Nachdem rkhunter weder in Sarge noch in den Backports erhältlich ist, habe ich jetzt auf meine Stable Kiste das Packet aus testing installiert.
Soweit, so fein wenn ich nicht jeden Tag per Mail folgendes zugestellt bekommen würde:
Code: Alles auswählen
Line:
[ BAD ]
-----------------------------------------------------------------
Found warnings:
[06:25:36] Strings selftest: scanning for string /usr/lib/.../uconf.inv... WARNING!
[06:25:36] Strings selftest: scanning for string /usr/lib/.../pstree... WARNING!
[06:25:37] Strings selftest: scanning for string /usr/lib/.../top... [06:25:37] Strings selftest: scanning for string /usr/lib/.../du... WARNING!
[06:25:37] Strings selftest: scanning for string /usr/lib/.../bkit-ssh... WARNING!
[06:25:37] [06:25:37] Strings selftest: scanning for string /usr/lib/.../pstree... WARNING!
Strings selftest: scanning for string /lib/.sso... WARNING!
[06:25:37] Strings selftest: scanning for string /usr/lib/.../top... [06:25:37] Strings selftest: scanning for string /tmp/.font-unix/.cinik... WARNING!
[06:25:37] Strings selftest: scanning for string /var/run/...dica/clean... WARNING!
WARNING!
[06:25:37] Strings selftest: scanning for string /tmp/.bkp... WARNING!
[06:25:37] Strings selftest: scanning for string /var/run/...dica/rdx... WARNING!
[06:25:37] Strings selftest: scanning for string /lib/.so... [06:25:37] Strings selftest: scanning for string /var/run/...dica/secure... WARNING!
[06:25:38] Strings selftest: scanning for string /usr/bin/.etc... WARNING!
[06:25:38] Strings selftest: scanning for string /var/run/...dica/va... WARNING!
[06:25:38] Strings selftest: scanning for string /var/run/...dica/cl.sh... WARNING!
[06:25:38] Strings selftest: scanning for string /dev/.lib/lib/lib/t0rns... WARNING!
[06:25:38] Strings selftest: scanning for string /usr/lib/.fx/cons.saver... WARNING!
[06:25:38] Strings selftest: scanning for string /dev/.lib/lib/lib/ps... WARNING!
WARNING!
[06:25:39] Strings selftest: scanning for string /dev/.lib/lib/lib/ls... [06:25:39] Strings selftest: scanning for string /dev/.lib/lib/lib/ifconfig... WARNING!
[06:25:39] Strings selftest: scanning for string /dev/.lib/lib/lib/sz... WARNING!
[06:25:39] Strings selftest: scanning for string /dev/.lib/lib/lib/1i0n.sh... WARNING!
[06:25:39] Strings selftest: scanning for string /dev/.lib/lib/lib/mjy... [06:25:39] Strings selftest: scanning for string /dev/.lib/lib/lib/t0rnp... WARNING!
[06:25:39] Strings selftest: scanning for string /dev/.lib/lib/lib/ssh.tgz... [06:25:39] Strings selftest: scanning for string /dev/.lib/lib/lib/in.telnetd... WARNING!
[06:25:39] Strings selftest: scanning for string /dev/.lib/lib/lib/name... WARNING!
WARNING!
[06:25:39] Strings selftest: scanning for string /usr/src/.puta/.1addr... [06:25:39] Strings selftest: scanning for string /dev/.lib/lib/lib/login... WARNING!
[06:25:39] Strings selftest: scanning for string /dev/.lib/lib/lib/in.telnetd... [06:25:39] Strings selftest: scanning for string /usr/info/.torn/sh*... WARNING!
WARNING!
[06:25:40] Strings selftest: scanning for string /dev/.lib/... [06:25:40] Strings selftest: scanning for string /dev/.lib/lib/lib/tfn... WARNING!
[06:25:40] Strings selftest: scanning for string /usr/info/.torn/sh*... [06:25:40] Strings selftest: scanning for string /usr/src/.puta/.1logz... WARNING!
[06:25:40] Strings selftest: scanning for string /usr/src/.puta/.1addr... WARNING!
[06:25:40] Strings selftest: scanning for string /usr/man/man1/man1/... [06:25:40] Strings selftest: scanning for string /usr/src/.puta/... WARNING!
[06:25:40] Strings selftest: scanning for string /dev/.lib/... WARNING!
-----------------------------------------------------------------
If you're unsure about the results above, please contact the author of
Rootkit Hunter. Fill in contact form: http://www.rootkit.nl/contact/
Some errors has been found while checking. Please perform a manual check on this machine
Naja. Nachdem man schon so freundlich darauf hingewiesen wird, hab ich also auch einen manuellen Testlauf gemacht.
Ergebnis:
Das einzige was bemängelt wird, sind die älteren Versionen von GnuPG, OpenSSL und PHP.3
Code: Alles auswählen
Application version scan
- GnuPG 1.4.1 [ Old or patched version ]
- Apache 2.0.54 [ OK ]
- Bind DNS 9.2.4 [ OK ]
- OpenSSL 0.9.7e [ Old or patched version ]
- PHP 4.3.10 [ Old or patched version ]
- Procmail MTA 3.22 [ OK ]
- ProFTPd 1.2.10 [ OK ]
- OpenSSH 3.8.1p1 [ OK ]
---------------------------- Scan results ----------------------------
MD5
MD5 compared: 0
Incorrect MD5 checksums: 0
File scan
Scanned files: 342
Possible infected files: 0
Application scan
Vulnerable applications: 3
Ich kann mit den Warnings aus dem Mail irgendwie nicht recht was anfangen.
chkrootkit maunzt übrigens auch nur per Mail.
Code: Alles auswählen
/etc/cron.daily/chkrootkit:
You have 4 process hidden for ps command
chkproc: Warning: Possible LKM Trojan installed
Beide Tools meckern nicht, wenn man sie manuell startet. Vielleicht kann mir das hier ja jemand erklären.
Vielen Dank.
greets
Sheridan
