rkhunter - System tools - syslogd bad?

[noimad1]

I got this output from my rkhunter....

* System tools
Performing 'known good' check...
/sbin/ifconfig [ OK ]
/usr/bin/watch [ OK ]
/usr/bin/w [ OK ]
/usr/bin/whoami [ OK ]
/usr/bin/who [ OK ]
/usr/bin/users [ OK ]
/usr/bin/stat [ OK ]
/usr/bin/sha1sum [ OK ]
/usr/bin/kill [ OK ]
/usr/bin/find [ OK ]
/usr/bin/file [ OK ]
/usr/bin/pstree [ OK ]
/usr/bin/killall [ OK ]
/usr/bin/lsattr [ OK ]
/bin/mount [ OK ]
/bin/netstat [ OK ]
/bin/egrep [ OK ]
/bin/fgrep [ OK ]
/bin/grep [ OK ]
/bin/cat [ OK ]
/bin/chmod [ OK ]
/bin/chown [ OK ]
/bin/env [ OK ]
/bin/ls [ OK ]
/bin/su [ OK ]
/bin/ps [ OK ]
/bin/dmesg [ OK ]
/bin/kill [ OK ]
/bin/login [ OK ]
/sbin/chkconfig [ OK ]
/sbin/depmod [ OK ]
/sbin/insmod [ OK ]
/sbin/modinfo [ OK ]
/sbin/sysctl [ OK ]
/sbin/syslogd [ BAD ]
/sbin/init [ OK ]
/sbin/runlevel [ OK ]


MD5
MD5 compared: 50
Incorrect MD5 checksums: 1


Now, how do I know it is for sure bad, and if it is, how do I fix? Will a upcp fix it?

[chirpy]

Are you running the latest rkhunter (v1.2.0) with the latest updates:

rkhunter --update

If you are, what OS are you running and what is the rpm installed version for sysklogd:

rpm -q sysklogd

[noimad1]

Are you running the latest rkhunter (v1.2.0) with the latest updates:

rkhunter --update

If you are, what OS are you running and what is the rpm installed version for sysklogd:

rpm -q sysklogd

Old version...good call. I thought we were running up to date versions on all systems, but this server had a really old version....

Thanks!

[webits]

I've the latest Rkhunter

I get the following Errors when i receive an e-mail (

/sbin/depmod [ BAD ]
/sbin/insmod [ BAD ]
/sbin/lsmod [ BAD ]
/sbin/modinfo [ BAD ]
/sbin/modprobe [ BAD ]

- /usr/local/etc/rc.local [ Not found ]
- /usr/local/etc/rc.d/rc.local [ Not found ]
- /etc/conf.d/local.start [ Not found ]
- /etc/init.d/boot.local [ Not found ]



I'm using
sysklogd-1.4.1-13

can anyone help please.

[eth00]

I've the latest Rkhunter

I get the following Errors when i receive an e-mail (

/sbin/depmod [ BAD ]
/sbin/insmod [ BAD ]
/sbin/lsmod [ BAD ]
/sbin/modinfo [ BAD ]
/sbin/modprobe [ BAD ]

Have you upgraded your kernel to a 2.6.x kernel recently OR attempted to? That looks like you installed modtools from source. It could be the sign up more problems but it also may not be.

[eth00]

Yeah tried to but didn't come right, I think I'll leave it in the hands of Proffesioanls to update

So you did update the module-tools? If so you are fine, that is just because rkhunter only recognizes the rpm version.

[webits]

Yeah tried to but didn't come right, I think I'll leave it in the hands of Proffesioanls to update

[eth00]

Yeah tried to but didn't come right, I think I'll leave it in the hands of Proffesioanls to update

So you did update the module-tools? If so you are fine, that is just because rkhunter only recognizes the rpm version and not the source version you installed.