Results 1 to 7 of 7
  1. #1
    Join Date
    Oct 2006
    Posts
    210

    Rkhunter (Rootkit Hunter) warnings please help

    Hi,

    I am getting the following warnings please help me fixing:

    Checking version of OpenSSL [ Warning ]

    Checking for hidden files and directories [ Warning ]

    Checking /dev for suspicious file types [ Warning ]

    Checking if SSH root access is allowed [ Warning ]

    /sbin/ifdown [ Warning ]
    Warning: The command '/sbin/ifdown' has been replaced by a script: /sbin/ifdown: Bourne-Again shell script text executable

    /sbin/ifup [ Warning ]
    [20:44:12] Warning: The command '/sbin/ifup' has been replaced by a script: /sbin/ifup: Bourne-Again shell script text executable

    /usr/bin/GET [ Warning ]
    Warning: The command '/usr/bin/GET' has been replaced by a script: /usr/bin/GET: a /usr/bin/perl -w script text executable


    /usr/bin/ldd [ Warning ]
    Warning: The command '/usr/bin/ldd' has been replaced by a script: /usr/bin/ldd: Bourne-Again shell script text executable


    /usr/bin/whatis [ Warning ]
    Warning: The command '/usr/bin/whatis' has been replaced by a script: /usr/bin/whatis: POSIX shell script text executable

  2. #2
    Join Date
    Feb 2012
    Location
    Castle Discordia
    Posts
    231
    Those last five are false positives and can be ignored.

  3. #3
    Join Date
    Oct 2006
    Posts
    210
    Quote Originally Posted by ChickCoder View Post
    Those last five are false positives and can be ignored.
    how about the other ones?

  4. #4
    Join Date
    Feb 2012
    Location
    Castle Discordia
    Posts
    231
    I've gotten the first three warnings and my vps provider said they're nothing to worry about. This has gone on for over three months and issues with the vps so I guess it's OK. But someone more techie than I would know better. I'm still learning my own way around all this.

    As for the fourth, if you have SSH root access allowed you should disable it.

    Maybe someone more knowledgeable than I will chime in to help you out.

  5. #5
    Join Date
    Aug 2003
    Location
    Chicago, IL USA
    Posts
    2,781
    Post your rkhunter.log as it should give the reasoning for the warnings. Could be outdated software and the fact you shouldn't allow remote root.
    CloudRck.com - Host on Cloudrck
    Unmetered VPS Solutions at it's finest

  6. #6
    Join Date
    Oct 2006
    Posts
    210

  7. #7
    Join Date
    Aug 2003
    Location
    Chicago, IL USA
    Posts
    2,781
    Quote Originally Posted by khanbaba View Post
    Seems fine. Check /dev/.udev/db/* to make sure those are legit to be on the safe side. Than whitelist them.

    OpenSSL apears to be out of date (could have security patches, but I don't know your setup), and it doesn't like that you allow root ssh. Latest OpenSSL is 1.0.1e
    CloudRck.com - Host on Cloudrck
    Unmetered VPS Solutions at it's finest

Similar Threads

  1. rootkit hunter or ...?
    By mixmox in forum Hosting Security and Technology
    Replies: 4
    Last Post: 01-20-2010, 01:13 AM
  2. Rootkit Hunter
    By HostingFields in forum Hosting Software and Control Panels
    Replies: 6
    Last Post: 12-22-2009, 05:35 AM
  3. Rootkit Hunter 1.2.4
    By sehe in forum Hosting Security and Technology
    Replies: 3
    Last Post: 04-25-2005, 10:59 PM
  4. Rootkit Hunter 1.2.2
    By sehe in forum Hosting Security and Technology
    Replies: 1
    Last Post: 03-18-2005, 02:26 PM
  5. Rootkit Hunter
    By Domenico in forum Hosting Security and Technology
    Replies: 27
    Last Post: 04-22-2004, 09:07 AM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •