Mailinglist Archive: opensuse (1355 mails)

< Previous Next >
[opensuse] rkhunter warning about shared memory segments
Hardware: Lenovo X201 (ironlake with 8 GB Ram).
OS: Leap 15 (upgraded from 42.3 (the latter was a fresh install).
Program: rkhunter (issues a warning)

To be known: the lenovo had a ram issue with memtest claiming errors. At the
very time I received the first of these warnings. Therefore that could(!) be
related.
In the meanwhile the SO-DIMM have been changed. Memtest shows no errors now.
But to my surprise, after about three days (not at once) I get again the above
mentioned message that goes:


Warning: The following suspicious shared memory segments have been found:
Process: /usr/bin/ksmserver PID: 1968 Owner: connectix
Process: /usr/bin/kontact PID: 3110 Owner: mercurio
Process: /usr/bin/yakuake PID: 3534 Owner: entropia
Process: /usr/bin/kontact PID: 4345 Owner: entropia
Process: /usr/lib64/firefox/firefox PID: 4654 Owner: entropia
Process: /usr/lib64/firefox/firefox PID: 4654 Owner: entropia
Process: /usr/lib64/firefox/firefox PID: 4654 Owner: entropia
Process: /usr/lib64/firefox/firefox PID: 4654 Owner: entropia
Process: /usr/lib64/firefox/firefox PID: 4654 Owner: entropia
Process: /usr/lib64/firefox/firefox PID: 4654 Owner: entropia
Process: /usr/lib64/firefox/firefox PID: 4654 Owner: entropia
Process: /usr/lib64/firefox/firefox PID: 4654 Owner: entropia
Process: /usr/lib64/firefox/firefox PID: 4654 Owner: entropia
Process: /usr/lib64/firefox/firefox PID: 4654 Owner: entropia
Process: /usr/lib64/firefox/firefox PID: 4654 Owner: entropia
Process: /usr/lib64/firefox/firefox PID: 4654 Owner: entropia
Process: /usr/bin/kontact PID: 4345 Owner: entropia
Process: /usr/lib64/firefox/firefox PID: 4654 Owner: entropia
Process: /usr/lib64/firefox/firefox PID: 4654 Owner: entropia
Process: /usr/lib64/firefox/firefox PID: 4654 Owner: entropia
Process: /usr/lib64/firefox/firefox PID: 4654 Owner: entropia
Process: /usr/lib64/firefox/firefox PID: 4654 Owner: entropia
Process: /usr/lib64/firefox/firefox PID: 4654 Owner: entropia
Process: /usr/lib64/firefox/firefox PID: 20923 Owner: mercurio
Process: /usr/lib64/firefox/firefox PID: 20923 Owner: mercurio
Process: /usr/lib64/firefox/firefox PID: 4654 Owner: entropia
Process: /usr/lib64/firefox/firefox PID: 4654 Owner: entropia
Process: /usr/lib64/firefox/firefox PID: 4654 Owner: entropia
Process: /usr/lib64/firefox/firefox PID: 4654 Owner: entropia
Process: /usr/bin/ksmserver PID: 3482 Owner: entropia


This could be: an issue with the some test of rkhunter failing on leap 15
or of course still an issue with the software damaged before (but then, why I
am getting these warnings not every day?
Or really some malware problem (I doubt it, but the system is open to all
exploits of spectre, meltdown etc, so in remote theory it "could" be).

Did anybody encounter this type of warning? Does anybody know if a previous
faulty ram (even after repair) could be responsible?

I wanted to ask before proceeding to a fresh install as it is a lot of work.
entropia is the user for all tasks and receives root mail
mercurio just handles kontact
connectix just handels network related tasks and is usually the first user to
be logged in.
What else (setting etc) could cause shared memory segments.


P.S. today again:
Warning: The following suspicious shared memory segments have been found:
Process: /usr/bin/ksmserver PID: 2526 Owner: mercurio
Process: /usr/bin/kontact PID: 2889 Owner: mercurio
Process: /usr/lib64/firefox/firefox PID: 3798 Owner: entropia
Process: /usr/bin/kontact PID: 6286 Owner: entropia
Process: /usr/lib64/firefox/firefox PID: 3798 Owner: entropia
Process: /usr/bin/kontact PID: 6286 Owner: entropia
Process: /usr/bin/ksmserver PID: 3340 Owner: entropia



_________________________________________________________________
________________________________________________________
Ihre E-Mail-Postfächer sicher & zentral an einem Ort. Jetzt wechseln und alte
E-Mail-Adresse mitnehmen! https://www.eclipso.de



--
To unsubscribe, e-mail: opensuse+unsubscribe@xxxxxxxxxxxx
To contact the owner, e-mail: opensuse+owner@xxxxxxxxxxxx

< Previous Next >
Follow Ups