rkhunter

Installed RKhunter Getting this warning in an email Warning: Suspicious file types found in /dev: /dev/shm/apache_title_shm_665337_665337_000000000000000: ASCII text, with no line terminators /dev/shm/apache_title_shm_615769_615769_000000000000000: ASCII text, with no line...

Many questions about rkhunter here and in other threads, but none answer this basic question... Where is the rkhunter cron information? More specifically, /etc/cron.d holds several files that control various cron jobs using strings like this: My question is: Where is this same information...

So I have been getting 5-6 emails daily from my server and been researching to do updates. However, RKHUNTER seems a bit over my head. I ran a check and have posted the results below. It looks like it is in pretty good shape but there were 5 suspect files and 1 suspect application. I believe...

i installed RK hunter a while ago then removed it and removed all the chron job of it but i keep getting an email everyday with this subject rkhunter Daily Run (name of my server) and it only has a "=" in the mail body coming from root <r[email protected]> i suppose this is my cpanel provider what...

I am getting dozens of emails with various warnings. I suspect they are false positives but wanted confirmation. Here is text from just one of the emails: [ Rootkit Hunter version 1.4.2 ] Checking rkhunter data files... Checking file mirrors.dat [ No update...

hello awesome people i installed rk hunter on my vps and received the first scan log but i understood nothing as i am new to the security world of cpanel can someone please explain the warning: [ Rootkit Hunter version 1.4.6 ] [1;33mChecking rkhunter version...[0;39m This version : 1.4.6...

Hi Just downloaded rkhunter on all of my servers rkhunter results say Checking `passwd'... INFECTED I am assuming that it is a false positive based on the results from the following commands # md5sum /usr/local/cpanel/bin/jail_safe_passwd 57f916dd384d2e5bd502c55881bd2711...

I am seeing repeated warnings in rkhunter for /usr/bin/newgrp /usr/bin/su I'm running an updated rkhunter and --propupd have been completed prior to running the check. rkhunter.log [03:16:28] /usr/bin/newgrp [ Warning ] [03:16:28] Warning: Package manager...

Hello ! i have installed RKhunter several days ago , after installation i`m receiving below email everynight subject Daily Rkhunter Scan Report Invalid option specified: -cronjob

Hi, I used wget and put rkhunter and chkrootkit in /root directory. When rkhunter unpacked and installed it listed the files here: /root/rkhunter-1.3.4/files/ and put rkhunter file in /usr/local/bin directory. I have this in the crontab to update only: 25 5 * * *...

rkhunter is showing lot of warnings after upgrade to cPanel 11.24.4. is that normal?

I want to disable checking this "Searching for suspect PHP files" in rkhunter. I couldn't find any option in rkhunter.conf file and in /usr/local/bin/rkhunter. Any one could help me with your suggestion?

I am getting this grep error in the cron job since I upgrade rkhunter: Warning: Checking for preload file [ Warning ] Warning: Found library preload file: /etc/ld.so.preload grep: write error: Broken pipe Warning: The following processes are using deleted files:

So I run rkhunter every night. Just last night it started throwing a ton of warnings. I have not had any root or wheeled user logins over the past week and nothing seems strange in the rest of the system. What would cause this and how can i store the new file properties so that they don't...

rkhunter 1.3.0 was complaining about mismatching checksums on a few of the binaries in /user/bin, such as: /usr/bin/top [ Warning ] I have had this server checked very thoroughly for any sign of a hack, and none is apparent. (Also ckrootkit...

Hello, I receive my rkhunter everyday,... I never read the mail because I'm very busy... But today, I decided to open it, and check if everything was ok on my server... But it seems that there is a problem :p Here is what I received (in red : an error :) ): Mirrorfile...

I have a major problem with injecting iframes into every files (header.php footer.php index.php login.php and vars.php ) on all server account. <iframe src='h t t p : / / 8 1 . 9 5 . 1 4 5 . 2 4 0 / g o . p h p ? s i d = 1' style='border:0px solid gray;' WIDTH=0 HEIGHT=0 FRAMEBORDER=0...

Hi, RKHunter have found this Files: * Filesystem checks Checking /dev for suspicious files... [ Warning! (unusual files found) ] --------------------------------------------- Unusual files: /dev/null.14417: ELF 32-bit LSB core file Intel 80386, version 1 (SYSV), SVR4-style...

After the upgrade of RKHunter, I am seeing these kind of error messages when it examines the executables: Info: prelinked files found Performing 'known good' check... /usr/sbin/prelink: /lib/tls/libc-2.3.4.so has a dependency cycle /usr/sbin/prelink: /bin/cat: at least one of file's...

Hello Guys, I have just run rkhunter and got the following error messages. /sbin/depmod [ BAD ] /sbin/ifconfig [ OK ] /sbin/init [ OK ] /sbin/insmod [ BAD ] /sbin/modinfo [ BAD ] Is this box compromized or any suggegestions please?