LinuxQuestions.org
Support LQ: Use code LQ3 and save $3 on Domain Registration
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie
User Name
Password
Linux - Newbie This Linux forum is for members that are new to Linux.
Just starting out and have a question? If it is not in the man pages or the how-to's this is the place!

Notices


Reply
  Search this Thread
Old 02-12-2010, 07:26 PM   #1
qwertyjjj
Senior Member
 
Registered: Jul 2009
Location: UK
Distribution: Cent OS5 with Plesk
Posts: 1,012

Rep: Reputation: 30
rkhunter warning


I got this in my rkhunter, is it anything to be worried about?

* Filesystem checks
Checking /dev for suspicious files... [ OK ]
Scanning for hidden files... [ Warning! ]
---------------
/etc/.pwd.lock /usr/sbin/.sshd.hmac /usr/bin/.fipscheck.hmac
/usr/bin/.ssh.hmac /usr/share/man/man1/..1.gz /dev/.udev
---------------
Please inspect: /usr/sbin/.sshd.hmac (ASCII text) /usr/bin/.fipscheck.hmac (ASCII text) /usr/bin/.ssh.hmac (ASCII text) /usr/share/man/man1/..1.gz (gzip compressed data, from Unix, max compression) /dev/.udev (directory)
 
Old 02-12-2010, 07:35 PM   #2
adam999
Member
 
Registered: Sep 2006
Posts: 102

Rep: Reputation: 18
What's inside these files? Is sshd exposed to the Internet?
 
Old 02-12-2010, 07:40 PM   #3
qwertyjjj
Senior Member
 
Registered: Jul 2009
Location: UK
Distribution: Cent OS5 with Plesk
Posts: 1,012

Original Poster
Rep: Reputation: 30
Quote:
Originally Posted by adam999 View Post
What's inside these files? Is sshd exposed to the Internet?
I'm not sure, I've never seen these files.
sshd is exposed to the net but on a different port and also not for root login so pretty unlikely that anyone could login.

sshd.hmac
Quote:
48209ecaac55e102e5b8f91d38d620c8b9697c4dc4826f9b9529d938f19e88e9
fipschecl
Quote:
78c2a83b38abd0dacc35e1e17072156b070ee70aacabd1110cdf698927a8f39f

Last edited by qwertyjjj; 02-12-2010 at 07:42 PM.
 
Old 02-12-2010, 07:45 PM   #4
adam999
Member
 
Registered: Sep 2006
Posts: 102

Rep: Reputation: 18
If u run
Code:
cat /usr/bin/.ssh.hmac
what output do u get?
 
Old 02-12-2010, 09:19 PM   #5
qwertyjjj
Senior Member
 
Registered: Jul 2009
Location: UK
Distribution: Cent OS5 with Plesk
Posts: 1,012

Original Poster
Rep: Reputation: 30
Quote:
Originally Posted by adam999 View Post
If u run
Code:
cat /usr/bin/.ssh.hmac
what output do u get?
[root@server ~]# cat /usr/bin/.ssh.hmac
d4a1e5bf3384c668f500b14f9ad9326ffe0fbebd2c77d5606607b52886b007c4
 
Old 02-13-2010, 10:00 AM   #6
adam999
Member
 
Registered: Sep 2006
Posts: 102

Rep: Reputation: 18
just checked, i have that same file,

Code:
[root@localhost ~]# rpm -qf /usr/sbin/.sshd.hmac
openssh-server-5.2p1-2.fc11.i586
Code:
[root@localhost ~]# rpm -qf /usr/bin/.fipscheck.hmac
fipscheck-1.2.0-1a.fc11.i586
Nothing to worry about
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
[SOLVED] rkhunter warning about 'old'versions EricTRA Linux - Security 7 12-02-2009 01:04 AM
rkhunter gives warning on LD_LIBRARY_PATH EricTRA Linux - Security 9 11-10-2009 01:56 PM
RKhunter warning about hidden files. gonus Linux - Security 3 05-03-2007 11:27 AM
rkhunter displaying warning message Michael_aust Linux - Newbie 4 04-30-2006 06:24 PM
Getting Warning during rkhunter? BajaNick Linux - Security 8 09-12-2004 09:34 PM


All times are GMT -5. The time now is 09:03 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration