RE: [Rkhunter-users] problem in hash for binary files in linux oshi,
Regarding my previous post here is a good example.My server just emailed me
Time: Wed May 30 12:06:43 2007
The following list of files have FAILED the md5sum comparision test. This means
that the file has been changed in some way. This could be a result of an OS
update or application upgrade. If the change is unexpected it should be
investigated:
/usr/bin/file: FAILED
I know this is normal and there is nothing to worry about why ? because i
updated that package myself.
----- Original Message -----
From: Andrew Kirch
To: thirupathy k ; [email protected]
Sent: Wednesday, May 30, 2007 4:24 PM
Subject: Re: [Rkhunter-users] problem in hash for binary files in linux os
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Two questions
What OS are you running?
Do you have any reason to believe it might be compromised?
Andrew D Kirch - AllThingsIT
Office: 317-755-0200
GPG: 735D020C
________________________________
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of thirupathy k
Sent: Wednesday, May 30, 2007 10:18 AM
To: [email protected]
Subject: [Rkhunter-users] problem in hash for binary files in linux os
hi,
Dear all , am finding problem in rkhunter which was installed in my server
with fedora core and the rkhunter which was used in the linux server is the
latest version (1.2.9) . while the daily scripts are running from the server
states that a lot os bad checks while doing rkhunter checking. please see the
error message given below and help me to solve this issue.
more over i have updated the rkhunter databases with the following command
rkhunter --update
Error message
* System tools
Info: prelinked files found
Performing 'known good' check...
/bin/cat [ BAD ]
/bin/chmod [ BAD ]
/bin/chown [ BAD ]
/bin/date [ BAD ]
/bin/dmesg [ BAD ]
/bin/env [ BAD ]
/bin/grep [ OK ]
/bin/kill [ BAD ]
/bin/login [ BAD ]
/bin/ls [ BAD ]
/bin/more [ BAD ]
/bin/mount [ BAD ]
/bin/netstat [ OK ]
/bin/ps [ BAD ]
/bin/su [ BAD ]
/sbin/chkconfig [ OK ]
/sbin/depmod [ BAD ]
/sbin/ifconfig [ OK ]
/sbin/init [ OK ]
/sbin/insmod [ BAD ]
/sbin/ip [ BAD ]
/sbin/lsmod [ BAD ]
/sbin/modinfo [ BAD ]
/sbin/modprobe [ BAD ]
/sbin/rmmod [ BAD ]
/sbin/runlevel [ OK ]
/sbin/sysctl [ BAD ]
/sbin/syslogd [ OK ]
/sbin/sulogin [ OK ]
/usr/bin/chattr [ OK ]
/usr/bin/du [ BAD ]
/usr/bin/file [ BAD ]
/usr/bin/find [ OK ]
/usr/bin/head [ BAD ]
/usr/bin/killall [ BAD ]
/usr/bin/lsattr [ OK ]
/usr/bin/md5sum [ BAD ]
/usr/bin/passwd [ OK ]
/usr/bin/pstree [ BAD ]
/usr/bin/sha1sum [ BAD ]
/usr/bin/stat [ BAD ]
/usr/bin/strings [ BAD ]
/usr/bin/top [ BAD ]
/usr/bin/users [ BAD ]
/usr/bin/vmstat [ BAD ]
/usr/bin/w [ BAD ]
/usr/bin/watch [ BAD ]
/usr/bin/wc [ BAD ]
/usr/bin/wget [ OK ]
/usr/bin/whereis [ BAD ]
/usr/bin/who [ BAD ]
/usr/bin/whoami [ BAD ]
-
--------------------------------------------------------------------------------
Rootkit Hunter has found some bad or unknown hashes. This can happen due to
replaced
binaries or updated packages (which give other hashes). Be sure your hashes
are
up-to-date (rkhunter --update). If you're in doubt about these hashes, contact
us through the Rootkit Hunter mailinglist at
[email protected]
<mailto:[email protected]> .
-
--------------------------------------------------------------------------------
After running the command also gives the same result. Please help me to solve
this issue. Waiting for ur reply
- --
Regards
K.Thirupathy
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.7 (MingW32)
iD8DBQFGXYkUkAlCbnNtAgwRAlhjAJ4ymVVHKRp6LfW/Fy3E/xUr8EiO7wCguj3E
DyCLZ1mwE4U7tfDUEy1zVao=
=RzQh
-----END PGP SIGNATURE-----
------------------------------------------------------------------------------
-------------------------------------------------------------------------
This SF.net email is sponsored by DB2 Express
Download DB2 Express C - the FREE version of DB2 express and take
control of your XML. No limits. Just data. Click to get it now.
http://sourceforge.net/powerbar/db2/
------------------------------------------------------------------------------
_______________________________________________
Rkhunter-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/rkhunter-users
-------------------------------------------------------------------------
This SF.net email is sponsored by DB2 Express
Download DB2 Express C - the FREE version of DB2 express and take
control of your XML. No limits. Just data. Click to get it now.
http://sourceforge.net/powerbar/db2/
_______________________________________________
Rkhunter-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/rkhunter-users
