rkhunter found the following
1) /usr/bin/file - BAD Note, I think this file was just updated in one of the recent YOU updates....
2)
Checking for differences in user accounts... Found differences
Info:
----------------------
> news:x:9:13:News system:/etc/news:/bin/bash
> uucp:x:10:14:Unix-to-Unix CoPy system:/etc/uucp:/bin/bash
> man:x:13:62:Manual pages viewer:/var/cache/man:/bin/bash
< man:x:13:62:Manual pages viewer:/var/cache/man:/bin/bash
< news:x:9:13:News system:/etc/news:/bin/bash
< uucp:x:10:14:Unix-to-Unix CoPy system:/etc/uucp:/bin/bash
----------------------
Info: Some items have been added (items marked with '<')
Info: Some items have been removed (items marked with '>')
Ok, they are the same, what's up here?
3)
* Filesystem checks
Checking /dev for suspicious files... [ Warning! (unusual files found) ]
---------------------------------------------
Unusual files:
/dev/sdaf9: block 3pecial (65/249)
---------------------------------------------
Scanning for hidden files... [ Warning! ]
---------------
/dev/.udev.tdb /etc/.java
/etc/.pwd.lock
I looked at the .pwd.lock file, it's blank
Anyone know what these are?
Thanks
|