rkhunter / chkrootkit
Hello,
it now it was a couple of days ago but I've to concern
another time to in this case a compromised woody system.
chkrootkit found nothing but rkhunter found quite a lot:
/bin/login /bin/su /usr/bin/locate /usr/sbin/useradd /usr/sbin/usermod
/usr/sbin/vip
All these binaries have been alerted within rkhunter.
I got a message like this [ and there was indeed an debian
update of passwd(login) but to get sure I need reilly competent
advices]:
Rootkit Hunter found some bad or unknown hashes. This can be happen due
replaced binaries or updated packages (which give other hashes). Be sure
your hashes are fully updated (rkhunter --update). If you're in doubt
about these hashes, contact the author ...
And another alert was this:
Checking /dev for suspicious files... [ Warning!
(unusual files found) ]
What's up now I would expect someone has replaced my /bin/login
binary which makes me feel unhappy or is there nothing to
worry about ?
- ProFTPd 1.2.5rc1 [Vulnerable ]
- OpenSSH 3.4p1 [Vulnerable ]
- GnuPG 1.0.6 [Vulnerable ]
Ok, this could be solved by compiling from sources and indeed I've to
do it.
At last there was this error messages:
Incorrect MD5 checksums: 6
Would this solve my problem and I've to update the hash within mkhunter as
describe avove ?
--
Best Regards,
Mark
Reply to: