1. 3

    RKhunter - Warning: Suspicious file types found in /dev:

    Installed RKhunter Getting this warning in an email Warning: Suspicious file types found in /dev: /dev/shm/apache_title_shm_665337_665337_000000000000000: ASCII text, with no line terminators /dev/shm/apache_title_shm_615769_615769_000000000000000: ASCII text, with no line...
  2. E

    where is rkhunter cron controlled?

    Many questions about rkhunter here and in other threads, but none answer this basic question... Where is the rkhunter cron information? More specifically, /etc/cron.d holds several files that control various cron jobs using strings like this: My question is: Where is this same information...
  3. L

    RKHunter report question

    So I have been getting 5-6 emails daily from my server and been researching to do updates. However, RKHUNTER seems a bit over my head. I ran a check and have posted the results below. It looks like it is in pretty good shape but there were 5 suspect files and 1 suspect application. I believe...
  4. chanklish

    root rkhunter Daily Run email

    i installed RK hunter a while ago then removed it and removed all the chron job of it but i keep getting an email everyday with this subject rkhunter Daily Run (name of my server) and it only has a "=" in the mail body coming from root <r[email protected]> i suppose this is my cpanel provider what...
  5. L

    Multiple Rootkit Hunter Cron warnings

    I am getting dozens of emails with various warnings. I suspect they are false positives but wanted confirmation. Here is text from just one of the emails: [ Rootkit Hunter version 1.4.2 ] Checking rkhunter data files... Checking file mirrors.dat [ No update...
  6. chanklish

    rkhunter explanation

    hello awesome people i installed rk hunter on my vps and received the first scan log but i understood nothing as i am new to the security world of cpanel can someone please explain the warning: [ Rootkit Hunter version 1.4.6 ] [1;33mChecking rkhunter version...[0;39m This version : 1.4.6...
  7. A

    rkhunter says __stack_chk_fail

    Hi Just downloaded rkhunter on all of my servers rkhunter results say Checking `passwd'... INFECTED I am assuming that it is a false positive based on the results from the following commands # md5sum /usr/local/cpanel/bin/jail_safe_passwd 57f916dd384d2e5bd502c55881bd2711...
  8. ronaldst

    rkhunter warning package manager verification has failed

    I am seeing repeated warnings in rkhunter for /usr/bin/newgrp /usr/bin/su I'm running an updated rkhunter and --propupd have been completed prior to running the check. rkhunter.log [03:16:28] /usr/bin/newgrp [ Warning ] [03:16:28] Warning: Package manager...
  9. J


    Hello ! i have installed RKhunter several days ago , after installation i`m receiving below email everynight subject Daily Rkhunter Scan Report Invalid option specified: -cronjob
  10. M

    rkhunter and chkrootkit place

    Hi, I used wget and put rkhunter and chkrootkit in /root directory. When rkhunter unpacked and installed it listed the files here: /root/rkhunter-1.3.4/files/ and put rkhunter file in /usr/local/bin directory. I have this in the crontab to update only: 25 5 * * *...
  11. X

    after upgrade to cPanel 11.24.4 lot of rKhunter warnings

    rkhunter is showing lot of warnings after upgrade to cPanel 11.24.4. is that normal?
  12. S

    How to disable Rkhunter check

    I want to disable checking this "Searching for suspect PHP files" in rkhunter. I couldn't find any option in rkhunter.conf file and in /usr/local/bin/rkhunter. Any one could help me with your suggestion?
  13. B

    Error in rkhunter report

    I am getting this grep error in the cron job since I upgrade rkhunter: Warning: Checking for preload file [ Warning ] Warning: Found library preload file: /etc/ld.so.preload grep: write error: Broken pipe Warning: The following processes are using deleted files:
  14. B

    RKHunter all of a sudden throws a lot of warnings.

    So I run rkhunter every night. Just last night it started throwing a ton of warnings. I have not had any root or wheeled user logins over the past week and nothing seems strange in the rest of the system. What would cause this and how can i store the new file properties so that they don't...
  15. J

    simple rkhunter 1.3.0 question

    rkhunter 1.3.0 was complaining about mismatching checksums on a few of the binaries in /user/bin, such as: /usr/bin/top [ Warning ] I have had this server checked very thoroughly for any sign of a hack, and none is apparent. (Also ckrootkit...
  16. N

    rkhunter : I have some bad "System tools" ?

    Hello, I receive my rkhunter everyday,... I never read the mail because I'm very busy... But today, I decided to open it, and check if everything was ok on my server... But it seems that there is a problem :p Here is what I received (in red : an error :) ): Mirrorfile...
  17. X

    iframes injections problem and rkhunter warnings

    I have a major problem with injecting iframes into every files (header.php footer.php index.php login.php and vars.php ) on all server account. <iframe src='h t t p : / / 8 1 . 9 5 . 1 4 5 . 2 4 0 / g o . p h p ? s i d = 1' style='border:0px solid gray;' WIDTH=0 HEIGHT=0 FRAMEBORDER=0...
  18. 1

    RKHunter - Scan issues

    Hi, RKHunter have found this Files: * Filesystem checks Checking /dev for suspicious files... [ Warning! (unusual files found) ] --------------------------------------------- Unusual files: /dev/null.14417: ELF 32-bit LSB core file Intel 80386, version 1 (SYSV), SVR4-style...
  19. B

    RKHunter Error Question

    After the upgrade of RKHunter, I am seeing these kind of error messages when it examines the executables: Info: prelinked files found Performing 'known good' check... /usr/sbin/prelink: /lib/tls/libc-2.3.4.so has a dependency cycle /usr/sbin/prelink: /bin/cat: at least one of file's...
  20. S

    rkhunter fail

    Hello Guys, I have just run rkhunter and got the following error messages. /sbin/depmod [ BAD ] /sbin/ifconfig [ OK ] /sbin/init [ OK ] /sbin/insmod [ BAD ] /sbin/modinfo [ BAD ] Is this box compromized or any suggegestions please?