Hello,
For the past 4-5 days, LFD has been e-mailing me, saying nearly every file in /usr/bin/ and /usr/sbin /bin/ has failed the last MD5 last checksum. I did see in my back log of emails, the server is a small update, but I've gotten pages of files between all the emails so far.
Here are some examples:
Running rkhunter I get the following:
chkroot
I've checked both ports, all is normal there.
Am I worried for nothing here? If so is there any way to get LFD to get the checksums fixed up?
Many thanks in advance.
For the past 4-5 days, LFD has been e-mailing me, saying nearly every file in /usr/bin/ and /usr/sbin /bin/ has failed the last MD5 last checksum. I did see in my back log of emails, the server is a small update, but I've gotten pages of files between all the emails so far.
Here are some examples:
Code:
/usr/bin/chage: FAILED
/usr/bin/faillog: FAILED
/usr/bin/fetchmail: FAILED
/usr/bin/gdb: FAILED
/usr/bin/gdbserver: FAILED
/usr/bin/gdbtui: FAILED
/usr/bin/ghostscript: FAILED
/usr/bin/gpasswd: FAILED
/usr/bin/gs: FAILED
/usr/bin/ksh: FAILED
/usr/bin/lastlog: FAILED
/usr/bin/pdksh: FAILED
/usr/bin/sg: FAILED
/usr/sbin/adduser: FAILED
/usr/sbin/alternatives: FAILED
/usr/sbin/chpasswd: FAILED
/usr/sbin/groupadd: FAILED
/usr/sbin/groupdel: FAILED
/usr/sbin/groupmod: FAILED
/usr/sbin/grpck: FAILED
/usr/sbin/grpconv: FAILED
/usr/sbin/grpunconv: FAILED
/usr/sbin/imapd: FAILED
/usr/sbin/ipop2d: FAILED
/usr/sbin/ipop3d: FAILED
/usr/sbin/newusers: FAILED
/usr/sbin/nfsstat: FAILED
/usr/sbin/ntsysv: FAILED
/usr/sbin/pwck: FAILED
/usr/sbin/pwconv: FAILED
/usr/sbin/pwunconv: FAILED
/usr/sbin/rtacct: FAILED
/usr/sbin/update-alternatives: FAILED
/usr/sbin/useradd: FAILED
/usr/sbin/userdel: FAILED
/usr/sbin/usermod: FAILED
/bin/ksh: FAILED
/sbin/chkconfig: FAILED
/sbin/fxload: FAILED
/sbin/ip: FAILED
/sbin/rtmon: FAILED
/sbin/tc: FAILED
/usr/bin/magicfilter-t: FAILED
/usr/bin/net-snmp-config: FAILED
/usr/bin/ntpstat: FAILED
/usr/bin/python: FAILED
/usr/bin/python2: FAILED
/usr/bin/python2.2: FAILED
/usr/bin/quota: FAILED
/usr/bin/sasl2-sample-client: FAILED
/usr/bin/sasl2-sample-server: FAILED
/usr/bin/sasl-sample-client: FAILED
/usr/bin/sasl-sample-server: FAILED
/usr/sbin/automount: FAILED
/usr/sbin/callback: FAILED
/usr/sbin/dbconverter-2: FAILED
/usr/sbin/edquota: FAILED
/usr/sbin/ntpd: FAILED
/usr/sbin/ntpdate: FAILED
/usr/sbin/ntpdc: FAILED
/usr/sbin/ntp-genkeys: FAILED
/usr/sbin/ntpq: FAILED
/usr/sbin/ntptime: FAILED
/usr/sbin/ntptimeset: FAILED
/usr/sbin/ntptrace: FAILED
/usr/sbin/quotastats: FAILED
/usr/sbin/repquota: FAILED
/usr/sbin/rpc.rquotad: FAILED
/usr/sbin/saslauthd: FAILED
/usr/sbin/sasldblistusers: FAILED
/usr/sbin/sasldblistusers2: FAILED
/usr/sbin/saslpasswd: FAILED
/usr/sbin/saslpasswd2: FAILED
