
UID: 1557 PID: 1513
Pathname: 14287633
Possible Rootkit: Unknown rootkit
Command: java
UID: 1558 PID: 1513
Pathname: 14287633
Possible Rootkit: Unknown rootkit
Command: java
UID: 1559 PID: 1513
Pathname: 14287633
Possible Rootkit: Unknown rootkit
Command: java
UID: 1560 PID: 1513
Pathname: 14287633
Possible Rootkit: Unknown rootkit
Command: java
UID: 1561 PID: 1513
Pathname: 14287633
Possible Rootkit: Unknown rootkit
Command: java
UID: 1628 PID: 1513
Pathname: 14287633
Possible Rootkit: Unknown rootkit
Command: java
UID: 1629 PID: 1513
Pathname: 14287633
Possible Rootkit: Unknown rootkit
Command: java
UID: 1636 PID: 1513
Pathname: 14287633
Possible Rootkit: Unknown rootkit
Command: java
UID: 1638 PID: 1513
Pathname: 14287633
Possible Rootkit: Unknown rootkit
Command: java
UID: 1641 PID: 1513
Pathname: 14287633
Possible Rootkit: Unknown rootkit
Command: java
UID: 1643 PID: 1513
Pathname: 14287633
Possible Rootkit: Unknown rootkit
Command: java
UID: 1646 PID: 1513
Pathname: 14287633
Possible Rootkit: Unknown rootkit
Command: java
UID: 1648 PID: 1513
Pathname: 14287633
Possible Rootkit: Unknown rootkit
Command: java
UID: 1651 PID: 1513
Pathname: 14287633
Possible Rootkit: Unknown rootkit
Command: java
UID: 1653 PID: 1513
Pathname: 14287633
Possible Rootkit: Unknown rootkit
Command: java
UID: 1654 PID: 1513
Pathname: 14287633
Possible Rootkit: Unknown rootkit
Command: java
UID: 1655 PID: 1513
Pathname: 14287633
Possible Rootkit: Unknown rootkit
Command: java
UID: 1658 PID: 1513
Pathname: 14287633
Possible Rootkit: Unknown rootkit
Command: java
UID: 1660 PID: 1513
Pathname: 14287633
Possible Rootkit: Unknown rootkit
Command: java
UID: 1662 PID: 1513
Pathname: 14287633
Possible Rootkit: Unknown rootkit
Command: java
UID: 1663 PID: 1513
Pathname: 14287633
Possible Rootkit: Unknown rootkit
Command: java
UID: 1664 PID: 1513
Pathname: 14287633
Possible Rootkit: Unknown rootkit
Command: java
UID: 1665 PID: 1513
Pathname: 14287633
Possible Rootkit: Unknown rootkit
Command: java
UID: 1666 PID: 1513
Pathname: 14287633
Possible Rootkit: Unknown rootkit
Command: java
UID: 1667 PID: 1513
Pathname: 14287633
Possible Rootkit: Unknown rootkit
Command: java
UID: 1668 PID: 1513
Pathname: 14287633
Possible Rootkit: Unknown rootkit
Command: java
UID: 1670 PID: 1513
Pathname: 14287633
Possible Rootkit: Unknown rootkit
Command: java
UID: 1671 PID: 1513
Pathname: 14287633
Possible Rootkit: Unknown rootkit
Command: java
UID: 1672 PID: 1513
Pathname: 14287633
Possible Rootkit: Unknown rootkit
Command: java
UID: 1673 PID: 1513
Pathname: 14287633
Possible Rootkit: Unknown rootkit
Command: java
UID: 1674 PID: 1513
Pathname: 14287633
Possible Rootkit: Unknown rootkit
Command: java
UID: 1675 PID: 1513
Pathname: 14287633
Possible Rootkit: Unknown rootkit
Command: java
UID: 1676 PID: 1513
Pathname: 14287633
Possible Rootkit: Unknown rootkit
Command: java
UID: 1677 PID: 1513
Pathname: 14287633
Possible Rootkit: Unknown rootkit
Command: java
UID: 1678 PID: 1513
Pathname: 14287633
Possible Rootkit: Unknown rootkit
Command: java
UID: 1679 PID: 1513
Pathname: 14287633
Possible Rootkit: Unknown rootkit
Command: java
UID: 1680 PID: 1513
Pathname: 14287633
Possible Rootkit: Unknown rootkit
Command: java
UID: 2254 PID: 1513
Pathname: 14287633
Possible Rootkit: Unknown rootkit
Command: java
UID: 2255 PID: 1513
Pathname: 14287633
Possible Rootkit: Unknown rootkit
Command: java
UID: 2256 PID: 1513
Pathname: 14287633
Possible Rootkit: Unknown rootkit
Command: java
UID: 2257 PID: 1513
Pathname: 14287633
Possible Rootkit: Unknown rootkit
Command: java
UID: 2418 PID: 1513
Pathname: 14287633
Possible Rootkit: Unknown rootkit
Command: java
UID: 2419 PID: 1513
Pathname: 14287633
Possible Rootkit: Unknown rootkit
Command: java
UID: 2420 PID: 1513
Pathname: 14287633
Possible Rootkit: Unknown rootkit
Command: java
UID: 2421 PID: 1513
Pathname: 14287633
Possible Rootkit: Unknown rootkit
--
Anthony - http://messinet.com - http://messinet.com/~amessina/gallery
8F89 5E72 8DF0 BCF0 10BE 9967 92DC 35DC B001 4A4E
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 198 bytes
Desc: OpenPGP digital signature
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20120723/b49aae6d/attachment.sig>
More information about the Freeipa-users
mailing list