LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Linux - Security (http://www.linuxquestions.org/questions/linux-security-4/)
-   -   rkhunter warnings or suspect files (http://www.linuxquestions.org/questions/linux-security-4/rkhunter-warnings-or-suspect-files-740179/)

judoka 07-15-2009 02:58 AM

rkhunter warnings or suspect files
 
I just installed and ran my first rootkit check and it gave me three warnings or suspect files. I checked rkhunter --help file but it wasn't much help. How do I fix them?

ronlau9 07-15-2009 10:37 AM

Quote:

Originally Posted by judoka (Post 3608078)
I just installed and ran my first rootkit check and it gave me three warnings or suspect files. I checked rkhunter --help file but it wasn't much help. How do I fix them?

Which distro are you running ?
And what exactly are the warnings

win32sux 07-15-2009 11:14 AM

For the record, this post was pruned from here, in order to focus on one topic at a time. I wasn't able to post a notice here earlier, due to some technical problems I experienced.

judoka 07-15-2009 10:48 PM

I'm using ubuntu 9.04 i can't tell you the problems because when i tried to run it again with rkhunter -c it said you must be root user to run this command but it didn't prompt me for a password -- strange

judoka 07-15-2009 10:52 PM

oh yeah i forgot about sudo, sorry

judoka 07-15-2009 10:59 PM

after performing the check i had warnings in /usr/sbin/inetd /usr/sbin/unhide and usr/sbinunhide-linux26 also when checkng for rootkits i had
Performing trojan specific checks
Checking for enabled inetd services [ Warning ] and
Performing filesystem checks
Checking /dev for suspicious file types [ Warning ]

what should I do?

unSpawn 07-16-2009 01:32 PM

Quote:

Originally Posted by judoka (Post 3608998)
what should I do?

Read the README (isn't that big) before running it and make sure you configure rkhunter.conf and run "--propupd". On error read your logfile and check the FAQ (isn't that big either) for clues, there's even a mailing list archive you can check, and if nothing else comes up post *complete* log lines and error messages. Just saying "hey, I got this [error]" doesn't quite cut it.

mistertowjam 08-21-2010 09:30 AM

rkhunter binary warnings for mac os x ver: 10.6.4
 
Your post has been moved to its own thread. See http://www.linuxquestions.org/questi...-6-4-a-827629/. Please don't post in stale threads. Thread closed.


All times are GMT -5. The time now is 04:00 AM.