rkhunter
* System tools
Performing 'known good' check... /bin/cat [ OK ] /bin/chmod [ OK ] /bin/chown [ OK ] /bin/dmesg [ BAD ] /bin/egrep [ OK ] /bin/fgrep [ OK ] /bin/grep [ OK ] /bin/kill [ BAD ] /bin/killall [ BAD ] /bin/login [ OK ] /bin/ls [ OK ] /bin/mount [ BAD ] /bin/netstat [ BAD ] /bin/ps [ BAD ] /bin/su [ OK ] /sbin/depmod [ OK ] /sbin/ifconfig [ BAD ] /sbin/init [ BAD ] /sbin/insmod [ OK ] /sbin/ip [ BAD ] /sbin/modinfo [ OK ] /sbin/mount [ BAD ] /sbin/runlevel [ BAD ] /sbin/sysctl [ BAD ] /usr/bin/cat [ OK ] /usr/bin/chmod [ OK ] /usr/bin/chown [ OK ] /usr/bin/egrep [ OK ] /usr/bin/env [ OK ] /usr/bin/fgrep [ OK ] /usr/bin/file [ OK ] /usr/bin/find [ OK ] /usr/bin/grep [ OK ] /usr/bin/groups [ OK ] /usr/bin/ls [ OK ] /usr/bin/lsattr [ OK ] /usr/bin/ps [ BAD ] /usr/bin/pstree [ BAD ] /usr/bin/sha1sum [ OK ] /usr/bin/stat [ OK ] /usr/bin/users [ OK ] /usr/bin/w [ BAD ] /usr/bin/watch [ BAD ] /usr/bin/who [ OK ] /usr/bin/whoami [ OK ] /usr/sbin/syslogd [ OK ] Should I be worried. I think I have locked down my system fairly well but then again u never know. I have disabled almost all services, i run firestarter, i use common sense, but when i ran rkhunter those showed up as bad. Would like to think they are false positives but how do i tell. |
If you didn't install new basic packages then something strange just hit your system. What is the probablility of binaries changing by themselves?
I mean ps + netstat -> BAD usually means trojan running. |
I have everything updated to slackware-current....
|
well, if you updated it than it is normal that it changes. Than you should update the checksums against which you are comparing.
|
All times are GMT -5. The time now is 06:04 PM. |