The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

rkhunter - chkrootkit

Discussion in 'General Discussion' started by oderland, Nov 3, 2004.

  1. oderland

    oderland Well-Known Member
    PartnerNOC

    Joined:
    Dec 30, 2002
    Messages:
    103
    Likes Received:
    0
    Trophy Points:
    16
    Location:
    Kungsbacka, Sweden
    Hi there

    Wich one of those should we trust more?

    We have one server with a issue in cron mails sent fron rkhunter jobs:

    * MD5 scan
    MD5 compared : 0
    Incorrect MD5 checksums : 0

    but no problem runnig it from prmpt.

    chkrootkit say it found about 40 hidden processes from ps but that is just mysql porsesses
    and stunnel.

    Do not know wich one to trust n no 100% report
     
  2. sawbuck

    sawbuck Well-Known Member

    Joined:
    Jan 18, 2004
    Messages:
    1,367
    Likes Received:
    5
    Trophy Points:
    38
    cPanel Access Level:
    Root Administrator
    Rkhunter tends to be more reliable and certainly more often updated.
     
  3. richy

    richy Well-Known Member

    Joined:
    Jun 30, 2003
    Messages:
    276
    Likes Received:
    1
    Trophy Points:
    16
    Run both (I do).

    Check Rkhunter is up to date: we ran version which would not hash check files on our RHE3 boxes. Upgrading rkhunter - and suddenly hash checks started working properly for the first time. Of course, if it _was_ working correctly and is no longer and you haven't updated rkhunter and other systems (such as chkrootkit and tripwire and even /scripts/hackcheck) are reporting inconsistencies, then you've probably got a trojan/worm/virus on your machine which has deliberterly disabled Rkhunter to stop itself from being found...
     

Share This Page