Clever Geek Handbook

Understanding rkhunter warnings

I got paranoid and ran both chkrootkit and rkhunter to scan for rootkits. Chkruotkit doesn't seem to find anything, but rkhunter returned some warnings. I think many may be false positives, but I'm mainly concerned about "possible rootkit lines" and three suspicious files. Any explanations would be greatly appreciated !! Thank!

Performing file properties checks
/usr/bin/fuser                                           [ Warning ]
/usr/bin/whatis                                          [ Warning ]
/usr/bin/shasum                                          [ Warning ]

Performing additional rootkit checks
Checking for possible rootkit strings                    [ Warning ]

Performing checks on the network interfaces
Checking for promiscuous interfaces                      [ Warning ]

Performing system boot checks
Checking for system startup files                        [ Warning ]

Performing system configuration file checks
Checking if SSH root access is allowed                   [ Warning ]
Checking if SSH protocol v1 is allowed                   [ Warning ]

Performing filesystem checks
Checking for hidden files and directories                [ Warning ]

Log file warnings:

[17:00:44] Info: No mail-on-warning address configured
[17:01:25]   /usr/bin/fuser                                  [ Warning ]
[17:01:25] Warning: The command '/usr/bin/fuser' has been replaced by a script: /usr/bin/fuser: a /usr/bin/perl -w script text executable, ASCII text
[17:01:36]   /usr/bin/whatis                                 [ Warning ]
[17:01:36] Warning: The command '/usr/bin/whatis' has been replaced by a script: /usr/bin/whatis: POSIX shell script text executable, ASCII text
[17:01:37]   /usr/bin/shasum                                 [ Warning ]
[17:01:37] Warning: The command '/usr/bin/shasum' has been replaced by a script: /usr/bin/shasum: a /usr/bin/perl script text executable, ASCII text
[17:03:28] Warning: Checking for possible rootkit strings    [ Warning ]
[17:04:07]   Checking for promiscuous interfaces             [ Warning ]
[17:04:07] Warning: Possible promiscuous interfaces:
[17:04:09]   Checking for system startup files               [ Warning ]
[17:04:09] Warning: No system startup files found.
[17:04:10]   Checking if SSH root access is allowed          [ Warning ]
[17:04:10] Warning: The SSH configuration option 'PermitRootLogin' has not been set.
[17:04:10]   Checking if SSH protocol v1 is allowed          [ Warning ]
[17:04:10] Warning: The SSH configuration option 'Protocol' has not been set.
[17:04:17]   Checking for hidden files and directories       [ Warning ]
[17:04:17] Warning: Hidden file found: /usr/share/man/man5/.rhosts.5: troff or preprocessor input text, ASCII text
+3


source to share


No one has answered this question yet

See similar questions:

or similar:



More articles:


All Articles