Server Fault Stack Exchange
Server Fault Stack Exchange

Questions tagged [rkhunter]

rkhunter (Rootkit Hunter) is an easy-to-use tool for Unix which checks systems for the presence of rootkits and other unwanted tools.

rkhunter (Rootkit Hunter) is an easy-to-use tool for which checks systems for the presence of and other unwanted tools.

Website: http://rkhunter.sourceforge.net

Wikipedia: http://en.wikipedia.org/wiki/Rkhunter

More rootkit informations: http://www.rootkit.nl

See also

40 questions
0
votes
1 answer

rkhunter - deleted files - whitelist issues

I am working to secure a fresh Debian LAMP deployment and decided to include rkhunter (v1.4.2) in my security solution. I have run it using the following options: rkhunter -c --enable all --disable none --skip-keypress All checks completed positive…
mti_
  • 13
  • 5
0
votes
0 answers

rkhunter reports suspicious activity /bin/usr/wget and killall permissions changed

Sorry about the long post but please bear with me. I'm wondering if my system has been compromised. I've had issues in the past on this VM server with a Linux.BackDoor.Gates.5 Trojan that was DDoSing other servers. I have multiple backups of the VM…
D.Mill
  • 379
  • 5
  • 15
0
votes
1 answer

Whitelisting session files with rkhunter

I am running a webserver and am saving PHP sessions to /dev/shm -- rkhunter is flagging the session files: Warning: Suspicious file types found in /dev: /dev/shm/sess_eir6fi80ld0bs3ejsjvgkjiuc4: ASCII text, with no line terminators …
Schmoove
  • 73
  • 2
  • 6
0
votes
1 answer

rkhunter warning message /bin/sh

I'm running Ubuntu 10.04.4 LTS with fully update OS. The below messages is from rkhunter, What does it mean? Can anyone please explain. Warning: The file properties have changed: File: /bin/sh Current hash:…
Caterpillar
  • 1,122
  • 2
  • 22
  • 47
0
votes
1 answer

How can I send remote emails using exim?

I'm on Debian I'm trying to send an email to email@gmail.com but it's not working although I changed the configtype in update-exim4.conf.conf to "internet". It doesn't give me any output but I can't find anything in the email@gmail.com The error…
Vanddel
  • 125
  • 1
  • 4
0
votes
1 answer

rkhunter warnings

Ran rkhunter (centos, cpanel box) /usr/bin/groups [ Warning ] /usr/bin/whatis [ Warning ] /usr/bin/ldd […
Faith In Unseen Things
  • 119
  • 1
  • 6
0
votes
2 answers

rkhunter warning messages

i performed rkhunter -c on my server, and i get warnings for following files: /bin/GET /bin/wget /usr/local/bin/rkhunter Performing trojan specific checks Checking for enabled xinetd services [ Warning ] Checking for Apache…
user48058
  • 853
  • 3
  • 10
  • 19
0
votes
0 answers

RKHUNTER: Whitelist Filetype

I have over a million files of a certain type on each server and this causes rkhunter to take a very long time to execute the rkhunter --propupd --nolog triggered by APT_AUTOGEN=true (and other times propupd is requested) There are a lot of…
Gaia
  • 1,777
  • 4
  • 32
  • 58
0
votes
0 answers

How can I prevent rkhunter from always giving me the same warnings?

I get these warnings every single day from Rootkit Hunter: ---------------------- Start Rootkit Hunter Scan ---------------------- Warning: Package manager verification has failed: File: /usr/sbin/tcpd The file permissions have…
Eric
  • 1,087
  • 2
  • 12
  • 24
0
votes
2 answers

rkhunter: Suspicious file types found in /dev/null : ASCII text

so there is this situation, which is annoying since it sends email with warning during every rkhunter check on some of the servers. Basically, the error is this: Warning: Suspicious file types found in /dev: /dev/null : ASCII text I…
Sarunas Zilinskas
  • 23
  • 3
1 2
3