Please whitelist cPanel in your adblocker so that you’re able to see our version release promotions, thanks!

The Community Forums

Interact with an entire community of cPanel & WHM users!

rootkit hunter

Discussion in 'General Discussion' started by Sheldon, Aug 16, 2004.

  1. Sheldon

    Sheldon Well-Known Member

    Jun 7, 2004
    Likes Received:
    Trophy Points:
    * Application version scan
    - Exim MTA 4.34 [ OK ]
    - GnuPG 1.2.1 [ Vulnerable ]
    - Apache [unknown] [ OK ]
    - Bind DNS [unknown] [ OK ]
    - OpenSSL 0.9.7a [ Vulnerable ]
    - PHP 4.3.8 [ OK ]
    - PHP 4.3.8 [ OK ]
    - Procmail MTA 3.22 [ OK ]
    - OpenSSH 3.5p1 [ Vulnerable ]

    Security advisories
    * Check: Groups and Accounts
    Searching for /etc/passwd... [ Found ]
    Checking users with UID '0' (root)... [ OK ]

    * Check: SSH
    Searching for sshd_config...
    Found /etc/ssh/sshd_config
    Checking for allowed root login... [ OK (Remote root login disabled) ]
    Checking for allowed protocols... [ OK (Only SSH2 allowed) ]

    * Check: Events and Logging
    Search for syslog configuration... [ OK ]
    Checking for running syslog slave... [ OK ]
    Checking for logging to remote system... [ OK (no remote logging) ]

    procmail? why is this installed.. did cpanel install this?

    how can I update openssl and openssh without mucking cpanel up?

    and what is GnuPG and how can I update it?

    /etc/passwd [FOUND] is this bad?

    logging to remote system [ no remote logging] is this bad?

    * Filesystem checks
    Checking /dev for suspicious files... [ OK ]
    Scanning for hidden files...[ Warning! ]
    Please inspect: /etc/.java (directory)

    .pwd.lock is a blank file
    I copied it to a different file and rm'd it

    /etc/.java is a directory with files all are empty as I can see.

    Any suggestions?
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  2. eazistore

    eazistore Well-Known Member

    Nov 7, 2003
    Likes Received:
    Trophy Points:
    Hi Sheldon,

    I posted something about rkhunter 1.1.5 on 12/8/2004 at this link

    Seems like it's a know issue and false-positives.
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  3. Joey3

    Joey3 Registered

    Feb 19, 2010
    Likes Received:
    Trophy Points:
    eazistore, thank you so much for sharing about rkhunter 1.1.5. It helps me to resolve this issue and now i am fine.
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  4. Spiral

    Spiral BANNED

    Jun 24, 2005
    Likes Received:
    Trophy Points:
    Consider that program "informational" ....

    If you do not understand what it is telling you, probably not a good idea to be using it.

    Many things Rootkit Hunter reports fall in the "Duh! :rolleyes:" category being obvious, some items are purely informational and the general idea there is if something actually wrong that it would bring it to the surface so that you would take notice.

    Mainly you don't want any unusual errors or hits coming back on the "specific" rootkit checks as positive and take with a bit of caution reports about system file changes which might be system updates or something else and that you would need to find out separately.

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice