rkhunter explanation
hello awesome people
i installed rk hunter on my vps and received the first scan log but i understood nothing as i am new to the security world of cpanel
can someone please explain the warning:
[ Rootkit Hunter version 1.4.6 ]
[1;33mChecking rkhunter version...[0;39m
This version : 1.4.6
Latest version: 1.4.6
[ Rootkit Hunter version 1.4.6 ]
[1;33mChecking rkhunter data files...[0;39m
Checking file mirrors.dat[34C[ [1;32mNo update[0;39m ]
Checking file programs_bad.dat[29C[ [1;32mNo update[0;39m ]
Checking file backdoorports.dat[28C[ [1;32mNo update[0;39m ]
Checking file suspscan.dat[33C[ [1;32mNo update[0;39m ]
Checking file i18n/cn[38C[ [1;32mNo update[0;39m ]
Checking file i18n/de[38C[ [1;32mNo update[0;39m ]
Checking file i18n/en[38C[ [1;32mNo update[0;39m ]
Checking file i18n/tr[38C[ [1;32mNo update[0;39m ]
Checking file i18n/tr.utf8[33C[ [1;32mNo update[0;39m ]
Checking file i18n/zh[38C[ [1;32mNo update[0;39m ]
Checking file i18n/zh.utf8[33C[ [1;32mNo update[0;39m ]
Checking file i18n/ja[38C[ [1;32mNo update[0;39m ]
Warning: The command '/usr/sbin/ifdown' has been replaced by a script: /usr/sbin/ifdown: Bourne-Again shell script, ASCII text executable
Warning: The command '/usr/sbin/ifup' has been replaced by a script: /usr/sbin/ifup: Bourne-Again shell script, ASCII text executable
Warning: The command '/usr/bin/egrep' has been replaced by a script: /usr/bin/egrep: POSIX shell script, ASCII text executable
Warning: The command '/usr/bin/fgrep' has been replaced by a script: /usr/bin/fgrep: POSIX shell script, ASCII text executable
Warning: The command '/usr/bin/GET' has been replaced by a script: /usr/bin/GET: Perl script, ASCII text executable
Warning: The command '/usr/bin/ldd' has been replaced by a script: /usr/bin/ldd: Bourne-Again shell script, ASCII text executable
Warning: The file properties have changed:
File: /usr/local/bin/passwd
Current hash: c53bf7524e095c0f44e4198ee7c359fe22b526cf357b8ae36d68a0b117bf74bd
Stored hash : 0843b3b3f490170790a943e005eb71f589426b5eec9c5f128032b71a4a3f98e4
Warning: The file properties have changed:
File: /usr/local/cpanel/bin/jail_safe_passwd
Current hash: c53bf7524e095c0f44e4198ee7c359fe22b526cf357b8ae36d68a0b117bf74bd
Stored hash : 0843b3b3f490170790a943e005eb71f589426b5eec9c5f128032b71a4a3f98e4
Current inode: 18575 Stored inode: 18221
Current size: 3112504 Stored size: 3305912
Current file modification time: 1543533562 (30-Nov-2018 00:19:22)
Stored file modification time : 1538522375 (03-Oct-2018 00:19:35)
Warning: No output found from the lsmod command or the /proc/modules file:
/proc/modules output:
lsmod output:
Warning: The kernel modules directory '/lib/modules' is missing or empty.
Warning: The SSH and rkhunter configuration options should be the same:
SSH configuration option 'PermitRootLogin': yes
Rkhunter configuration option 'ALLOW_SSH_ROOT_USER': no
Warning: The SSH configuration option 'Protocol' has not been set.
The default value may be '2,1', to allow the use of protocol version 1.
Warning: Hidden file found: /etc/.updated: ASCII text
Warning: Hidden file found: /usr/share/man/man1/..1.gz: gzip compressed data, from Unix, max compression
Warning: Hidden file found: /usr/share/man/man5/.k5login.5.gz: gzip compressed data, from Unix, max compression
Warning: Hidden file found: /usr/share/man/man5/.k5identity.5.gz: gzip compressed data, from Unix, max compression
Please sign in to leave a comment.
Comments
0 comments