Hi all, Ok, 1.3.4 has been running daily for months, with no warnings. I just updated to 1.3.6, and got a bunch or warnings... I'm hoping these are just a result of the upgrade, and mean that I need to edit the config file again - but is 1.3.6 really so much more thorough that I'm going to have to manually whitelist so much more?
Ok, on to details... I updated, then ran rkhunter --propupd: > myhost : Sat May 15, 11:29:17 : /usr/sbin > # ./rkhunter --propupd > [ Rootkit Hunter version 1.3.6 ] > File updated: searched for 161 files, found 145 > myhost : Sat May 15, 11:29:48 : /usr/sbin > # then manually executed the cron job. Here's the email summary results I got: > [ Rootkit Hunter version 1.3.6 ] > > Checking rkhunter data files... > Checking file mirrors.dat [ No update ] > Checking file programs_bad.dat [ No update ] > Checking file backdoorports.dat [ No update ] > Checking file suspscan.dat [ No update ] > Checking file i18n/cn [ Skipped ] > Checking file i18n/de [ Skipped ] > Checking file i18n/en [ No update ] > Checking file i18n/zh [ Skipped ] > Checking file i18n/zh.utf8 [ Skipped ] > > > System checks summary > ===================== > > File properties checks... > Files checked: 145 > Suspect files: 59 > > Rootkit checks... > Rootkits checked : 250 > Possible rootkits: 2 > Rootkit names : Xzibit Rootkit, Xzibit Rootkit > > Applications checks... > All checks skipped > > The system checks took: 2 minutes and 20 seconds > > All results have been written to the log file (/var/log/rkhunter.log) > > One or more warnings have been found while checking the system. > Please check the log file (/var/log/rkhunter.log) and last, the log details: myhost : Sat May 15, 11:35:08 : /var/log # less rkhunter.log | grep Warning [11:30:28] /usr/bin/chattr [ Warning ] [11:30:28] Warning: File '/usr/bin/chattr' has the immutable-bit set. [11:30:28] /usr/bin/curl [ Warning ] [11:30:28] Warning: File '/usr/bin/curl' has the immutable-bit set. [11:30:29] /usr/bin/diff [ Warning ] [11:30:29] Warning: File '/usr/bin/diff' has the immutable-bit set. [11:30:29] /usr/bin/file [ Warning ] [11:30:29] Warning: File '/usr/bin/file' has the immutable-bit set. [11:30:30] /usr/bin/find [ Warning ] [11:30:30] Warning: File '/usr/bin/find' has the immutable-bit set. [11:30:30] /usr/bin/id [ Warning ] [11:30:30] Warning: File '/usr/bin/id' has the immutable-bit set. [11:30:30] /usr/bin/killall [ Warning ] [11:30:30] Warning: File '/usr/bin/killall' has the immutable-bit set. [11:30:31] /usr/bin/last [ Warning ] [11:30:31] Warning: File '/usr/bin/last' has the immutable-bit set. [11:30:31] /usr/bin/lastlog [ Warning ] [11:30:31] Warning: File '/usr/bin/lastlog' has the immutable-bit set. [11:30:31] /usr/bin/ldd [ Warning ] [11:30:31] Warning: File '/usr/bin/ldd' has the immutable-bit set. [11:30:31] /usr/bin/less [ Warning ] [11:30:31] Warning: File '/usr/bin/less' has the immutable-bit set. [11:30:31] /usr/bin/logger [ Warning ] [11:30:31] Warning: File '/usr/bin/logger' has the immutable-bit set. [11:30:32] /usr/bin/lsattr [ Warning ] [11:30:32] Warning: File '/usr/bin/lsattr' has the immutable-bit set. [11:30:32] /usr/bin/lsof [ Warning ] [11:30:32] Warning: File '/usr/bin/lsof' has the immutable-bit set. [11:30:32] /usr/bin/md5sum [ Warning ] [11:30:32] Warning: File '/usr/bin/md5sum' has the immutable-bit set. [11:30:32] /usr/bin/newgrp [ Warning ] [11:30:33] Warning: File '/usr/bin/newgrp' has the immutable-bit set. [11:30:33] /usr/bin/pgrep [ Warning ] [11:30:33] Warning: File '/usr/bin/pgrep' has the immutable-bit set. [11:30:33] /usr/bin/pstree [ Warning ] [11:30:33] Warning: File '/usr/bin/pstree' has the immutable-bit set. [11:30:34] /usr/bin/runcon [ Warning ] [11:30:34] Warning: File '/usr/bin/runcon' has the immutable-bit set. [11:30:34] /usr/bin/sha1sum [ Warning ] [11:30:34] Warning: File '/usr/bin/sha1sum' has the immutable-bit set. [11:30:34] /usr/bin/sha224sum [ Warning ] [11:30:34] Warning: File '/usr/bin/sha224sum' has the immutable-bit set. [11:30:34] /usr/bin/sha256sum [ Warning ] [11:30:34] Warning: File '/usr/bin/sha256sum' has the immutable-bit set. [11:30:34] /usr/bin/sha384sum [ Warning ] [11:30:35] Warning: File '/usr/bin/sha384sum' has the immutable-bit set. [11:30:35] /usr/bin/sha512sum [ Warning ] [11:30:35] Warning: File '/usr/bin/sha512sum' has the immutable-bit set. [11:30:35] /usr/bin/slocate [ Warning ] [11:30:35] Warning: File '/usr/bin/slocate' has the immutable-bit set. [11:30:35] /usr/bin/stat [ Warning ] [11:30:35] Warning: File '/usr/bin/stat' has the immutable-bit set. [11:30:35] /usr/bin/strace [ Warning ] [11:30:36] Warning: File '/usr/bin/strace' has the immutable-bit set. [11:30:36] /usr/bin/sudo [ Warning ] [11:30:36] Warning: File '/usr/bin/sudo' has the immutable-bit set. [11:30:36] /usr/bin/test [ Warning ] [11:30:36] Warning: File '/usr/bin/test' has the immutable-bit set. [11:30:36] /usr/bin/top [ Warning ] [11:30:36] Warning: File '/usr/bin/top' has the immutable-bit set. [11:30:37] /usr/bin/uniq [ Warning ] [11:30:37] Warning: File '/usr/bin/uniq' has the immutable-bit set. [11:30:37] /usr/bin/users [ Warning ] [11:30:37] Warning: File '/usr/bin/users' has the immutable-bit set. [11:30:37] /usr/bin/vmstat [ Warning ] [11:30:37] Warning: File '/usr/bin/vmstat' has the immutable-bit set. [11:30:37] /usr/bin/w [ Warning ] [11:30:38] Warning: File '/usr/bin/w' has the immutable-bit set. [11:30:38] /usr/bin/watch [ Warning ] [11:30:38] Warning: File '/usr/bin/watch' has the immutable-bit set. [11:30:38] /usr/bin/wget [ Warning ] [11:30:38] Warning: File '/usr/bin/wget' has the immutable-bit set. [11:30:38] /usr/bin/whatis [ Warning ] [11:30:38] Warning: File '/usr/bin/whatis' has the immutable-bit set. [11:30:38] /usr/bin/whereis [ Warning ] [11:30:38] Warning: File '/usr/bin/whereis' has the immutable-bit set. [11:30:39] /usr/bin/which [ Warning ] [11:30:39] Warning: File '/usr/bin/which' has the immutable-bit set. [11:30:39] /usr/bin/who [ Warning ] [11:30:39] Warning: File '/usr/bin/who' has the immutable-bit set. [11:30:39] /usr/bin/whoami [ Warning ] [11:30:39] Warning: File '/usr/bin/whoami' has the immutable-bit set. [11:30:39] /usr/bin/lwp-request [ Warning ] [11:30:39] Warning: File '/usr/bin/lwp-request' has the immutable-bit set. [11:30:39] /usr/bin/perl5.8.8 [ Warning ] [11:30:39] Warning: File '/usr/bin/perl5.8.8' has the immutable-bit set. [11:30:43] /usr/sbin/cron [ Warning ] [11:30:43] Warning: File '/usr/sbin/cron' has the immutable-bit set. [11:30:44] /usr/sbin/groupadd [ Warning ] [11:30:44] Warning: File '/usr/sbin/groupadd' has the immutable-bit set. [11:30:44] /usr/sbin/groupdel [ Warning ] [11:30:44] Warning: File '/usr/sbin/groupdel' has the immutable-bit set. [11:30:44] /usr/sbin/groupmod [ Warning ] [11:30:44] Warning: File '/usr/sbin/groupmod' has the immutable-bit set. [11:30:44] /usr/sbin/grpck [ Warning ] [11:30:44] Warning: File '/usr/sbin/grpck' has the immutable-bit set. [11:30:45] /usr/sbin/pwck [ Warning ] [11:30:45] Warning: File '/usr/sbin/pwck' has the immutable-bit set. [11:30:45] /usr/sbin/rkhunter [ Warning ] [11:30:45] Warning: File '/usr/sbin/rkhunter' has the immutable-bit set. [11:30:46] /usr/sbin/tcpd [ Warning ] [11:30:46] Warning: File '/usr/sbin/tcpd' has the immutable-bit set. [11:30:46] /usr/sbin/useradd [ Warning ] [11:30:46] Warning: File '/usr/sbin/useradd' has the immutable-bit set. [11:30:47] /usr/sbin/userdel [ Warning ] [11:30:47] Warning: File '/usr/sbin/userdel' has the immutable-bit set. [11:30:47] /usr/sbin/usermod [ Warning ] [11:30:47] Warning: File '/usr/sbin/usermod' has the immutable-bit set. [11:30:47] /usr/sbin/vipw [ Warning ] [11:30:47] Warning: File '/usr/sbin/vipw' has the immutable-bit set. [11:30:47] /usr/sbin/xinetd [ Warning ] [11:30:47] Warning: File '/usr/sbin/xinetd' has the immutable-bit set. [11:30:48] /usr/sbin/hashalot [ Warning ] [11:30:48] Warning: File '/usr/sbin/hashalot' has the immutable-bit set. [11:30:55] /usr/x86_64-pc-linux-gnu/binutils-bin/2.18/size [ Warning ] [11:30:55] Warning: File '/usr/x86_64-pc-linux-gnu/binutils-bin/2.18/size' has the immutable-bit set. [11:30:55] /usr/x86_64-pc-linux-gnu/binutils-bin/2.18/strings [ Warning ] [11:30:55] Warning: File '/usr/x86_64-pc-linux-gnu/binutils-bin/2.18/strings' has the immutable-bit set. [11:32:14] Checking for string 'hdparm' [ Warning ] [11:32:15] Warning: Checking for possible rootkit strings [ Warning ] [11:32:32] Checking for hidden files and directories [ Warning ] [11:32:32] Warning: Hidden directory found: /dev/.lvm ------------------------------------------------------------------------------ _______________________________________________ Rkhunter-users mailing list Rkhunter-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/rkhunter-users
