Fedora Linux Support Community & Resources Center

Go Back   FedoraForum.org > Fedora 19/20 > Security and Privacy
FedoraForum Search

Forgot Password? Join Us!

Security and Privacy Sadly, malware, spyware, hackers and privacy threats abound in today's world. Let's be paranoid and secure our penguins, and slam the doors on privacy exploits.

Reply
 
Thread Tools Search this Thread Display Modes
  #1  
Old 18th November 2007, 09:54 PM
rathodr Offline
Registered User
 
Join Date: Mar 2005
Location: Pennsylvania
Posts: 11
chkrootkit results -- question on root logins

I have been reading many articles but am unable to locate info. on my particular situation. Any help or guidance would be appreciated!

Just installed FC7 and am in the learning mode. So while I know not to login as root, I do so anyway to understand the system. I installed chkrootkit and ran it a few times (logging in as root, and logging in via 'su root'). In all cases, everything passes the test except for the following two msgs:

1. Checking `z2'... user root deleted or never logged from lastlog!
2. Checking `chkutmp'... The tty of the following user process(es) were not found
in /var/run/utmp !
! RUID PID TTY CMD
! root 10329 tty7 /usr/bin/Xorg :0 -br -audit 0 -auth /var/gdm/:0.Xauth -nolisten tcp vt7

In #1, I run lastlog and find that for all UIDs, lastlog reports "Never logged in". I see that /var/log/lastlog was updated around the time I installed the system. I suspect I may need to manually rotate logs, but that is a guess on my part.

In #2, I am not sure how to interpret the msg. when I run 'w', I simply get my user login session.

Any thoughts?
__________________
______________________________________________

'People Management' is kind of like pushing rope.

______________________________________________
Reply With Quote
  #2  
Old 19th November 2007, 07:40 AM
securitylover Offline
Registered User
 
Join Date: Nov 2007
Posts: 56
I have the same warnings. My tiny investigation via Google let me know these are false positives, but perhaps someone could shed a brighter light on this issue.


Quote:
Originally Posted by rathodr
I have been reading many articles but am unable to locate info. on my particular situation. Any help or guidance would be appreciated!

Just installed FC7 and am in the learning mode. So while I know not to login as root, I do so anyway to understand the system. I installed chkrootkit and ran it a few times (logging in as root, and logging in via 'su root'). In all cases, everything passes the test except for the following two msgs:

1. Checking `z2'... user root deleted or never logged from lastlog!
2. Checking `chkutmp'... The tty of the following user process(es) were not found
in /var/run/utmp !
! RUID PID TTY CMD
! root 10329 tty7 /usr/bin/Xorg :0 -br -audit 0 -auth /var/gdm/:0.Xauth -nolisten tcp vt7

In #1, I run lastlog and find that for all UIDs, lastlog reports "Never logged in". I see that /var/log/lastlog was updated around the time I installed the system. I suspect I may need to manually rotate logs, but that is a guess on my part.

In #2, I am not sure how to interpret the msg. when I run 'w', I simply get my user login session.

Any thoughts?
Reply With Quote
  #3  
Old 28th November 2007, 11:52 AM
rathodr Offline
Registered User
 
Join Date: Mar 2005
Location: Pennsylvania
Posts: 11
Apparently, I get this even after a fresh install. So, it is ok and I see this as a false positive.
I now run tripwire in addition, just to be sure.
__________________
______________________________________________

'People Management' is kind of like pushing rope.

______________________________________________
Reply With Quote
Reply

Tags
chkrootkit, logins, question, results, root

Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
chkrootkit Question P4rD0nM3 Security and Privacy 2 21st April 2008 06:46 PM
I don't understand my chkrootkit results lesliek Security and Privacy 2 3rd January 2006 06:03 PM
root logins not allowed gavinjb Using Fedora 10 21st September 2005 09:06 AM


Current GMT-time: 23:35 (Monday, 01-09-2014)

TopSubscribe to XML RSS for all Threads in all ForumsFedoraForumDotOrg Archive
logo

All trademarks, and forum posts in this site are property of their respective owner(s).
FedoraForum.org is privately owned and is not directly sponsored by the Fedora Project or Red Hat, Inc.

Privacy Policy | Term of Use | Posting Guidelines | Archive | Contact Us | Founding Members

Powered by vBulletin Copyright 2000 - 2012, vBulletin Solutions, Inc.

FedoraForum is Powered by RedHat