The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

rootkit hunter

Discussion in 'General Discussion' started by Sheldon, Aug 16, 2004.

  1. Sheldon

    Sheldon Well-Known Member

    Joined:
    Jun 7, 2004
    Messages:
    378
    Likes Received:
    0
    Trophy Points:
    16
    Location:
    Canada
    * Application version scan
    - Exim MTA 4.34 [ OK ]
    - GnuPG 1.2.1 [ Vulnerable ]
    - Apache [unknown] [ OK ]
    - Bind DNS [unknown] [ OK ]
    - OpenSSL 0.9.7a [ Vulnerable ]
    - PHP 4.3.8 [ OK ]
    - PHP 4.3.8 [ OK ]
    - Procmail MTA 3.22 [ OK ]
    - OpenSSH 3.5p1 [ Vulnerable ]



    Security advisories
    * Check: Groups and Accounts
    Searching for /etc/passwd... [ Found ]
    Checking users with UID '0' (root)... [ OK ]

    * Check: SSH
    Searching for sshd_config...
    Found /etc/ssh/sshd_config
    Checking for allowed root login... [ OK (Remote root login disabled) ]
    Checking for allowed protocols... [ OK (Only SSH2 allowed) ]

    * Check: Events and Logging
    Search for syslog configuration... [ OK ]
    Checking for running syslog slave... [ OK ]
    Checking for logging to remote system... [ OK (no remote logging) ]


    procmail? why is this installed.. did cpanel install this?

    how can I update openssl and openssh without mucking cpanel up?

    and what is GnuPG and how can I update it?

    /etc/passwd [FOUND] is this bad?

    logging to remote system [ no remote logging] is this bad?


    * Filesystem checks
    Checking /dev for suspicious files... [ OK ]
    Scanning for hidden files...[ Warning! ]
    ---------------
    /etc/.pwd.lock
    ---------------
    Please inspect: /etc/.java (directory)


    .pwd.lock is a blank file
    I copied it to a different file and rm'd it

    /etc/.java is a directory with files all are empty as I can see.

    Any suggestions?
     
  2. eazistore

    eazistore Well-Known Member

    Joined:
    Nov 7, 2003
    Messages:
    70
    Likes Received:
    0
    Trophy Points:
    6
    Location:
    Singapore
    Hi Sheldon,

    I posted something about rkhunter 1.1.5 on 12/8/2004 at this link http://forums.cpanel.net/showthread.php?t=28079

    Seems like it's a know issue and false-positives.
     
  3. Joey3

    Joey3 Registered

    Joined:
    Feb 19, 2010
    Messages:
    1
    Likes Received:
    0
    Trophy Points:
    1
    eazistore, thank you so much for sharing about rkhunter 1.1.5. It helps me to resolve this issue and now i am fine.
     
  4. Spiral

    Spiral BANNED

    Joined:
    Jun 24, 2005
    Messages:
    2,023
    Likes Received:
    7
    Trophy Points:
    0
    Consider that program "informational" ....

    If you do not understand what it is telling you, probably not a good idea to be using it.

    Many things Rootkit Hunter reports fall in the "Duh! :rolleyes:" category being obvious, some items are purely informational and the general idea there is if something actually wrong that it would bring it to the surface so that you would take notice.

    Mainly you don't want any unusual errors or hits coming back on the "specific" rootkit checks as positive and take with a bit of caution reports about system file changes which might be system updates or something else and that you would need to find out separately.
     

Share This Page