rkhunter false positive warnings

M

MNSY

Member
Dec 29, 2011
8
0
51
cPanel Access Level
Root Administrator
Hi,

I received these warnings in rkhunter result, i want to know its false positive warning or really something is wrong in server?

# rkhunter -c --rwo
Warning: The command '/sbin/ifdown' has been replaced by a script: /sbin/ifdown: Bourne-Again shell script text executable
Warning: The command '/sbin/ifup' has been replaced by a script: /sbin/ifup: Bourne-Again shell script text executable
Warning: The file properties have changed:
File: /bin/passwd
Current hash: 42e6b3ae4d732e63e81a6da2e1a687e13f8ea67a
Stored hash : 99664d643fb0f29ea6316f2f6c20bb0129660b2d
Warning: The file properties have changed:
File: /usr/sbin/adduser
Current hash: 2d823ef1ef4a17de1fa5c2da88102af7e24889e0
Stored hash : 57e72e2da41be55dcaa60064af9550b29aab8a8e
Current file modification time: 1428437472 (08-Apr-2015 00:11:12)
Stored file modification time : 1424535419 (21-Feb-2015 20:16:59)
Warning: The file properties have changed:
File: /usr/sbin/groupadd
Current file modification time: 1428400344 (07-Apr-2015 13:52:24)
Stored file modification time : 1413380047 (15-Oct-2014 17:34:07)
Warning: The file properties have changed:
File: /usr/sbin/groupdel
Current file modification time: 1428400344 (07-Apr-2015 13:52:24)
Stored file modification time : 1413380047 (15-Oct-2014 17:34:07)
Warning: The file properties have changed:
File: /usr/sbin/groupmod
Current file modification time: 1428400344 (07-Apr-2015 13:52:24)
Stored file modification time : 1413380047 (15-Oct-2014 17:34:07)
Warning: The file properties have changed:
File: /usr/sbin/grpck
Current file modification time: 1428400344 (07-Apr-2015 13:52:24)
Stored file modification time : 1413380047 (15-Oct-2014 17:34:07)
Warning: The file properties have changed:
File: /usr/sbin/pwck
Current file modification time: 1428400344 (07-Apr-2015 13:52:24)
Stored file modification time : 1413380047 (15-Oct-2014 17:34:07)
Warning: The file properties have changed:
File: /usr/sbin/useradd
Current hash: 2d823ef1ef4a17de1fa5c2da88102af7e24889e0
Stored hash : 57e72e2da41be55dcaa60064af9550b29aab8a8e
Current file modification time: 1428400344 (07-Apr-2015 13:52:24)
Stored file modification time : 1413380047 (15-Oct-2014 17:34:07)
Warning: The file properties have changed:
File: /usr/sbin/userdel
Current file modification time: 1428400344 (07-Apr-2015 13:52:24)
Stored file modification time : 1413380047 (15-Oct-2014 17:34:07)
Warning: The file properties have changed:
File: /usr/sbin/usermod
Current hash: 8e7fc345a2b26f6001eb23c968f85e83231fa494
Stored hash : 7142f1a47df44f41a080544ee56713023e3347de
Current file modification time: 1428400344 (07-Apr-2015 13:52:24)
Stored file modification time : 1413380047 (15-Oct-2014 17:34:07)
Warning: The file properties have changed:
File: /usr/sbin/vipw
Current file modification time: 1428400344 (07-Apr-2015 13:52:24)
Stored file modification time : 1413380047 (15-Oct-2014 17:34:07)
Warning: The file properties have changed:
File: /usr/bin/curl
Current hash: Unavailable
Stored hash : 375b8a15b1cc2efa15448d9fcc606cd81af3ef51
Try running the command 'prelink /usr/bin/curl' to resolve dependency errors.
Warning: The command '/usr/bin/GET' has been replaced by a script: /usr/bin/GET: a /usr/bin/perl -w script text executable
Warning: The file properties have changed:
File: /usr/bin/lastlog
Current file modification time: 1428400344 (07-Apr-2015 13:52:24)
Stored file modification time : 1413380047 (15-Oct-2014 17:34:07)
Warning: The file properties have changed:
File: /usr/bin/ldd
Current file modification time: 1432737858 (27-May-2015 18:44:18)
Stored file modification time : 1422386449 (27-Jan-2015 23:20:49)
Warning: The command '/usr/bin/ldd' has been replaced by a script: /usr/bin/ldd: Bourne-Again shell script text executable
Warning: The file properties have changed:
File: /usr/bin/lynx
Current hash: Unavailable
Stored hash : 3fe5f3797c47b672ed7a2e4285e07770e2e83fde
Try running the command 'prelink /usr/bin/lynx' to resolve dependency errors.
Warning: The file properties have changed:
File: /usr/bin/newgrp
Current permissions: 4755 Stored permissions: 0755
Current file modification time: 1428400341 (07-Apr-2015 13:52:21)
Stored file modification time : 1413380045 (15-Oct-2014 17:34:05)
Warning: The file properties have changed:
File: /usr/bin/wget
Current hash: Unavailable
Stored hash : e4a0f169df4dbaaf6ae8a6eb7a4858f3624caa1f
Try running the command 'prelink /usr/bin/wget' to resolve dependency errors.
Warning: The command '/usr/bin/whatis' has been replaced by a script: /usr/bin/whatis: POSIX shell script text executable
Warning: The file properties have changed:
File: /usr/local/cpanel/bin/jail_safe_passwd
Current hash: 42e6b3ae4d732e63e81a6da2e1a687e13f8ea67a
Stored hash : 99664d643fb0f29ea6316f2f6c20bb0129660b2d
Current size: 15231975 Stored size: 14743530
Current file modification time: 1430770387 (05-May-2015 00:13:07)
Stored file modification time : 1424555060 (22-Feb-2015 01:44:20)
Click to expand...
Best Regards
 
A

ameran

Member
Jan 31, 2016
8
0
1
USA
cPanel Access Level
Website Owner
MNSY said:
I updated rkhunter by command
Code: 
rkhunter --propupd
and most warnings had gone,
Thanks.
Click to expand...
Hi MSNY,
You said that you used the command "rkhunter --propupd" and the most warnings were gone. Do you think, it is okay to run this command even I have the latest version?

Thanks,
ameran
 
You must log in or register to reply here.
Thread starter Similar threads Forum Replies Date
L RKHunter report question Security 1
chanklish rkhunter explanation Security 1
A rkhunter says __stack_chk_fail Security 4
ronaldst rkhunter warning package manager verification has failed Security 4
M rkhunter, TCP port 1524, false positive? Security 0
Similar threads
RKHunter report question
rkhunter explanation
rkhunter says __stack_chk_fail
rkhunter warning package manager verification has failed
rkhunter, TCP port 1524, false positive?
Top Bottom