[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

rkhunter / chkrootkit

Hello,

it now it was a couple of days ago but I've to concern
another time to in this case a compromised woody system.

chkrootkit found nothing but rkhunter found quite a lot:

/bin/login /bin/su /usr/bin/locate /usr/sbin/useradd /usr/sbin/usermod
/usr/sbin/vip

All these binaries have been alerted within rkhunter.

I got a message like this [ and there was indeed an debian
update of passwd(login) but to get sure I need reilly competent
advices]:

Rootkit Hunter found some bad or unknown hashes. This can be happen due
replaced binaries or updated packages (which give other hashes). Be sure
your hashes are fully updated (rkhunter --update). If you're in doubt
about these hashes, contact the author ...

And another alert was this:

  Checking /dev for suspicious files...                      [ Warning!
  (unusual files found) ]

What's up now I would expect someone has replaced my /bin/login
binary which makes me feel unhappy or is there nothing to 
worry about ?

- ProFTPd 1.2.5rc1                                         [Vulnerable ]
- OpenSSH 3.4p1                                            [Vulnerable ]
- GnuPG 1.0.6                                              [Vulnerable ]

Ok, this could be solved by compiling from sources and indeed I've to
do it.

At last there was this error messages:

Incorrect MD5 checksums: 6

Would this solve my problem and I've to update the hash within mkhunter as 
describe avove ? 

-- 
Best Regards,

Mark
Reply to: