store | blogs | forums | twitter | facebook | wiki | mailing lists | downloads | support portal
Atomic Secure Linux
It is currently Mon May 20, 2013 10:46 am

View unanswered posts | View active topics


Board index » Customer Support Forums » Atomic Secured Linux Support

» Feed - Atomicorp

All times are UTC - 5 hours [ DST ]



Post new topic Reply to topic Share/Bookmark  Page 1 of 1
  [ 2 posts ] 
  Print view Previous topic | First unread post | Next topic 
Author Message
modom46
 Post subject: rkhunter warning-cannot find file
Unread postPosted: Sat Sep 23, 2006 12:03 pm 
Offline
Forum Regular
Forum Regular

Joined: Mon May 22, 2006 9:52 pm
Posts: 259
Hi,

I have installed rkhunter and have a cron setup and each day I get an email that says:

Please inspect this machine, because it can be infected

If I run rkhunter via root I get this at the end and everything else checks out ok:

Quote:
* Filesystem checks
Checking /dev for suspicious files... [ OK ]
Scanning for hidden files... [ Warning! ]
---------------
/dev/.udev.tdb /usr/share/man/man1/..1.gz /etc/.fstab.hal.K /etc/.pwd.lock
---------------
Please inspect: /usr/share/man/man1/..1.gz (gzip compressed data, from Unix, max compression)


Application advisories
* Application scan
Checking Apache2 modules ... [ Not found ]
Checking Apache configuration ... [ OK ]


Security advisories
* Check: Groups and Accounts
Searching for /etc/passwd... [ Found ]
Checking users with UID '0' (root)... [ OK ]

* Check: SSH
Searching for sshd_config...
Found /etc/ssh/sshd_config
Checking for allowed root login... Watch out Root login possible. Possible risk!
info:
Hint: See logfile for more information about this issue
Checking for allowed protocols... [ Warning (SSH v1 allowed) ]

* Check: Events and Logging
Search for syslog configuration... [ OK ]
Checking for running syslog slave... [ OK ]
Checking for logging to remote system... [ OK (no remote logging) ]


---------------------------- Scan results ----------------------------

MD5
MD5 compared: 0
Incorrect MD5 checksums: 0

File scan
Scanned files: 342
Possible infected files: 0

Application scan
Scanning took 28 seconds


Is there something I can remove that will get rid of this warning error?

=================================

If I set the warning email to my personal email in the rkhunter.conf file:
MAIL-ON-WARNING=info@designhosting.biz
and run ./rkhunter from root or cron it sends an email to info@designhosting.biz from "msneedle@godslove.designhosting.biz" which msneedlepenny.com is a new domain on my server just added a few days ago. Why is it doing this?

=================================

Also, I just updated rkhunter from atomic and ran it again and get this at the end:
Application scan
Vulnerable applications: 2

These are the applications:
OpenSSL 0.9.7a [ Old or patched version ]
- PHP 4.3.9 [ Old or patched version ]
- ProFTPd 1.3.0 [ Unknown ]
Top
 Profile  
 
modom46
 Post subject:
Unread postPosted: Wed Sep 27, 2006 10:42 pm 
Offline
Forum Regular
Forum Regular

Joined: Mon May 22, 2006 9:52 pm
Posts: 259
anyone know how to remove this warning?
Top
 Profile  
 
Display posts from previous:  Sort by  
Post new topic Reply to topic Share/Bookmark  Page 1 of 1
  [ 2 posts ] 

Board index » Customer Support Forums » Atomic Secured Linux Support

» Feed - Atomicorp

All times are UTC - 5 hours [ DST ]

Who is online

Users browsing this forum: No registered users and 3 guests

You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot post attachments in this forum

Search for:
Jump to:  
Powered by phpBB © 2000, 2002, 2005, 2007 phpBB Group