Results 1 to 6 of 6
  1. #1
    Join Date
    Nov 2006
    Posts
    35

    Is immutable-bit set on wget an rkhunter false positive or do i worry?

    Got this error on rkhunter 1.3.2
    [12:16:24] /usr/bin/wget [ Warning ]
    [12:16:24] Warning: File '/usr/bin/wget' has the immutable-bit set.
    Is that a concern? What does it mean?

  2. #2
    Join Date
    Nov 2006
    Posts
    35
    Let me add a couple others that concern me (still going through it):

    [12:17:18] Info: Using inetd configuration file '/etc/inetd.conf'
    [12:17:18] Checking for enabled inetd services [ Warning ]
    [12:17:18] Warning: Found enabled inetd service: telnet
    [12:17:18] Warning: Found enabled inetd service: talk
    [12:17:18] Warning: Found enabled inetd service: ntalk
    [12:17:20] Checking '/etc/xinetd.d/ntalk' for enabled services [ Warning ]
    [12:17:20] Checking '/etc/xinetd.d/pop-3' for enabled services [ Warning ]
    [12:17:21] Checking '/etc/xinetd.d/talk' for enabled services [ Warning ]
    [12:17:21] Checking for enabled xinetd services [ Warning ]
    [12:17:21] Warning: Found enabled xinetd service: /etc/xinetd.d/ntalk
    [12:17:21] Warning: Found enabled xinetd service: /etc/xinetd.d/pop-3
    [12:17:21] Warning: Found enabled xinetd service: /etc/xinetd.d/talk
    [12:17:54] Checking for hidden files and directories [ Warning ]
    [12:17:54] Warning: Hidden file found: /usr/share/man/man1/..1.gz: gzip compressed data, from Unix, max compression
    [12:17:55] Checking version of GnuPG [ Warning ]
    [12:17:56] Warning: Application 'gpg', version '1.2.1', is out of date, and possibly a security risk.
    [12:17:56] Checking version of OpenSSL [ Warning ]
    [12:17:56] Warning: Application 'openssl', version '0.9.7a', is out of date, and possibly a security risk.
    [12:17:57] Info: Application 'proftpd' not found.
    [12:17:57] Checking version of OpenSSH [ Warning ]
    [12:17:57] Warning: Application 'sshd', version '3.6.1p2', is out of date, and possibly a security risk.
    I don't know what talk and ntalk is, but they don't sound like something I'd want.

    pop-3, hmm...

    I thought I disabled telnet somewhere following a tutorial when I first secured my server...this makes it seem that it's enabled.

    Do I need to update those programs (openssh etc)? I think I'm still on RHEL 3, and I've been burned in the past with up2date downgrading mysql and corrupting some data. I'll have to figure out how to check RHEL version...going to google after hitting send.

    Thanks all!

    BTW, in case it helps, this is a cpanel server.

  3. #3
    Join Date
    Apr 2005
    Posts
    1,711
    I think you need to upgrade to RHEL5

  4. #4
    Join Date
    Nov 2006
    Posts
    35
    Why? Is there something wrong with RHEL 3?

  5. #5
    immutable-bit is a file permission that won't allow write access to a file even if the write permission is enabled. That shouldn't cause any problems with wget unless you try to update it and the update program does not check to see if the immutable-bit is set.

    Talk is a program that lets users logged into a system IM each other through the UNIX shell. It also looks like you are running ntalk, or network-talk, which is a listening network service. You need to look into using up2date to get your packages/programs updated. Gnupg is already up to version 1.4.8.
    Enterprise IT Professional, Former Web Hosting Tech.

  6. #6
    Join Date
    Nov 2006
    Posts
    35
    Quote Originally Posted by greg14unix View Post
    immutable-bit is a file permission that won't allow write access to a file even if the write permission is enabled. That shouldn't cause any problems with wget unless you try to update it and the update program does not check to see if the immutable-bit is set.
    Ah..

    Talk is a program that lets users logged into a system IM each other through the UNIX shell. It also looks like you are running ntalk, or network-talk, which is a listening network service.
    Maybe the folks at the Planet are running that to talk to each other? If so then I guess I should leave it...else I'd love to get rid of it if I knew how.

    You need to look into using up2date to get your packages/programs updated. Gnupg is already up to version 1.4.8.
    Hmm, I don't even know what Gnups is... Damn I recently learned a bit about up2date and did some updates, but it was on another server. I guess I forgot to look at this one because I thought cpanel did this stuff automatically.

    OK, I just checked and there's a bunch of stuff that up2date -l showed can be updated. Then these are marked to be skipped...though I don't know why.


    kernel 2.4.21 53.ELPkg name/pattern
    perl 5.8.0 97.EL3Pkg name/pattern
    squirrelmail 1.4.8 6.el3Pkg name/pattern

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •