stop sending these emails, lve unsubscribed more than once but it wont unsubscribe me
[EMAIL PROTECTED] wrote: > Send Rkhunter-users mailing list submissions to > rkhunter-users@lists.sourceforge.net > > To subscribe or unsubscribe via the World Wide Web, visit > https://lists.sourceforge.net/lists/listinfo/rkhunter-users > or, via email, send a message with subject or body 'help' to > [EMAIL PROTECTED] > > You can reach the person managing the list at > [EMAIL PROTECTED] > > When replying, please edit your Subject line so it is more specific > than "Re: Contents of Rkhunter-users digest..." > > > Today's Topics: > > 1. Re: sha1 checksum for rkhunter-1.2.9.tar.gz? > ([EMAIL PROTECTED]) > 2. Re: suggestion for conf file in beta2 ([EMAIL PROTECTED]) > 3. Re: t0rn rootkit on ubuntu 7.04 (latest patches installed) > ([EMAIL PROTECTED]) > 4. Re: Rkhunter-users Digest, Vol 16, Issue 3 (Gordy) > 5. Incorrect MD5 checksums: 7 (Nick Weavers) > > > ---------------------------------------------------------------------- > > Message: 1 > Date: Sun, 09 Sep 2007 12:13:17 +0200 > From: <[EMAIL PROTECTED]> > Subject: Re: [Rkhunter-users] sha1 checksum for rkhunter-1.2.9.tar.gz? > To: <rkhunter-users@lists.sourceforge.net>,<[EMAIL PROTECTED]> > Message-ID: <[EMAIL PROTECTED]> > Content-Type: text/plain; charset="UTF-8" > > On Mon, 03 Sep 2007 00:02:01 +0200 "Jerry L. Kazdan" > <[EMAIL PROTECTED]> wrote: > >> http://sourceforge.net/project/showfiles.php?group_id=155034 >> has a checksum for 1.3.0-beta-2 but not for 1.2.9. >> > > That's because 1.2.9 will be phased out RSN. > Anyone interested the SHA1 hash for the 2nd 1.2.9 release is > 42d2125f5c145ee77c162d6d5cca50e06af7a3a0 rkhunter-1.2.9.tar.gz > > > Regards, unSpawn > > -- > Does your bra fit? Learn to pick the perfect bra for your body type. Click > now. > http://tagline.hushmail.com/fc/Ioyw6h4eVZZpZSeukon8lYyGpSI3T0LRP7VdHD2DMXQBazt5846nDK/ > > > > > ------------------------------ > > Message: 2 > Date: Sun, 09 Sep 2007 12:16:15 +0200 > From: <[EMAIL PROTECTED]> > Subject: Re: [Rkhunter-users] suggestion for conf file in beta2 > To: <rkhunter-users@lists.sourceforge.net>,<[EMAIL PROTECTED]> > Message-ID: <[EMAIL PROTECTED]> > Content-Type: text/plain; charset="UTF-8" > > On Sun, 09 Sep 2007 03:29:35 +0200 Gordy <[EMAIL PROTECTED]> > wrote: > >> But I >> would like to see more verbose hints to newbies in the conf >> instead of just this line >> > > Hmm. I find the conf is getting crowded already. > Wouldn't it be more appropriate for the FAQ? > > > Regards, unSpawn > > -- > Click here to become a professional counselor in less time than you think. > http://tagline.hushmail.com/fc/Ioyw6h4fPKCBA4XRQGM5H7eq8NysUCZdQs5TniPnequ9QGUk8VHFK4/ > > > > > ------------------------------ > > Message: 3 > Date: Sun, 09 Sep 2007 12:27:35 +0200 > From: <[EMAIL PROTECTED]> > Subject: Re: [Rkhunter-users] t0rn rootkit on ubuntu 7.04 (latest > patches installed) > To: <rkhunter-users@lists.sourceforge.net>,<[EMAIL PROTECTED]> > Message-ID: <[EMAIL PROTECTED]> > Content-Type: text/plain; charset="UTF-8" > > Hello, > > On Sun, 09 Sep 2007 11:01:48 +0200 f00 <[EMAIL PROTECTED]> wrote: > >> i got infected by t0rn rootkit on my ubuntu 7.04 server >> (recognized >> today). I had all recent patches installed, so i think there is >> another exploit. >> > > Sorry to hear that. The fact is that installing updates is not the > only avenue for crackers: weak service and system authorisation, > allowing people on the system (shell server), service > misconfiguration, non-SSL'ed FTP, lax access restrictions are just > a few things one needs to check