similar to: 'unknown user' using dovecot LDA

Hi list, after a bit of struggling I found out how to cleanly install rkhunter ... maybe this is useful for you: * Download rkhunter (I downloaded v 1.2.8) * mv /etc/rpm/platform /root/etc_rpm_platform * setarch i386 rpmbuild -ta --target=i386 rkhunter-1.2.8.tar.gz * mv /root/etc_rpm_platform /etc/rpm/platform * rpm -ivh /usr/src/redhat/RPMS/noarch/rkhunter-1.2.8-1.noarch.rpm * wget

Dear Friends, I am using CENTOS 4.3 - kernel 2.6.9-42.0.2.EL with rkhunter version 1.2.8, but the rkhunter program show me problem on file /bin/kill. I compare files /bin/kill with other CENTOS 4 and it has same size. ====================== SHOE LOG =========================== Rootkit Hunter 1.2.8 is running Mon, 30 Oct 2006 12:56:44 -0200 Determining OS... Ready Checking binaries *

Hi, folks, rkhunter is reporting a broken link on one of our servers. This is quite reasonable, since it's on a drive whose controller card I have declared dead the other day. I've been googling, searching in the manpage, and I've done an rkhunter --propupd, but it still finds the broken link. Anyone know how to remove the link from the rkhunter d/b? mark

in my prior message, that should be in rkhunter.conf On Wed, Aug 30, 2017 at 11:43 AM, Tony Schreiner <anthony.schreiner at bc.edu> wrote: > This has come up for me on the most recent upgrade, add the line > > HASH_CMD=sha1sum > > On Wed, Aug 30, 2017 at 11:15 AM, <m.roth at 5-cent.us> wrote: > >> Can't remember if I posted this before... We're getting

I updated java-1.7.0-openjdk a few hours ago - it *was* listed as a critical security update, and I don't want yelling from rkhunter. The man page tells me I can tell it rkhunter --propupd <package name>... but it doesn't know the name above as a package. Been googling a bit, and cannot find a good example of a package (other than the manpage's coreutil). Anyone got an example,

Can't remember if I posted this before... We're getting warnings from rkhunterWarning: Checking for prerequisites [ Warning ] All file hash checks will be skipped because: This system uses prelinking, but the hash function command does not look like SHA1 or MD5. Now, googling, I find people saying to rm /etc/prelink.cache, then run rkhunter --propupd. Works. And then,

Another alternative is to use a FIMS/HIDS such as Aide (Advanced Intrusion Detection Environment), OSSEC or Samhain. Be prepared to learn a lot about what your OS normally does behind the scenes (and thus a fair amount of initial fine tuning to exclude those things). Aide seems to work well (I've seen only one odd result) and is quite granular. However, it is local system based rather than

I have an old version of rkhunter installed on my CentOS 5 machine, one I got from rpmforge. In my most recent attempts to update this, I get the following errors in yum: Resolving Dependencies --> Running transaction check ---> Package perl-AnyEvent.noarch 0:5.240-1.el5.rf set to be updated --> Processing Dependency: perl(JSON::XS) >= 2.2 for package: perl-AnyEvent --> Processing

Is there a step by step approach to securing CentOS 4X (or even RHEL 4X)? I don't mean the stuff in the docs/security guide but a working step by step guide? There used to be packages like rkhunter and tripwire but I don't know if the ones in rpmforge/kbs repo are up to date. Thanks, Josh.

On Wed, August 30, 2017 10:43 am, Tony Schreiner wrote: > This has come up for me on the most recent upgrade, add the line > > HASH_CMD=sha1sum > > On Wed, Aug 30, 2017 at 11:15 AM, <m.roth at 5-cent.us> wrote: > >> Can't remember if I posted this before... We're getting warnings from >> rkhunterWarning: Checking for prerequisites [ Warning

Morning, I am going to treat this as a rooted box and reinstall from scratch, but any thoughts appreciated: This is a Trixbox Server based on Centos, running kernel 2.6.18-53.1.4.el5 SMP The phone system stopped working but this was traced to a configuration error with a replacement switch (it did not get added to the vlan properly), which meant that Trixbox could not see any DNS servers and

I'm trying to add an entry to dns.? The IP is external to the domain's IP's.? Here's the error: athena:~# samba-tool dns add athena.edm-inc.com smtp2.edm-inc.com smtp2 A 134.209.164.116 Password for [administrator at EDM-INC.COM]: ERROR(runtime): uncaught exception - (9717, 'WERR_DNS_ERROR_DS_UNAVAILABLE') ? File

Hello, I'm running samba-3.0.33 (samba-3.0.33-3.15.el5_4) On Centos 5.4 and some files have issues being copied from the Samba server to the Vista (Service Pack 1) clients local disk via Windows Explorer, copying too the Samba server also has no issues and copying via the CMD prompt has no problem, I'm getting the following errors 1. Invalid MS-DOS Function

Hello; I'm running a FreeBSD 4.10-release-p2 box and both chkrootkit 0.44 & 0.45 report that my /sbin/init file is infected. It appears as though the egrep for "UPX" in the output of "strings" triggers the infected notice. When I copy the init file from an uninfected box to this one chkrootkit continues to report it as infected. Is chkrootkit reading a copy of the

I think Jim (the other one) is doing a marvellous job with extras and plus but he needs to expand the size of his tent. A sensible package policy in extras/plus repo will mean fewer temptations to install 3rd party repo's that can break your system. Some of the packages i would like to see are :- - MySQL 5 rpms - php 5 rpms (already provided) - Open Office 2.0 rpms - webmin - rkhunter -

I have not, I'll look into that one, thanks! On 11/14/2019 9:48 AM, SternData wrote: > Do you run rkhunter? > > On 11/14/19 9:40 AM, Christopher Wensink wrote: >> How do you know when a Linux system has been compromised?? >> >> Every day I watch our systems with all the typical tools, ps, top, who, >> I watch firewall / IPS logs, I have logwatch setup and

Hi all, I having a problem with my sendmail server running on centos 5.7 x64. Sometimes when we send an email to microsoft exchange servers, sendmail says deferred or timeout. I do not know what is happening. Here is some details; [root at avgw ~]# sendmail -v -qRxxx at xxx.gov.qa Running /var/spool/mqueue/q0B7caw9023076 (sequence 1 of 2) <xxx at xxx.gov.qa>... Connecting to

Hello, I'm having a problem with postfix and/or dovecots "deliver". I'm getting these lines in the mail log: | Apr 24 11:42:08 smtp2 postfix/qmgr[6176]: 05BAE3B67E: from=<>, size=3055, nrcpt=1 (queue active) | Apr 24 11:42:08 smtp2 postfix/qmgr[6176]: 05BAE3B67E: to=<MAILER-DAEMON@>, relay=none, delay=0.01, delays=0.01/0.01/0/0, dsn=5.1.3, status=bounced (bad

How can I be sure if it is LKM or not? Today I've run chkrootkit and it gave me: Checking `lkm'... You have 179 process hidden for readdir command You have 179 process hidden for ps command chkproc: Warning: Possible LKM Trojan installed Checking `chkutmp'... The tty of the following user process(es) were not found in /var/run/utmp ! ! RUID PID TTY CMD ! root

I saw this in Logwatch today for one of my servers: --------------------- yum Begin ------------------------ Packages Installed: samba-common.i386 3.0.23c-2.el5.2.0.2 samba.i386 3.0.23c-2.el5.2.0.2 Packages Erased: samba-common samba ---------------------- yum End ------------------------- No one, including myself, has even logged into this box in the past few