Today I discovered that by some mistake I had the firewall of my laptop disabled, probably for months. I tested the ports with ShieldsUp and found 0 Closed, 1 to 1023 stealth and over 1024 closed, and responding to ping ICMP. I immediately activated the UFW with its GUI and set the default: Home and the Basic configuration. Now all ports are stealth and no response to ping.
1.- I installed ClamAV and ran a full test of the home directory, it has scanned 200.000 files, about 70% and is reporting 450 possible threats, it has not finished yet.
2.- I installed:
rkhunter
chkrootkit
>Result of chkrootkit:
Code: Select all
/usr/lib/python2.7/dist-packages/PyQt4/uic/widget-plugins/.noinit /usr/lib/python3/dist-packages/PyQt5/uic/widget-plugins/.noinit /usr/lib/python3/dist-packages/PyQt4/uic/widget-plugins/.noinit /usr/lib/xmind/p2/org.eclipse.equinox.p2.engine/.settings /usr/lib/xmind/p2/org.eclipse.equinox.p2.engine/profileRegistry/XMindProfile.profile/.lock /usr/lib/xmind/p2/org.eclipse.equinox.p2.engine/profileRegistry/XMindProfile.profile/.data /usr/lib/xmind/plugins/org.eclipse.core.runtime.compatibility.registry_3.6.0.v20150318-1505/.api_description /usr/lib/jvm/.java-1.7.0-openjdk-amd64.jinfo /usr/lib/pymodules/python2.7/.path
/usr/lib/xmind/p2/org.eclipse.equinox.p2.engine/.settings /usr/lib/xmind/p2/org.eclipse.equinox.p2.engine/profileRegistry/XMindProfile.profile/.data
eth0: PACKET SNIFFER(/sbin/dhclient[2630])
unable to open wtmp-file wtmp
not tested: not found wtmp and/or lastlog file
The tty of the following user process(es) were not found
in /var/run/utmp !
! RUID PID TTY CMD
! Times/PluginPowerSaverTiny/Control/PreconnectMore/Default/*QUIC/EnabledNoId/ReportCertificateErrors/ShowAndPossiblySend/SHA1IdentityUIWarning/Enabled/SHA1ToolbarUIJanuary2016/Warning/SHA1ToolbarUIJanuary2017/Error/SSLCommonNameMismatchHandling/Enabled/*SafeBrowsingIncidentReportingService/De 0 on/Enable/PasswordSeparatedSigninFTimes/PluginPowerSaverTiny/Control/PreconnectMore/Default/*QUIC/EnabledNoId/ReportCertificateErrors/ShowAndPossiblySend/SHA1IdentityUIWarning/Enabled/SHA1ToolbarUIJanuary2016/Warning/SHA1ToolbarUIJanuary2017/Error/SSLCommonNameMismatchHandling/Enabled/*SafeBrowsingIncidentReportingService/De /PreconnectMore/Default/*QUIC/EnabledNoId/ReportCertificateErrors/ShowAndPossiblySend/SHA1IdentityUIWarning/Enabled/SHA1ToolbarUIJanuary2016/Warning/SHA1ToolbarUIJanuary2017/Error/SSLCommonNameMismatchHandling/Enabled/*SafeBrowsingIncidentReportingService/De
! --gpu-device-id=0x68c1 0 8,23,26,33,39,52,56 --gpu-driver-vendor=Mesa --gpu-driver-version=10.3.2 --gpu-driver-date --v8-natives-passed-by-fd --v8-snapshot-passed-by-fd
! ateErrors/ShowAndPossiblySend/SHA1IdentityUIWarning/Enabled/SHA1ToolbarUIJanuary2016/Warning/SHA1ToolbarUIJanuary2017/Error/SSLCommonNameMismatchHandling/Enabled/*SafeBrowsingIncidentReportingService/Default/SafeBrowsingUnverifiedDownloads/DisableByParameterMostSbTypes2/SafeBrowsingUpdateFre 0 iny/Control/*PreconnectMore/DefaulateErrors/ShowAndPossiblySend/SHA1IdentityUIWarning/Enabled/SHA1ToolbarUIJanuary2016/Warning/SHA1ToolbarUIJanuary2017/Error/SSLCommonNameMismatchHandling/Enabled/*SafeBrowsingIncidentReportingService/Default/SafeBrowsingUnverifiedDownloads/DisableByParameterMostSbTypes2/SafeBrowsingUpdateFre IdentityUIWarning/Enabled/SHA1ToolbarUIJanuary2016/Warning/SHA1ToolbarUIJanuary2017/Error/SSLCommonNameMismatchHandling/Enabled/*SafeBrowsingIncidentReportingService/Default/SafeBrowsingUnverifiedDownloads/DisableByParameterMostSbTypes2/SafeBrowsingUpdateFre
