Support LQ: Use code LQ3 and save $3 on Domain Registration
Go Back > Forums > Linux Forums > Linux - Security
User Name
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.


  Search this Thread
Old 12-13-2004, 10:17 PM   #1
Registered: Nov 2004
Location: Toledo, OH
Distribution: SuSE 9.2 Pro
Posts: 53

Rep: Reputation: 15
rkhunter found the following

1) /usr/bin/file - BAD Note, I think this file was just updated in one of the recent YOU updates....

Checking for differences in user accounts... Found differences
> news:x:9:13:News system:/etc/news:/bin/bash
> uucp:x:10:14:Unix-to-Unix CoPy system:/etc/uucp:/bin/bash
> man:x:13:62:Manual pages viewer:/var/cache/man:/bin/bash
< man:x:13:62:Manual pages viewer:/var/cache/man:/bin/bash
< news:x:9:13:News system:/etc/news:/bin/bash
< uucp:x:10:14:Unix-to-Unix CoPy system:/etc/uucp:/bin/bash
Info: Some items have been added (items marked with '<')
Info: Some items have been removed (items marked with '>')

Ok, they are the same, what's up here?

* Filesystem checks
Checking /dev for suspicious files... [ Warning! (unusual files found) ]
Unusual files:
/dev/sdaf9: block 3pecial (65/249)
Scanning for hidden files... [ Warning! ]
/dev/.udev.tdb /etc/.java

I looked at the .pwd.lock file, it's blank

Anyone know what these are?

Old 12-13-2004, 10:46 PM   #2
Registered: Mar 2004
Location: Houston, Texas
Distribution: Kubuntu, zenwalk
Posts: 117

Rep: Reputation: 15
I ran into the same problem when i ran rkhunter, I'm using slackware and updated to 'current' and now i get some 'bin' files are bad check md5 checksums etc. Did some google research and found out from Pat that more than likely its from rkhunter not recognizing current files.
Old 12-14-2004, 08:47 PM   #3
Registered: Mar 2004
Posts: 171

Rep: Reputation: 30
I'd fill out the contact form (on the rkhunter website) and report this issue to the author of rkhunter. I use it too and noticed the same thing following a recent YOU/YaST update(s) including a recent upgrade to KDE 3.3.2. I tried the ./rkhunter --update (Run update tool and check for database updates) but still saw the "file" listed as [BAD].

The more people who respond directly to the author, the quicker issues like this will be resolved.

Last edited by furfurdemon666; 12-14-2004 at 08:57 PM.
Old 12-20-2004, 09:51 PM   #4
Registered: Mar 2004
Posts: 171

Rep: Reputation: 30
Thumbs up

This issue with rkhunter (latest version) and SUSE 9.1 with:


showing as [BAD]

has been resolved. I updated rkhunter with

./rkhunter --update
And ran a new scan with

./rkhunter -c
and /usr/bin/file no longer shows as [BAD].


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off

Similar Threads
Thread Thread Starter Forum Replies Last Post
rkhunter atlaika Linux - Security 7 11-29-2005 11:47 AM
rkhunter cronjob simcox1 Linux - Security 11 11-21-2005 09:25 AM
rkhunter phatbastard Linux - Security 3 12-08-2004 10:44 PM
rkhunter found bad syslogd - what should I do next magicm Linux - Security 1 10-10-2004 07:05 AM
Getting Warning during rkhunter? BajaNick Linux - Security 8 09-12-2004 09:34 PM

All times are GMT -5. The time now is 10:23 PM.

Main Menu
Write for LQ is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration