Hi,I am using rkhunter 1.4.2 on some Debian 8 virtual machines. I am pretty satisfied of this tool and I was always able to cope with the issues that it has pointed me out.
Right now only one of these virtual machines gives me warnings that I was unable to find something about on the net and on the mailing list.
I enclose the log of the following command "rkhunter --sk -c --enable suspscan --debug".
Any help is very welcome, thanks and best regards, Andrea Boccaccio
[11:00:54] Running Rootkit Hunter version 1.4.2 on wiredproxy [11:00:54] [11:00:54] Info: Start date is Fri Apr 15 11:00:54 CEST 2016 [11:00:54] [11:00:54] Checking configuration file and command-line options... [11:00:54] Info: Detected operating system is 'Linux' [11:00:54] Info: Found O/S name: Debian 8.4 [11:00:54] Info: Command line is /usr/bin/rkhunter --sk -c --enable suspscan --debug [11:00:54] Info: Debug file is /tmp/rkhunter-debug.O4MnIHu9bY [11:00:54] Info: Environment shell is /bin/bash; rkhunter is using dash [11:00:54] Info: Using configuration file '/etc/rkhunter.conf' [11:00:54] Info: Installation directory is '/usr' [11:00:54] Info: Using language 'en' [11:00:54] Info: Using '/var/lib/rkhunter/db' as the database directory [11:00:54] Info: Using '/usr/share/rkhunter/scripts' as the support script directory [11:00:54] Info: Using '/usr/local/sbin /usr/local/bin /usr/sbin /usr/bin /sbin /bin' as the command directories [11:00:54] Info: Using '/var/lib/rkhunter/tmp' as the temporary directory [11:00:54] Info: No mail-on-warning address configured [11:00:54] Info: X will be automatically detected [11:00:54] Info: Found the 'basename' command: /usr/bin/basename [11:00:54] Info: Found the 'diff' command: /usr/bin/diff [11:00:54] Info: Found the 'dirname' command: /usr/bin/dirname [11:00:55] Info: Found the 'file' command: /usr/bin/file [11:00:55] Info: Found the 'find' command: /usr/bin/find [11:00:55] Info: Found the 'ifconfig' command: /sbin/ifconfig [11:00:55] Info: Found the 'ip' command: /sbin/ip [11:00:55] Info: Found the 'ipcs' command: /usr/bin/ipcs [11:00:55] Info: Found the 'ldd' command: /usr/bin/ldd [11:00:55] Info: Found the 'lsattr' command: /usr/bin/lsattr [11:00:55] Info: Found the 'lsmod' command: /sbin/lsmod [11:00:55] Info: Found the 'lsof' command: /usr/bin/lsof [11:00:55] Info: Found the 'mktemp' command: /bin/mktemp [11:00:55] Info: Found the 'netstat' command: /bin/netstat [11:00:55] Info: Found the 'perl' command: /usr/bin/perl [11:00:55] Info: Found the 'pgrep' command: /usr/bin/pgrep [11:00:55] Info: Found the 'ps' command: /bin/ps [11:00:55] Info: Found the 'pwd' command: /bin/pwd [11:00:55] Info: Found the 'readlink' command: /bin/readlink [11:00:55] Info: Found the 'stat' command: /usr/bin/stat [11:00:55] Info: Found the 'strings' command: /usr/bin/strings [11:00:55] Info: Enabled tests are: malware rootkits suspscan [11:00:55] Info: Disabled tests are: apps deleted_files hidden_procs packet_cap_apps [11:00:55] Info: Found ksym file '/proc/kallsyms' [11:00:55] Info: Using 'date' to process epoch second times [11:00:55] Info: Locking is not being used [11:00:55] [11:00:55] Starting system checks... [11:00:55] [11:00:55] Info: Test 'system_commands' disabled at users request. [11:00:55] [11:00:55] Info: Starting test name 'rootkits' [11:00:55] Checking for rootkits... [11:00:55] [11:00:55] Info: Test 'known_rkts' disabled at users request. [11:00:55] [11:00:55] Info: Test 'additional_rkts' disabled at users request. [11:00:55] [11:00:55] Info: Starting test name 'malware' [11:00:55] Performing malware checks [11:00:55] [11:00:55] Info: Test 'deleted_files' disabled at users request. [11:00:55] [11:00:55] Info: Test 'running_procs' disabled at users request. [11:00:55] [11:00:55] Info: Test 'hidden_procs' disabled at users request. [11:00:55] [11:00:55] Info: Starting test name 'suspscan' [11:00:55] Performing check of