RKhunter Report Assistance

furquan

• July 05, 2017 04:40

Hello Everyone, I have received RKhunter report from my server, saying to inspect it, Can anybody on board, Please view my log file and suggest a recourse ,
Warning: File '/var/tmp/yum-zabbix-FmPFhh/x86_64/6/letsencrypt-cpanel/a9b30a69632884ea8563715899da72bbe29e9dc14861e56c8a795eea9530762f-primary.sqlite' (score: 210) contains some suspicious content and should be checked. Warning: File '/var/tmp/yum-zabbix-FmPFhh/x86_64/6/letsencrypt-cpanel/303fe8cf5695c872b496cda0432da7dbf333084b7e4d4136ba6876ffbe857c92-primary.sqlite' (score: 210) contains some suspicious content and should be checked. Warning: File '/var/tmp/yum-zabbix-FmPFhh/x86_64/6/letsencrypt-cpanel/522618658edb679fbe08f90154ebb2f41b70fbcfd59ec6666f0f0ab0f4a54aa4-primary.sqlite' (score: 210) contains some suspicious content and should be checked. Warning: File '/var/tmp/yum-zabbix-FmPFhh/x86_64/6/letsencrypt-cpanel/340453fda5b7faedeaf5b2aba2d108a512ff129372624c1b32dbd7acc0153faa-primary.sqlite' (score: 210) contains some suspicious content and should be checked. Warning: File '/var/tmp/yum-zabbix-FmPFhh/x86_64/6/letsencrypt-cpanel/46c97d0c02afab94a1edfde0edc191f2e3a69189dec570346a1e88e7ea520aa8-primary.sqlite' (score: 220) contains some suspicious content and should be checked. Warning: File '/var/tmp/yum-zabbix-FmPFhh/x86_64/6/timedhosts.txt' (score: 230) contains some suspicious content and should be checked. Warning: File '/var/tmp/yum-zabbix-FmPFhh/x86_64/6/zabbix/primary.xml.gz.sqlite' (score: 250) contains some suspicious content and should be checked. Warning: File '/var/tmp/yum-zabbix-FmPFhh/x86_64/6/vz-base/primary.xml.gz.sqlite' (score: 230) contains some suspicious content and should be checked. Warning: File '/var/tmp/yum-zabbix-FmPFhh/x86_64/6/updates/f9ba18b824d0117a2d8811623a6e972c532602e517b835980e467aefb656f590-primary.sqlite' (score: 280) contains some suspicious content and should be checked. Warning: File '/var/tmp/yum-zabbix-FmPFhh/x86_64/6/cpanel-addons-production-feed/493c84f52de21f15742d217e16d7223a725b8d0c1371d4ef12acdce5b56764be-primary.sqlite' (score: 210) contains some suspicious content and should be checked. Warning: File '/var/tmp/yum-zabbix-FmPFhh/x86_64/6/cpanel-addons-production-feed/f246a240bc566ed671fc1bb3b0a83cb781584ca2c12bc521a5c3f12f6aeab788-primary.sqlite' (score: 230) contains some suspicious content and should be checked. Warning: File '/var/tmp/yum-zabbix-FmPFhh/x86_64/6/cpanel-addons-production-feed/96ad31befdebee545a8b804c9bd82a99a1bb503ab42a86ee39be612e48af962c-primary.sqlite' (score: 240) contains some suspicious content and should be checked. Warning: File '/var/tmp/yum-zabbix-FmPFhh/x86_64/6/cpanel-addons-production-feed/133dd024d245f8744bd4f9dbf00d2fda0323dd8014ffa26342a345100c7913d1-primary.sqlite' (score: 210) contains some suspicious content and should be checked. Warning: File '/var/tmp/yum-zabbix-FmPFhh/x86_64/6/vz-updates/primary.xml.gz.sqlite' (score: 230) contains some suspicious content and should be checked. Warning: File '/var/tmp/yum-zabbix-FmPFhh/x86_64/6/extras/10ad16f4d694631e494de50f922f67b655e509ea9641477c354e340c48d03cbc-primary.sqlite' (score: 241) contains some suspicious content and should be checked. Warning: File '/var/tmp/yum-zabbix-FmPFhh/x86_64/6/extras/1b43133bfe09067a4816563f80792c23ae179d4652ba74dad71372d315a9632d-primary.sqlite' (score: 251) contains some suspicious content and should be checked. Warning: File '/var/tmp/yum-zabbix-FmPFhh/x86_64/6/zabbix-non-supported/primary.xml.gz.sqlite' (score: 210) contains some suspicious content and should be checked. Warning: Checking for files with suspicious contents [ Warning ] Warning: No output found from the lsmod command or the /proc/modules file: /proc/modules output: lsmod output: Warning: The SSH and rkhunter configuration options should be the same: SSH configuration option 'PermitRootLogin': without-password Rkhunter configuration option 'ALLOW_SSH_ROOT_USER': no Warning: Suspicious file types found in /dev: /dev/.udev/queue.bin: data Warning: Hidden directory found: /dev/.udev Warning: Hidden file found: /usr/share/man/man5/.k5identity.5.gz: gzip compressed data, from Unix, max compression Warning: Hidden file found: /usr/share/man/man5/.k5login.5.gz: gzip compressed data, from Unix, max compression Warning: Hidden file found: /usr/share/man/man1/..1.gz: gzip compressed data, from Unix, max compression Warning: Hidden file found: /usr/bin/.ssh.hmac: ASCII text Warning: Hidden file found: /usr/bin/.fipscheck.hmac: ASCII text Warning: Hidden file found: /usr/sbin/.sshd.hmac: ASCII text Warning: Application 'openssl', version '1.0.1e', is out of date, and possibly a security risk.
Thank you,

• 

  cPanelMichael

  • July 05, 2017 15:30

  Hello, It's very possible the alerts in the output you provided are false positives, however it's difficult to provide specific security advice without access to the affected system. Have you reviewed the files listed in your output to see if anything within the files look suspicious? You can find a list of qualified system administrators on the following URL if you'd like help with a full security scan of your system: System Administration Services | cPanel Forums Thank you.

  0
• 

  quizknows

  • July 05, 2017 15:39

  I agree with Michael, most likely these are false positives. Unless you have other reason to believe the system is compromised you are likely OK, but if you have doubts then you should have a sysadmin poke around.

  0
• 

  furquan

  • July 05, 2017 15:41

  Thank you Michael and Quizknows for your wise words :)

  0

Please sign in to leave a comment.