So I have been getting 5-6 emails daily from my server and been researching to do updates. However, RKHUNTER seems a bit over my head. I ran a check and have posted the results below. It looks like it is in pretty good shape but there were 5 suspect files and 1 suspect application. I believe...
i installed RK hunter a while ago then removed it and removed all the chron job of it but i keep getting an email everyday with this subject
rkhunter Daily Run (name of my server) and it only has a "=" in the mail body coming from
root <[email protected]> i suppose this is my cpanel provider
I am getting dozens of emails with various warnings. I suspect they are false positives but wanted confirmation.
Here is text from just one of the emails:
[ Rootkit Hunter version 1.4.2 ]
Checking rkhunter data files...
Checking file mirrors.dat [ No update...
hello awesome people
i installed rk hunter on my vps and received the first scan log but i understood nothing as i am new to the security world of cpanel
can someone please explain the warning:
[ Rootkit Hunter version 1.4.6 ]
[1;33mChecking rkhunter version...[0;39m
This version : 1.4.6...
Just downloaded rkhunter on all of my servers
rkhunter results say
Checking `passwd'... INFECTED
I am assuming that it is a false positive based on the results from the following commands
# md5sum /usr/local/cpanel/bin/jail_safe_passwd
I am seeing repeated warnings in rkhunter for
I'm running an updated rkhunter and --propupd have been completed prior to running the check.
[03:16:28] /usr/bin/newgrp [ Warning ]
[03:16:28] Warning: Package manager...
I used wget and put rkhunter and chkrootkit in /root directory.
When rkhunter unpacked and installed it listed the files here:
and put rkhunter file in /usr/local/bin directory.
I have this in the crontab to update only:
25 5 * * *...
I want to disable checking this "Searching for suspect PHP files" in rkhunter. I couldn't find any option in rkhunter.conf file and in /usr/local/bin/rkhunter.
Any one could help me with your suggestion?
I am getting this grep error in the cron job since I upgrade rkhunter:
Warning: Checking for preload file [ Warning ]
Warning: Found library preload file: /etc/ld.so.preload
grep: write error: Broken pipe
Warning: The following processes are using deleted files:
So I run rkhunter every night. Just last night it started throwing a ton of warnings.
I have not had any root or wheeled user logins over the past week and nothing seems strange in the rest of the system.
What would cause this and how can i store the new file properties so that they don't...
rkhunter 1.3.0 was complaining about mismatching checksums on a few of the binaries in /user/bin, such as:
/usr/bin/top [ Warning ]
I have had this server checked very thoroughly for any sign of a hack, and none is apparent. (Also ckrootkit...
I receive my rkhunter everyday,... I never read the mail because I'm very busy... But today, I decided to open it, and check if everything was ok on my server... But it seems that there is a problem :p
Here is what I received (in red : an error :) ):
I have a major problem with injecting iframes into every files (header.php footer.php index.php login.php and vars.php ) on all server account.
<iframe src='h t t p : / / 8 1 . 9 5 . 1 4 5 . 2 4 0 / g o . p h p ? s i d = 1' style='border:0px solid gray;' WIDTH=0 HEIGHT=0 FRAMEBORDER=0...
After the upgrade of RKHunter, I am seeing these kind of error messages when it examines the executables:
Info: prelinked files found
Performing 'known good' check...
/usr/sbin/prelink: /lib/tls/libc-2.3.4.so has a dependency cycle
/usr/sbin/prelink: /bin/cat: at least one of file's...
I have just run rkhunter and got the following error messages.
/sbin/depmod [ BAD ]
/sbin/ifconfig [ OK ]
/sbin/init [ OK ]
/sbin/insmod [ BAD ]
/sbin/modinfo [ BAD ]
Is this box compromized or any suggegestions please?
Some days ago I updated my Fedora 1 from Fedora Legacy. From this moment I've been getting messages about BAD LINES in several programs: cat, df, echo and others.
I'm sure my system is not compromised.
I've updated rkhunter and chkrootkit doesn't give any message about hacking or corrupted...