rkhunter warnings
Vikram Goyal
vikigoyal at gmail.com
Thu Oct 12 13:40:37 UTC 2006
Hello,
I'm using FC5 and recently I started getting warnings from rkhunter cron
check. I manually also updated the hashes with same results.
What may be the reason??? Any ideas...Anything to worry...
I'm pasting some relevant portions from the mail.
--------------------- Start Rootkit Hunter Update ---------------------
Running rkhunter updater... Tue, 10 Oct 2006 04:02:02 +0530
Mirrorfile /var/rkhunter/db/mirrors.dat rotated
Using mirror http://mirror11.mirror.rkhunter.org
[DB] Mirror file : Mirror outdated. Skipped
Info (current version: 2006092302, version of mirror: 2006041300)
[DB] MD5 hashes system binaries : Mirror outdated. Skipped
Info (current version: 2006100500, version of mirror: 2006022800)
[DB] Operating System information : Mirror outdated. Skipped
Info (current version: 2006100500, version of mirror: 2006051200)
[DB] MD5 blacklisted tools/binaries : Up to date
[DB] Known good program versions : Up to date
[DB] Known bad program versions : Up to date
Finished rkhunter updater.. Tue, 10 Oct 2006 04:15:45 +0530
Ready.
---------------------- Start Rootkit Hunter Scan ----------------------
Rootkit Hunter 1.2.8 is running
Tue, 10 Oct 2006 04:15:45 +0530
Determining OS... Ready
Checking binaries
* Selftests
Strings (command) [ OK ]
* System tools
Info: prelinked files found
Performing 'known good' check...
/bin/cat [ BAD ]
/bin/chmod [ BAD ]
/bin/chown [ BAD ]
/bin/date [ BAD ]
/bin/dmesg [ BAD ]
/bin/env [ BAD ]
/bin/grep [ BAD ]
/bin/kill [ BAD ]
/bin/login [ BAD ]
<snip>
/usr/bin/whoami [ BAD ]
--------------------------------------------------------------------------------
Rootkit Hunter found some bad or unknown hashes. This can be happen due replaced
binaries or updated packages (which give other hashes). Be sure your hashes are
fully updated (rkhunter --update). If you're in doubt about these hashes, contact
the author (fill in the contact form).
--------------------------------------------------------------------------------
<snip>
---------------------------- Scan results ----------------------------
MD5
MD5 compared: 51
Incorrect MD5 checksums: 51
File scan
Scanned files: 342
Possible infected files: 0
Application scan
Scanning took 174 seconds
------------------- Tue, 10 Oct 2006 04:18:39 +0530 -------------------
Do you have some problems, undetected rootkits, false positives, ideas
or suggestions?
Please e-mail me by filling in the contact form (@http://www.rootkit.nl)
-----------------------------------------------------------------------
Thanks!
--
vikram...
||||||||
||||||||
^^'''''^^||root||^^^'''''''^^
// \\ ))
//(( \\// \\
// /\\ || \\
|| / )) (( \\
--
"If that man in the PTL is such a healer, why can't he make his wife's
hairdo go down?"
-- Robin Williams
--
*
~|~
=
Registered Linux User #285795
More information about the fedora-list
mailing list