rkhunter, "machine infected" straight after install?

Discussion in 'Installation/Configuration' started by msp, Apr 3, 2013.

  1. msp

    msp Member

    I followed the Perfect Server Debian Squeeze (ISPConfig3/Apache/Dovecot) installation, then set an email address for rkhunter to send report emails to.

    I only installed this server yesterday from scratch. Is it normal that I get emails already telling me;

    Please inspect this machine, because it may be infected.

    I've checked through this document: http://beginlinux.com/sec_train_m/sec_tools/1002-hunting-for-rootkits

    and I have run rkhunter -c, which does find warnings.

    How can I silence warnings that aren't things I need to worry about (e.g.
    Checking loaded kernel modules [ Warning ]
    Checking if SSH root access is allowed [ Warning ]
    Checking for hidden files and directories [ Warning ]
    )?

    I'd rather like to tune-out of things unless they need my attention and I want to be reassured my system is clean.
     
  2. darinpeterson

    darinpeterson Member HowtoForge Supporter

    msp,

    I don't know the answer to your question, and since this has been sitting for some time, I'm not sure anyone else does either.

    Please look at the rootkit hunter website for more information: http://rkhunter.sourceforge.net/

    Regards,
    Darin
     

Share This Page