On Sunday 25 October 2015 15:09:41 ame...@amenex.com wrote: > Previously I wrote: > > ... The second-to-last thing the system does is upgrade my ClamAV > > database by running freeclam. Then it says, "Starting tor daemon." > > In response to my concern, Gene Heskett suggested: > > Have you run the rootkit checkers? That would be my first thought. > > The whole text of what I finally caught during shutdown was actually: > > * Starting ClamAV virus database updater freshclam > > * Starting tor daemon... > > In response to Gene's suggestion, I installed ChkRootKit and RKHunter > and used them to look around. All there was, were some false positives > and no agreement on warnings. > > Interestingly, when I installed CHKRootKit, the following message appeared: > > The following packages were automatically installed and are no > > longer required: > > libseccomp2 tor tor-geoipdb torsocks xul-ext-torproxy > > Use 'apt-get autoremove' to remove them. > > Which I promptly did: > > sudo apt-get autoremove > > Reading package lists... Done > > Building dependency tree Reading state information... Done > > The following packages will be REMOVED: > > libseccomp2 tor tor-geoipdb torsocks xul-ext-torproxy > > That is the same list as above, mostly tor-related. > > Now it's wait & see until that ultra-brief message pops up again > during shutdown. > > Thanks, Gene, for your very useful suggestion.
You are welcome. Generally we linux users are carefull enough that we don't often allow a root kit to get in. I am rather proactive about that, making sure that all my systems are hidden behind a router running dd-wrt. Only one port is forwarded thru it to this machine only. Thats how you can see my web page in the signature. The web server runs in a sandbox with quite high walls. They haven't been breached in close to a decade. But there is always the chance, so use the tools we have, even if they are a bit long in the tooth. Cheers, Gene Heskett -- "There are four boxes to be used in defense of liberty: soap, ballot, jury, and ammo. Please use in that order." -Ed Howdershelt (Author) Genes Web page <http://geneslinuxbox.net:6309/gene> _______________________________________________ Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml
