Displaying 20 results from an estimated 67 matches for "rkhunter".
2006 Dec 02
1
How to install rkhunter properly
Hi list,
after a bit of struggling I found out how to cleanly install rkhunter
... maybe this is useful for you:
* Download rkhunter (I downloaded v 1.2.8)
* mv /etc/rpm/platform /root/etc_rpm_platform
* setarch i386 rpmbuild -ta --target=i386 rkhunter-1.2.8.tar.gz
* mv /root/etc_rpm_platform /etc/rpm/platform
* rpm -ivh /usr/src/redhat/RPMS/noarch/rkhunter-1.2.8-1.noarch.rpm...
2006 Oct 30
2
Problem rkhunter v. 1.2.8 - CENTOS 4
Dear Friends,
I am using CENTOS 4.3 - kernel 2.6.9-42.0.2.EL with rkhunter version
1.2.8, but the rkhunter program show me problem on file /bin/kill.
I compare files /bin/kill with other CENTOS 4 and it has same size.
====================== SHOE LOG ===========================
Rootkit Hunter 1.2.8 is running
Mon, 30 Oct 2006 12:56:44 -0200
Determining OS... Ready...
2015 Aug 07
2
semi-OT: rkhunter, fix "broken links"
Hi, folks,
rkhunter is reporting a broken link on one of our servers. This is
quite reasonable, since it's on a drive whose controller card I have
declared dead the other day. I've been googling, searching in the
manpage, and I've done an rkhunter --propupd, but it still finds the
broken link. Anyone know...
2017 Aug 30
1
rkhunter and prelink
in my prior message, that should be in rkhunter.conf
On Wed, Aug 30, 2017 at 11:43 AM, Tony Schreiner <anthony.schreiner at bc.edu>
wrote:
> This has come up for me on the most recent upgrade, add the line
>
> HASH_CMD=sha1sum
>
> On Wed, Aug 30, 2017 at 11:15 AM, <m.roth at 5-cent.us> wrote:
>
>> Can't...
2014 Jan 17
1
rkhunter
I updated java-1.7.0-openjdk a few hours ago - it *was* listed as a
critical security update, and I don't want yelling from rkhunter. The man
page tells me I can tell it rkhunter --propupd <package name>... but it
doesn't know the name above as a package. Been googling a bit, and cannot
find a good example of a package (other than the manpage's coreutil).
Anyone got an example, and/or why it doesn't know this...
2017 Aug 30
4
rkhunter and prelink
Can't remember if I posted this before... We're getting warnings from
rkhunterWarning: Checking for prerequisites [ Warning ]
All file hash checks will be skipped because:
This system uses prelinking, but the hash function command does not
look like SHA1 or MD5.
Now, googling, I find people saying to rm /etc/prelink.cache, then run
rkhunter --propupd.
Wo...
2014 Apr 17
0
semi-OT:R and rkhunter
The latest version of rkhunter is complaining about "suspicious file
types" in /dev/shm. Thing is, they're being created on the fly by R, and
then seem to be a random name (5d1f...), and I have zero expectation that
R will only create shm files beginning with those characters.
For those running rkhunter, if you...
2014 May 15
0
Fwd: For the CentOS list: rkhunter and NFS
---------- Forwarded message ----------
From: <m.roth at 5-cent.us>
Date: Thu, May 15, 2014 at 3:40 PM
Subject: For the CentOS list: rkhunter and NFS
To: lesmikesell at gmail.com
Hi, Les,
Could you forward this to the CentOS list? That damn nixspam is
blocking my hosting provider's mailhost *again*; it was on and off
yesterday, and today it won't even let me remove it, and that was after
I emailed my hosting provider yester...
2015 Aug 07
0
semi-OT: rkhunter, fix "broken links"
On Fri, 2015-08-07 at 09:45 -0400, m.roth at 5-cent.us wrote:
> Hi, folks,
>
> rkhunter is reporting a broken link on one of our servers. This is
> quite reasonable, since it's on a drive whose controller card I have
> declared dead the other day. I've been googling, searching in the
> manpage, and I've done an rkhunter --propupd, but it still finds the
> broke...
2014 Apr 30
0
rkhunter 1.4.2 (epel) unary operator expected -ne found
Anyone seeing this?
/etc/cron.daily/rkhunter:
/usr/bin/rkhunter: regel 13967: [: eenzijdige operator werd verwacht, -ne gevonden
Translating: line 13967 unary operator expected -ne found
Line 13967 is: if [ `${IPCS_CMD} -u 2>/dev/null | awk -F' ' '/segments allocated/ {print $3}'` -ne 0 ]; then
rkhunter 1.4.2 release 1....
2017 Aug 30
0
rkhunter and prelink
This has come up for me on the most recent upgrade, add the line
HASH_CMD=sha1sum
On Wed, Aug 30, 2017 at 11:15 AM, <m.roth at 5-cent.us> wrote:
> Can't remember if I posted this before... We're getting warnings from
> rkhunterWarning: Checking for prerequisites [ Warning ]
> All file hash checks will be skipped because:
> This system uses prelinking, but the hash function command does not
> look like SHA1 or MD5.
>
> Now, googling, I find people saying to rm /etc/prelink.cache, then run...
2017 Aug 30
0
rkhunter and prelink
...e up for me on the most recent upgrade, add the line
> >
> > HASH_CMD=sha1sum
> >
> > On Wed, Aug 30, 2017 at 11:15 AM, <m.roth at 5-cent.us> wrote:
> >
> > > Can't remember if I posted this before... We're getting warnings from
> > > rkhunterWarning: Checking for prerequisites [ Warning ]
> > > All file hash checks will be skipped because:
> > > This system uses prelinking, but the hash function command does not
> > > look like SHA1 or MD5.
> > >
> > > Now, googling, I fi...
2017 Aug 30
2
rkhunter and prelink
...Tony Schreiner wrote:
> This has come up for me on the most recent upgrade, add the line
>
> HASH_CMD=sha1sum
>
> On Wed, Aug 30, 2017 at 11:15 AM, <m.roth at 5-cent.us> wrote:
>
>> Can't remember if I posted this before... We're getting warnings from
>> rkhunterWarning: Checking for prerequisites [ Warning ]
>> All file hash checks will be skipped because:
>> This system uses prelinking, but the hash function command does not
>> look like SHA1 or MD5.
>>
>> Now, googling, I find people saying to rm /etc/pre...
2017 Nov 06
2
How to detect botnet user on the server ?
Hello guys,
Whats is the best way to identify a possible user using a botnet with php
in the server? And if he is using GET commands for example in other server.
Does apache logs outbound conections ?
If it is using a file that is not malicious the clam av would not identify.
Thanks
2011 Mar 08
1
rkhunter alert dovecot using port 1984
Hi all,
Debian Lenny, dovecot 1.0.15
My rkhunter script has picked up dovecot using port 1984 temporarily.
When I run it now however, it is gone.
Warning: Network TCP port 1984 is being used by /usr/lib/dovecot/imap.
Possible rootkit: Fuckit Rootkit
Use the 'lsof -i' or 'netstat -an' command to check this.
Does dovecot use this...
2010 Feb 26
0
rkhunter doesn't remove temp suspscan files in /dev/shm
Alle,
I know this is off-topic, so I apologize in advance, but we have
installed rkhunter from EPEL (because it has the current version, 1.3.6
vice the 1.3.4 rpmforge version) on our CentOS machine and find that it
does not remove the files in /dev/shm it uses for the SUSPSCAN test,
this triggering a warning for said test. This was a known bug that was
supposed to be have been fixed in...
2017 Nov 06
1
How to detect botnet user on the server ?
...inux-server/
(look for open ports connections both inbound and outbound with netstat,
etc.)
But, if someone has completely breached the machine and gotten root on
it, they could put in fake binaries that hide ports and hide processes
from 'top' (or ps, lsof). So, a look via chkrootkit or rkhunter would
be needed to find that.
The link for rkhunter in the article is bad .. here is the new one:
http://rkhunter.sourceforge.net/
rkhunter seems to be in EPEL. chkrootkit is in fedora, it does not seem
to be in EPEL.
_______________________________________________
CentOS mailing list
CentOS...
2006 Feb 18
0
Does your rkhunter do an md5 check?
I rebuilt rkhunter-1.2.8-1.noarch.rpm by using the spec and tgz from
the rkhunter site (www.rootkit.nl). (I rebuilt it using his
instructions.) However rkhunter does not do an md5 check. The box
used to have fedora and each time there were updates it would
complain that the some of the md5's don't match. I c...
2008 Sep 18
2
Security Guide for CentOS/RHEL
Is there a step by step approach to securing CentOS 4X (or even RHEL 4X)? I don't mean the stuff in the docs/security guide but a working step by step guide? There used to be packages like rkhunter and tripwire but I don't know if the ones in rpmforge/kbs repo are up to date.
Thanks,
Josh.
2013 Dec 22
1
'unknown user' using dovecot LDA
...esolve.
The old server was still using the postfix/virtual for delivery, but the
new one is using the dovecot LDA.
Now, when an email generated locally by a cron job is delivered, this
shows in the log:
2013-12-22T10:29:55-05:00 host postfix/pickup[31400]: C67FD90F676B2:
uid=0 from=<newsrv+rkhunter at example.com>
2013-12-22T10:29:55-05:00 host postfix/cleanup[22349]: C67FD90F676B2:
message-id=<20131222152955.C67FD90F676B2 at smtp2.example.com>
2013-12-22T10:29:55-05:00 host postfix/qmgr[31401]: C67FD90F676B2:
from=<newsrv+rkhunter at example.com>, size=1555, nrcpt=1 (queue a...