Hello, I have just runned rkhunter on mine debian 3.1 etch fully up to date and receive 89 errors, can you tell me why this happen and is there an risk.
dhcppc0:/home/marco# rkhunter --update Running updater... Mirrorfile /var/lib/rkhunter/db/mirrors.dat rotated Using mirror http://rkhunter.sourceforge.net [DB] Mirror file : Up to date [DB] MD5 hashes system binaries : Update available Action: Database updated (current version: 2006093000, new version 2006111400) [DB] Operating System information : Update available Action: Database updated (current version: 2006093000, new version 2006111400) [DB] MD5 blacklisted tools/binaries : Up to date [DB] Known good program versions : Update available Action: Database updated (current version: 2006031400, new version 2006111400) [DB] Known bad program versions : Up to date Ready. dhcppc0:/home/marco# rkhunter --checkall Rootkit Hunter 1.2.9 is running Determining OS... Ready Checking binaries * Selftests Strings (command) [ OK ] * System tools Performing 'known good' check... /bin/cat [ BAD ] /bin/chmod [ BAD ] /bin/chown [ BAD ] /bin/date [ BAD ] /bin/dmesg [ BAD ] /bin/grep [ BAD ] /bin/kill [ BAD ] /bin/login [ BAD ] /bin/ls [ BAD ] /bin/more [ BAD ] /bin/mount [ BAD ] /bin/netstat [ BAD ] /bin/ps [ BAD ] /bin/su [ BAD ] /sbin/depmod [ BAD ] /sbin/ifconfig [ BAD ] /sbin/init [ BAD ] /sbin/insmod [ BAD ] /sbin/modinfo [ BAD ] /sbin/modprobe [ BAD ] /sbin/rmmod [ BAD ] /sbin/runlevel [ BAD ] /sbin/sulogin [ BAD ] /sbin/sysctl [ BAD ] /sbin/syslogd [ BAD ] /usr/bin/chattr [ BAD ] /usr/bin/du [ BAD ] /usr/bin/file [ BAD ] /usr/bin/find [ BAD ] /usr/bin/head [ BAD ] /usr/bin/killall [ BAD ] /usr/bin/lsattr [ BAD ] /usr/bin/md5sum [ BAD ] /usr/bin/passwd [ BAD ] /usr/bin/pstree [ BAD ] /usr/bin/sha1sum [ BAD ] /usr/bin/stat [ BAD ] /usr/bin/strings [ BAD ] /usr/bin/top [ BAD ] /usr/bin/users [ BAD ] /usr/bin/vmstat [ BAD ] /usr/bin/watch [ BAD ] /usr/bin/wc [ BAD ] /usr/bin/wget [ BAD ] /usr/bin/whereis [ BAD ] /usr/bin/who [ BAD ] /usr/bin/whoami [ BAD ] /usr/sbin/cron [ BAD ] /usr/sbin/inetd [ BAD ] -------------------------------------------------------------------------------- Rootkit Hunter has found some bad or unknown hashes. This can happen due to replaced binaries or updated packages (which give other hashes). Be sure your hashes are up-to-date (rkhunter --update). If you're in doubt about these hashes, contact us through the Rootkit Hunter mailinglist at [EMAIL PROTECTED] -------------------------------------------------------------------------------- [Press <ENTER> to continue] Check rootkits * Default files and directories Rootkit '55808 Trojan - Variant A'... [ OK ] ADM Worm... [ OK ] Rootkit 'AjaKit'... [ OK ] Rootkit 'aPa Kit'... [ OK ] Rootkit 'Apache Worm'... [ OK ] Rootkit 'Ambient (ark) Rootkit'... [ OK ] Rootkit 'Balaur Rootkit'... [ OK ] Rootkit 'BeastKit'... [ OK ] Rootkit 'beX2'... [ OK ] Rootkit 'BOBKit'... [ OK ] Rootkit 'CiNIK Worm (Slapper.B variant)'... [ OK ] Rootkit 'Danny-Boy's Abuse Kit'... [ OK ] Rootkit 'Devil RootKit'... [ OK ] Rootkit 'Dica'... [ OK ] Rootkit 'Dreams Rootkit'... [ OK ] Rootkit 'Duarawkz'... [ OK ] Rootkit 'Flea Linux Rootkit'... [ OK ] Rootkit 'FreeBSD Rootkit'... [ OK ] Rootkit 'Fuck`it Rootkit'... [ OK ] Rootkit 'GasKit'... [ OK ] Rootkit 'Heroin LKM'... [ OK ] Rootkit 'HjC Kit'... [ OK ] Rootkit 'ignoKit'... [ OK ] Rootkit 'ImperalsS-FBRK'... [ OK ] Rootkit 'Irix Rootkit'... [ OK ] Rootkit 'Kitko'... [ OK ] Rootkit 'Knark'... [ OK ] Rootkit 'Li0n Worm'... [ OK ] Rootkit 'Lockit / LJK2'... [ OK ] Rootkit 'MRK'... [ OK ] Rootkit 'Ni0 Rootkit'... [ OK ] Rootkit 'RootKit for SunOS / NSDAP'... [ OK ] Rootkit 'Optic Kit (Tux)'... [ OK ] Rootkit 'Oz Rootkit'... [ OK ] Rootkit 'Portacelo'... [ OK ] Rootkit 'R3dstorm Toolkit'... [ OK ] Rootkit 'RH-Sharpe's rootkit'... [ OK ] Rootkit 'RSHA's rootkit'... [ OK ] Sebek LKM... [ OK ] Rootkit 'Scalper Worm'... [ OK ] Rootkit 'Shutdown'... [ OK ] Rootkit 'SHV4'... [ OK ] Rootkit 'SHV5'... [ OK ] Rootkit 'Sin Rootkit'... [ OK ] Rootkit 'Slapper'... [ OK ] Rootkit 'Sneakin Rootkit'... [ OK ] Rootkit 'Suckit Rootkit'... [ OK ] Rootkit 'SunOS Rootkit'... [ OK ] Rootkit 