From: John Connor <J<udgeday@gm...> - 2011-09-24 04:04:40
hi there , ich use the rkhunter 1.3.8 and scan my ubuntu 10.4.3 x64
the log file shows some warnings about suspisious files , i cant belive
this are false positive .
here is a complete copy of the rkhunter.log
by the way i test to install the same ubuntu iso on a virtual machine
whit exact the same config and programms and run a scan but in the
virtual machine the dont came up only on my real system.
so thats why i cant belive that they are false positiv.
so here is the rkhunter.log warnings of the real system scan:
[12:15:21] /usr/sbin/adduser [ Warning ]
[12:15:21] Warning: The command '/usr/sbin/adduser' has been replaced by
a script: /usr/sbin/adduser: a /usr/bin/perl script text executable
[12:15:26] /usr/bin/ldd [ Warning ]
[12:15:26] Warning: The command '/usr/bin/ldd' has been replaced by a
script: /usr/bin/ldd: Bourne-Again shell script text executable
[12:15:31] /usr/bin/lwp-request [ Warning ]
[12:15:31] Warning: The command '/usr/bin/lwp-request' has been replaced
by a script: /usr/bin/lwp-request: a /usr/bin/perl -w script text executable
[12:15:38] /bin/which [ Warning ]
[12:15:38] Warning: The command '/bin/which' has been replaced by a
script: /bin/which: POSIX shell script text executable
[12:16:21] Info: SCAN_MODE_DEV set to 'THOROUGH'
[12:16:21] Checking /dev for suspicious file types [ Warning ]
[12:16:21] Warning: Suspicious file types found in /dev:
[12:16:21] /dev/shm/pulse-shm-2005885598: data
[12:16:21] /dev/shm/pulse-shm-505987593: AmigaOS bitmap font
[12:16:21] /dev/shm/pulse-shm-1522195268: data
[12:16:21] /dev/shm/mono.1650: data
[12:16:22] Checking version of GnuPG [ Warning ]
[12:16:22] Warning: Application 'gpg', version '1.4.10', is out of date,
and possibly a security risk.
[12:16:22] Info: Application 'httpd' not found.
[12:16:22] Info: Application 'named' not found.
[12:16:23] Checking version of OpenSSL [ Warning ]
[12:16:23] Warning: Application 'openssl', version '0.9.8k', is out of
date, and possibly a security risk.
please can you help me about this log , is my system infected whit some
bad things ?
if you need some more informations then send me an email and i give you
what you need to find out if these are bad things.