rkhunter warnings

Vikram Goyal vikigoyal at gmail.com
Thu Oct 12 13:40:37 UTC 2006 

Hello,

I'm using FC5 and recently I started getting warnings from rkhunter cron
check. I manually also updated the hashes with same results.

What may be the reason??? Any ideas...Anything to worry...

I'm pasting some relevant portions from the mail.

--------------------- Start Rootkit Hunter Update ---------------------

Running rkhunter updater... Tue, 10 Oct 2006 04:02:02 +0530

Mirrorfile /var/rkhunter/db/mirrors.dat rotated
Using mirror http://mirror11.mirror.rkhunter.org
[DB] Mirror file                      : Mirror outdated. Skipped
Info (current version: 2006092302, version of mirror: 2006041300)
[DB] MD5 hashes system binaries       : Mirror outdated. Skipped
Info (current version: 2006100500, version of mirror: 2006022800)
[DB] Operating System information     : Mirror outdated. Skipped
Info (current version: 2006100500, version of mirror: 2006051200)
[DB] MD5 blacklisted tools/binaries   : Up to date
[DB] Known good program versions      : Up to date
[DB] Known bad program versions       : Up to date

Finished rkhunter updater.. Tue, 10 Oct 2006 04:15:45 +0530
Ready.

---------------------- Start Rootkit Hunter Scan ----------------------

Rootkit Hunter 1.2.8 is running
Tue, 10 Oct 2006 04:15:45 +0530
Determining OS... Ready


Checking binaries
* Selftests
     Strings (command)     [ OK ]


* System tools
Info: prelinked files found
Performing 'known good' check...
 /bin/cat  [ BAD ]
 /bin/chmod  [ BAD ]
 /bin/chown  [ BAD ]
 /bin/date  [ BAD ]
 /bin/dmesg  [ BAD ]
 /bin/env  [ BAD ]
 /bin/grep  [ BAD ]
 /bin/kill  [ BAD ]
 /bin/login  [ BAD ]
<snip>
 /usr/bin/whoami  [ BAD ]
--------------------------------------------------------------------------------
Rootkit Hunter found some bad or unknown hashes. This can be happen due replaced
binaries or updated packages (which give other hashes). Be sure your hashes are
fully updated (rkhunter --update). If you're in doubt about these hashes, contact
the author (fill in the contact form).
--------------------------------------------------------------------------------
<snip>
---------------------------- Scan results ----------------------------

MD5
MD5 compared: 51
Incorrect MD5 checksums: 51

File scan
Scanned files: 342
Possible infected files: 0

Application scan
Scanning took 174 seconds

------------------- Tue, 10 Oct 2006 04:18:39 +0530 -------------------

Do you have some problems, undetected rootkits, false positives, ideas
or suggestions?
Please e-mail me by filling in the contact form (@http://www.rootkit.nl)

-----------------------------------------------------------------------
Thanks!
-- 
vikram...
         ||||||||
         ||||||||
^^'''''^^||root||^^^'''''''^^
        // \\   ))
       //(( \\// \\
      // /\\ ||   \\
     || / )) ((    \\
-- 
"If that man in the PTL is such a healer, why can't he make his wife's
 hairdo go down?"
-- Robin Williams
-- 
 *
~|~
 =
Registered Linux User #285795

More information about the fedora-list mailing list