LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Linux - Security (http://www.linuxquestions.org/questions/linux-security-4/)
-   -   rkhunter (http://www.linuxquestions.org/questions/linux-security-4/rkhunter-263734/)

phatbastard 12-07-2004 03:14 PM

rkhunter
 
* System tools
Performing 'known good' check...
/bin/cat [ OK ]
/bin/chmod [ OK ]
/bin/chown [ OK ]
/bin/dmesg [ BAD ]
/bin/egrep [ OK ]
/bin/fgrep [ OK ]
/bin/grep [ OK ]
/bin/kill [ BAD ]
/bin/killall [ BAD ]
/bin/login [ OK ]
/bin/ls [ OK ]
/bin/mount [ BAD ]
/bin/netstat [ BAD ]
/bin/ps [ BAD ]
/bin/su [ OK ]
/sbin/depmod [ OK ]
/sbin/ifconfig [ BAD ]
/sbin/init [ BAD ]
/sbin/insmod [ OK ]
/sbin/ip [ BAD ]
/sbin/modinfo [ OK ]
/sbin/mount [ BAD ]
/sbin/runlevel [ BAD ]
/sbin/sysctl [ BAD ]
/usr/bin/cat [ OK ]
/usr/bin/chmod [ OK ]
/usr/bin/chown [ OK ]
/usr/bin/egrep [ OK ]
/usr/bin/env [ OK ]
/usr/bin/fgrep [ OK ]
/usr/bin/file [ OK ]
/usr/bin/find [ OK ]
/usr/bin/grep [ OK ]
/usr/bin/groups [ OK ]
/usr/bin/ls [ OK ]
/usr/bin/lsattr [ OK ]
/usr/bin/ps [ BAD ]
/usr/bin/pstree [ BAD ]
/usr/bin/sha1sum [ OK ]
/usr/bin/stat [ OK ]
/usr/bin/users [ OK ]
/usr/bin/w [ BAD ]
/usr/bin/watch [ BAD ]
/usr/bin/who [ OK ]
/usr/bin/whoami [ OK ]
/usr/sbin/syslogd [ OK ]


Should I be worried. I think I have locked down my system fairly well but then again u never know. I have disabled almost all services, i run firestarter, i use common sense, but when i ran rkhunter those showed up as bad. Would like to think they are false positives but how do i tell.

Krugger 12-08-2004 09:28 PM

If you didn't install new basic packages then something strange just hit your system. What is the probablility of binaries changing by themselves?

I mean

ps + netstat -> BAD
usually means trojan running.

phatbastard 12-08-2004 09:39 PM

I have everything updated to slackware-current....

Krugger 12-08-2004 09:44 PM

well, if you updated it than it is normal that it changes. Than you should update the checksums against which you are comparing.


All times are GMT -5. The time now is 05:52 PM.