hi there , ich use the rkhunter 1.3.8 and scan my ubuntu 10.4.3 x64 the log file shows some warnings about suspisious files , i cant belive this are false positive .
here is a complete copy of the rkhunter.log by the way i test to install the same ubuntu iso on a virtual machine whit exact the same config and programms and run a scan but in the virtual machine the dont came up only on my real system. so thats why i cant belive that they are false positiv. so here is the rkhunter.log warnings of the real system scan: [12:15:21] /usr/sbin/adduser [ Warning ] [12:15:21] Warning: The command '/usr/sbin/adduser' has been replaced by a script: /usr/sbin/adduser: a /usr/bin/perl script text executable [12:15:26] /usr/bin/ldd [ Warning ] [12:15:26] Warning: The command '/usr/bin/ldd' has been replaced by a script: /usr/bin/ldd: Bourne-Again shell script text executable [12:15:31] /usr/bin/lwp-request [ Warning ] [12:15:31] Warning: The command '/usr/bin/lwp-request' has been replaced by a script: /usr/bin/lwp-request: a /usr/bin/perl -w script text executable [12:15:38] /bin/which [ Warning ] [12:15:38] Warning: The command '/bin/which' has been replaced by a script: /bin/which: POSIX shell script text executable [12:16:21] Info: SCAN_MODE_DEV set to 'THOROUGH' [12:16:21] Checking /dev for suspicious file types [ Warning ] [12:16:21] Warning: Suspicious file types found in /dev: [12:16:21] /dev/shm/pulse-shm-2005885598: data [12:16:21] /dev/shm/pulse-shm-505987593: AmigaOS bitmap font [12:16:21] /dev/shm/pulse-shm-1522195268: data [12:16:21] /dev/shm/mono-shared-1000-shared_fileshare-moneytrail-d64-Linux-x86_64-40-12-0: data [12:16:21] /dev/shm/mono-shared-1000-shared_data-moneytrail-d64-Linux-x86_64-328-12-0: data [12:16:21] /dev/shm/mono.1650: data [12:16:22] Checking version of GnuPG [ Warning ] [12:16:22] Warning: Application 'gpg', version '1.4.10', is out of date, and possibly a security risk. [12:16:22] Info: Application 'httpd' not found. [12:16:22] Info: Application 'named' not found. [12:16:23] Checking version of OpenSSL [ Warning ] [12:16:23] Warning: Application 'openssl', version '0.9.8k', is out of date, and possibly a security risk. 1 please can you help me about this log , is my system infected whit some bad things ? if you need some more informations then send me an email and i give you what you need to find out if these are bad things. ------------------------------------------------------------------------------ All of the data generated in your IT infrastructure is seriously valuable. Why? It contains a definitive record of application performance, security threats, fraudulent activity, and more. Splunk takes this data and makes sense of it. IT sense. And common sense. http://p.sf.net/sfu/splunk-d2dcopy2 _______________________________________________ Rkhunter-users mailing list Rkhunter-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/rkhunter-users
