On Sun, 5 Sep 2010 15:21:50 +0800 Umarzuki Mochlis <umarz...@gmail.com> wrote:
> Hi, > > I ran rkhunter on my debian 5 vps and got all these warnings: > > $ grep Warning rkhunter.log > [06:47:36] Warning: Checking for prerequisites > [ Warning ] [06:47:36] Warning: WARNING! It is the users > responsibility to ensure that when the '--propupd' option > [06:47:39] /bin/which > [ Warning ] [06:47:39] Warning: The command '/bin/which' has been > replaced by a script: /bin/which: POSIX shell script text executable > [06:47:40] /usr/bin/groups > [ Warning ] [06:47:40] Warning: The command '/usr/bin/groups' has > been replaced by a script: /usr/bin/groups: POSIX shell script text > executable > [06:47:40] /usr/bin/ldd > [ Warning ] [06:47:40] Warning: The command '/usr/bin/ldd' has been > replaced by a script: /usr/bin/ldd: Bourne-Again shell script text > executable > [06:47:43] /usr/bin/lwp-request > [ Warning ] [06:47:43] Warning: The command '/usr/bin/lwp-request' > has been replaced by a script: /usr/bin/lwp-request: a /usr/bin/perl > -w script text executable > [06:47:45] /usr/sbin/adduser > [ Warning ] [06:47:45] Warning: The command '/usr/sbin/adduser' has > been replaced by a script: /usr/sbin/adduser: a /usr/bin/perl script > text executable [06:49:35] Checking for string > 'hdparm' [ Warning ] [06:49:36] Warning: Checking > for possible rootkit strings [ Warning ] [06:49:37] Checking for > enabled inetd services [ Warning ] [06:49:38] Warning: > Found enabled inetd service: talk [06:49:38] Warning: Found enabled > inetd service: ntalk [06:49:38] Checking loaded kernel > modules [ Warning ] [06:49:38] Warning: No output > found from the lsmod command or the /proc/modules file: [06:51:07] > Checking if SSH root access is allowed [ Warning ] > [06:51:07] Warning: The SSH and rkhunter configuration options should > be the same: [06:51:25] Checking version of > GnuPG [ Warning ] [06:51:25] Warning: > Application 'gpg', version '1.4.9', is out of date, and possibly a > security risk. [06:51:25] Checking version of > OpenSSL [ Warning ] [06:51:25] Warning: > Application 'openssl', version '0.9.8g', is out of date, and possibly > a security risk. [06:51:25] Checking version of > PHP [ Warning ] [06:51:25] Warning: > Application 'php', version '5.2.6', is out of date, and possibly a > security risk. [06:51:25] Checking version of > OpenSSH [ Warning ] [06:51:25] Warning: > Application 'sshd', version '5.1p1', is out of date, and possibly a > security risk. > > aside from the PermitRootLogin = yes, does this mean that the vps was > compromised? > Probably not. Have you done updates recently? After you installed rkhunter, did you run it with the --propupd switch? Odd though, my which resides in /usr/bin opposed to your /bin. This could be a difference from your Deb 5 and my Sid though. -- Best regards, Chris 1AB5FEF8 -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/20100905023230.4a9d4...@makeworld.com