I have an up to date hash database according to rkhunter --update, but
rkhunter --checkall still reports several bad/unknown hashes. The bad ones are
show here :
/bin/ps [ BAD ]
/sbin/sysctl [ BAD ]
/usr/bin/top [ BAD ]
/usr/bin/vmstat [ BAD ]
/usr/bin/w [ BAD ]
/usr/bin/watch [ BAD ]
/usr/bin/wget [ BAD ]
The full update and checkall reports are show below:
[EMAIL PROTECTED] ~]# rkhunter --update
Running updater...
Mirrorfile /usr/local/rkhunter/lib/rkhunter/db/mirrors.dat rotated
Using mirror http://rkhunter.sourceforge.net
[DB] Mirror file : Up to date
[DB] MD5 hashes system binaries : Up to date
[DB] Operating System information : Up to date
[DB] MD5 blacklisted tools/binaries : Up to date
[DB] Known good program versions : Up to date
[DB] Known bad program versions : Up to date
[EMAIL PROTECTED] ~]# rkhunter --checkall
Rootkit Hunter 1.2.9 is running
Determining OS... Ready
Checking binaries
* Selftests
Strings (command) [ OK ]
* System tools
Info: prelinked files found
Performing 'known good' check...
/bin/cat [ OK ]
/bin/chmod [ OK ]
/bin/chown [ OK ]
/bin/date [ OK ]
/bin/dmesg [ OK ]
/bin/env [ OK ]
/bin/grep [ OK ]
/bin/kill [ OK ]
/bin/login [ OK ]
/bin/ls [ OK ]
/bin/more [ OK ]
/bin/mount [ OK ]
/bin/netstat [ OK ]
/bin/ps [ BAD ]
/bin/su [ OK ]
/sbin/chkconfig [ OK ]
/sbin/depmod [ OK ]
/sbin/ifconfig [ OK ]
/sbin/init [ OK ]
/sbin/insmod [ OK ]
/sbin/ip [ OK ]
/sbin/lsmod [ OK ]
/sbin/modinfo [ OK ]
/sbin/modprobe [ OK ]
/sbin/rmmod [ OK ]
/sbin/runlevel [ OK ]
/sbin/sulogin [ OK ]
/sbin/sysctl [ BAD ]
/sbin/syslogd [ OK ]
/usr/bin/chattr [ OK ]
/usr/bin/du [ OK ]
/usr/bin/file [ OK ]
/usr/bin/find [ OK ]
/usr/bin/head [ OK ]
/usr/bin/killall [ OK ]
/usr/bin/lsattr [ OK ]
/usr/bin/passwd [ OK ]
/usr/bin/pstree [ OK ]
/usr/bin/sha1sum [ OK ]
/usr/bin/stat [ OK ]
/usr/bin/top [ BAD ]
/usr/bin/users [ OK ]
/usr/bin/vmstat [ BAD ]
/usr/bin/w [ BAD ]
/usr/bin/watch [ BAD ]
/usr/bin/wc [ OK ]
/usr/bin/wget [ BAD ]
/usr/bin/whereis [ OK ]
/usr/bin/who [ OK ]
/usr/bin/whoami [ OK ]
--------------------------------------------------------------------------------
Rootkit Hunter has found some bad or unknown hashes. This can happen due to
replaced
binaries or updated packages (which give other hashes). Be sure your hashes are
up-to-date (rkhunter --update). If you're in doubt about these hashes, contact
us through the Rootkit Hunter mailinglist at [EMAIL PROTECTED]
--------------------------------------------------------------------------------
Ready.
---------------------------- Scan results ----------------------------
MD5 scan
Scanned files: 50
Incorrect MD5 checksums: 7
File scan
Scanned files: 342
Possible infected files: 0
Application scan
Vulnerable applications: 0
Scanning took 597 seconds
-----------------------------------------------------------------------
Can anyone tell me what I need to do to make sure the 7 binaries reported as
being bad ARE really bad or not?
Thanks,
Nick Weavers
Phone 020 7871 0565
-------------------------------------------------------------------------
This SF.net email is sponsored by: Microsoft
Defy all challenges. Microsoft(R) Visual Studio 2005.
http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/
_______________________________________________
Rkhunter-users mailing list
Rkhunter-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/rkhunter-users