RKHunter, rhosts, hosts.equiv, how to disable?


#1

So, things have been a bit strange lately on the Mac. Just odd behaviour like sounds happening for no reason and excessive CPU usage (I can always tell 'cause the fan kicks in). Malwarebytes didn’t find anything so I did a little research and found RKHunter. It found… warnings. But I’m not sure what I can do about it, or if they’re just false flags and I don’t have to do anything.

I’ve found commands for BSD but either I can’t figure out how to use them or they’re different in Terminal. The commands basically block access and disable rhosts altogether (which apparently is recommended anyway).


#2

Just so I understand: you want to know how to disable files on your Mac that you’re not even sure will solve your issues with “odd behaviour”?


#3

So you can’t answer the question or you just don’t want to?


#4

I can’t answer your question. But I’m interested in the thinking behind it.


#5

What’s odd about a process of elimination? There is nothing harmed by turning this off, I just don’t know how to do it. So what’s the issue?


#6

No issue. I was merely curious about your reasoning, because I had never heard of rhosts or hosts.equiv before you made this topic, so they seem like an interesting place to start your investigation.

If it were me, there would likely be other candidates I’d look into first when investigating “bit strange, odd behaviour” issues on Macs, before some obscure files I happened to come across in Google.

But thank you for letting me know about those files, a perfunctory Google search and the page you linked suggests you can disable permissions to those files using chmod, something along the lines of chmod 600 ~/rhosts and chmod 600 /etc/hosts.eqiv should suffice.


#7

have you tried the basics such as PRAM and SMC resets before resorting to this?

IMHO the likelihood of a rootkit being installed is extremely low unless you’ve been installing dodgy software and says yes to the installation of random things.


#8

Or even the basics of looking in Activity Monitor to see exactly which processes are using excessive CPU?
Occam’s Razor may well be applicable here.


#9

I note the OP did install “RKHunter” - I’m always cautious of anti-malware type software on Mac.


#10

I don’t think you understand what Occam’s Razor actually means…


#11

I don’t think you understand how to logically approach troubleshooting a software issue, so I guess we’re even. ¯\_(ツ)_/¯


#12

You realise that this response requires that you do the exact opposite of Occam’s Razor, right?


#13

The “r” commands have been deprecated on UNIX for years, I cannot even find them on my High Sierra machine.

They are the predecessor of SSH and were used to allow connections between (trusted) machines on a local network. The hosts.equiv and .rhosts are configurations to allow one specified host and user to connect to (rsh for remote shell for example) to another.

It’s possible that RKHunter is looking for the presence of a file and considers it not being there a bad thing.

This is most likely a red herring.