'Superkit'... [ OK ] Rootkit 'TBD (Telnet BackDoor)'... [ OK ] Rootkit 'TeLeKiT'... [ OK ] Rootkit 'T0rn Rootkit'... [ OK ] Rootkit 'Trojanit Kit'... [ OK ] Rootkit 'Tuxtendo'... [ OK ] Rootkit 'URK'... [ OK ] Rootkit 'VcKit'... [ OK ] Rootkit 'Volc Rootkit'... [ OK ] Rootkit 'X-Org SunOS Rootkit'... [ OK ] Rootkit 'zaRwT.KiT Rootkit'... [ OK ] * Suspicious files and malware Scanning for known rootkit strings [ OK ] Scanning for known rootkit files [ OK ] Testing running processes... [ OK ] Miscellaneous Login backdoors [ OK ] Miscellaneous directories [ OK ] Software related files [ OK ] Sniffer logs [ OK ] [Press <ENTER> to continue] * Trojan specific characteristics shv4 Checking /etc/rc.d/rc.sysinit [ Not found ] Checking /etc/inetd.conf [ Clean ] Checking /etc/xinetd.conf [ Skipped ] * Suspicious file properties chmod properties Checking /bin/ps [ Clean ] Checking /bin/ls [ Clean ] Checking /usr/bin/w [ Clean ] Checking /usr/bin/who [ Clean ] Checking /bin/netstat [ Clean ] Checking /bin/login [ Clean ] Script replacements Checking /bin/ps [ Clean ] Checking /bin/ls [ Clean ] Checking /usr/bin/w [ Clean ] Checking /usr/bin/who [ Clean ] Checking /bin/netstat [ Clean ] Checking /bin/login [ Clean ] * OS dependant tests Linux Checking loaded kernel modules... [ OK ] Checking file attributes [ OK ] Checking LKM module path [ OK ] Networking * Check: frequently used backdoors Port 2001: Scalper Rootkit [ OK ] Port 2006: CB Rootkit [ OK ] Port 2128: MRK [ OK ] Port 14856: Optic Kit (Tux) [ OK ] Port 47107: T0rn Rootkit [ OK ] Port 60922: zaRwT.KiT [ OK ] * Interfaces Scanning for promiscuous interfaces... [ OK ] [Press <ENTER> to continue] System checks * Allround tests Checking hostname... Found. Hostname is dhcppc0 Checking for passwordless user accounts... OK Checking for differences in user accounts... [ NA ] Checking for differences in user groups... Creating file It seems this is your first time. Checking boot.local/rc.local file... - /etc/rc.local [ OK ] - /etc/rc.d/rc.local [ Not found ] - /usr/local/etc/rc.local [ Not found ] - /usr/local/etc/rc.d/rc.local [ Not found ] - /etc/conf.d/local.start [ Not found ] - /etc/init.d/boot.local [ Not found ] Checking rc.d files... [ Not found ] Checking history files Bourne Shell [ OK ] * Filesystem checks Checking /dev for suspicious files... [ OK ] Scanning for hidden files... [ Warning! ] --------------- /etc/.pwd.lock /etc/.java /dev/.static /dev/.udev /dev/.initramfs /dev/.initramfs-tools --------------- Please inspect: /etc/.java (directory) /dev/.static (directory) /dev/.udev (directory) /dev/.initramfs (directory) [Press <ENTER> to continue] Application advisories * Application scan Checking Apache2 modules ... [ Not found ] Checking Apache configuration ... [ OK ] * Application version scan - Exim MTA 4.63 [ Unknown ] - GnuPG 1.4.5 [ OK ] - OpenSSL 0.9.8c [ Unknown ] - Procmail MTA 3.22 [ OK ] Your system contains some unknown version numbers. Please run Rootkit Hunter with the --update parameter or contact us through the Rootkit Hunter mailinglist at [EMAIL PROTECTED] Security advisories * Check: Groups and Accounts Searching for /etc/passwd... [ Found ] Checking users with UID '0' (root)... [ OK ] * Check: SSH Searching for sshd_config... * Check: Events and Logging Search for syslog configuration... [ OK ] Checking for running syslog slave... [ OK ] Checking for logging to remote system... [ OK (no remote logging) ] [Press <ENTER> to continue] ---------------------------- Scan results ---------------------------- MD5 scan Scanned files: 49 Incorrect MD5 checksums: 49 File scan Scanned files: 342 Possible infected files: 0 Application scan Vulnerable applications: 0 Scanning took 89 seconds ------------------------------------------------------------------------- Take Surveys. Earn Cash. Influence the Future of IT Join SourceForge.net's Techsay panel and you'll get the chance to share your opinions on IT & business topics through brief surveys - and earn cash http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV _______________________________________________ Rkhunter-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/rkhunter-users
