LinuxQuestions.org
Visit the LQ Articles and Editorials section
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices

Reply
 
Search this Thread
Old 07-04-2009, 04:38 PM   #1
ahartman
LQ Newbie
 
Registered: Jul 2009
Posts: 6

Rep: Reputation: 0
/var/log/rkhunter.log - rkhunter's (rootkit detection) logfile


Hi all

rkhunter produced the following /var/log/rkhunter.log
log file sections and I could use your informed interpretation

1. First 2 sections: What are these 2 file warnings about ?

2. Third section: 'possible rkt string' - What is it ?

3. Fourth section: I did not request rkhunter to have any testing disabled !!!

Where should i start ?

Arye


[11:22:09] /usr/sbin/unhide [ Warning ]
[11:22:10] Warning: The file '/usr/sbin/unhide' exists on the system, but it is not present in the rkhunter.dat file.
......
.........

[11:22:18] /usr/sbin/unhide-linux26 [ Warning ]
[11:22:19] Warning: The file '/usr/sbin/unhide-linux26' exists on the system, but it is not present in the rkhunter.dat file.
........
............

Performing check for possible rootkit strings
[11:29:23] Info: Starting test name 'possible_rkt_strings'
[11:29:23] Info: Found local startup file: /etc/rc.local
............
..............

Performing malware checks
[11:29:49] Info: Starting test name 'malware'
[11:29:49]
[11:29:49] Info: Test 'deleted_files' disabled at users request.
[11:29:50] Info: Starting test name 'running_procs'
[11:29:52] Checking running processes for suspicious files [ None found ]
[11:29:53]
[11:29:53] Info: Test 'hidden_procs' disabled at users request.
[11:29:53]
[11:29:53] Info: Test 'suspscan' disabled at users request.
 
Old 07-04-2009, 05:28 PM   #2
unSpawn
Moderator
 
Registered: May 2001
Posts: 27,140
Blog Entries: 54

Rep: Reputation: 2791Reputation: 2791Reputation: 2791Reputation: 2791Reputation: 2791Reputation: 2791Reputation: 2791Reputation: 2791Reputation: 2791Reputation: 2791Reputation: 2791
If you installed RKH and ran it without first reading the README then you probably also didn't run 'rkhunter --propupd'.
 
  


Reply

Tags
logfile, rkhunter


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
the significance and name of the 5th column of /var/log/auth.log (ubuntu server)? CoffeeKing!!! Linux - Security 4 02-05-2009 07:32 AM
What the %$#@ is pam_unix (cron:session) doing every ten minutes? (/var/log/auth.log) CoffeeKing!!! Linux - Security 3 02-05-2009 07:07 AM
/var/log/auth.log doens't have correct date and hostname (Solution) alfmarius Linux - Newbie 0 10-07-2008 06:09 AM
/var/log/messages and /var/log/cron not working sigkill Linux - Software 6 08-09-2008 01:08 PM
Can Samhain log my entries in /var/log/secure and /var/log/mesage to a central server abefroman Linux - Software 2 04-13-2008 04:13 PM


All times are GMT -5. The time now is 09:42 PM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration