RootKit Hunter Warnings on Mac OS X

macos security rootkit

These warnings can be quite benign. Passwd, group and syslog changes can be quite normal in the usage of the system, for example, adding users and groups.

The hidden file is part of the Man packages, so I wouldn't worry too much as Man uses alot of compressed files in gz format.

Bottom line is, even if you ignore them how can you be sure they are not dangerous. You need complete understanding of the output to interpret it.

Imagine someone setting up a complex IDS but with no idea of how to interpret the logs. That is the biggest danger.


rkhunter tends to produce a lot of false positives. Better safe than sorry for a server, but frustrating and confusing for the average computer user.

I don't mean to be cavalier, but unless you are using your laptop in some pretty unusual ways, it's exceedingly unlikely that you have a rootkit on it. So my answer is "Yes, ignore it." Frankly, I wouldn't use rkhunter at all on a laptop - assuming the laptop gets normal laptop use (so to speak) and isn't a server on the weekends or a peer-to-peer hub. (I would, however, check the firewall settings, practice safe browsing, be careful about files from other people, etc.)

Related

Windows 7 save dialog hang - any solutions?
Install windows using built-in Administrator
What exactly are user ports?
Google Chrome loses cookies
Windows 7 / 64 bit: Folder stays write protected after change
Unable to receive gmail in MS outlook
Does KVM Switch bypass GPU?
xmonad same application is appearing on both monitors
How to use boolean datatype in C?
In Django, how do you make a model refer to itself?
Regular expression [Any number]
How do I use Fiddler to modify the status code in an HTTP response?