vlad54# uname -r
5.4-RELEASE
vlad54# date
пятница, 24 июня 2005 г. 11:02:20 (OMSST)
vlad54# rkhunter --update
Warning! Using /tmp as your temporary directory can be a security risk!
See logfile for more information about this issue.
Running updater...Mirrorfile /usr/local/lib/rkhunter/db/mirrors.dat rotated
Using mirror http://mirror18.mirror.rkhunter.org
[DB] Mirror file : Up to date
[DB] MD5 hashes system binaries : Up to date
[DB] Operating System information : Up to date
[DB] MD5 blacklisted tools/binaries : Up to date
[DB] Known good program versions : Up to date
[DB] Known bad program versions : Up to date
Ready.
vlad54# rkhunter -c
Warning! Using /tmp as your temporary directory can be a security risk!
See logfile for more information about this issue.
Rootkit Hunter 1.2.7 is runningDetermining OS... Ready
Checking binaries
* Selftests
Strings (command) [ OK ]
* System tools
Performing 'known good' check...
/bin/cat [ BAD ]
/bin/chmod [ BAD ]
/bin/kill [ BAD ]
/bin/ls [ BAD ]
/bin/ps [ BAD ]
/sbin/dmesg [ BAD ]
/sbin/ifconfig [ BAD ]
/sbin/init [ BAD ]
/sbin/mount [ BAD ]
/sbin/sysctl [ BAD ]
/usr/bin/egrep [ BAD ]
/usr/bin/env [ BAD ]
/usr/bin/fgrep [ BAD ]
/usr/bin/file [ BAD ]
/usr/bin/find [ BAD ]
/usr/bin/grep [ BAD ]
/usr/bin/groups [ BAD ]
/usr/bin/killall [ BAD ]
/usr/bin/login [ BAD ]
/usr/bin/netstat [ BAD ]
/usr/bin/stat [ BAD ]
/usr/bin/su [ BAD ]
/usr/bin/users [ BAD ]
/usr/bin/w [ BAD ]
/usr/bin/who [ BAD ]
/usr/bin/whoami [ BAD ]
/usr/sbin/chown [ BAD ]
/usr/sbin/cron [ BAD ]
/usr/sbin/syslogd [ BAD ]
/usr/sbin/watch [ BAD ]
--------------------------------------------------------------------------------
Rootkit Hunter found some bad or unknown hashes. This can be happen due replaced
binaries or updated packages (which give other hashes). Be sure your hashes are
fully updated (rkhunter --update). If you're in doubt about these hashes, contact
the author (fill in the contact form).
--------------------------------------------------------------------------------[Press <ENTER> to continue]
всё в порядке? это после сегодняшнего обновления охотника. проверьте у себя... гоны всё.
>vlad54# uname -r
>5.4-RELEASE
>vlad54# date
>пятница, 24 июня 2005 г. 11:02:20 (OMSST)
>vlad54# rkhunter --update
>Warning! Using /tmp as your temporary directory can be a security risk!
>
>See logfile for more information about this issue.
>Running updater...
>
>Mirrorfile /usr/local/lib/rkhunter/db/mirrors.dat rotated
>Using mirror http://mirror18.mirror.rkhunter.org
>[DB] Mirror file
>
> : Up to date
>[DB] MD5 hashes system binaries :
>Up to date
>[DB] Operating System information : Up to date
>
>[DB] MD5 blacklisted tools/binaries : Up to date
>[DB] Known good program versions : Up
>to date
>[DB] Known bad program versions :
>Up to date
>
>
>
>
>Ready.
>vlad54# rkhunter -c
>Warning! Using /tmp as your temporary directory can be a security risk!
>
>See logfile for more information about this issue.
>
>
>Rootkit Hunter 1.2.7 is running
>
>Determining OS... Ready
>
>
>Checking binaries
>* Selftests
> Strings (command)
>
>
>
> [ OK ]
>
>
>* System tools
> Performing 'known good' check...
> /bin/cat
>
>
>
> [ BAD
>]
> /bin/chmod
>
>
>
> [ BAD ]
> /bin/kill
>
>
>
> [ BAD ]
>
> /bin/ls
>
>
>
> [
>BAD ]
> /bin/ps
>
>
>
> [
>BAD ]
> /sbin/dmesg
>
>
>
> [ BAD ]
> /sbin/ifconfig
>
>
>
> [ BAD ]
> /sbin/init
>
>
>
> [ BAD ]
> /sbin/mount
>
>
>
> [ BAD ]
> /sbin/sysctl
>
>
>
> [ BAD ]
> /usr/bin/egrep
>
>
>
> [ BAD ]
> /usr/bin/env
>
>
>
> [ BAD ]
> /usr/bin/fgrep
>
>
>
> [ BAD ]
> /usr/bin/file
>
>
>
> [ BAD ]
> /usr/bin/find
>
>
>
> [ BAD ]
> /usr/bin/grep
>
>
>
> [ BAD ]
> /usr/bin/groups
>
>
>
> [ BAD ]
> /usr/bin/killall
>
>
>
> [ BAD ]
> /usr/bin/login
>
>
>
> [ BAD ]
> /usr/bin/netstat
>
>
>
> [ BAD ]
> /usr/bin/stat
>
>
>
> [ BAD ]
> /usr/bin/su
>
>
>
> [ BAD ]
> /usr/bin/users
>
>
>
> [ BAD ]
> /usr/bin/w
>
>
>
> [ BAD ]
> /usr/bin/who
>
>
>
> [ BAD ]
> /usr/bin/whoami
>
>
>
> [ BAD ]
> /usr/sbin/chown
>
>
>
> [ BAD ]
> /usr/sbin/cron
>
>
>
> [ BAD ]
> /usr/sbin/syslogd
>
>
>
>[ BAD ]
> /usr/sbin/watch
>
>
>
> [ BAD ]
>--------------------------------------------------------------------------------
>Rootkit Hunter found some bad or unknown hashes. This can be happen
>due replaced
>binaries or updated packages (which give other hashes). Be sure your hashes
>are
>fully updated (rkhunter --update). If you're in doubt about these hashes, contact
>
>the author (fill in the contact form).
