rkhunter

Discussion in 'General' started by Toucan, Oct 14, 2011.

  1. Toucan

    Toucan New Member

    I get this in the rkhunter log
    /usr/bin/awk [ Warning ]
    /usr/bin/GET [ Warning ]
    /usr/bin/gawk [ Warning ]
    /usr/bin/lwp-request [ Warning ]
    /usr/sbin/inetd [ Warning ]
    /usr/sbin/unhide [ Warning ]
    /usr/sbin/unhide-linux26 [ Warning ]

    All others are OK.

    Should these few worry me?
     
  2. falko

    falko Super Moderator

    Are these warnings new? Did you run an update recently? If you have more than one server with the same OS, do you get these warnings on the other servers as well?

    On http://www.debian.org/distrib/packages and http://packages.ubuntu.com/ you can search for packages (if you use Debian/Ubuntu) and also check out the contents of packages. I think they also show the MD5 sum of each file. I guess you can compare this with the MD5 sum of your own files.
     
  3. Toucan

    Toucan New Member

    now I look at the other server yes they also show there - the one i was looking at initially consistently emails me about it! I'm pretty sure they were showing like that from the day I built it.

    It's debian lenny. Do you have the same warnings Falko?
     
  4. nayr

    nayr New Member

    its telling you that those files have been modified since it last did a checksum.

    from: http://rkhunter.cvs.sourceforge.net/viewvc/rkhunter/rkhunter/files/FAQ
     
  5. falko

    falko Super Moderator

    I don't have a Lenny system at hand, but it's not uncommon to get warnings about awk, get, and gawk.
     
  6. Toucan

    Toucan New Member

    Thanks - i'll run the updates. I'm pretty sure the warnings have always been there. It's just taken me two years to do something about it.

    Ta
     

Share This Page