Re: [Rkhunter-users] Lots of warnings

Thu, 04 Dec 2008 16:15:38 -0800 

Mark Misulich wrote:
> On Thu, 2008-12-04 at 11:49 +0000, John Horne wrote
>> You need to look in the log file to see why the warnings occur.
> 
> Here is all the log file says about this:
> 
> Warning: Suspicious file types found
> in /dev:                                                                  
>>          /dev/shm/sysconfig/config-lo: ASCII
>> text                                                              
>>          /dev/shm/sysconfig/config-eth0: ASCII
>> text                                                            
>>          /dev/shm/sysconfig/config-eth1: ASCII
>> text                                                            
>>          /dev/shm/sysconfig/new-stamp-2: ASCII
>> text                                                            
>>          /dev/shm/sysconfig/new-stamp-3: ASCII
> 

Hmm. So RPM doesn't know about these files? That's odd.
How did they get created? What date is on them? Have
you looked at their content? I suggest you ask on a
group devoted to your distro and ask about these files
and their normal content.

> When I run rkhunter -c --sk --rwo --pkgmgr RPM  here is the readout:
> 
> Warning: The file properties have changed:
>          File: /bin/awk
>          Current inode: 529951356    Stored inode: 859939

These files have been replaced. Have you done an upgrade
recently, which might have replaced these files? If you
actually use RPM, then your number of warnings should
decrease, unless you've done an upgrade. Or you've been
compromized somehow.

[...]

> Warning: The file properties have changed:
>          File: /usr/sbin/xinetd
>          Current inode: 34520484    Stored inode: 48788
> 
> I am still playing around trying to find the answer for the ssh warning.

I don't see any ssh warning in this log. I used a search tool,
not just my eyes.

Mike
-- 
p="p=%c%s%c;main(){printf(p,34,p,34);}";main(){printf(p,34,p,34);}
Oppose globalization and One World Governments like the UN.
This message made from 100% recycled bits.
You have found the bank of Larn.
I speak only for myself, and I am unanimous in that!

------------------------------------------------------------------------------
SF.Net email is Sponsored by MIX09, March 18-20, 2009 in Las Vegas, Nevada.
The future of the web can't happen without you.  Join us at MIX09 to help
pave the way to the Next Web now. Learn more and register at
http://ad.doubleclick.net/clk;208669438;13503038;i?http://2009.visitmix.com/
_______________________________________________
Rkhunter-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/rkhunter-users

Reply via email to