rkhunter pe 8.04 server

Gabos Denes gabosdenes la gmail.com
Mar Dec 2 12:30:06 GMT 2008 

[14:26:04] /bin/login                                        [ Warning ]
[14:26:04] Warning: The file properties have changed:
[14:26:04]          File: /bin/login
[14:26:04]          Current hash: 1869895965de0ebab025e5b76ccfe7ff3b53905b
[14:26:04]          Stored hash : 0ba3a17f19a617036f9aa21d064109f1834eb46f
[14:26:04]          Current inode: 32670    Stored inode: 32672
[14:26:04]          Current file modification time: 1226559073
[14:26:04]          Stored file modification time : 1207184931
[14:26:04] /bin/ls                                           [ OK ]
[14:26:04] /bin/lsmod                                        [ Warning ]
[14:26:04] Warning: The file properties have changed:
[14:26:04]          File: /bin/lsmod
[14:26:04]          Current hash: be5bd1d2d0e00b4f999cacaa0e47a75db7431976
[14:26:04]          Stored hash : 56f23aee856a79d9bfe663303945cf700323951b
[14:26:04]          Current inode: 32672    Stored inode: 32701
[14:26:04]          Current size: 3952    Stored size: 4344
[14:26:05]          Current file modification time: 1223297493
[14:26:05]          Stored file modification time : 1203974432
[14:26:05] /bin/mktemp                                       [ OK ]


Toate warningurile sunt cu hash changed.
Am dat si un portscan de pe un alt server:

Starting Nmap 4.11 ( http://www.insecure.org/nmap/ ) at 2008-12-02 14:08 EET
Interesting ports on :
Not shown: 65527 closed ports
PORT      STATE SERVICE
21/tcp    open  ftp
22/tcp    open  ssh
25/tcp    open  smtp
80/tcp    open  http
2000/tcp  open  callbook
5038/tcp  open  unknown
7018/tcp  open  unknown
20013/tcp open  unknown




Lucian Adrian Grijincu wrote:
> 2008/12/2 Gabos Denes <gabosdenes at gmail.com>:
>   
>> Poate fi o problema cu semnaturile din rkhunter? Cum pot sa investighez
>> mai departe?
>>     
>
> Uită-te prin /var/log/rkhunter.log să vezi care e cauza avertismentelor.
>
> Pe ubuntu 8.10 mi-a dat warninguri doar la fișierele despre care nu
> avea date în baza sa de date:
>
> [14:12:46] Warning: The file '/usr/sbin/unhide' exists on the system,
> but it is not present in the rkhunter.dat file.
>
>   
-------------- next part --------------
An HTML attachment was scrubbed...
URL: https://lists.ubuntu.com/archives/ubuntu-ro/attachments/20081202/af1c88d2/attachment.htm

Mai multe informații despre lista de discuții ubuntu-ro