HowtoForge Forums | HowtoForge - Linux Howtos and Tutorials

HowtoForge Forums | HowtoForge - Linux Howtos and Tutorials (http://www.howtoforge.com/forums/index.php)
-   Installation/Configuration (http://www.howtoforge.com/forums/forumdisplay.php?f=4)
-   -   rkhunter Messages (http://www.howtoforge.com/forums/showthread.php?t=39285)

atjensen11 16th September 2009 18:59

rkhunter Messages
 
I followed the Perfect Server setup for Debian Lenny and ISPConfig3. Part of this tutorial installs rkhunter. Not being a user of that program before, I am not accustomed to the error reporting.

Here is a sample report from the daily check:

Code:

Warning: The O/S name or version has changed since the last run:
        Old O/S value: Debian 5.0.1    New value: Debian 5.0.3
        Because of the change(s) the file properties checks may give some
false-positive results.
        You may need to re-run rkhunter with the '--propupd' option.
Warning: WARNING! It is the users responsibility to ensure that when the '--propupd'
option
        is used, all the files on their system are known to be genuine, and
installed from a
        reliable source. The rkhunter '--check' option will compare the current
file properties
        against previously stored values, and report if any values differ. However,
rkhunter
        cannot determine what has caused the change, that is for the user to do.
Warning: The file properties have changed:
        File: /usr/bin/awk
        Current hash: [sanitized hash value1]
        Stored hash : [sanitized hash value2]
Warning: The file '/usr/bin/GET' exists on the system, but it is not present in the
rkhunter.dat file.
Warning: The file '/usr/bin/less' exists on the system, but it is not present in the
rkhunter.dat file.
Warning: The file properties have changed:
        File: /usr/bin/perl
        Current hash: [sanitized hash value 3]
        Stored hash : [sanitized hash value 4]
        Current inode: 2172966    Stored inode: 2172657
        Current size: 6848    Stored size: 6856
        Current file modification time: 1251499071
        Stored file modification time : 1230825459
Warning: The file '/usr/bin/gawk' exists on the system, but it is not present in the
rkhunter.dat file.
Warning: The file '/usr/bin/lwp-request' exists on the system, but it is not present
in the rkhunter.dat file.
Warning: Suspicious file types found in /dev:
        /dev/shm/network/ifstate: ASCII text

One or more warnings have been found while checking the system.
Please check the log file (/var/log/rkhunter.log)

I know that I performed an apt-get upgrade which likely upgraded the Debian version. The instructions imply that I can run rkhunter with the extra parameter propupd to fix the issue. But it implies that I am OK with the rest of the errors and deem them as safe. I think they are, but I am looking for input.

I installed less on the system. So I think that is safe. I also did some work with Perl for implementing dkimproxy (which has been abandoned since). So I think that too is safe. I may have installed GET after the initial installation too. I don't recall.

I am unsure of the others listed in the file however.


All times are GMT +2. The time now is 11:50.

Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2014, vBulletin Solutions, Inc.