and correct before you can call a > server somewhat "hardened". > > > >> I will bring you my logs (which logs would you like to >> see?)on >> monday, i powered down the server for now. >> > > Please DO NOT attach logs unless asked for. I'm afraid this list is > not for helping you find the root cause of the compromise. We do > occasionally ask for logs if we think it can enhance Rootkit Hunter > detection methods. If you want help with your compromise I suggest > you make a tarball out of the system 'last' records, system and > daemon logs and upload it to your homepage or a free webhost and > become a member or a Linux forum. There's a lot of them that are > willing to help, I've been helping people at > http://www.linuxquestions.org/questions/forumdisplay.php?f=4 for > the past years. To make sure you post all relevant info please also > read and act on the Intruder Detection Checklist (CERT): > http://www.cert.org/tech_tips/intruder_detection_checklist.html. > > > Regards, unSpawn > > -- > Click and get free information on a satisfying career as a massage therapist. > http://tagline.hushmail.com/fc/Ioyw6h4eIKsskVwZ0KPEbejPw4gr8qAu2vHWs9EniKB6ysM4lwoxSQ/ > > > > > > ------------------------------ > > Message: 4 > Date: Sun, 9 Sep 2007 21:50:16 +1000 (EST) > From: Gordy <[EMAIL PROTECTED]> > Subject: Re: [Rkhunter-users] Rkhunter-users Digest, Vol 16, Issue 3 > To: rkhunter-users@lists.sourceforge.net > Message-ID: <[EMAIL PROTECTED]> > Content-Type: text/plain; charset=iso-8859-1 > > John > > Thanks for quick reply. It is my fault that I have not attempted to learn > programming, but I was > given an open licence to test, as everyone is. So forgive me for mis-reading > the code I was > alluding to. TIA. > > Yes I agree that the un-install would cause big problems if the user chose > /usr as their pathway. > > I never tested multiple installs or multiples versions but I am glad your > team have already > forecast and minimised any problems in that area. > > > cheerio > > > > > > ____________________________________________________________________________________ > Sick of deleting your inbox? Yahoo!7 Mail has free unlimited storage. > http://au.docs.yahoo.com/mail/unlimitedstorage.html > > > > > ------------------------------ > > Message: 5 > Date: Sun, 9 Sep 2007 08:54:18 -0700 (PDT) > From: Nick Weavers <[EMAIL PROTECTED]> > Subject: [Rkhunter-users] Incorrect MD5 checksums: 7 > To: rkhunter-users@lists.sourceforge.net > Message-ID: <[EMAIL PROTECTED]> > Content-Type: text/plain; charset="iso-8859-1" > > I have an up to date hash database according to rkhunter --update, but > rkhunter --checkall still reports several bad/unknown hashes. The bad ones > are show here : > > /bin/ps [ BAD ] > /sbin/sysctl [ BAD ] > /usr/bin/top [ BAD ] > /usr/bin/vmstat [ BAD ] > /usr/bin/w [ BAD ] > /usr/bin/watch [ BAD ] > /usr/bin/wget [ BAD ] > > The full update and checkall reports are show below: > > [EMAIL PROTECTED] ~]# rkhunter --update > Running updater... > > Mirrorfile /usr/local/rkhunter/lib/rkhunter/db/mirrors.dat rotated > Using mirror http://rkhunter.sourceforge.net > [DB] Mirror file : Up to date > [DB] MD5 hashes system binaries : Up to date > [DB] Operating System information : Up to date > [DB] MD5 blacklisted tools/binaries : Up to date > [DB] Known good program versions : Up to date > [DB] Known bad program versions : Up to date > > [EMAIL PROTECTED] ~]# rkhunter --checkall > > > Rootkit Hunter 1.2.9 is running > > Determining OS... Ready > > > Checking binaries > * Selftests > Strings (command) [ OK ] > > > * System tools > Info: prelinked files found > Performing 'known good' check... > /bin/cat [ OK ] > /bin/chmod [ OK ] > /bin/chown [ OK ] > /bin/date [ OK ] > /bin/dmesg [ OK ] > /bin/env [ OK ] > /bin/grep [ OK ] > /bin/kill [ OK ] > /bin/login [ OK ] > /bin/ls [ OK ] > /bin/more [ OK ] > /bin/mount [ OK ] > /bin/netstat [ OK ] > /bin/ps [ BAD ] > /bin/su [ OK ] > /sbin/chkconfig [ OK ] > /sbin/depmod [ OK ] > /sbin/ifconfig [ OK ] > /sbin/init [ OK ] > /sbin/insmod [ OK ] > /sbin/ip [ OK ] > /sbin/lsmod [ OK ] > /sbin/modinfo [ OK ] > /sbin/modprobe [ OK ] > /sbin/rmmod [ OK ] > /sbin/runlevel [ OK ] > /sbin/sulogin [ OK ] > /sbin/sysctl [ BAD ] > /sbin/syslogd [ OK ] > /usr/bin/chattr [ OK ] > /usr/bin/du [ OK ] > /usr/bin/file [ OK ] > /usr/bin/find [ OK ] > /usr/bin/head [ OK ] > /usr/bin/killall [ OK ] > /usr/bin/lsattr [ OK ] > /usr/bin/passwd [ OK ] > /usr/bin/pstree [ OK ] > /usr/bin/sha1sum [ OK ] > /usr/bin/stat [ OK ] > /usr/bin/top [ BAD ] > /usr/bin/users [ OK ] > /usr/bin/vmstat [ BAD ] > /usr/bin/w [ BAD ] > /usr/bin/watch [ BAD ] > /usr/bin/wc [ OK ] > /usr/bin/wget [ BAD ] > /usr/bin/whereis [ OK ] > /usr/bin/who [ OK ] > /usr/bin/whoami [ OK ] > -------------------------------------------------------------------------------- > Rootkit Hunter has found some bad or unknown hashes. This can happen due to > replaced > binaries or updated packages (which give other hashes). Be sure your hashes > are > up-to-date (rkhunter --update). If you're in doubt about these hashes, contact > us through the Rootkit Hunter mailinglist at [EMAIL PROTECTED] > -------------------------------------------------------------------------------- > > Ready. > > ---------------------------- Scan results ---------------------------- > > MD5 scan > Scanned files: 50 > Incorrect MD5 checksums: 7 > > File scan > Scanned files: 342 > Possible infected files: 0 > > Application scan > Vulnerable applications: 0 > > Scanning took 597 seconds > > ----------------------------------------------------------------------- > > > Can anyone tell me what I need to do to make sure the 7 binaries reported as > being bad ARE really bad or not? > > Thanks, > > Nick Weavers > Phone 020 7871 0565 > > -------------- next part -------------- > An HTML attachment was scrubbed... > > ------------------------------ > > ------------------------------------------------------------------------- > This SF.net email is sponsored by: Microsoft > Defy all challenges. Microsoft(R) Visual Studio 2005. > http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/ > > ------------------------------ > > _______________________________________________ > Rkhunter-users mailing list > Rkhunter-users@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/rkhunter-users > > > End of Rkhunter-users Digest, Vol 16, Issue 4 > ********************************************* > > -- This is not unsolicited email. It is being sent because you used this email address to sign up for an account at http://animeotk.com If you need to reply to any emails sent by "us" please reply to this email (keeping the headers, subject line, and body text in tact) this will allow us to deal with your emails promptly as we deal with high volumes of email it will allow us to grasp previous responces quicker. ------------------------------------------------------------------------- This SF.net email is sponsored by: Microsoft Defy all challenges. Microsoft(R) Visual Studio 2005. http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/ _______________________________________________ Rkhunter-users mailing list Rkhunter-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/rkhunter-users