/usr/sbin/setquota: FAILED
/usr/sbin/snmpd: FAILED
/usr/sbin/snmptrapd: FAILED
/usr/sbin/squid: FAILED
/usr/sbin/testsaslauthd: FAILED
/usr/sbin/tickadj: FAILED
/usr/sbin/warnquota: FAILED
/bin/sed: FAILED
/sbin/arytst: FAILED
/sbin/convertquota: FAILED
/sbin/detect_multipath: FAILED
/sbin/lsraid: FAILED
/sbin/mgetty: FAILED
/sbin/mkraid: FAILED
/sbin/quotacheck: FAILED
/sbin/quotaoff: FAILED
/sbin/quotaon: FAILED
/sbin/raid0run: FAILED
/sbin/raidhotadd: FAILED
/sbin/raidhotremove: FAILED
/sbin/raidreconf: FAILED
/sbin/raidsetfaulty: FAILED
/sbin/raidstart: FAILED
/sbin/raidstop: FAILED
/sbin/ypbind: FAILED
/etc/init.d/autofs: FAILED
/etc/init.d/ntpd: FAILED
/usr/bin/ac: FAILED
/usr/bin/lastcomm: FAILED
/usr/bin/rcp: FAILED
/usr/bin/rexec: FAILED
/usr/bin/rlogin: FAILED
/usr/bin/rsh: FAILED
/usr/sbin/accton: FAILED
/usr/sbin/dump-acct: FAILED
/usr/sbin/dump-utmp: FAILED
/usr/sbin/sa: FAILED
/sbin/accton: FAILED
/usr/bin/formail: FAILED
/usr/bin/lockfile: FAILED
/usr/bin/net: FAILED
/usr/bin/nmblookup: FAILED
/usr/bin/ntlm_auth: FAILED
/usr/bin/pdbedit: FAILED
/usr/bin/procmail: FAILED
/usr/bin/profiles: FAILED
/usr/bin/rpcclient: FAILED
/usr/bin/smbcacls: FAILED
/usr/bin/smbclient: FAILED
/usr/bin/smbcontrol: FAILED
/usr/bin/smbcquotas: FAILED
/usr/bin/smbmnt: FAILED
/usr/bin/smbmount: FAILED
/usr/bin/smbpasswd: FAILED
/usr/bin/smbspool: FAILED
/usr/bin/smbstatus: FAILED
/usr/bin/smbtree: FAILED
/usr/bin/smbumount: FAILED
/usr/bin/tdbbackup: FAILED
/usr/bin/tdbdump: FAILED
/usr/bin/tdbtool: FAILED
/usr/bin/testparm: FAILED
/usr/bin/testprns: FAILED
/usr/bin/wbinfo: FAILED
/usr/sbin/nmbd: FAILED
/usr/sbin/smbd: FAILED
/usr/sbin/winbindd: FAILED
/sbin/mount.smb: FAILED
/sbin/mount.smbfs: FAILED
/usr/bin/star: FAILED
/usr/bin/ustar: FAILEDRunning rkhunter I get the following:
Code:
[09:26:35] Performing filesystem checks
[09:26:35] Info: Starting test name 'filesystem'
[09:26:35] Info: SCAN_MODE_DEV set to 'THOROUGH'
[09:35:58] Checking /dev for suspicious file types [ Warning ]
[09:35:58] Warning: Suspicious file types found in /dev:
[09:35:58] /dev/MAKEDEV: ELF 32-bit LSB executable, Intel 80386, version 1 (SYSV), for GNU/Linux 2.2.5, dynami$
[09:35:59] Checking for hidden files and directories [ None found ]
[09:35:59]
[09:35:59] Info: Test 'apps' disabled at users request.
[09:35:59]
[09:35:59] System checks summary
[09:35:59] =====================
[09:35:59]
[09:35:59] File properties checks...
[09:35:59] Files checked: 132
[09:35:59] Suspect files: 0
[09:35:59]
[09:35:59] Rootkit checks...
[09:35:59] Rootkits checked : 114
[09:35:59] Possible rootkits: 0
Code:
INFECTED (PORTS: 465 6667)Am I worried for nothing here? If so is there any way to get LFD to get the checksums fixed up?
Many thanks in advance.
