rkhunter says __stack_chk_fail

audrey

Well-Known Member
Oct 18, 2006
114
5
168
Hi

Just downloaded rkhunter on all of my servers

rkhunter results say

Checking `passwd'... INFECTED

I am assuming that it is a false positive based on the results from the following commands

# md5sum /usr/local/cpanel/bin/jail_safe_passwd
57f916dd384d2e5bd502c55881bd2711 /usr/local/cpanel/bin/jail_safe_passwd

# md5sum /bin/passwd
792964343f6f916d8025bf9b1eb1e839 /bin/passwd
>>>>>>>>>>>>>>>>>>>

rkhunter results also say

Checking `bindshell'... INFECTED PORTS: ( 465)

I am thinking this is a false positive.
Is there a command to check if this is a false positive?

>>>>>>>>>>>>>>>>>>>>>

when I run this command
/root/chkrootkit-0.52/chkrootkit -x | more
rkhunter results say

__stack_chk_fail

any thoughts on what this means?

>>>>>>>>>>>>>>>>>>>>>>>>>

Is there another root kit script that can detect other/newer viruses and root kits?

Is there another anti virus software other than maldet?

Thanks for your help!

Take Care
Audrey
 

cPanelLauren

Product Owner
Staff member
Nov 14, 2017
13,297
1,259
313
Houston
Hi @audrey

I'm not sure what happened here but I will say that it may be best to err on the side of caution in this respect. There are other antimalware softwares like ClamAV and I believe Sucuri has something. Either way, can you please open a ticket using the link in my signature. Once open please reply with the Ticket ID here so that we can update this thread with the resolution once the ticket is resolved.


Thanks!
 

audrey

Well-Known Member
Oct 18, 2006
114
5
168
Hi Lauren

Thanks for your help.

I just submit a ticket
Your Support Request ID is: 10561521

Take Care
Audrey
 

cPanelLauren

Product Owner
Staff member
Nov 14, 2017
13,297
1,259
313
Houston
Hi @audrey

I checked in on the ticket and it was confirmed that the output is not something you need to be alarmed over the warnings you did get are known false positives.


Thanks!