Warning flagged by the 'rkhunter'
Posted
by
gkt.pro
on Server Fault
See other posts from Server Fault
or by gkt.pro
Published on 2011-02-01T17:45:21Z
Indexed on
2011/02/02
7:27 UTC
Read the original article
Hit count: 707
when I scanned my Ubuntu 10.04 with rkhunter a root kit hunter toolkit, it gave following warning:
Is there something that I have to worry about.
[23:06:19] /usr/sbin/adduser [ Warning ]
[23:06:19] Warning: The command '/usr/sbin/adduser' has been replaced by a script: /usr/sbin/adduser: a /usr/bin/perl script text executable
[23:06:20] /usr/sbin/rsyslogd [ Warning ]
[23:06:20] Warning: The file properties have changed:
[23:06:22] /usr/bin/dpkg [ Warning ]
[23:06:22] Warning: The file properties have changed:
[23:06:22] /usr/bin/dpkg-query [ Warning ]
[23:06:22] Warning: The file properties have changed:
[23:06:24] /usr/bin/ldd [ Warning ]
[23:06:24] Warning: The file properties have changed:
[23:06:24] Warning: The command '/usr/bin/ldd' has been replaced by a script: /usr/bin/ldd: Bourne-Again shell script text executable
[23:06:24] /usr/bin/logger [ Warning ]
[23:06:24] Warning: The file properties have changed:
[23:06:25] /usr/bin/mail [ Warning ]
[23:06:25] Warning: The file '/usr/bin/mail' exists on the system, but it is not present in the rkhunter.dat file.
[23:06:27] /usr/bin/sudo [ Warning ]
[23:06:27] Warning: The file properties have changed:
[23:06:29] /usr/bin/whereis [ Warning ]
[23:06:29] Warning: The file properties have changed:
[23:06:29] /usr/bin/lwp-request [ Warning ]
[23:06:29] Warning: The command '/usr/bin/lwp-request' has been replaced by a script: /usr/bin/lwp-request: a /usr/bin/perl -w script text executable
[23:06:29] /usr/bin/bsd-mailx [ Warning ]
[23:06:29] Warning: The file '/usr/bin/bsd-mailx' exists on the system, but it is not present in the rkhunter.dat file.
[23:06:30] /sbin/fsck [ Warning ]
[23:06:30] Warning: The file properties have changed:
[23:06:30] /sbin/ifdown [ Warning ]
[23:06:30] Warning: The file properties have changed:
[23:06:31] /sbin/ifup [ Warning ]
[23:06:31] Warning: The file properties have changed:
[23:06:34] /bin/dmesg [ Warning ]
[23:06:34] Warning: The file properties have changed:
[23:06:35] /bin/more [ Warning ]
[23:06:35] Warning: The file properties have changed:
[23:06:36] /bin/mount [ Warning ]
[23:06:36] Warning: The file properties have changed:
[23:06:37] /bin/which [ Warning ]
[23:06:37] Warning: The command '/bin/which' has been replaced by a script: /bin/which: POSIX shell script text executable
[23:08:58] Checking /dev for suspicious file types [ Warning ]
[23:08:58] Warning: Suspicious file types found in /dev:
[23:08:58] Checking for hidden files and directories [ Warning ]
[23:08:58] Warning: Hidden directory found: /etc/.java
[23:08:58] Warning: Hidden directory found: /dev/.udev
[23:08:58] Warning: Hidden directory found: /dev/.initramfs
[23:09:01] Checking version of Exim MTA [ Warning ]
[23:09:01] Warning: Application 'exim', version '4.71', is out of date, and possibly a security risk.
[23:09:01] Checking version of GnuPG [ Warning ]
[23:09:01] Warning: Application 'gpg', version '1.4.10', is out of date, and possibly a security risk.
[23:09:01] Checking version of OpenSSL [ Warning ]
[23:09:01] Warning: Application 'openssl', version '0.9.8k', is out of date, and possibly a security risk.
© Server Fault or respective owner
