rkhunter
 

* System tools
Performing 'known good' check...
/bin/cat [ OK ]
/bin/chmod [ OK ]
/bin/chown [ OK ]
/bin/dmesg [ BAD ]
/bin/egrep [ OK ]
/bin/fgrep [ OK ]
/bin/grep [ OK ]
/bin/kill [ BAD ]
/bin/killall [ BAD ]
/bin/login [ OK ]
/bin/ls [ OK ]
/bin/mount [ BAD ]
/bin/netstat [ BAD ]
/bin/ps [ BAD ]
/bin/su [ OK ]
/sbin/depmod [ OK ]
/sbin/ifconfig [ BAD ]
/sbin/init [ BAD ]
/sbin/insmod [ OK ]
/sbin/ip [ BAD ]
/sbin/modinfo [ OK ]
/sbin/mount [ BAD ]
/sbin/runlevel [ BAD ]
/sbin/sysctl [ BAD ]
/usr/bin/cat [ OK ]
/usr/bin/chmod [ OK ]
/usr/bin/chown [ OK ]
/usr/bin/egrep [ OK ]
/usr/bin/env [ OK ]
/usr/bin/fgrep [ OK ]
/usr/bin/file [ OK ]
/usr/bin/find [ OK ]
/usr/bin/grep [ OK ]
/usr/bin/groups [ OK ]
/usr/bin/ls [ OK ]
/usr/bin/lsattr [ OK ]
/usr/bin/ps [ BAD ]
/usr/bin/pstree [ BAD ]
/usr/bin/sha1sum [ OK ]
/usr/bin/stat [ OK ]
/usr/bin/users [ OK ]
/usr/bin/w [ BAD ]
/usr/bin/watch [ BAD ]
/usr/bin/who [ OK ]
/usr/bin/whoami [ OK ]
/usr/sbin/syslogd [ OK ]


Should I be worried. I think I have locked down my system fairly well but then again u never know. I have disabled almost all services, i run firestarter, i use common sense, but when i ran rkhunter those showed up as bad. Would like to think they are false positives but how do i tell.

If you didn't install new basic packages then something strange just hit your system. What is the probablility of binaries changing by themselves?

I mean

ps + netstat -> BAD
usually means trojan running.

I have everything updated to slackware-current....

well, if you updated it than it is normal that it changes. Than you should update the checksums against which you are comparing.