#1  
Old 14th October 2011, 22:11
Toucan Toucan is offline
Senior Member
 
Join Date: Dec 2009
Posts: 479
Thanks: 78
Thanked 39 Times in 33 Posts
Default rkhunter

I get this in the rkhunter log
/usr/bin/awk [ Warning ]
/usr/bin/GET [ Warning ]
/usr/bin/gawk [ Warning ]
/usr/bin/lwp-request [ Warning ]
/usr/sbin/inetd [ Warning ]
/usr/sbin/unhide [ Warning ]
/usr/sbin/unhide-linux26 [ Warning ]

All others are OK.

Should these few worry me?
Reply With Quote
Sponsored Links
  #2  
Old 15th October 2011, 12:16
falko falko is offline
Super Moderator
 
Join Date: Apr 2005
Location: Lüneburg, Germany
Posts: 41,701
Thanks: 1,900
Thanked 2,740 Times in 2,575 Posts
Default

Are these warnings new? Did you run an update recently? If you have more than one server with the same OS, do you get these warnings on the other servers as well?

On http://www.debian.org/distrib/packages and http://packages.ubuntu.com/ you can search for packages (if you use Debian/Ubuntu) and also check out the contents of packages. I think they also show the MD5 sum of each file. I guess you can compare this with the MD5 sum of your own files.
__________________
Falko
--
Download the ISPConfig 3 Manual! | Check out the ISPConfig 3 Billing Module!

FB: http://www.facebook.com/howtoforge

nginx-Webhosting: Timme Hosting | Follow me on:
Reply With Quote
  #3  
Old 15th October 2011, 15:32
Toucan Toucan is offline
Senior Member
 
Join Date: Dec 2009
Posts: 479
Thanks: 78
Thanked 39 Times in 33 Posts
Default

now I look at the other server yes they also show there - the one i was looking at initially consistently emails me about it! I'm pretty sure they were showing like that from the day I built it.

It's debian lenny. Do you have the same warnings Falko?
Reply With Quote
  #4  
Old 16th October 2011, 05:51
nayr nayr is offline
Junior Member
 
Join Date: Aug 2011
Posts: 17
Thanks: 2
Thanked 11 Times in 6 Posts
Default

its telling you that those files have been modified since it last did a checksum.

from: http://rkhunter.cvs.sourceforge.net/...nter/files/FAQ
Quote:
4.4) After performing some updates, all, or some, binaries in the
file properties checks are marked with a 'Warning'.
What can I do?

A. The first thing would be to verify that the update is the cause
of the warnings. Checking the system log files should indicate
what has been updated.

It is most likely that the stored rkhunter file property values
need to be recalculated. To do this use the RKH '--propupd'
option. However, the output of the RKH file properties check
should only be seen as an indication that the file has changed.
Updating the stored property values should be done only after
proper verification of the files using a file integrity checker
or your distributions package management tools.

Alternatively, you can use the '--pkgmgr' command-line option, or
the PKGMGR option in the configuration file, to tell RKH to obtain
its file properties information from the package manager database.
See the README file for more information about the package manager
options.
__________________
HostAP.net - ISPConfig3 powered WebHosting & Dedicated Servers
Reply With Quote
  #5  
Old 16th October 2011, 11:53
falko falko is offline
Super Moderator
 
Join Date: Apr 2005
Location: Lüneburg, Germany
Posts: 41,701
Thanks: 1,900
Thanked 2,740 Times in 2,575 Posts
Default

Quote:
Originally Posted by Toucan View Post
It's debian lenny. Do you have the same warnings Falko?
I don't have a Lenny system at hand, but it's not uncommon to get warnings about awk, get, and gawk.
__________________
Falko
--
Download the ISPConfig 3 Manual! | Check out the ISPConfig 3 Billing Module!

FB: http://www.facebook.com/howtoforge

nginx-Webhosting: Timme Hosting | Follow me on:
Reply With Quote
The Following User Says Thank You to falko For This Useful Post:
Toucan (23rd October 2011)
  #6  
Old 23rd October 2011, 19:09
Toucan Toucan is offline
Senior Member
 
Join Date: Dec 2009
Posts: 479
Thanks: 78
Thanked 39 Times in 33 Posts
 
Default

Thanks - i'll run the updates. I'm pretty sure the warnings have always been there. It's just taken me two years to do something about it.

Ta
Reply With Quote
Reply

Bookmarks

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
RKHunter in OpenVZ VE theWeird Installation/Configuration 3 20th March 2013 07:35
LXC containers as VM's for ISPConfig 3 - First steps & quick start. CSsab Tips/Tricks/Mods 6 7th February 2011 16:14
3.0.2.1 saying rkhunter and fail2ban not installed BorderAmigos Installation/Configuration 4 7th April 2010 14:13
rkhunter Messages atjensen11 Installation/Configuration 0 16th September 2009 17:59
rkhunter on centos revisited Doug G Installation/Configuration 2 16th August 2009 19:43


All times are GMT +2. The time now is 00:14.


Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2014, vBulletin Solutions, Inc.