! ateErrors/ShowAndPossiblySend/SHA1IdentityUIWarning/Enabled/SHA1ToolbarUIJanuary2016/Warning/SHA1ToolbarUIJanuary2017/Error/SSLCommonNameMismatchHandling/Enabled/*SafeBrowsingIncidentReportingService/Default/SafeBrowsingUnverifiedDownloads/DisableByParameterMostSbTypes2/SafeBrowsingUpdateFre 0 iny/Control/*PreconnectMore/DefaulateErrors/ShowAndPossiblySend/SHA1IdentityUIWarning/Enabled/SHA1ToolbarUIJanuary2016/Warning/SHA1ToolbarUIJanuary2017/Error/SSLCommonNameMismatchHandling/Enabled/*SafeBrowsingIncidentReportingService/Default/SafeBrowsingUnverifiedDownloads/DisableByParameterMostSbTypes2/SafeBrowsingUpdateFre IdentityUIWarning/Enabled/SHA1ToolbarUIJanuary2016/Warning/SHA1ToolbarUIJanuary2017/Error/SSLCommonNameMismatchHandling/Enabled/*SafeBrowsingIncidentReportingService/Default/SafeBrowsingUnverifiedDownloads/DisableByParameterMostSbTypes2/SafeBrowsingUpdateFre
! cateErrors/ShowAndPossiblySend/SHA1IdentityUIWarning/Enabled/SHA1ToolbarUIJanuary2016/Warning/SHA1ToolbarUIJanuary2017/Error/SSLCommonNameMismatchHandling/Enabled/*SafeBrowsingIncidentReportingService/Default/SafeBrowsingUnverifiedDownloads/DisableByParameterMostSbTypes2/*SafeBrowsingUpdateF 0 Tiny/Control/*PreconnectMore/DefaucateErrors/ShowAndPossiblySend/SHA1IdentityUIWarning/Enabled/SHA1ToolbarUIJanuary2016/Warning/SHA1ToolbarUIJanuary2017/Error/SSLCommonNameMismatchHandling/Enabled/*SafeBrowsingIncidentReportingService/Default/SafeBrowsingUnverifiedDownloads/DisableByParameterMostSbTypes2/*SafeBrowsingUpdateF 1IdentityUIWarning/Enabled/SHA1ToolbarUIJanuary2016/Warning/SHA1ToolbarUIJanuary2017/Error/SSLCommonNameMismatchHandling/Enabled/*SafeBrowsingIncidentReportingService/Default/SafeBrowsingUnverifiedDownloads/DisableByParameterMostSbTypes2/*SafeBrowsingUpdateF
! cateErrors/ShowAndPossiblySend/SHA1IdentityUIWarning/Enabled/SHA1ToolbarUIJanuary2016/Warning/SHA1ToolbarUIJanuary2017/Error/SSLCommonNameMismatchHandling/Enabled/*SafeBrowsingIncidentReportingService/Default/SafeBrowsingUnverifiedDownloads/DisableByParameterMostSbTypes2/*SafeBrowsingUpdateF 0 Tiny/Control/*PreconnectMore/DefaucateErrors/ShowAndPossiblySend/SHA1IdentityUIWarning/Enabled/SHA1ToolbarUIJanuary2016/Warning/SHA1ToolbarUIJanuary2017/Error/SSLCommonNameMismatchHandling/Enabled/*SafeBrowsingIncidentReportingService/Default/SafeBrowsingUnverifiedDownloads/DisableByParameterMostSbTypes2/*SafeBrowsingUpdateF 1IdentityUIWarning/Enabled/SHA1ToolbarUIJanuary2016/Warning/SHA1ToolbarUIJanuary2017/Error/SSLCommonNameMismatchHandling/Enabled/*SafeBrowsingIncidentReportingService/Default/SafeBrowsingUnverifiedDownloads/DisableByParameterMostSbTypes2/*SafeBrowsingUpdateF
! root 2579 tty7 /usr/bin/X -dpi $DPI :0 -seat seat0 -auth /var/run/lightdm/root/:0 -nolisten tcp vt7 -novtswitch
3.- I ran rkhunter, this is the first time I use those tools and I do not know how to analyze the results, attached is the file:
/var/log/rkhunter.log
I appreciate a lot your help in looking at this file and the result of chkrootkit and suggesting recommendations, .
Thanks and best regards
joejac