I have a few suspect application in the rkhunter log.
Any ideas on what to do?

Attached log

Attached Files

rkhunter.log (129.6 KB, 37 views)

Yeah, actually read the README and the comments in rkhunter.conf. Note most common and less common questions have already been answered: do check the FAQ (scriptlets at the bottom) and search the rkhunter mailing list archives.


Investigate reason for change and if valid run "--propupd".


Run "--propupd".


Investigate and see the SCRIPTWHITELIST comments in rkhunter.conf.


Investigate and see ALLOWHIDDENDIR.


ALLOWHIDDENFILE.


APP_WHITELIST.

When I look through some of the files, they are just full of garbled computer text eg /sbin/depmod
?

DO these seem ok - I have no idea what they are.
[18:14:03] Checking for hidden files and directories [ Warning ]
[18:14:03] Warning: Hidden directory found: /dev/.udev
[18:14:03] Warning: Hidden file found: /usr/share/man/man1/..1.gz: gzip compressed data, from Unix, max compression
[18:14:03] Warning: Hidden file found: /usr/bin/.fipscheck.hmac: ASCII text
[18:14:03] Warning: Hidden file found: /usr/bin/.ssh.hmac: ASCII text
[18:14:03] Warning: Hidden file found: /usr/sbin/.sshd.hmac: ASCII text

See what package a file is in with 'rpm -qf /sbin/depmod --qf="%{NAME}\n";' and then verifying the package running 'rpm -Vv [namepfpackage]' should give you an idea if your RPMDB is to be trusted. All of the rest, like I said before, was handled a gazillion times over. Reading your rkhunter.conf should get you most and five minutes worth of searching this forum and the rkhunter mailing list archives the rest. Do try that before replying.