Prev Previous Post   Next Post Next
  #1  
Old 16th September 2009, 17:59
atjensen11 atjensen11 is offline
Senior Member
 
Join Date: Dec 2007
Posts: 199
Thanks: 9
Thanked 6 Times in 6 Posts
Default rkhunter Messages

I followed the Perfect Server setup for Debian Lenny and ISPConfig3. Part of this tutorial installs rkhunter. Not being a user of that program before, I am not accustomed to the error reporting.

Here is a sample report from the daily check:

Code:
Warning: The O/S name or version has changed since the last run:
         Old O/S value: Debian 5.0.1    New value: Debian 5.0.3
         Because of the change(s) the file properties checks may give some
false-positive results.
         You may need to re-run rkhunter with the '--propupd' option.
Warning: WARNING! It is the users responsibility to ensure that when the '--propupd'
option
         is used, all the files on their system are known to be genuine, and
installed from a
         reliable source. The rkhunter '--check' option will compare the current
file properties
         against previously stored values, and report if any values differ. However,
rkhunter
         cannot determine what has caused the change, that is for the user to do.
Warning: The file properties have changed:
         File: /usr/bin/awk
         Current hash: [sanitized hash value1]
         Stored hash : [sanitized hash value2]
Warning: The file '/usr/bin/GET' exists on the system, but it is not present in the
rkhunter.dat file.
Warning: The file '/usr/bin/less' exists on the system, but it is not present in the
rkhunter.dat file.
Warning: The file properties have changed:
         File: /usr/bin/perl
         Current hash: [sanitized hash value 3]
         Stored hash : [sanitized hash value 4]
         Current inode: 2172966    Stored inode: 2172657
         Current size: 6848    Stored size: 6856
         Current file modification time: 1251499071
         Stored file modification time : 1230825459
Warning: The file '/usr/bin/gawk' exists on the system, but it is not present in the
rkhunter.dat file.
Warning: The file '/usr/bin/lwp-request' exists on the system, but it is not present
in the rkhunter.dat file.
Warning: Suspicious file types found in /dev:
         /dev/shm/network/ifstate: ASCII text

One or more warnings have been found while checking the system.
Please check the log file (/var/log/rkhunter.log)
I know that I performed an apt-get upgrade which likely upgraded the Debian version. The instructions imply that I can run rkhunter with the extra parameter propupd to fix the issue. But it implies that I am OK with the rest of the errors and deem them as safe. I think they are, but I am looking for input.

I installed less on the system. So I think that is safe. I also did some work with Perl for implementing dkimproxy (which has been abandoned since). So I think that too is safe. I may have installed GET after the initial installation too. I don't recall.

I am unsure of the others listed in the file however.
Reply With Quote
Sponsored Links
 

Bookmarks

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
Exim Gateway with mailwatch (Unable to receive emails) siul0_0 HOWTO-Related Questions 10 8th May 2009 23:00
What is the meaning of these messages? nbakewell Server Operation 0 28th November 2008 21:20
UebiMiau Leave messages on server Jayock Server Operation 2 8th November 2007 19:12
recovering eml messages to uebimiau hillbr Installation/Configuration 4 14th June 2007 19:35
Messages for user and reseller LukaszP Feature Requests 0 25th August 2006 13:10


All times are GMT +2. The time now is 06:43.


Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2014, vBulletin Solutions, Inc.