Yesterday I saw an article about a new Linux root kit (which requires that the user manually download and install! 
)
Out of curiosity I opened a Konsole and ran sudo rkhunter -c.
In the past it has taken less than 2 minutes for rkhunter to do its work and finish. The first time I rant it I shut it down after 10 minutes, figuring it was hung. Just before I went to bed last night I ran it again. This morning it reported that it took more than 23 minutes to do its tasks. There were LOADS of whitelists and other warnings. When I went to check /var/log/rkhunter.log it was not there. The log.1 backup was and it contained the overnight run results, which is why I knew about the whitelist and other warnings.
I also used the "--propupdate" , "--update" and "-c-sk" parameters as well. They didn't change anything.
I have been concerned about my installation since trying qumu/kvm/virt-manager last week. While running them, and since I purged them, my system has been sluggish. Normally Konsole would snap open when I clicked its launcher in my quicklaunch tray. Now it takes 5 to 10 seconds, as do most apps. KMonitor does not show any other apps consuming time or cycles.
I used the purge option to uninstall them and noted afterward that LOTS of config files and other detritus remained, which I remove manually. The failure of the purge option is important. For example, even purged, the kvm-qemu-system-x86_64, continued to install during bootup. I removed those from systemd and other places, and while I was at it I purged Tor and the Tor-Browser. All warnings I usually got during the boot up were cleared. But, the sluggishness remained.
After the faulty behavior of rkhunter yesterday I decided to purge it, reinstall it and run it again this morning. When I selected it for purge in Muon it reported that rkhunter and 10 other packages will be removed. I checked through the list and did not notice any important packages among the list. Certainly nothing related to the plasma desktop or Neon. I clicked OK and Muon then reported that it was removing 27 packages! There was no point in stopping the removal because it would not allow Muon to populate the History, and that is what I planned to use to reinstall the deleted apps.
Here is an image of part of the list:
The Konsole in the rear is busy reinstalling the removed packages.
The purge option should have removed the config and data files for those apps, but it did not. After re-installing Kpgp my kpgp keyring was intact. Checking the repository I found that the authentication keys for Kubuntu and Neon were still listed.
IF my system is infected a possible route could be the WINE installation, which I am using to run a Windows dev program.
Now that the manual re-installation of the deleted packages has finished I am going to reboot. If the sluggishness remains I am going putsz around a few days to try and locate the bottle neck and if I can't I will reinstall both Kubntu 16.04 and Neon.
)Out of curiosity I opened a Konsole and ran sudo rkhunter -c.
In the past it has taken less than 2 minutes for rkhunter to do its work and finish. The first time I rant it I shut it down after 10 minutes, figuring it was hung. Just before I went to bed last night I ran it again. This morning it reported that it took more than 23 minutes to do its tasks. There were LOADS of whitelists and other warnings. When I went to check /var/log/rkhunter.log it was not there. The log.1 backup was and it contained the overnight run results, which is why I knew about the whitelist and other warnings.
I also used the "--propupdate" , "--update" and "-c-sk" parameters as well. They didn't change anything.
I have been concerned about my installation since trying qumu/kvm/virt-manager last week. While running them, and since I purged them, my system has been sluggish. Normally Konsole would snap open when I clicked its launcher in my quicklaunch tray. Now it takes 5 to 10 seconds, as do most apps. KMonitor does not show any other apps consuming time or cycles.
I used the purge option to uninstall them and noted afterward that LOTS of config files and other detritus remained, which I remove manually. The failure of the purge option is important. For example, even purged, the kvm-qemu-system-x86_64, continued to install during bootup. I removed those from systemd and other places, and while I was at it I purged Tor and the Tor-Browser. All warnings I usually got during the boot up were cleared. But, the sluggishness remained.After the faulty behavior of rkhunter yesterday I decided to purge it, reinstall it and run it again this morning. When I selected it for purge in Muon it reported that rkhunter and 10 other packages will be removed. I checked through the list and did not notice any important packages among the list. Certainly nothing related to the plasma desktop or Neon. I clicked OK and Muon then reported that it was removing 27 packages! There was no point in stopping the removal because it would not allow Muon to populate the History, and that is what I planned to use to reinstall the deleted apps.
Here is an image of part of the list:
The Konsole in the rear is busy reinstalling the removed packages.
The purge option should have removed the config and data files for those apps, but it did not. After re-installing Kpgp my kpgp keyring was intact. Checking the repository I found that the authentication keys for Kubuntu and Neon were still listed.
IF my system is infected a possible route could be the WINE installation, which I am using to run a Windows dev program.
Now that the manual re-installation of the deleted packages has finished I am going to reboot. If the sluggishness remains I am going putsz around a few days to try and locate the bottle neck and if I can't I will reinstall both Kubntu 16.04 and Neon.
Comment