Home » Forum » Trisquel users
Submitted by Geshmy on Fri, 03/30/2018 - 19:33

Trisquel 8 Abrowser Strange Thing

3 replies [Last post]
Fri, 03/30/2018 - 19:33
Geshmy
Geshmy
Offline
Joined: 04/23/2015

So installed Trisquel 8 with iso downloaded 3/24/2018.

Using chkrootkit I found something strange which only happens if Abrowser is loaded. My homepage is a file on disk and there are no connections made when I start Abrowser.

Result in chkrootkit with out Abrowser loaded (but I also tried dooble browser and this was the result):

Checking `chkutmp'... chkutmp: nothing deleted

A minute later with Abrowser loaded:

Checking `chkutmp'... The tty of the following user process(es) were not found
in /var/run/utmp !
! RUID PID TTY CMD
! :0|194:1|195:0|196:1|197:1|198:0|201:1|205:1|207:1|208:0|210:1|213:0|225:0|226:0|229:0|232:1|234:1|235:1|237:1|238:0|245:1|248:1|253:0|254:1|255:1|256:1|257:1|258:1|259:1|264:0|267:1|268:1|269:1|270:1|271:1|272:0|273:0|279:1|282:0|283:0|284:1|285:1|286:0|287:1|288:1|289:1|291:0|292:0|294:0|3 86 :1|178:0|180:1|181:0|182:1|184:1|1:0|194:1|195:0|196:1|197:1|198:0|201:1|205:1|207:1|208:0|210:1|213:0|225:0|226:0|229:0|232:1|234:1|235:1|237:1|238:0|245:1|248:1|253:0|254:1|255:1|256:1|257:1|258:1|259:1|264:0|267:1|268:1|269:1|270:1|271:1|272:0|273:0|279:1|282:0|283:0|284:1|285:1|286:0|287:1|288:1|289:1|291:0|292:0|294:0|3 01:1|205:1|207:1|208:0|210:1|213:0|225:0|226:0|229:0|232:1|234:1|235:1|237:1|238:0|245:1|248:1|253:0|254:1|255:1|256:1|257:1|258:1|259:1|264:0|267:1|268:1|269:1|270:1|271:1|272:0|273:0|279:1|282:0|283:0|284:1|285:1|286:0|287:1|288:1|289:1|291:0|292:0|294:0|3
! :0|194:1|195:0|196:1|197:1|198:0|201:1|205:1|207:1|208:0|210:1|213:0|225:0|226:0|229:0|232:1|234:1|235:1|237:1|238:0|245:1|248:1|253:0|254:1|255:1|256:1|257:1|258:1|259:1|264:0|267:1|268:1|269:1|270:1|271:1|272:0|273:0|279:1|282:0|283:0|284:1|285:1|286:0|287:1|288:1|289:1|291:0|292:0|294:0|3 86 :1|178:0|180:1|181:0|182:1|184:1|1:0|194:1|195:0|196:1|197:1|198:0|201:1|205:1|207:1|208:0|210:1|213:0|225:0|226:0|229:0|232:1|234:1|235:1|237:1|238:0|245:1|248:1|253:0|254:1|255:1|256:1|257:1|258:1|259:1|264:0|267:1|268:1|269:1|270:1|271:1|272:0|273:0|279:1|282:0|283:0|284:1|285:1|286:0|287:1|288:1|289:1|291:0|292:0|294:0|3 01:1|205:1|207:1|208:0|210:1|213:0|225:0|226:0|229:0|232:1|234:1|235:1|237:1|238:0|245:1|248:1|253:0|254:1|255:1|256:1|257:1|258:1|259:1|264:0|267:1|268:1|269:1|270:1|271:1|272:0|273:0|279:1|282:0|283:0|284:1|285:1|286:0|287:1|288:1|289:1|291:0|292:0|294:0|3
chkutmp: nothing deleted

Can another Trisquel 8 user see if they get show these same results?

I don't know what this means. I found this info in the man page for utmp:
"The utmp file allows one to discover information about who is currently using the system. There may be more users currently using the system, because not all programs use utmp logging." It says a value of 0 means Empty, a value of 1 is Change in system run-level'

As soon as I put Abrowser away, chkrootkit returns to the first result, simply 'nothing deleted'

Don't have firefox installed so can't check it. Only dooble so far as alternative.

Not panicing yet but would like to confirm that my Abrowser's behaviour is as expected.

I have Decentaleyes and uBlockOrigin installed and enabled for plugins. Maybe they are the cause.

Top
  • +1
    0
    -1
    Please use the rating system to mark posts that go against the Community Guidelines
Fri, 03/30/2018 - 21:05
#1
SuperTramp83
SuperTramp83

I am a translator!

Offline
Joined: 10/31/2014

https://www.linuxquestions.org/questions/linux-security-4/chkrootkit-turned-up-problem-with-chkutmp-496382/

https://askubuntu.com/questions/566615/chkrootkit-gives-the-result-tty-of-process-not-found

https://www.howtoforge.com/community/threads/connect-network-is-unreachable.2098/

https://ubuntuforums.org/showthread.php?t=1980749

https://askubuntu.com/questions/1009846/chkrootkit-the-tty-of-the-following-user-processes-not-found

https://forums.cpanel.net/threads/chkrootkit-checking-chkutmp-the-tty-of-the-following-user-process-es-were-not.48384/

https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=877666

Just links the searx instance threw back at me..haven't read anything, just pasted it for you.

https://stats.searx.xyz/

o/

Top
  • +1
    0
    -1
    Please use the rating system to mark posts that go against the Community Guidelines
Fri, 03/30/2018 - 23:01
#2
Geshmy
Geshmy
Offline
Joined: 04/23/2015

Ola SuperTramp,
Gracias para responder.

I will continue to read posts like the above. I read a bunch last night. It was late that I realized that the warnings were linked to Abrowser. That being a software unique to the Trisquel community I think someone here can explain what's happening and my understanding will improve.

I hope someone else with Trisquel 8 running can confirm whether or not they see the same thing but I will look at the posts you found.

I also go regularly here:
http://stats.searx.oe5tpo.com/
and here
https://stats.searx.xyz/
to see which instance is recommended.

I've been using searx ever since you first found it and let us know.

Top
  • +1
    0
    -1
    Please use the rating system to mark posts that go against the Community Guidelines
Sat, 03/31/2018 - 12:23
#3
SuperTramp83
SuperTramp83

I am a translator!

Offline
Joined: 10/31/2014

Searx is great indeed :)
It just came to my mind you can also use rkhunter (latest versions are great). Give that a try.

sudo apt-get install rkhunter
sudo rkhunter -c -sk

cheers

Top
  • +1
    0
    -1
    Please use the rating system to mark posts that go against the Community Guidelines