RE: [Rkhunter-users] problem in hash for binary files in linux osHi,
Well if you get [BAD] lines in your rkhunter output and you did not do
(manually) an update on software packages you use (which would give other
hashes) or your automated updater like yum for example did not update
anything.In that case you should be suspicious about failed hash checks.
----- Original Message -----
From: Andrew Kirch
To: RSCALOVER ; [email protected]
Sent: Wednesday, May 30, 2007 6:44 PM
Subject: RE: [Rkhunter-users] problem in hash for binary files in linux os
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
What is the effect, if any of hashupd.sh being run on a compromised system?
Wouldn't it identify otherwise-malicious files as being benign?
Andrew D Kirch - AllThingsIT
Office: 317-755-0200
GPG: 735D020C
________________________________
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of RSCALOVER
Sent: Wednesday, May 30, 2007 10:36 AM
To: [email protected]
Subject: Re: [Rkhunter-users] problem in hash for binary files in linux os
hi,
For the bad hashes run hashupd.sh availible here =>
http://sourceforge.net/project/showfiles.php?group_id=155034
cd /usr/local/src
wget http://ovh.dl.sourceforge.net/sourceforge/rkhunter/hashupd.sh
chmod 755 hashupd.sh
./hashupd.sh
cd /usr/local/bin
./rkhunter --createlogfile -c
stil bad hashes ?
regards,
:-)
----- Original Message -----
From: thirupathy k <mailto:[EMAIL PROTECTED]>
To: [email protected]
Sent: Wednesday, May 30, 2007 4:18 PM
Subject: [Rkhunter-users] problem in hash for binary files in linux os
hi,
Dear all , am finding problem in rkhunter which was installed in my
server with fedora core and the rkhunter which was used in the linux server is
the latest version (1.2.9) . while the daily scripts are running from the
server states that a lot os bad checks while doing rkhunter checking. please
see the error message given below and help me to solve this issue.
more over i have updated the rkhunter databases with the following
command
rkhunter --update
Error message
* System tools
Info: prelinked files found
Performing 'known good' check...
/bin/cat [ BAD ]
/bin/chmod [ BAD ]
/bin/chown [ BAD ]
/bin/date [ BAD ]
/bin/dmesg [ BAD ]
/bin/env [ BAD ]
/bin/grep [ OK ]
/bin/kill [ BAD ]
/bin/login [ BAD ]
/bin/ls [ BAD ]
/bin/more [ BAD ]
/bin/mount [ BAD ]
/bin/netstat [ OK ]
/bin/ps [ BAD ]
/bin/su [ BAD ]
/sbin/chkconfig [ OK ]
/sbin/depmod [ BAD ]
/sbin/ifconfig [ OK ]
/sbin/init [ OK ]
/sbin/insmod [ BAD ]
/sbin/ip [ BAD ]
/sbin/lsmod [ BAD ]
/sbin/modinfo [ BAD ]
/sbin/modprobe [ BAD ]
/sbin/rmmod [ BAD ]
/sbin/runlevel [ OK ]
/sbin/sysctl [ BAD ]
/sbin/syslogd [ OK ]
/sbin/sulogin [ OK ]
/usr/bin/chattr [ OK ]
/usr/bin/du [ BAD ]
/usr/bin/file [ BAD ]
/usr/bin/find [ OK ]
/usr/bin/head [ BAD ]
/usr/bin/killall [ BAD ]
/usr/bin/lsattr [ OK ]
/usr/bin/md5sum [ BAD ]
/usr/bin/passwd [ OK ]
/usr/bin/pstree [ BAD ]
/usr/bin/sha1sum [ BAD ]
/usr/bin/stat [ BAD ]
/usr/bin/strings [ BAD ]
/usr/bin/top [ BAD ]
/usr/bin/users [ BAD ]
/usr/bin/vmstat [ BAD ]
/usr/bin/w [ BAD ]
/usr/bin/watch [ BAD ]
/usr/bin/wc [ BAD ]
/usr/bin/wget [ OK ]
/usr/bin/whereis [ BAD ]
/usr/bin/who [ BAD ]
/usr/bin/whoami [ BAD ]
--------------------------------------------------------------------------------
Rootkit Hunter has found some bad or unknown hashes. This can happen
due to replaced
binaries or updated packages (which give other hashes). Be sure your
hashes are
up-to-date (rkhunter --update). If you're in doubt about these
hashes, contact
us through the Rootkit Hunter mailinglist at
[email protected]
<mailto:[email protected]> .
--------------------------------------------------------------------------------
After running the command also gives the same result. Please help me
to solve this issue. Waiting for ur reply
--
Regards
K.Thirupathy
________________________________
-------------------------------------------------------------------------
This SF.net email is sponsored by DB2 Express
Download DB2 Express C - the FREE version of DB2 express and take
control of your XML. No limits. Just data. Click to get it now.
http://sourceforge.net/powerbar/db2/
________________________________
_______________________________________________
Rkhunter-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/rkhunter-users
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.7 (MingW32)
iD8DBQFGXanfkAlCbnNtAgwRAngaAJ951fE0eOUYsB0Amu7fitaL4PY/BgCg3XKW
/t5Zb6n3J/PHWgIl5nFe3EQ=
=hRK6
-----END PGP SIGNATURE-----
-------------------------------------------------------------------------
This SF.net email is sponsored by DB2 Express
Download DB2 Express C - the FREE version of DB2 express and take
control of your XML. No limits. Just data. Click to get it now.
http://sourceforge.net/powerbar/db2/
_______________________________________________
Rkhunter-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/rkhunter-users
