LinuxQuestions.org
LinuxAnswers - the LQ Linux tutorial section.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices

Closed Thread
 
Search this Thread
Old 07-15-2009, 02:58 AM   #1
judoka
Member
 
Registered: Jul 2009
Posts: 194

Rep: Reputation: 15
Cool rkhunter warnings or suspect files


I just installed and ran my first rootkit check and it gave me three warnings or suspect files. I checked rkhunter --help file but it wasn't much help. How do I fix them?
 
Old 07-15-2009, 10:37 AM   #2
ronlau9
Senior Member
 
Registered: Dec 2007
Location: In front of my LINUX OR MAC BOX
Distribution: Mandriva 2009 X86_64 suse 11.3 X86_64 Centos X86_64 Debian X86_64 Linux MInt 86_64 OS X
Posts: 2,369

Rep: Reputation: Disabled
Quote:
Originally Posted by judoka View Post
I just installed and ran my first rootkit check and it gave me three warnings or suspect files. I checked rkhunter --help file but it wasn't much help. How do I fix them?
Which distro are you running ?
And what exactly are the warnings
 
Old 07-15-2009, 11:14 AM   #3
win32sux
Guru
 
Registered: Jul 2003
Location: Los Angeles
Distribution: Ubuntu
Posts: 9,870

Rep: Reputation: 371Reputation: 371Reputation: 371Reputation: 371
For the record, this post was pruned from here, in order to focus on one topic at a time. I wasn't able to post a notice here earlier, due to some technical problems I experienced.

Last edited by win32sux; 07-15-2009 at 11:15 AM.
 
Old 07-15-2009, 10:48 PM   #4
judoka
Member
 
Registered: Jul 2009
Posts: 194

Original Poster
Rep: Reputation: 15
I'm using ubuntu 9.04 i can't tell you the problems because when i tried to run it again with rkhunter -c it said you must be root user to run this command but it didn't prompt me for a password -- strange
 
Old 07-15-2009, 10:52 PM   #5
judoka
Member
 
Registered: Jul 2009
Posts: 194

Original Poster
Rep: Reputation: 15
oh yeah i forgot about sudo, sorry
 
Old 07-15-2009, 10:59 PM   #6
judoka
Member
 
Registered: Jul 2009
Posts: 194

Original Poster
Rep: Reputation: 15
after performing the check i had warnings in /usr/sbin/inetd /usr/sbin/unhide and usr/sbinunhide-linux26 also when checkng for rootkits i had
Performing trojan specific checks
Checking for enabled inetd services [ Warning ] and
Performing filesystem checks
Checking /dev for suspicious file types [ Warning ]

what should I do?
 
Old 07-16-2009, 01:32 PM   #7
unSpawn
Moderator
 
Registered: May 2001
Posts: 27,666
Blog Entries: 54

Rep: Reputation: 2952Reputation: 2952Reputation: 2952Reputation: 2952Reputation: 2952Reputation: 2952Reputation: 2952Reputation: 2952Reputation: 2952Reputation: 2952Reputation: 2952
Quote:
Originally Posted by judoka View Post
what should I do?
Read the README (isn't that big) before running it and make sure you configure rkhunter.conf and run "--propupd". On error read your logfile and check the FAQ (isn't that big either) for clues, there's even a mailing list archive you can check, and if nothing else comes up post *complete* log lines and error messages. Just saying "hey, I got this [error]" doesn't quite cut it.
 
Old 08-21-2010, 09:30 AM   #8
mistertowjam
LQ Newbie
 
Registered: Aug 2010
Posts: 2

Rep: Reputation: 0
rkhunter binary warnings for mac os x ver: 10.6.4

Your post has been moved to its own thread. See http://www.linuxquestions.org/questi...-6-4-a-827629/. Please don't post in stale threads. Thread closed.

Last edited by unSpawn; 08-21-2010 at 09:41 AM.
 
  


Closed Thread


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
RKhunter question, Getting warnings for some directories. M$ISBS Linux - Security 8 03-05-2008 02:38 AM
rkhunter Security scanning generated the following warnings max_tcs Linux - Security 1 06-25-2007 02:09 AM
rkhunter warnings adityavpratap Slackware 15 02-24-2007 08:11 AM
rkhunter warnings jantman Linux - Security 4 01-23-2007 03:39 PM


All times are GMT -5. The time now is 05:44 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration