Quoting [EMAIL PROTECTED] ([EMAIL PROTECTED]): > Rootkit Hunter found some bad or unknown hashes. This can be happen due > replaced binaries or updated packages (which give other hashes). Be sure > your hashes are fully updated (rkhunter --update). If you're in doubt > about these hashes, contact the author ...
Why don't you make a copy of one or more of those binaries, then re-retrieve and install the Woody package of the same release, and compare md5sums of the resulting binaries? (Note that you should make very sure it's the same release, or you'll get a different md5sum for entirely innocent reasons.) > And another alert was this: > > Checking /dev for suspicious files... [ Warning! > (unusual files found) ] Well? What files? The fact that rkhunter has an opinion is not, by itself, particularly interesting. You either have to know rkhunter very, very well, such that you have a high degree of faith in its opinions, or need to investigate for yourself what it claims is suspicious. Preferably both. > What's up now I would expect someone has replaced my /bin/login > binary which makes me feel unhappy or is there nothing to > worry about ? > > - ProFTPd 1.2.5rc1 [Vulnerable ] > - OpenSSH 3.4p1 [Vulnerable ] > - GnuPG 1.0.6 [Vulnerable ] Well? _Are_ those actually vulnerable, or is rkhunter making bad assumptions? If you are running a conventional woody system, then you're receiving backported security fixes -- which does not change the package version number. Ergo, if rkhunter is stating the foregoing strictly on the basis of version numbers, then it is making a common elementary error. > At last there was this error messages: > > Incorrect MD5 checksums: 6 Which ones? And on what basis is it saying they're incorrect? You don't say. -- Cheers, There are 10 kinds of people in the world, those who Rick Moen know ternary, those who don't, and those who are now [EMAIL PROTECTED] looking for their dictionaries. -- Ron Fabre -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]