The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Rkhunter Issues

Discussion in 'General Discussion' started by maverick23, Jun 1, 2005.

  1. maverick23

    maverick23 Well-Known Member

    Joined:
    Feb 23, 2005
    Messages:
    92
    Likes Received:
    0
    Trophy Points:
    6
    cPanel Access Level:
    DataCenter Provider
    HI,

    I was running rkhunter on my system for everything it gives a OK result but for a few things it gives given below response....

    Suspicious files and malware
    Scanning for known rootkit strings [ OK ]
    Scanning for known rootkit files [ OK ]
    Testing running processes... [ BAD ]
    Miscellaneous Login backdoors [ OK ]
    Miscellaneous directories [ OK ]
    Software related files [ OK ]
    Sniffer logs [ OK ]

    Application version scan
    - Exim MTA 4.44 [ OK ]
    - GnuPG 1.2.1 [ Old or patched version ]
    - Apache [unknown] [ OK ]
    - Bind DNS [unknown] [ OK ]
    - OpenSSL 0.9.7a [ Old or patched version ]
    - PHP 4.3.2 [ Old or patched version ]
    - PHP 4.3.10 [ Old or patched version ]

    - Procmail MTA 3.22 [ OK ]
    - OpenSSH 3.6.1p2 [ Old or patched version ]

    can any one help me on this as what is this ... is it harmful or i should ignore it....

    At the moment i am running WHM 10.1.0 cPanel 10.2.0-S83 on RedHat Enterprise 3 i686 - WHM X v3.1.0

    PL. leme know if everything is fine... or if something is wrong then how do i correct it..

    Thanks,
    Rajat
     
  2. webignition

    webignition Well-Known Member

    Joined:
    Jan 22, 2005
    Messages:
    1,880
    Likes Received:
    0
    Trophy Points:
    36
    Looks fine to me, as its more or less the same as I have and as far as I know everything is OK:

    Code:
       - Exim MTA 4.50   [ OK ]
       - GnuPG 1.2.1   [ Old or patched version ]
       - Apache [unknown]   [ OK ]
       - Bind DNS [unknown]   [ OK ]
       - OpenSSL 0.9.7a   [ Old or patched version ]
       - PHP 4.3.11   [ OK ]
       - PHP 4.3.11   [ OK ]
       - Procmail MTA 3.22   [ OK ]
       - OpenSSH 3.6.1p2   [ Old or patched version ]
    Although I notice that your PHP versions are not listed as the same. I'm assuming that one is cPanel's internal PHP and the other the public PHP.

    One thing of interest, which I've not spotted before, is Procmail MTA. Surely this is not needed as cPanel uses Exim.

    Any suggestions on whether it is safe to remove Promail and, if so, how? Just a normal RPM removal?
     
  3. GOT

    GOT Get Proactive!

    Joined:
    Apr 8, 2003
    Messages:
    900
    Likes Received:
    0
    Trophy Points:
    16
    Location:
    Norfolk, VA
    cPanel Access Level:
    DataCenter Provider
    Normal RPM removal should be fine.
     
  4. nickb

    nickb Well-Known Member

    Joined:
    Feb 25, 2005
    Messages:
    347
    Likes Received:
    0
    Trophy Points:
    16
    Location:
    India
    Run #rkhunter -c --createlogfile ....it will create /var/log/rkhunter.log with scanning detail...it looks like some of your MD5 hashes don't match....so u can try out rkhunter with update option to update database check the rkhunter -h for more info.
     
    #4 nickb, Jun 2, 2005
    Last edited: Jun 2, 2005
Loading...

Share This Page