rkhunter - System tools - syslogd bad?

noimad1

Well-Known Member
Mar 27, 2003
626
0
166
I got this output from my rkhunter....

* System tools
Performing 'known good' check...
/sbin/ifconfig [ OK ]
/usr/bin/watch [ OK ]
/usr/bin/w [ OK ]
/usr/bin/whoami [ OK ]
/usr/bin/who [ OK ]
/usr/bin/users [ OK ]
/usr/bin/stat [ OK ]
/usr/bin/sha1sum [ OK ]
/usr/bin/kill [ OK ]
/usr/bin/find [ OK ]
/usr/bin/file [ OK ]
/usr/bin/pstree [ OK ]
/usr/bin/killall [ OK ]
/usr/bin/lsattr [ OK ]
/bin/mount [ OK ]
/bin/netstat [ OK ]
/bin/egrep [ OK ]
/bin/fgrep [ OK ]
/bin/grep [ OK ]
/bin/cat [ OK ]
/bin/chmod [ OK ]
/bin/chown [ OK ]
/bin/env [ OK ]
/bin/ls [ OK ]
/bin/su [ OK ]
/bin/ps [ OK ]
/bin/dmesg [ OK ]
/bin/kill [ OK ]
/bin/login [ OK ]
/sbin/chkconfig [ OK ]
/sbin/depmod [ OK ]
/sbin/insmod [ OK ]
/sbin/modinfo [ OK ]
/sbin/sysctl [ OK ]
/sbin/syslogd [ BAD ]
/sbin/init [ OK ]
/sbin/runlevel [ OK ]


MD5
MD5 compared: 50
Incorrect MD5 checksums: 1


Now, how do I know it is for sure bad, and if it is, how do I fix? Will a upcp fix it?
 

chirpy

Well-Known Member
Verifed Vendor
Jun 15, 2002
13,453
31
473
Go on, have a guess
Are you running the latest rkhunter (v1.2.0) with the latest updates:

rkhunter --update

If you are, what OS are you running and what is the rpm installed version for sysklogd:

rpm -q sysklogd
 

noimad1

Well-Known Member
Mar 27, 2003
626
0
166
chirpy said:
Are you running the latest rkhunter (v1.2.0) with the latest updates:

rkhunter --update

If you are, what OS are you running and what is the rpm installed version for sysklogd:

rpm -q sysklogd

Old version...good call. I thought we were running up to date versions on all systems, but this server had a really old version....

Thanks!
 

webits

Well-Known Member
May 15, 2004
114
0
166
I'VE SAME problem with Rkhunter

I've the latest Rkhunter

I get the following Errors when i receive an e-mail :((

/sbin/depmod [ BAD ]
/sbin/insmod [ BAD ]
/sbin/lsmod [ BAD ]
/sbin/modinfo [ BAD ]
/sbin/modprobe [ BAD ]

- /usr/local/etc/rc.local [ Not found ]
- /usr/local/etc/rc.d/rc.local [ Not found ]
- /etc/conf.d/local.start [ Not found ]
- /etc/init.d/boot.local [ Not found ]



I'm using
sysklogd-1.4.1-13

can anyone help please.
 
Last edited:

eth00

Well-Known Member
PartnerNOC
Mar 30, 2003
721
1
168
NC
cPanel Access Level
Root Administrator
webits said:
I've the latest Rkhunter

I get the following Errors when i receive an e-mail :((

/sbin/depmod [ BAD ]
/sbin/insmod [ BAD ]
/sbin/lsmod [ BAD ]
/sbin/modinfo [ BAD ]
/sbin/modprobe [ BAD ]
Have you upgraded your kernel to a 2.6.x kernel recently OR attempted to? That looks like you installed modtools from source. It could be the sign up more problems but it also may not be.
 

eth00

Well-Known Member
PartnerNOC
Mar 30, 2003
721
1
168
NC
cPanel Access Level
Root Administrator
webits said:
Yeah tried to but didn't come right, I think I'll leave it in the hands of Proffesioanls to update
So you did update the module-tools? If so you are fine, that is just because rkhunter only recognizes the rpm version.
 

webits

Well-Known Member
May 15, 2004
114
0
166
Yeah tried to but didn't come right, I think I'll leave it in the hands of Proffesioanls to update
 

eth00

Well-Known Member
PartnerNOC
Mar 30, 2003
721
1
168
NC
cPanel Access Level
Root Administrator
webits said:
Yeah tried to but didn't come right, I think I'll leave it in the hands of Proffesioanls to update
So you did update the module-tools? If so you are fine, that is just because rkhunter only recognizes the rpm version and not the source version you installed.