RKhunter Report Assistance

[furquan]

Hello Everyone,

I have received RKhunter report from my server, saying to inspect it, Can anybody on board, Please view my log file and suggest a recourse ,

Warning: File '/var/tmp/yum-zabbix-FmPFhh/x86_64/6/letsencrypt-cpanel/a9b30a69632884ea8563715899da72bbe29e9dc14861e56c8a795eea9530762f-primary.sqlite' (score: 210) contains some suspicious content and should be checked.
Warning: File '/var/tmp/yum-zabbix-FmPFhh/x86_64/6/letsencrypt-cpanel/303fe8cf5695c872b496cda0432da7dbf333084b7e4d4136ba6876ffbe857c92-primary.sqlite' (score: 210) contains some suspicious content and should be checked.
Warning: File '/var/tmp/yum-zabbix-FmPFhh/x86_64/6/letsencrypt-cpanel/522618658edb679fbe08f90154ebb2f41b70fbcfd59ec6666f0f0ab0f4a54aa4-primary.sqlite' (score: 210) contains some suspicious content and should be checked.
Warning: File '/var/tmp/yum-zabbix-FmPFhh/x86_64/6/letsencrypt-cpanel/340453fda5b7faedeaf5b2aba2d108a512ff129372624c1b32dbd7acc0153faa-primary.sqlite' (score: 210) contains some suspicious content and should be checked.
Warning: File '/var/tmp/yum-zabbix-FmPFhh/x86_64/6/letsencrypt-cpanel/46c97d0c02afab94a1edfde0edc191f2e3a69189dec570346a1e88e7ea520aa8-primary.sqlite' (score: 220) contains some suspicious content and should be checked.
Warning: File '/var/tmp/yum-zabbix-FmPFhh/x86_64/6/timedhosts.txt' (score: 230) contains some suspicious content and should be checked.
Warning: File '/var/tmp/yum-zabbix-FmPFhh/x86_64/6/zabbix/primary.xml.gz.sqlite' (score: 250) contains some suspicious content and should be checked.
Warning: File '/var/tmp/yum-zabbix-FmPFhh/x86_64/6/vz-base/primary.xml.gz.sqlite' (score: 230) contains some suspicious content and should be checked.
Warning: File '/var/tmp/yum-zabbix-FmPFhh/x86_64/6/updates/f9ba18b824d0117a2d8811623a6e972c532602e517b835980e467aefb656f590-primary.sqlite' (score: 280) contains some suspicious content and should be checked.
Warning: File '/var/tmp/yum-zabbix-FmPFhh/x86_64/6/cpanel-addons-production-feed/493c84f52de21f15742d217e16d7223a725b8d0c1371d4ef12acdce5b56764be-primary.sqlite' (score: 210) contains some suspicious content and should be checked.
Warning: File '/var/tmp/yum-zabbix-FmPFhh/x86_64/6/cpanel-addons-production-feed/f246a240bc566ed671fc1bb3b0a83cb781584ca2c12bc521a5c3f12f6aeab788-primary.sqlite' (score: 230) contains some suspicious content and should be checked.
Warning: File '/var/tmp/yum-zabbix-FmPFhh/x86_64/6/cpanel-addons-production-feed/96ad31befdebee545a8b804c9bd82a99a1bb503ab42a86ee39be612e48af962c-primary.sqlite' (score: 240) contains some suspicious content and should be checked.
Warning: File '/var/tmp/yum-zabbix-FmPFhh/x86_64/6/cpanel-addons-production-feed/133dd024d245f8744bd4f9dbf00d2fda0323dd8014ffa26342a345100c7913d1-primary.sqlite' (score: 210) contains some suspicious content and should be checked.
Warning: File '/var/tmp/yum-zabbix-FmPFhh/x86_64/6/vz-updates/primary.xml.gz.sqlite' (score: 230) contains some suspicious content and should be checked.
Warning: File '/var/tmp/yum-zabbix-FmPFhh/x86_64/6/extras/10ad16f4d694631e494de50f922f67b655e509ea9641477c354e340c48d03cbc-primary.sqlite' (score: 241) contains some suspicious content and should be checked.
Warning: File '/var/tmp/yum-zabbix-FmPFhh/x86_64/6/extras/1b43133bfe09067a4816563f80792c23ae179d4652ba74dad71372d315a9632d-primary.sqlite' (score: 251) contains some suspicious content and should be checked.
Warning: File '/var/tmp/yum-zabbix-FmPFhh/x86_64/6/zabbix-non-supported/primary.xml.gz.sqlite' (score: 210) contains some suspicious content and should be checked.
Warning: Checking for files with suspicious contents [ Warning ]
Warning: No output found from the lsmod command or the /proc/modules file:
         /proc/modules output:
         lsmod output:
Warning: The SSH and rkhunter configuration options should be the same:
         SSH configuration option 'PermitRootLogin': without-password
         Rkhunter configuration option 'ALLOW_SSH_ROOT_USER': no
Warning: Suspicious file types found in /dev:
         /dev/.udev/queue.bin: data
Warning: Hidden directory found: /dev/.udev
Warning: Hidden file found: /usr/share/man/man5/.k5identity.5.gz: gzip compressed data, from Unix, max compression
Warning: Hidden file found: /usr/share/man/man5/.k5login.5.gz: gzip compressed data, from Unix, max compression
Warning: Hidden file found: /usr/share/man/man1/..1.gz: gzip compressed data, from Unix, max compression
Warning: Hidden file found: /usr/bin/.ssh.hmac: ASCII text
Warning: Hidden file found: /usr/bin/.fipscheck.hmac: ASCII text
Warning: Hidden file found: /usr/sbin/.sshd.hmac: ASCII text
Warning: Application 'openssl', version '1.0.1e', is out of date, and possibly a security risk.

Thank you,

 

[cPanelMichael]

Hello,

It's very possible the alerts in the output you provided are false positives, however it's difficult to provide specific security advice without access to the affected system. Have you reviewed the files listed in your output to see if anything within the files look suspicious? You can find a list of qualified system administrators on the following URL if you'd like help with a full security scan of your system:

System Administration Services | cPanel Forums

Thank you.

 

[quizknows]

I agree with Michael, most likely these are false positives. Unless you have other reason to believe the system is compromised you are likely OK, but if you have doubts then you should have a sysadmin poke around.

 

[furquan]

Thank you Michael and Quizknows for your wise words