liam
08.06.04, 10:59
Sollte man sich hier gedanken machen oder ist es nur n fehlalarm?
habe mal die meisten sachen mit ok rausgenommen
[11:19:55] Info: Shell /bin/bash
[11:19:55] ------------------------ Configuration check --------------------------
[11:19:55] Parsing configuration file (/usr/local/etc/rkhunter.conf)
[11:19:55] Info: No mail-on-warning address configured
[11:19:55] Info: Using /usr/local/rkhunter/lib/rkhunter/tmp as temporary directory
[11:19:55] Info: Using /usr/local/rkhunter/lib/rkhunter/db as database directory
[11:19:55] Info: Using '/usr/sbin /usr/bin /usr/local/bin /usr/local/sbin /bin /sbin' as binary directory
[11:19:55] -------------------------- Application scan ---------------------------
[11:19:55] Found /usr/bin/lsof
[11:19:55] ---------------------------- System checks ----------------------------
[11:19:55] Info: kernel is 2.6
[11:19:55] Info: Found /etc/SuSE-release
[11:19:55] Info: Full OS name = SuSE Linux 9.1 (i586)
[11:19:55] Info: Using /usr/bin/md5sum to verify MD5 hashes
[11:19:55] Info: /usr/bin/md5sum found
[11:19:55] Info: /usr/local/rkhunter/lib/rkhunter/tmp
[11:19:55] Info: UID is zero (root)
[11:19:55] Info: Perl version 5.8.3 found
[11:19:56] Info: Digest::MD5 installed (version 2.33).
[11:19:56] Info: Using Perl Digest::MD5 module instead of /usr/bin/md5sum
[11:19:56] Info: Digest::SHA1 installed (version 2.07).
[11:19:56] Info: ksyms file check will be skipped (/proc/ksyms not available on this system)
[11:19:56] ---------------------------- File checks -----------------------------
[11:19:56] Checking /usr/local/rkhunter/lib/rkhunter/db/md5blacklist.dat... OK
[11:19:56] ------------------------------ Selftests ------------------------------
[11:19:59] Starting MD5 checksum test (/usr/local/rkhunter/lib/rkhunter/scripts/filehashmd5.pl)
[11:19:59] /bin/mount Hash NOT valid (My MD5: 3231f89ca3d4cee1ccb15768079cd094, expected: 800f58e577774563f45af77003a99c0a)
[11:19:59] Using whitelists to compare MD5 hash (searching for 3231f89ca3d4cee1ccb15768079cd094)
[11:19:59] No whitelisted MD5 hash found for /bin/mount
[11:19:59] MD5 hash for my file (/bin/mount) is 3231f89ca3d4cee1ccb15768079cd094, but is not in database
[11:19:59] End of whitelist compare
[11:19:59] Checking /bin/mount against hashes in database (800f58e577774563f45af77003a99c0a) failed
[11:19:59] RPM info: your package 'util-linux-2.12-72.15'
[11:19:59] RPM info: packages in database: util-linux-2.12-72
[11:20:01] /bin/dmesg Hash NOT valid (My MD5: c347ec2127f63ef762f8d6b784042125, expected: a241ee962e3ffa41f500b0c4d40423b6)
[11:20:01] Using whitelists to compare MD5 hash (searching for c347ec2127f63ef762f8d6b784042125)
[11:20:01] No whitelisted MD5 hash found for /bin/dmesg
[11:20:01] MD5 hash for my file (/bin/dmesg) is c347ec2127f63ef762f8d6b784042125, but is not in database
[11:20:01] End of whitelist compare
[11:20:01] Checking /bin/dmesg against hashes in database (a241ee962e3ffa41f500b0c4d40423b6) failed
[11:20:01] RPM info: your package 'util-linux-2.12-72.15'
[11:20:01] RPM info: packages in database: util-linux-2.12-72
