rkhunter warnings
Raina Otoni
ro3159 at gmail.com
Thu Oct 12 14:14:18 UTC 2006
Hello
My Fedora Core 5 server has same message since updated to version
2006092302. It may be a prelink issue.
Vikram Goyal wrote:
> Hello,
>
> I'm using FC5 and recently I started getting warnings from rkhunter cron
> check. I manually also updated the hashes with same results.
>
> What may be the reason??? Any ideas...Anything to worry...
>
> I'm pasting some relevant portions from the mail.
>
> --------------------- Start Rootkit Hunter Update ---------------------
>
> Running rkhunter updater... Tue, 10 Oct 2006 04:02:02 +0530
>
> Mirrorfile /var/rkhunter/db/mirrors.dat rotated
> Using mirror http://mirror11.mirror.rkhunter.org
> [DB] Mirror file : Mirror outdated. Skipped
> Info (current version: 2006092302, version of mirror: 2006041300)
> [DB] MD5 hashes system binaries : Mirror outdated. Skipped
> Info (current version: 2006100500, version of mirror: 2006022800)
> [DB] Operating System information : Mirror outdated. Skipped
> Info (current version: 2006100500, version of mirror: 2006051200)
> [DB] MD5 blacklisted tools/binaries : Up to date
> [DB] Known good program versions : Up to date
> [DB] Known bad program versions : Up to date
>
> Finished rkhunter updater.. Tue, 10 Oct 2006 04:15:45 +0530
> Ready.
>
> ---------------------- Start Rootkit Hunter Scan ----------------------
>
> Rootkit Hunter 1.2.8 is running
> Tue, 10 Oct 2006 04:15:45 +0530
> Determining OS... Ready
>
>
> Checking binaries
> * Selftests
> Strings (command) [ OK ]
>
>
> * System tools
> Info: prelinked files found
> Performing 'known good' check...
> /bin/cat [ BAD ]
> /bin/chmod [ BAD ]
> /bin/chown [ BAD ]
> /bin/date [ BAD ]
> /bin/dmesg [ BAD ]
> /bin/env [ BAD ]
> /bin/grep [ BAD ]
> /bin/kill [ BAD ]
> /bin/login [ BAD ]
> <snip>
> /usr/bin/whoami [ BAD ]
> --------------------------------------------------------------------------------
> Rootkit Hunter found some bad or unknown hashes. This can be happen due replaced
> binaries or updated packages (which give other hashes). Be sure your hashes are
> fully updated (rkhunter --update). If you're in doubt about these hashes, contact
> the author (fill in the contact form).
> --------------------------------------------------------------------------------
> <snip>
> ---------------------------- Scan results ----------------------------
>
> MD5
> MD5 compared: 51
> Incorrect MD5 checksums: 51
>
> File scan
> Scanned files: 342
> Possible infected files: 0
>
> Application scan
> Scanning took 174 seconds
>
> ------------------- Tue, 10 Oct 2006 04:18:39 +0530 -------------------
>
> Do you have some problems, undetected rootkits, false positives, ideas
> or suggestions?
> Please e-mail me by filling in the contact form (@http://www.rootkit.nl)
>
> -----------------------------------------------------------------------
> Thanks!
--
Raina Otoni <ro3159 at gmail.com>
More information about the users
mailing list