[opensuse] rkhunter warning about shared memory segments
Hardware: Lenovo X201 (ironlake with 8 GB Ram). OS: Leap 15 (upgraded from 42.3 (the latter was a fresh install). Program: rkhunter (issues a warning) To be known: the lenovo had a ram issue with memtest claiming errors. At the very time I received the first of these warnings. Therefore that could(!) be related. In the meanwhile the SO-DIMM have been changed. Memtest shows no errors now. But to my surprise, after about three days (not at once) I get again the above mentioned message that goes: Warning: The following suspicious shared memory segments have been found: Process: /usr/bin/ksmserver PID: 1968 Owner: connectix Process: /usr/bin/kontact PID: 3110 Owner: mercurio Process: /usr/bin/yakuake PID: 3534 Owner: entropia Process: /usr/bin/kontact PID: 4345 Owner: entropia Process: /usr/lib64/firefox/firefox PID: 4654 Owner: entropia Process: /usr/lib64/firefox/firefox PID: 4654 Owner: entropia Process: /usr/lib64/firefox/firefox PID: 4654 Owner: entropia Process: /usr/lib64/firefox/firefox PID: 4654 Owner: entropia Process: /usr/lib64/firefox/firefox PID: 4654 Owner: entropia Process: /usr/lib64/firefox/firefox PID: 4654 Owner: entropia Process: /usr/lib64/firefox/firefox PID: 4654 Owner: entropia Process: /usr/lib64/firefox/firefox PID: 4654 Owner: entropia Process: /usr/lib64/firefox/firefox PID: 4654 Owner: entropia Process: /usr/lib64/firefox/firefox PID: 4654 Owner: entropia Process: /usr/lib64/firefox/firefox PID: 4654 Owner: entropia Process: /usr/lib64/firefox/firefox PID: 4654 Owner: entropia Process: /usr/bin/kontact PID: 4345 Owner: entropia Process: /usr/lib64/firefox/firefox PID: 4654 Owner: entropia Process: /usr/lib64/firefox/firefox PID: 4654 Owner: entropia Process: /usr/lib64/firefox/firefox PID: 4654 Owner: entropia Process: /usr/lib64/firefox/firefox PID: 4654 Owner: entropia Process: /usr/lib64/firefox/firefox PID: 4654 Owner: entropia Process: /usr/lib64/firefox/firefox PID: 4654 Owner: entropia Process: /usr/lib64/firefox/firefox PID: 20923 Owner: mercurio Process: /usr/lib64/firefox/firefox PID: 20923 Owner: mercurio Process: /usr/lib64/firefox/firefox PID: 4654 Owner: entropia Process: /usr/lib64/firefox/firefox PID: 4654 Owner: entropia Process: /usr/lib64/firefox/firefox PID: 4654 Owner: entropia Process: /usr/lib64/firefox/firefox PID: 4654 Owner: entropia Process: /usr/bin/ksmserver PID: 3482 Owner: entropia This could be: an issue with the some test of rkhunter failing on leap 15 or of course still an issue with the software damaged before (but then, why I am getting these warnings not every day? Or really some malware problem (I doubt it, but the system is open to all exploits of spectre, meltdown etc, so in remote theory it "could" be). Did anybody encounter this type of warning? Does anybody know if a previous faulty ram (even after repair) could be responsible? I wanted to ask before proceeding to a fresh install as it is a lot of work. entropia is the user for all tasks and receives root mail mercurio just handles kontact connectix just handels network related tasks and is usually the first user to be logged in. What else (setting etc) could cause shared memory segments. P.S. today again: Warning: The following suspicious shared memory segments have been found: Process: /usr/bin/ksmserver PID: 2526 Owner: mercurio Process: /usr/bin/kontact PID: 2889 Owner: mercurio Process: /usr/lib64/firefox/firefox PID: 3798 Owner: entropia Process: /usr/bin/kontact PID: 6286 Owner: entropia Process: /usr/lib64/firefox/firefox PID: 3798 Owner: entropia Process: /usr/bin/kontact PID: 6286 Owner: entropia Process: /usr/bin/ksmserver PID: 3340 Owner: entropia _________________________________________________________________ ________________________________________________________ Ihre E-Mail-Postf�cher sicher & zentral an einem Ort. Jetzt wechseln und alte E-Mail-Adresse mitnehmen! https://www.eclipso.de -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
stakanov wrote:
Hardware: Lenovo X201 (ironlake with 8 GB Ram). OS: Leap 15 (upgraded from 42.3 (the latter was a fresh install). Program: rkhunter (issues a warning)
Warning: The following suspicious shared memory segments have been found:
If you google the message, you see quite a few hits - for instance: https://bugzilla.redhat.com/show_bug.cgi?id=1472299 A quick scan of that report suggests(!) the warnings you are getting are false positives that belong on a whitelist. I installed and ran rkhunter om my test system, and I got these: [08:47:50] Warning: The following suspicious shared memory segments have been found: [08:47:50] Process: /usr/lib64/firefox/firefox PID: 7887 Owner: per [08:47:50] Process: /usr/lib64/firefox/firefox PID: 7887 Owner: per [08:47:50] Process: /usr/lib64/firefox/firefox PID: 7887 Owner: per [08:47:50] Process: /usr/bin/konsole PID: 7910 Owner: per [08:47:50] Process: /usr/bin/dolphin PID: 7901 Owner: per [08:47:50] Process: /usr/lib64/firefox/firefox PID: 7887 Owner: per [08:47:50] Process: /usr/bin/ksmserver PID: 7597 Owner: per [08:47:50] Process: /usr/bin/kpat PID: 15969 Owner: per [08:47:50] Process: /usr/bin/gimp-2.8 PID: 16023 Owner: per -- Per Jessen, Zürich (18.1°C) http://www.dns24.ch/ - free dynamic DNS, made in Switzerland. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
Am Freitag, 8. Juni 2018, 09:05:46 CEST schrieb Per Jessen:
stakanov wrote:
Hardware: Lenovo X201 (ironlake with 8 GB Ram). OS: Leap 15 (upgraded from 42.3 (the latter was a fresh install). Program: rkhunter (issues a warning)
Warning: The following suspicious shared memory segments have been
A quick scan of that report suggests(!) the warnings you are getting are false positives that belong on a whitelist.
Basically, rkhunter is not meant to be used on a desktop system while a local user is logged in on a graphical DE and is actually using the system. Way too many DE apps do things that look suspicious from a rkhunter PoV. Cheers MH -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
In data venerdì 8 giugno 2018 10:00:18 CEST, Mathias Homann ha scritto:
Am Freitag, 8. Juni 2018, 09:05:46 CEST schrieb Per Jessen:
stakanov wrote:
Hardware: Lenovo X201 (ironlake with 8 GB Ram). OS: Leap 15 (upgraded from 42.3 (the latter was a fresh install). Program: rkhunter (issues a warning)
Warning: The following suspicious shared memory segments have been
A quick scan of that report suggests(!) the warnings you are getting are false positives that belong on a whitelist.
Basically, rkhunter is not meant to be used on a desktop system while a local user is logged in on a graphical DE and is actually using the system. Way too many DE apps do things that look suspicious from a rkhunter PoV.
Cheers MH well, this is happening only since the current version. Up to this point there was nothing suspicious for it. But it is as I thought, so I will try to find out what I have to whitelist.
_________________________________________________________________ ________________________________________________________ Ihre E-Mail-Postfächer sicher & zentral an einem Ort. Jetzt wechseln und alte E-Mail-Adresse mitnehmen! https://www.eclipso.de -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
participants (3)
-
Mathias Homann -
Per Jessen -
stakanov