[11:20:01] /bin/kill hash valid, found in database
[11:20:01] /bin/login hash valid, found in database
[11:20:02] /sbin/chkconfig hash valid, found in database
[11:20:02] /sbin/depmod Hash NOT valid (My MD5: 1dc431bf4d31c9cc971baa46641c80d0, expected: 149230803478ffa8bbe1e26b10a63b09)
[11:20:02] Using whitelists to compare MD5 hash (searching for 1dc431bf4d31c9cc971baa46641c80d0)
[11:20:02] No whitelisted MD5 hash found for /sbin/depmod
[11:20:02] MD5 hash for my file (/sbin/depmod) is 1dc431bf4d31c9cc971baa46641c80d0, but is not in database
[11:20:02] End of whitelist compare
[11:20:02] Checking /sbin/depmod against hashes in database (149230803478ffa8bbe1e26b10a63b09) failed
[11:20:02] RPM info: your package 'module-init-tools-3.0_pre10-37.5'
[11:20:02] RPM info: packages in database: module-init-tools-3.0_pre10-35
[11:20:02] /sbin/ifconfig hash valid, found in database
[11:20:02] /sbin/insmod Hash NOT valid (My MD5: 4d6afb7b962653938998de21e7f2c968, expected: 4ad6ddd7ce88794c8c810af92a0c8350)
[11:20:02] Using whitelists to compare MD5 hash (searching for 4d6afb7b962653938998de21e7f2c968)
[11:20:02] No whitelisted MD5 hash found for /sbin/insmod
[11:20:02] MD5 hash for my file (/sbin/insmod) is 4d6afb7b962653938998de21e7f2c968, but is not in database
[11:20:02] End of whitelist compare
[11:20:02] Checking /sbin/insmod against hashes in database (4ad6ddd7ce88794c8c810af92a0c8350) failed
[11:20:03] RPM info: your package 'module-init-tools-3.0_pre10-37.5'
[11:20:03] RPM info: packages in database: module-init-tools-3.0_pre10-35
[11:20:03] /sbin/ip hash valid, found in database
[11:20:03] /sbin/modinfo Hash NOT valid (My MD5: 499da91bfa1fb81148b3295d1c396a14, expected: d1377fd7f10e795518d1edd371ae68f0)
[11:20:03] Using whitelists to compare MD5 hash (searching for 499da91bfa1fb81148b3295d1c396a14)
[11:20:03] No whitelisted MD5 hash found for /sbin/modinfo
[11:20:03] MD5 hash for my file (/sbin/modinfo) is 499da91bfa1fb81148b3295d1c396a14, but is not in database
[11:20:03] End of whitelist compare
[11:20:03] Checking /sbin/modinfo against hashes in database (d1377fd7f10e795518d1edd371ae68f0) failed
[11:20:03] RPM info: your package 'module-init-tools-3.0_pre10-37.5'
[11:20:03] RPM info: packages in database: module-init-tools-3.0_pre10-35
[11:20:07] ------------------------------ Rootkits ------------------------------
[11:20:08] *** Start scan aPa Kit ***
[11:20:59] End of scanning /etc
[11:21:00] Added /dev/.udev.tdb (TDB database version 6, little-endian hash size 131 bytes) to list of unknown hidden files/dirs
[11:21:00] Added /etc/.java (directory) to list of unknown hidden files/dirs
[11:21:00] Hidden file/dir /etc/.pwd.lock [empty] seems to be OK
WARNING, found: /dev/.udev.tdb /etc/.java
/etc/.pwd.lock
[11:21:55] Info: Found no explicit values, but a default value of 'yes'
[11:21:55] Warning: root login possible. Change for your safety the 'PermitRootLogin'
[11:21:55] (into 'no') and use 'su -' to become root.
[11:21:55] Found default option Protocol 2,1
[11:21:55] Warning: SSH version 1 possible allowed!
