LinuxQuestions.org
Go Job Hunting at the LQ Job Marketplace
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices

Reply
 
Search this Thread
Old 12-07-2004, 03:14 PM   #1
phatbastard
Member
 
Registered: Mar 2004
Location: Houston, Texas
Distribution: Kubuntu, zenwalk
Posts: 117

Rep: Reputation: 15
rkhunter


* System tools
Performing 'known good' check...
/bin/cat [ OK ]
/bin/chmod [ OK ]
/bin/chown [ OK ]
/bin/dmesg [ BAD ]
/bin/egrep [ OK ]
/bin/fgrep [ OK ]
/bin/grep [ OK ]
/bin/kill [ BAD ]
/bin/killall [ BAD ]
/bin/login [ OK ]
/bin/ls [ OK ]
/bin/mount [ BAD ]
/bin/netstat [ BAD ]
/bin/ps [ BAD ]
/bin/su [ OK ]
/sbin/depmod [ OK ]
/sbin/ifconfig [ BAD ]
/sbin/init [ BAD ]
/sbin/insmod [ OK ]
/sbin/ip [ BAD ]
/sbin/modinfo [ OK ]
/sbin/mount [ BAD ]
/sbin/runlevel [ BAD ]
/sbin/sysctl [ BAD ]
/usr/bin/cat [ OK ]
/usr/bin/chmod [ OK ]
/usr/bin/chown [ OK ]
/usr/bin/egrep [ OK ]
/usr/bin/env [ OK ]
/usr/bin/fgrep [ OK ]
/usr/bin/file [ OK ]
/usr/bin/find [ OK ]
/usr/bin/grep [ OK ]
/usr/bin/groups [ OK ]
/usr/bin/ls [ OK ]
/usr/bin/lsattr [ OK ]
/usr/bin/ps [ BAD ]
/usr/bin/pstree [ BAD ]
/usr/bin/sha1sum [ OK ]
/usr/bin/stat [ OK ]
/usr/bin/users [ OK ]
/usr/bin/w [ BAD ]
/usr/bin/watch [ BAD ]
/usr/bin/who [ OK ]
/usr/bin/whoami [ OK ]
/usr/sbin/syslogd [ OK ]


Should I be worried. I think I have locked down my system fairly well but then again u never know. I have disabled almost all services, i run firestarter, i use common sense, but when i ran rkhunter those showed up as bad. Would like to think they are false positives but how do i tell.
 
Old 12-08-2004, 09:28 PM   #2
Krugger
Member
 
Registered: Oct 2004
Posts: 229

Rep: Reputation: 30
If you didn't install new basic packages then something strange just hit your system. What is the probablility of binaries changing by themselves?

I mean

ps + netstat -> BAD
usually means trojan running.
 
Old 12-08-2004, 09:39 PM   #3
phatbastard
Member
 
Registered: Mar 2004
Location: Houston, Texas
Distribution: Kubuntu, zenwalk
Posts: 117

Original Poster
Rep: Reputation: 15
I have everything updated to slackware-current....
 
Old 12-08-2004, 09:44 PM   #4
Krugger
Member
 
Registered: Oct 2004
Posts: 229

Rep: Reputation: 30
well, if you updated it than it is normal that it changes. Than you should update the checksums against which you are comparing.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
rkhunter atlaika Linux - Security 7 11-29-2005 10:47 AM
rkhunter cronjob simcox1 Linux - Security 11 11-21-2005 08:25 AM
rkhunter found the following monroetech Linux - Security 3 12-20-2004 08:51 PM
Getting Warning during rkhunter? BajaNick Linux - Security 8 09-12-2004 08:34 PM
rkhunter or chkrootkit? marlor Linux - Security 2 08-28-2004 08:26 AM


All times are GMT -5. The time now is 07:41 AM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration