Community Forums
Connect with us on LinkedIn
Rkhunter Issues
  
+ Reply to Thread
Results 1 to 4 of 4
  1. 06-01-2005 12:04 PM #1
    maverick23
    maverick23 is offline
    Member
    Join Date
    Feb 2005
    Posts
    80

    Default Rkhunter Issues

    HI,

    I was running rkhunter on my system for everything it gives a OK result but for a few things it gives given below response....

    Suspicious files and malware
    Scanning for known rootkit strings [ OK ]
    Scanning for known rootkit files [ OK ]
    Testing running processes... [ BAD ]
    Miscellaneous Login backdoors [ OK ]
    Miscellaneous directories [ OK ]
    Software related files [ OK ]
    Sniffer logs [ OK ]

    Application version scan
    - Exim MTA 4.44 [ OK ]
    - GnuPG 1.2.1 [ Old or patched version ]
    - Apache [unknown] [ OK ]
    - Bind DNS [unknown] [ OK ]
    - OpenSSL 0.9.7a [ Old or patched version ]
    - PHP 4.3.2 [ Old or patched version ]
    - PHP 4.3.10 [ Old or patched version ]
    - Procmail MTA 3.22 [ OK ]
    - OpenSSH 3.6.1p2 [ Old or patched version ]

    can any one help me on this as what is this ... is it harmful or i should ignore it....

    At the moment i am running WHM 10.1.0 cPanel 10.2.0-S83 on RedHat Enterprise 3 i686 - WHM X v3.1.0

    PL. leme know if everything is fine... or if something is wrong then how do i correct it..

    Thanks,
    Rajat
    Reply With Quote Reply With Quote
  2. 06-01-2005 12:17 PM #2
    webignition
    webignition is offline
    Member
    Join Date
    Jan 2005
    Posts
    1,880

    Default

    Looks fine to me, as its more or less the same as I have and as far as I know everything is OK:

    Code:
       - Exim MTA 4.50   [ OK ]
   - GnuPG 1.2.1   [ Old or patched version ]
   - Apache [unknown]   [ OK ]
   - Bind DNS [unknown]   [ OK ]
   - OpenSSL 0.9.7a   [ Old or patched version ]
   - PHP 4.3.11   [ OK ]
   - PHP 4.3.11   [ OK ]
   - Procmail MTA 3.22   [ OK ]
   - OpenSSH 3.6.1p2   [ Old or patched version ]
    Although I notice that your PHP versions are not listed as the same. I'm assuming that one is cPanel's internal PHP and the other the public PHP.

    One thing of interest, which I've not spotted before, is Procmail MTA. Surely this is not needed as cPanel uses Exim.

    Any suggestions on whether it is safe to remove Promail and, if so, how? Just a normal RPM removal?
    Reply With Quote Reply With Quote
  3. 06-01-2005 05:18 PM #3
    GOT
    GOT is offline
    Get Proactive! GOT's Avatar
    Join Date
    Apr 2003
    Posts
    902
    Send a message via ICQ to GOT Send a message via MSN to GOT

    Default

    Normal RPM removal should be fine.
    Proactive Server Monitoring and Management
    http://got-management.com
    Reply With Quote Reply With Quote
  4. 06-02-2005 12:13 AM #4
    nickb
    nickb is offline
    Member nickb's Avatar
    Join Date
    Feb 2005
    Location
    India
    Posts
    347

    Default

    Run #rkhunter -c --createlogfile ....it will create /var/log/rkhunter.log with scanning detail...it looks like some of your MD5 hashes don't match....so u can try out rkhunter with update option to update database check the rkhunter -h for more info.
    Last edited by nickb; 06-02-2005 at 12:27 AM.
    Reply With Quote Reply With Quote
«   Speeding Up Pop3 Downloads | Nobody@server1.domain.com Emails after EasyApache »     
Similar Threads & Tags
Similar threads

  1. Rkhunter
    By jestin_virtual in forum cPanel and WHM Discussions
    Replies: 7
    Last Post: 10-30-2009, 01:59 PM
  2. RKHunter - Scan issues
    By 1a-Websolutions in forum cPanel and WHM Discussions
    Replies: 2
    Last Post: 10-19-2006, 04:12 AM
  3. RKHUNTER tell me this...
    By duranduran in forum cPanel and WHM Discussions
    Replies: 1
    Last Post: 08-20-2005, 03:58 AM
  4. Rkhunter Issues
    By maverick23 in forum New User Questions
    Replies: 1
    Last Post: 06-01-2005, 12:18 PM
Linkedin       Facebook       Twitter       RSS       Flickr       YouTube