[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

system compromised

Hi,

I ran rkhunter on my debian 5 vps and got all these warnings:

$ grep Warning rkhunter.log 
[06:47:36] Warning: Checking for prerequisites               [ Warning ]
[06:47:36] Warning: WARNING! It is the users responsibility to ensure that when the '--propupd' option
[06:47:39] /bin/which                                        [ Warning ]
[06:47:39] Warning: The command '/bin/which' has been replaced by a script: /bin/which: POSIX shell script text executable
[06:47:40] /usr/bin/groups                                   [ Warning ]
[06:47:40] Warning: The command '/usr/bin/groups' has been replaced by a script: /usr/bin/groups: POSIX shell script text executable
[06:47:40] /usr/bin/ldd                                      [ Warning ]
[06:47:40] Warning: The command '/usr/bin/ldd' has been replaced by a script: /usr/bin/ldd: Bourne-Again shell script text executable
[06:47:43] /usr/bin/lwp-request                              [ Warning ]
[06:47:43] Warning: The command '/usr/bin/lwp-request' has been replaced by a script: /usr/bin/lwp-request: a /usr/bin/perl -w script text executable
[06:47:45] /usr/sbin/adduser                                 [ Warning ]
[06:47:45] Warning: The command '/usr/sbin/adduser' has been replaced by a script: /usr/sbin/adduser: a /usr/bin/perl script text executable
[06:49:35]     Checking for string 'hdparm'                  [ Warning ]
[06:49:36] Warning: Checking for possible rootkit strings    [ Warning ]
[06:49:37]   Checking for enabled inetd services             [ Warning ]
[06:49:38] Warning: Found enabled inetd service: talk
[06:49:38] Warning: Found enabled inetd service: ntalk
[06:49:38]   Checking loaded kernel modules                  [ Warning ]
[06:49:38] Warning: No output found from the lsmod command or the /proc/modules file:
[06:51:07]   Checking if SSH root access is allowed          [ Warning ]
[06:51:07] Warning: The SSH and rkhunter configuration options should be the same:
[06:51:25]   Checking version of GnuPG                       [ Warning ]
[06:51:25] Warning: Application 'gpg', version '1.4.9', is out of date, and possibly a security risk.
[06:51:25]   Checking version of OpenSSL                     [ Warning ]
[06:51:25] Warning: Application 'openssl', version '0.9.8g', is out of date, and possibly a security risk.
[06:51:25]   Checking version of PHP                         [ Warning ]
[06:51:25] Warning: Application 'php', version '5.2.6', is out of date, and possibly a security risk.
[06:51:25]   Checking version of OpenSSH                     [ Warning ]
[06:51:25] Warning: Application 'sshd', version '5.1p1', is out of date, and possibly a security risk.

aside from the PermitRootLogin = yes, does this mean that the vps was compromised?

--
Regards,

Umarzuki Mochlis
http://debmal.my
Reply to: