* Selftests
Strings (command) [ OK ]


* System tools
Performing 'known good' check...
/bin/cat [ OK ]
/bin/chmod [ OK ]
/bin/chown [ OK ]
/bin/dmesg [ OK ]
/bin/egrep [ BAD ]
/bin/env [ OK ]
/bin/fgrep [ BAD ]]
/bin/grep [ BAD ] [/COLOR]
/bin/kill [ OK ]
/bin/login [ OK ]
/bin/ls [ OK ]
/bin/mount [ OK ]
/bin/netstat [ OK ]
/bin/ps [ BAD ] ]
/bin/su [ OK ]
/sbin/chkconfig [ BAD ]]
/sbin/depmod [ BAD ]]
/sbin/ifconfig [ OK ]
/sbin/init [ OK ]
/sbin/insmod [ BAD ]]
/sbin/modinfo [ BAD ]]
/sbin/runlevel [ OK ]
/sbin/sysctl [ BAD ]]
/sbin/syslogd [ BAD ]]
/usr/bin/file [ OK ]
/usr/bin/find [ OK ]
/usr/bin/groups [ OK ]
/usr/bin/kill [ OK ]
/usr/bin/killall [ OK ]
/usr/bin/lsattr [ OK ]
/usr/bin/pstree [ OK ]
/usr/bin/sha1sum [ OK ]
/usr/bin/stat [ OK ]
/usr/bin/users [ OK ]
/usr/bin/w [ BAD ]]
/usr/bin/watch [ BAD ]]
/usr/bin/who [ OK ]
/usr/bin/whoami [ OK ]


MD5
MD5 compared: 48
Incorrect MD5 checksums: 12

File scan
Scanned files: 314
Possible infected files: 0
Possible rootkits:

---------------------------------------
What should i do to correct this , and by the way this was not showing the past three months , it only begins to show a week ago.

Use rpm to check binaries: rpm -V procps as sample.
Or maybe you update OS and forget update rkhunter? rkhunter --update

Greetings:

1. Use the latest rkhunter which is 1.1.18.

2. Use rkhunter --update to update the md5 database that rkhunter uses.

3. Consider using chkrootkit from http://www.chkrootkit.org/ alongside root kit hunter.

Thank you.

what os/distro/version your running?

thanks alot kind guys

i can see an error after typing > rkhunter --update
Running updater...
Fatal error. Missing line 'UPDATEFILEINFO=' or wrong file
Ready.



does anyone know why ?

and i still have the same problem even after running the rpm -V command

i am running Linux redhat enterprise

2.4.21-9.ELsmp

run:
rpm -V procps

what you see ?

which rootkit hunter version your using? latest?

run, and tell us what it does return
rpm -qf /bin/egrep
rpm -qf /bin/ps
rpm -qf /sbin/chkconfig
rpm -qf /sbin/insmod
rpm -qf /sbin/sysctl
rpm -qf /sbin/syslogd
rpm -qf /usr/bin/w
rpm -qf /usr/bin/watch

and "cat /etc/redhat-release"

First step upgrade your kernel: 2.4.21-9.ELsmp pretty old.
Second step:

http://downloads.rootkit.nl/rkhunter-1.1.8.tar.gz

upgrade.

If bad md5sum continues after, you may have a problem.

sehe <== it gives the following
grep-2.5.1-24.1
procps-2.0.17-10
chkconfig-1.3.11-0.3
modutils-2.4.25-13.EL
procps-2.0.17-10
sysklogd-1.4.1-12.3
procps-2.0.17-10
procps-2.0.17-10


andreyka <== after i run rpm -V procps , i see nothing

thelinuxguy < == thanks for the advice .. i ll do what you say and see

Those are new versions of the programs that it doesn't have the proper MD5 sum list for most likely. We have one machine that was not upgraded that shows older versions of the same apps and the upgraded machines all have newer versions. Rkhunter just needs to be updated. Make sure you run chkrootkit in conjunction to rkhunter to make sure you are just seeing discreapencies in tables.

i now have no problem after i updated to the version 1.1.8
thanks every body who tried to help and special thanks for the samrt linux guy

Goof news. If you view output, then /bin/ps is not changed, then no trojans on you server.