Text only | Text with Images

Cobra Forum

Linux Specialised Support => Security => Topic started by: kalpana on Nov 03, 2023, 04:44 AM

Title: UBUNTU 22: Security Issues AFTER new INSTALLATION install ( rkhunter chkrootkit
Post by: kalpana on Nov 03, 2023, 04:44 AM
lets keep this thread for Ubuntu 22 security concerns after a new installation only
after a new install from U 18 to U20 to U22, now on U22, encountered some concerns likely false positives: check these out then share your own on this thread:


rkhunter OR chkrookit flagged the following

root@roots-computer:/etc/.java$
./.systemPrefs
./.systemPrefs/.system.lock
./.systemPrefs/.systemRootModFile


rkhunter Checking for prerequisites [ Warning ]
/usr/bin/lwp-request [ Warning ]
Checking for hidden files and directories [ Warning ]
Checking for passwd file changes [ Warning ]
Checking for group file changes [ Warning ]
File properties checks...
Required commands ---check failed
Files checked: 144
Suspect files: 1

Info: Disabled tests are: suspscan hidden_ports hidden_procs deleted_files packet_cap_apps apps
Info: Using syslog for some logging - facility/priority level is 'authpriv.warning'.
Info: Found the 'logger' command: /usr/bin/logger
Warning: User 'systemd-timesync' has been added to the passwd file.
Warning: User 'tss' has been added to the passwd file.
Warning: User 'tcpdump' has been added to the passwd file.
Warning: User 'fwupd-refresh' has been added to the passwd file.
Warning: User 'systemd-coredump' has been added to the passwd file.
Warning: User 'snapd-range-524288-root' has been added to the passwd file.
Warning: User 'snap_daemon' has been added to the passwd file.
Warning: User 'debian-tor' has been added to the passwd file.



Suspicious
/usr/lib/modules/5.4.0-163-generic/vdso/.build-id
/usr/lib/modules/5.15.0-84-generic/vdso/.build-id
/usr/lib/debug/.build-id
/usr/lib/ruby/vendor_ruby/rubygems/optparse/.document
/usr/lib/ruby/vendor_ruby/rubygems/ssl_certs/.document
/usr/lib/ruby/vendor_ruby/rubygems/tsort/.document
/usr/lib/ruby/gems/3.0.0/gems/minitest-5.14.2/.autotest
/usr/lib/ruby/gems/3.0.0/gems/rbs-1.0.4/.rubocop.yml
/usr/lib/ruby/gems/3.0.0/gems/power_assert-1.2.0/.travis.yml
/usr/lib/libreoffice/share/.registry



Not happy to see a new installation being flagged so many times unless there was DNS poisening , similar altering besides many apps no longer be active like Falkon. plus an extended boot time exactly 1 minute and 45 seconds from power on to desktop using an encrypted HD. plus software downloader app doesnt show installed software

Suggestions:
1- Some kind of restore point
2- Easy terminal command to verify U22 OS is secure matches Main Server besides multiple signature/hash checks etc .
3-easy list of apps compatible w/ U22
Text only | Text with Images