Rkhunter weird log - Debian 7
 

Hello everybody,

My server started acting weird today so I just ran an apt-upgrade and after that rkhunter that warned me quite a few times about certain files. Could I possibly be hacked?

http://pastebin.com/5sqqvE4n

Sorry for the long log file, any advice?

crudely the log says no kits detected.

2) you appear to have modified your conf file as I can see a whitelisted item but did you config for your packagemanager checks?

How about a link to your conf

3) have you considered installing and enabling extra checks such as

unhide skdet etc

http://sourceforge.net/apps/trac/rkh...MPRKH#Contents

4) you have no external mail setup or local mail

5) does not help much

when did you start your first scan for RKH?

----before the upgrade?

did you keep any logs and did you read the readme? or the FAQ

When you think you have a (potential) security problem it is advised to
think and inform yourself thoroughly before you act. Please consider
checking the FAQ, the rkhunter-users mailing list archives, your
distribution documentation about security and security issues and the
CERT Intruder Detection Checklist, formerly located at
http://www.cert.org/tech_tips/intrud...checklist.html, and
archived at

http://web.archive.org/web/200801092...checklist.html


BTW you may have been better off posting in the security section as I am not an expert

Weird in what way? Please describe in detail.


Who told you to do that? What would that fix? If you suspect a machine to be compromised then the best way to aid a perp would be to destroy evidence.


Well doh, the output clearly reads:
It continues to tell you what to expect:
...and how to fix it: