search for: rkhunter

Hi list, after a bit of struggling I found out how to cleanly install rkhunter ... maybe this is useful for you: * Download rkhunter (I downloaded v 1.2.8) * mv /etc/rpm/platform /root/etc_rpm_platform * setarch i386 rpmbuild -ta --target=i386 rkhunter-1.2.8.tar.gz * mv /root/etc_rpm_platform /etc/rpm/platform * rpm -ivh /usr/src/redhat/RPMS/noarch/rkhunter-1.2.8-1.noarch.rpm...

Dear Friends, I am using CENTOS 4.3 - kernel 2.6.9-42.0.2.EL with rkhunter version 1.2.8, but the rkhunter program show me problem on file /bin/kill. I compare files /bin/kill with other CENTOS 4 and it has same size. ====================== SHOE LOG =========================== Rootkit Hunter 1.2.8 is running Mon, 30 Oct 2006 12:56:44 -0200 Determining OS... Ready...

Hi, folks, rkhunter is reporting a broken link on one of our servers. This is quite reasonable, since it's on a drive whose controller card I have declared dead the other day. I've been googling, searching in the manpage, and I've done an rkhunter --propupd, but it still finds the broken link. Anyone know...

in my prior message, that should be in rkhunter.conf On Wed, Aug 30, 2017 at 11:43 AM, Tony Schreiner <anthony.schreiner at bc.edu> wrote: > This has come up for me on the most recent upgrade, add the line > > HASH_CMD=sha1sum > > On Wed, Aug 30, 2017 at 11:15 AM, <m.roth at 5-cent.us> wrote: > >> Can't...

I updated java-1.7.0-openjdk a few hours ago - it *was* listed as a critical security update, and I don't want yelling from rkhunter. The man page tells me I can tell it rkhunter --propupd <package name>... but it doesn't know the name above as a package. Been googling a bit, and cannot find a good example of a package (other than the manpage's coreutil). Anyone got an example, and/or why it doesn't know this...

Can't remember if I posted this before... We're getting warnings from rkhunterWarning: Checking for prerequisites [ Warning ] All file hash checks will be skipped because: This system uses prelinking, but the hash function command does not look like SHA1 or MD5. Now, googling, I find people saying to rm /etc/prelink.cache, then run rkhunter --propupd. Wo...

The latest version of rkhunter is complaining about "suspicious file types" in /dev/shm. Thing is, they're being created on the fly by R, and then seem to be a random name (5d1f...), and I have zero expectation that R will only create shm files beginning with those characters. For those running rkhunter, if you...

---------- Forwarded message ---------- From: <m.roth at 5-cent.us> Date: Thu, May 15, 2014 at 3:40 PM Subject: For the CentOS list: rkhunter and NFS To: lesmikesell at gmail.com Hi, Les, Could you forward this to the CentOS list? That damn nixspam is blocking my hosting provider's mailhost *again*; it was on and off yesterday, and today it won't even let me remove it, and that was after I emailed my hosting provider yester...

On Fri, 2015-08-07 at 09:45 -0400, m.roth at 5-cent.us wrote: > Hi, folks, > > rkhunter is reporting a broken link on one of our servers. This is > quite reasonable, since it's on a drive whose controller card I have > declared dead the other day. I've been googling, searching in the > manpage, and I've done an rkhunter --propupd, but it still finds the > broke...

Anyone seeing this? /etc/cron.daily/rkhunter: /usr/bin/rkhunter: regel 13967: [: eenzijdige operator werd verwacht, -ne gevonden Translating: line 13967 unary operator expected -ne found Line 13967 is: if [ `${IPCS_CMD} -u 2>/dev/null | awk -F' ' '/segments allocated/ {print $3}'` -ne 0 ]; then rkhunter 1.4.2 release 1....

This has come up for me on the most recent upgrade, add the line HASH_CMD=sha1sum On Wed, Aug 30, 2017 at 11:15 AM, <m.roth at 5-cent.us> wrote: > Can't remember if I posted this before... We're getting warnings from > rkhunterWarning: Checking for prerequisites [ Warning ] > All file hash checks will be skipped because: > This system uses prelinking, but the hash function command does not > look like SHA1 or MD5. > > Now, googling, I find people saying to rm /etc/prelink.cache, then run...

...e up for me on the most recent upgrade, add the line > > > > HASH_CMD=sha1sum > > > > On Wed, Aug 30, 2017 at 11:15 AM, <m.roth at 5-cent.us> wrote: > > > > > Can't remember if I posted this before... We're getting warnings from > > > rkhunterWarning: Checking for prerequisites [ Warning ] > > > All file hash checks will be skipped because: > > > This system uses prelinking, but the hash function command does not > > > look like SHA1 or MD5. > > > > > > Now, googling, I fi...

...Tony Schreiner wrote: > This has come up for me on the most recent upgrade, add the line > > HASH_CMD=sha1sum > > On Wed, Aug 30, 2017 at 11:15 AM, <m.roth at 5-cent.us> wrote: > >> Can't remember if I posted this before... We're getting warnings from >> rkhunterWarning: Checking for prerequisites [ Warning ] >> All file hash checks will be skipped because: >> This system uses prelinking, but the hash function command does not >> look like SHA1 or MD5. >> >> Now, googling, I find people saying to rm /etc/pre...

Hello guys, Whats is the best way to identify a possible user using a botnet with php in the server? And if he is using GET commands for example in other server. Does apache logs outbound conections ? If it is using a file that is not malicious the clam av would not identify. Thanks

Hi all, Debian Lenny, dovecot 1.0.15 My rkhunter script has picked up dovecot using port 1984 temporarily. When I run it now however, it is gone. Warning: Network TCP port 1984 is being used by /usr/lib/dovecot/imap. Possible rootkit: Fuckit Rootkit Use the 'lsof -i' or 'netstat -an' command to check this. Does dovecot use this...

Alle, I know this is off-topic, so I apologize in advance, but we have installed rkhunter from EPEL (because it has the current version, 1.3.6 vice the 1.3.4 rpmforge version) on our CentOS machine and find that it does not remove the files in /dev/shm it uses for the SUSPSCAN test, this triggering a warning for said test. This was a known bug that was supposed to be have been fixed in...

...inux-server/ (look for open ports connections both inbound and outbound with netstat, etc.) But, if someone has completely breached the machine and gotten root on it, they could put in fake binaries that hide ports and hide processes from 'top' (or ps, lsof). So, a look via chkrootkit or rkhunter would be needed to find that. The link for rkhunter in the article is bad .. here is the new one: http://rkhunter.sourceforge.net/ rkhunter seems to be in EPEL. chkrootkit is in fedora, it does not seem to be in EPEL. _______________________________________________ CentOS mailing list CentOS...

I rebuilt rkhunter-1.2.8-1.noarch.rpm by using the spec and tgz from the rkhunter site (www.rootkit.nl). (I rebuilt it using his instructions.) However rkhunter does not do an md5 check. The box used to have fedora and each time there were updates it would complain that the some of the md5's don't match. I c...

Is there a step by step approach to securing CentOS 4X (or even RHEL 4X)? I don't mean the stuff in the docs/security guide but a working step by step guide? There used to be packages like rkhunter and tripwire but I don't know if the ones in rpmforge/kbs repo are up to date. Thanks, Josh.

...esolve. The old server was still using the postfix/virtual for delivery, but the new one is using the dovecot LDA. Now, when an email generated locally by a cron job is delivered, this shows in the log: 2013-12-22T10:29:55-05:00 host postfix/pickup[31400]: C67FD90F676B2: uid=0 from=<newsrv+rkhunter at example.com> 2013-12-22T10:29:55-05:00 host postfix/cleanup[22349]: C67FD90F676B2: message-id=<20131222152955.C67FD90F676B2 at smtp2.example.com> 2013-12-22T10:29:55-05:00 host postfix/qmgr[31401]: C67FD90F676B2: from=<newsrv+rkhunter at example.com>, size=1555, nrcpt=1 (queue a...