[11:21:55] Hint: Change the 'Protocol xxx' line into 'Protocol 2'
und er sagte noch:
Please inspect: /dev/.udev.tdb (TDB database version 6, little-endian hash size 131 bytes) /etc/.java (directory)
was bedeutet das?
habe mal die meisten sachen mit ok rausgenommen
[11:19:55] Info: Shell /bin/bash
[11:19:55] ------------------------ Configuration check --------------------------
[11:19:55] Parsing configuration file (/usr/local/etc/rkhunter.conf)
[11:19:55] Info: No mail-on-warning address configured
[11:19:55] Info: Using /usr/local/rkhunter/lib/rkhunter/tmp as temporary directory
[11:19:55] Info: Using /usr/local/rkhunter/lib/rkhunter/db as database directory
[11:19:55] Info: Using '/usr/sbin /usr/bin /usr/local/bin /usr/local/sbin /bin /sbin' as binary directory
[11:19:55] -------------------------- Application scan ---------------------------
[11:19:55] Found /usr/bin/lsof
[11:19:55] ---------------------------- System checks ----------------------------
[11:19:55] Info: kernel is 2.6
[11:19:55] Info: Found /etc/SuSE-release
[11:19:55] Info: Full OS name = SuSE Linux 9.1 (i586)
[11:19:55] Info: Using /usr/bin/md5sum to verify MD5 hashes
[11:19:55] Info: /usr/bin/md5sum found
[11:19:55] Info: /usr/local/rkhunter/lib/rkhunter/tmp
[11:19:55] Info: UID is zero (root)
[11:19:55] Info: Perl version 5.8.3 found
[11:19:56] Info: Digest::MD5 installed (version 2.33).
[11:19:56] Info: Using Perl Digest::MD5 module instead of /usr/bin/md5sum
[11:19:56] Info: Digest::SHA1 installed (version 2.07).
[11:19:56] Info: ksyms file check will be skipped (/proc/ksyms not available on this system)
[11:19:56] ---------------------------- File checks -----------------------------
[11:19:56] Checking /usr/local/rkhunter/lib/rkhunter/db/md5blacklist.dat... OK
[11:19:56] ------------------------------ Selftests ------------------------------
[11:19:59] Starting MD5 checksum test (/usr/local/rkhunter/lib/rkhunter/scripts/filehashmd5.pl)
[11:19:59] /bin/mount Hash NOT valid (My MD5: 3231f89ca3d4cee1ccb15768079cd094, expected: 800f58e577774563f45af77003a99c0a)
[11:19:59] Using whitelists to compare MD5 hash (searching for 3231f89ca3d4cee1ccb15768079cd094)
[11:19:59] No whitelisted MD5 hash found for /bin/mount
[11:19:59] MD5 hash for my file (/bin/mount) is 3231f89ca3d4cee1ccb15768079cd094, but is not in database
[11:19:59] End of whitelist compare
[11:19:59] Checking /bin/mount against hashes in database (800f58e577774563f45af77003a99c0a) failed
[11:19:59] RPM info: your package 'util-linux-2.12-72.15'
[11:19:59] RPM info: packages in database: util-linux-2.12-72
[11:20:01] /bin/dmesg Hash NOT valid (My MD5: c347ec2127f63ef762f8d6b784042125, expected: a241ee962e3ffa41f500b0c4d40423b6)
[11:20:01] Using whitelists to compare MD5 hash (searching for c347ec2127f63ef762f8d6b784042125)
[11:20:01] No whitelisted MD5 hash found for /bin/dmesg
[11:20:01] MD5 hash for my file (/bin/dmesg) is c347ec2127f63ef762f8d6b784042125, but is not in database
[11:20:01] End of whitelist compare
[11:20:01] Checking /bin/dmesg against hashes in database (a241ee962e3ffa41f500b0c4d40423b6) failed
[11:20:01] RPM info: your package 'util-linux-2.12-72.15'
[11:20:01] RPM info: packages in database: util-linux-2.12-72
[11:20:01] /bin/kill hash valid, found in database
[11:20:01] /bin/login hash valid, found in database
[11:20:02] /sbin/chkconfig hash valid, found in database
[11:20:02] /sbin/depmod Hash NOT valid (My MD5: 1dc431bf4d31c9cc971baa46641c80d0, expected: 149230803478ffa8bbe1e26b10a63b09)
[11:20:02] Using whitelists to compare MD5 hash (searching for 1dc431bf4d31c9cc971baa46641c80d0)
[11:20:02] No whitelisted MD5 hash found for /sbin/depmod
[11:20:02] MD5 hash for my file (/sbin/depmod) is 1dc431bf4d31c9cc971baa46641c80d0, but is not in database
[11:20:02] End of whitelist compare
[11:20:02] Checking /sbin/depmod against hashes in database (149230803478ffa8bbe1e26b10a63b09) failed
[11:20:02] RPM info: your package 'module-init-tools-3.0_pre10-37.5'
[11:20:02] RPM info: packages in database: module-init-tools-3.0_pre10-35
[11:20:02] /sbin/ifconfig hash valid, found in database
[11:20:02] /sbin/insmod Hash NOT valid (My MD5: 4d6afb7b962653938998de21e7f2c968, expected: 4ad6ddd7ce88794c8c810af92a0c8350)
[11:20:02] Using whitelists to compare MD5 hash (searching for 4d6afb7b962653938998de21e7f2c968)
[11:20:02] No whitelisted MD5 hash found for /sbin/insmod
[11:20:02] MD5 hash for my file (/sbin/insmod) is 4d6afb7b962653938998de21e7f2c968, but is not in database
[11:20:02] End of whitelist compare
[11:20:02] Checking /sbin/insmod against hashes in database (4ad6ddd7ce88794c8c810af92a0c8350) failed
[11:20:03] RPM info: your package 'module-init-tools-3.0_pre10-37.5'
[11:20:03] RPM info: packages in database: module-init-tools-3.0_pre10-35
[11:20:03] /sbin/ip hash valid, found in database
[11:20:03] /sbin/modinfo Hash NOT valid (My MD5: 499da91bfa1fb81148b3295d1c396a14, expected: d1377fd7f10e795518d1edd371ae68f0)
[11:20:03] Using whitelists to compare MD5 hash (searching for 499da91bfa1fb81148b3295d1c396a14)
[11:20:03] No whitelisted MD5 hash found for /sbin/modinfo
[11:20:03] MD5 hash for my file (/sbin/modinfo) is 499da91bfa1fb81148b3295d1c396a14, but is not in database
[11:20:03] End of whitelist compare
[11:20:03] Checking /sbin/modinfo against hashes in database (d1377fd7f10e795518d1edd371ae68f0) failed
[11:20:03] RPM info: your package 'module-init-tools-3.0_pre10-37.5'
[11:20:03] RPM info: packages in database: module-init-tools-3.0_pre10-35
[11:20:07] ------------------------------ Rootkits ------------------------------
[11:20:08] *** Start scan aPa Kit ***
[11:20:59] End of scanning /etc
[11:21:00] Added /dev/.udev.tdb (TDB database version 6, little-endian hash size 131 bytes) to list of unknown hidden files/dirs
[11:21:00] Added /etc/.java (directory) to list of unknown hidden files/dirs
[11:21:00] Hidden file/dir /etc/.pwd.lock [empty] seems to be OK
WARNING, found: /dev/.udev.tdb /etc/.java
/etc/.pwd.lock
[11:21:55] Info: Found no explicit values, but a default value of 'yes'
[11:21:55] Warning: root login possible. Change for your safety the 'PermitRootLogin'
[11:21:55] (into 'no') and use 'su -' to become root.
[11:21:55] Found default option Protocol 2,1
[11:21:55] Warning: SSH version 1 possible allowed!
[11:21:55] Hint: Change the 'Protocol xxx' line into 'Protocol 2'
und er sagte noch:
Please inspect: /dev/.udev.tdb (TDB database version 6, little-endian hash size 131 bytes) /etc/.java (directory)
was bedeutet das?