>--------------------------------------------------------------------------------
>
>[Press <ENTER> to continue]
>
>всё в порядке? это после сегодняшнего обновления охотника. проверьте у себя... гоны
>всё.
что-то непонятно? вроде все написано - пиши автору чтобы суммы для 5.4
поправил или смотри где они там у этого продукта (с чем сравниваются)некоторые при первом запуске на новой систему создают новую базу и
при последующих проверках сравнивают уже с ее содержимым.
>>vlad54# uname -r
>>5.4-RELEASE
>>vlad54# date
>>пятница, 24 июня 2005 г. 11:02:20 (OMSST)
>>vlad54# rkhunter --update
>>Warning! Using /tmp as your temporary directory can be a security risk!
>>
>>See logfile for more information about this issue.
>>Running updater...
>>
>>Mirrorfile /usr/local/lib/rkhunter/db/mirrors.dat rotated
>>Using mirror http://mirror18.mirror.rkhunter.org
>>[DB] Mirror file
>>
>> : Up to date
>>[DB] MD5 hashes system binaries :
>>Up to date
>>[DB] Operating System information : Up to date
>>
>>[DB] MD5 blacklisted tools/binaries : Up to date
>>[DB] Known good program versions : Up
>>to date
>>[DB] Known bad program versions :
>>Up to date
>>
>>
>>
>>
>>Ready.
>>vlad54# rkhunter -c
>>Warning! Using /tmp as your temporary directory can be a security risk!
>>
>>See logfile for more information about this issue.
>>
>>
>>Rootkit Hunter 1.2.7 is running
>>
>>Determining OS... Ready
>>
>>
>>Checking binaries
>>* Selftests
>> Strings (command)
>>
>>
>>
>> [ OK ]
>>
>>
>>* System tools
>> Performing 'known good' check...
>> /bin/cat
>>
>>
>>
>> [ BAD
>>]
>> /bin/chmod
>>
>>
>>
>> [ BAD ]
>> /bin/kill
>>
>>
>>
>> [ BAD ]
>>
>> /bin/ls
>>
>>
>>
>> [
>>BAD ]
>> /bin/ps
>>
>>
>>
>> [
>>BAD ]
>> /sbin/dmesg
>>
>>
>>
>> [ BAD ]
>> /sbin/ifconfig
>>
>>
>>
>> [ BAD ]
>> /sbin/init
>>
>>
>>
>> [ BAD ]
>> /sbin/mount
>>
>>
>>
>> [ BAD ]
>> /sbin/sysctl
>>
>>
>>
>> [ BAD ]
>> /usr/bin/egrep
>>
>>
>>
>> [ BAD ]
>> /usr/bin/env
>>
>>
>>
>> [ BAD ]
>> /usr/bin/fgrep
>>
>>
>>
>> [ BAD ]
>> /usr/bin/file
>>
>>
>>
>> [ BAD ]
>> /usr/bin/find
>>
>>
>>
>> [ BAD ]
>> /usr/bin/grep
>>
>>
>>
>> [ BAD ]
>> /usr/bin/groups
>>
>>
>>
>> [ BAD ]
>> /usr/bin/killall
>>
>>
>>
>> [ BAD ]
>> /usr/bin/login
>>
>>
>>
>> [ BAD ]
>> /usr/bin/netstat
>>
>>
>>
>> [ BAD ]
>> /usr/bin/stat
>>
>>
>>
>> [ BAD ]
>> /usr/bin/su
>>
>>
>>
>> [ BAD ]
>> /usr/bin/users
>>
>>
>>
>> [ BAD ]
>> /usr/bin/w
>>
>>
>>
>> [ BAD ]
>> /usr/bin/who
>>
>>
>>
>> [ BAD ]
>> /usr/bin/whoami
>>
>>
>>
>> [ BAD ]
>> /usr/sbin/chown
>>
>>
>>
>> [ BAD ]
>> /usr/sbin/cron
>>
>>
>>
>> [ BAD ]
>> /usr/sbin/syslogd
>>
>>
>>
>>[ BAD ]
>> /usr/sbin/watch
>>
>>
>>
>> [ BAD ]
>>--------------------------------------------------------------------------------
>>Rootkit Hunter found some bad or unknown hashes. This can be happen
>>due replaced
>>binaries or updated packages (which give other hashes). Be sure your hashes
>>are
>>fully updated (rkhunter --update). If you're in doubt about these hashes, contact
>>
>>the author (fill in the contact form).
>>--------------------------------------------------------------------------------
>>
>>[Press <ENTER> to continue]
>>
>>всё в порядке? это после сегодняшнего обновления охотника. проверьте у себя... гоны
>>всё.
>
>
>что-то непонятно? вроде все написано - пиши автору чтобы суммы для 5.4
>
>поправил или смотри где они там у этого продукта (с чем сравниваются)
>
>
>некоторые при первом запуске на новой систему создают новую базу и
>при последующих проверках сравнивают уже с ее содержимым.ok. так и сделал. постил, чтоб люди не пугались. хотя... может, мой пересобранный мир незнаком рк? посмотрим.