Visit Jeremy's Blog.
Go Back > Forums > Linux Forums > Linux - Security
User Name
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.


  Search this Thread
Old 06-24-2007, 11:14 PM   #1
LQ Newbie
Registered: Aug 2003
Posts: 27

Rep: Reputation: 15
rkhunter Security scanning generated the following warnings

I received this message from rkhunter this morning

This letter was generated by security scanner started on host at Jun 24, 2007 01:01 AM.
Please inspect this machine because there can be security problems or holes
in its protection, or the machine can be infected.

Note: It is recommended that you re-run security scanning on the machine via Plesk control panel before you make any changes to the machine configuration.
Security scanning generated the following warnings (the full scanning log is available at /var/log/rkhunter.log):

[01:00:13] Warning: This operating system is not fully supported!
[01:01:04] WARNING, found: /etc/.java (directory)

and this is the logs from /etc/log/rkhunter.log

[01:01:11] ------------------------- Security advisories -------------------------
[01:01:11] Info: Found 'PermitRootLogin no' or 'PermitRootLogin without-password'
[01:01:12] Scanned for: 55808 Trojan - Variant A, AjaKit, aPa Kit, Apache Worm, Ambient (ark) Rootkit, Balaur Rootkit, BeastKit, beX2, BOBKit, CiNIK Worm (Slapper.B variant), Danny-Boy's Abuse Kit, Devil RootKit, Dica, Dreams Rootkit, Duarawkz, Flea Linux Rootkit, FreeBSD Rootkit, Fuck`it Rootkit, GasKit, Heroin LKM, HjC Kit, ignoKit, ImperalsS-FBRK, Irix Rootkit, Kitko, Knark, Li0n Worm, Lockit / LJK2, MRK, Ni0 Rootkit, RootKit for SunOS / NSDAP, Optic Kit (Tux), Oz Rootkit, Portacelo, R3dstorm Toolkit, RH-Sharpe's rootkit, RSHA's rootkit, Scalper Worm, Shutdown, SHV4, SHV5, Sin Rootkit, Slapper, Sneakin Rootkit, Suckit Rootkit, SunOS Rootkit, Superkit, TBD (Telnet BackDoor), TeLeKiT, T0rn Rootkit, Trojanit Kit, Tuxtendo, URK, VcKit, Volc Rootkit, X-Org SunOS Rootkit, zaRwT.KiT Rootkit
[01:01:12] 3 vulnerable applications found

I just checked /etc/.java/.systemPrefs and it had two empty files:

[root@xxxx .systemPrefs]# pwd
[root@xxxx .systemPrefs]# ll -a
total 8
drwxr-xr-x 2 root root 4096 May 6 2006 .
drwxr-xr-x 3 root root 4096 May 6 2006 ..
-rw-r--r-- 1 root root 0 May 6 2006 .system.lock
-rw-r--r-- 1 root root 0 May 6 2006 .systemRootModFile

what should i do to resolve this problem ?
Old 06-25-2007, 01:09 AM   #2
Registered: May 2001
Posts: 29,358
Blog Entries: 55

Rep: Reputation: 3545Reputation: 3545Reputation: 3545Reputation: 3545Reputation: 3545Reputation: 3545Reputation: 3545Reputation: 3545Reputation: 3545Reputation: 3545Reputation: 3545
If you check the RKH FAQ, mailing list archives and your rkhunter.conf you'll read how to validate and exclude these entries from scanning.


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off

Similar Threads
Thread Thread Starter Forum Replies Last Post
rkhunter warnings adityavpratap Slackware 15 02-24-2007 07:11 AM
rkhunter warnings jantman Linux - Security 4 01-23-2007 02:39 PM
Looking for a comprehensive list of g++ generated warnings magham_rajesh Linux - General 0 06-19-2006 10:16 AM security warnings emetib Linux - Security 5 09-24-2004 06:39 PM
Security checker rkhunter working with AIX iainr AIX 0 07-16-2004 03:45 AM > Forums > Linux Forums > Linux - Security

All times are GMT -5. The time now is 03:55 PM.

Main Menu
Write for LQ is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration