RKhunter log file - Is there any malicious issues?
 

I am presently having a server with CentOS 6.x installed with DA panel and also Rkhunter installed and running, today i got a mail with the following information from the server
--------
Warning: The command '/sbin/ifdown' has been replaced by a script: /sbin/ifdown: Bourne-Again shell script text executable
Warning: The command '/sbin/ifup' has been replaced by a script: /sbin/ifup: Bourne-Again shell script text executable
Warning: The command '/usr/bin/GET' has been replaced by a script: /usr/bin/GET: perl script text executable
Warning: The command '/usr/bin/groups' has been replaced by a script: /usr/bin/groups: Bourne shell script text executable
Warning: The command '/usr/bin/ldd' has been replaced by a script: /usr/bin/ldd: Bourne shell script text executable
Warning: The command '/usr/bin/whatis' has been replaced by a script: /usr/bin/whatis: Bourne shell script text executable
Warning: The SSH configuration option 'PermitRootLogin' has not been set.
The default value may be 'yes', to allow root access.
Warning: Hidden directory found: /dev/.udev
Warning: Hidden file found: /usr/share/man/man1/..1.gz: gzip compressed data, from Unix, max compression
Warning: Hidden file found: /usr/bin/.fipscheck.hmac: ASCII text
Warning: Hidden file found: /usr/bin/.ssh.hmac: ASCII text
Warning: Hidden file found: /usr/sbin/.sshd.hmac: ASCII text
Warning: Application 'openssl', version '0.9.8e', is out of date, and possibly a security risk.
Warning: Application 'sshd', version '4.3p2', is out of date, and possibly a security risk.
-----------------------

is this a potential harm, what this indicates? How to rectify this ?

Also I came to know that Chunter and rkhunter will only identify the malicious codes but will not remove it, how to remove it automatically, is there any tools available for that.

I read through some forums that this softwares are totally outdate and is there any equivalent software for this ?

I think so many binaries have been replaced !

There is no need to "think", "guess" or "feel" because computing is binary: an application can be tested to find out if it is vulnerable or not, configuration settings can be checked to determine if an option is safe or not and distribution package contents can be verified to find out if they are altered or not. Because of a previous post it is suggested you do some research before you post.


Yes, I know it is boring and tedious but before you run an application it is suggested to read the documentation that comes with it. The FAQ tries to answer often-asked questions and the comments in rkhunter.conf should provide clues as well. If that doesn't work for you then the README suggests which information sources to check and in which order. You could also search LQ as these questions are not unique, they have been asked before. Efficiency and such.


Trying to "fix" security incidents that way is not the right approach.


The reasons these "softwares are totally outdate" are due to a shift in attack vectors (from rootkit to application stack), the approach to detection (passive and post-incident versus actively providing early warnings) and the methods of finding evidence (signature-based versus behaviour-based). Anyway, where did you read that if I may ask?


The way you asked questions (before), the fact your run a VPS and a web-based management panel and the hint you run or will be running PHP-based applications like Wordpress or Joomla makes me think you really should invest time and properly harden your server before doing anythng else. The Centos server administration documentation, SANS Reading Room whitepapers, SANS/OWASP common mistakes list and Cisecurity benchmarks should be at the top of your list.