files with suspicious contents [11:00:55] No directories specified: using defaults (/tmp /var/tmp) [11:00:55] No temporary directory specified: using default (/dev/shm) [11:00:55] No maximum file size specified: using default (1024000) [11:00:55] No score threshold specified: using default (200) [11:01:06] File checked: Name: '/var/tmp/mkinitramfs_g7XZAi/lib/modules/3.16.0-4-amd64/kernel/drivers/usb/common/usb-common.ko' Score: 230 [11:01:06] Warning: File '/var/tmp/mkinitramfs_g7XZAi/lib/modules/3.16.0-4-amd64/kernel/drivers/usb/common/usb-common.ko' (score: 230) contains some suspicious content and should be checked. [11:01:06] File checked: Name: '/var/tmp/mkinitramfs_g7XZAi/lib/modules/3.16.0-4-amd64/kernel/drivers/usb/core/usbcore.ko' Score: 206 [11:01:06] Warning: File '/var/tmp/mkinitramfs_g7XZAi/lib/modules/3.16.0-4-amd64/kernel/drivers/usb/core/usbcore.ko' (score: 206) contains some suspicious content and should be checked. [11:01:06] File checked: Name: '/var/tmp/mkinitramfs_g7XZAi/lib/modules/3.16.0-4-amd64/kernel/drivers/hv/hv_vmbus.ko' Score: 255 [11:01:06] Warning: File '/var/tmp/mkinitramfs_g7XZAi/lib/modules/3.16.0-4-amd64/kernel/drivers/hv/hv_vmbus.ko' (score: 255) contains some suspicious content and should be checked. [11:01:06] File checked: Name: '/var/tmp/mkinitramfs_g7XZAi/lib/modules/3.16.0-4-amd64/kernel/drivers/hid/hid-roccat-common.ko' Score: 221 [11:01:06] Warning: File '/var/tmp/mkinitramfs_g7XZAi/lib/modules/3.16.0-4-amd64/kernel/drivers/hid/hid-roccat-common.ko' (score: 221) contains some suspicious content and should be checked. [11:01:06] File checked: Name: '/var/tmp/mkinitramfs_g7XZAi/lib/modules/3.16.0-4-amd64/kernel/drivers/hid/hid-roccat-arvo.ko' Score: 210 [11:01:06] Warning: File '/var/tmp/mkinitramfs_g7XZAi/lib/modules/3.16.0-4-amd64/kernel/drivers/hid/hid-roccat-arvo.ko' (score: 210) contains some suspicious content and should be checked. [11:01:06] File checked: Name: '/var/tmp/mkinitramfs_g7XZAi/lib/modules/3.16.0-4-amd64/kernel/drivers/hid/hid-apple.ko' Score: 210 [11:01:06] Warning: File '/var/tmp/mkinitramfs_g7XZAi/lib/modules/3.16.0-4-amd64/kernel/drivers/hid/hid-apple.ko' (score: 210) contains some suspicious content and should be checked. [11:01:06] File checked: Name: '/var/tmp/mkinitramfs_g7XZAi/lib/modules/3.16.0-4-amd64/kernel/drivers/hid/usbhid/usbhid.ko' Score: 296 [11:01:06] Warning: File '/var/tmp/mkinitramfs_g7XZAi/lib/modules/3.16.0-4-amd64/kernel/drivers/hid/usbhid/usbhid.ko' (score: 296) contains some suspicious content and should be checked. [11:01:06] File checked: Name: '/var/tmp/mkinitramfs_g7XZAi/lib/modules/3.16.0-4-amd64/kernel/drivers/hid/hid-huion.ko' Score: 210 [11:01:06] Warning: File '/var/tmp/mkinitramfs_g7XZAi/lib/modules/3.16.0-4-amd64/kernel/drivers/hid/hid-huion.ko' (score: 210) contains some suspicious content and should be checked. [11:01:06] File checked: Name: '/var/tmp/mkinitramfs_g7XZAi/lib/modules/3.16.0-4-amd64/kernel/drivers/hid/hid-holtek-kbd.ko' Score: 210 [11:01:06] Warning: File '/var/tmp/mkinitramfs_g7XZAi/lib/modules/3.16.0-4-amd64/kernel/drivers/hid/hid-holtek-kbd.ko' (score: 210) contains some suspicious content and should be checked. [11:01:06] File checked: Name: '/var/tmp/mkinitramfs_g7XZAi/lib/modules/3.16.0-4-amd64/kernel/drivers/hid/hid-lenovo-tpkbd.ko' Score: 210 [11:01:06] Warning: File '/var/tmp/mkinitramfs_g7XZAi/lib/modules/3.16.0-4-amd64/kernel/drivers/hid/hid-lenovo-tpkbd.ko' (score: 210) contains some suspicious content and should be checked. [11:01:06] File checked: Name: '/var/tmp/mkinitramfs_g7XZAi/lib/modules/3.16.0-4-amd64/kernel/drivers/hid/uhid.ko' Score: 221 [11:01:06] Warning: File '/var/tmp/mkinitramfs_g7XZAi/lib/modules/3.16.0-4-amd64/kernel/drivers/hid/uhid.ko' (score: 221) contains some suspicious content and should be checked. [11:01:06] File checked: Name: '/var/tmp/mkinitramfs_g7XZAi/lib/modules/3.16.0-4-amd64/kernel/drivers/hid/hid-hyperv.ko' Score: 232 [11:01:06] Warning: File '/var/tmp/mkinitramfs_g7XZAi/lib/modules/3.16.0-4-amd64/kernel/drivers/hid/hid-hyperv.ko' (score: 232) contains some suspicious content and should be checked. [11:01:06] File checked: Name: '/var/tmp/mkinitramfs_g7XZAi/lib/modules/3.16.0-4-amd64/kernel/drivers/hid/hid-rmi.ko' Score: 221 [11:01:06] Warning: File '/var/tmp/mkinitramfs_g7XZAi/lib/modules/3.16.0-4-amd64/kernel/drivers/hid/hid-rmi.ko' (score: 221) contains some suspicious content and should be checked. [11:01:06] File checked: Name: '/var/tmp/mkinitramfs_g7XZAi/lib/modules/3.16.0-4-amd64/kernel/drivers/hid/hid-appleir.ko' Score: 210 [11:01:06] Warning: File '/var/tmp/mkinitramfs_g7XZAi/lib/modules/3.16.0-4-amd64/kernel/drivers/hid/hid-appleir.ko' (score: 210) contains some suspicious content and should be checked. [11:01:06] File checked: Name: '/var/tmp/mkinitramfs_g7XZAi/lib/modules/3.16.0-4-amd64/kernel/drivers/hid/hid-microsoft.ko' Score: 210 [11:01:06] Warning: File '/var/tmp/mkinitramfs_g7XZAi/lib/modules/3.16.0-4-amd64/kernel/drivers/hid/hid-microsoft.ko' (score: 210) contains some suspicious content and should be checked. [11:01:06] File checked: Name: '/var/tmp/mkinitramfs_g7XZAi/lib/modules/3.16.0-4-amd64/kernel/drivers/hid/hid-roccat.ko' Score: 210 [11:01:06] Warning: File '/var/tmp/mkinitramfs_g7XZAi/lib/modules/3.16.0-4-amd64/kernel/drivers/hid/hid-roccat.ko' (score: 210) contains some suspicious content and should be checked. [11:01:06] File checked: Name: '/var/tmp/mkinitramfs_g7XZAi/lib/modules/3.16.0-4-amd64/kernel/drivers/hid/hid.ko' Score: 204 [11:01:06] Warning: File '/var/tmp/mkinitramfs_g7XZAi/lib/modules/3.16.0-4-amd64/kernel/drivers/hid/hid.ko' (score: 204) contains some suspicious content and should be checked. [11:01:06] File checked: Name: '/var/tmp/mkinitramfs_g7XZAi/lib/modules/3.16.0-4-amd64/modules.builtin' Score: 210 [11:01:06] Warning: File '/var/tmp/mkinitramfs_g7XZAi/lib/modules/3.16.0-4-amd64/modules.builtin' (score: 210) contains some suspicious content and should be checked. [11:01:06] File checked: Name: '/var/tmp/mkinitramfs_g7XZAi/lib/modules/3.16.0-4-amd64/modules.order' Score: 205 [11:01:06] Warning: File '/var/tmp/mkinitramfs_g7XZAi/lib/modules/3.16.0-4-amd64/modules.order' (score: 205) contains some suspicious content and should be checked. [11:01:06] Warning: Checking for files with suspicious contents [ Warning ] [11:01:06] [11:01:06] Info: Test 'other_malware' disabled at users request. [11:01:06] [11:01:06] Info: Test 'trojans' disabled at users request. [11:01:06] [11:01:06] Info: Test 'os_specific' disabled at users request. [11:01:06] [11:01:06] Info: Test 'network' disabled at users request. [11:01:06] [11:01:06] Info: Test 'local_host' disabled at users request. [11:01:06] [11:01:06] Info: Test 'apps' disabled at users request. [11:01:06] [11:01:06] System checks summary [11:01:06] ===================== [11:01:06] [11:01:06] File properties checks... [11:01:06] All checks skipped [11:01:06] [11:01:06] Rootkit checks... [11:01:06] Rootkits checked : 0 [11:01:06] Possible rootkits: 0 [11:01:06] [11:01:06] Applications checks... [11:01:06] All checks skipped [11:01:07] [11:01:07] The system checks took: 11 seconds [11:01:07] [11:01:07] Info: End date is Fri Apr 15 11:01:07 CEST 2016
------------------------------------------------------------------------------ Find and fix application performance issues faster with Applications Manager Applications Manager provides deep performance insights into multiple tiers of your business applications. It resolves application problems quickly and reduces your MTTR. Get your free trial! https://ad.doubleclick.net/ddm/clk/302982198;130105516;z
_______________________________________________ Rkhunter-users mailing list Rkhunter-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/rkhunter-users
