Thread: [Rkhunter-users] Can the MD5 failure and Vulnerable applications be ignored?
Brought to you by:
dogsbody
Menu
▾
▴
rkhunter-users
|
From: Trevor L. <tre...@4l...> - 2006-08-21 23:19:12
|
Hi I'm using Redhat ES 3.0 Update 4 - I've updated httpd, chkconfig, openssl and openssh since then and am equivalent to Update 8 for these listed applications. I ran rkhunter --checkall -createlogfile and received the following ... Can i safely ignore the MD5 checksum failure on chkconfig on the grounds that the version in the database is older than the updated version on the server? Can i also ignore the applications that RKHunter thinks is vulnerable and unpatched (even though the applications in question have been updated to the latest and greatest in reality)? Thanks for any help you can provide in this. [13:28:38] ---------------------------- MD5 hash tests --------------------------- [13:28:38] Starting MD5 checksum test (/usr/local/rkhunter/lib/rkhunter/scripts/filehashmd5.pl) [13:28:38] /bin/cat Hash NOT valid (My MD5: adab51f4f506e0736d11f034f9fe7309, expected: 0473f4080d276888e3e78332f250289c) [13:28:38] /bin/cat hash valid, found in database [13:28:39] /bin/chmod Hash NOT valid (My MD5: d92607740f91e4c02cda1a02560636e6, expected: 236994579951e5fd0ff7ef1b04958a38) [13:28:39] /bin/chmod hash valid, found in database [13:28:39] /bin/chown hash valid, found in database [13:28:39] /bin/chown Hash NOT valid (My MD5: 1bb3f528a0001a4ded756e5396ebfc19, expected: ba8f6fd57a8cf507dc6a21fd64191cbe) [13:28:40] /bin/dmesg Hash NOT valid (My MD5: 2ce02f553e119ae67592baab0f09d94b, expected: 118e35b0cd0f3d004ba435330d3e53a9) [13:28:40] /bin/dmesg hash valid, found in database [13:28:40] /bin/dmesg Hash NOT valid (My MD5: 2ce02f553e119ae67592baab0f09d94b, expected: 796f9101cf2eaaeed729038e9039e1a8) [13:28:40] /bin/dmesg Hash NOT valid (My MD5: 2ce02f553e119ae67592baab0f09d94b, expected: a31d1a5eb964b84377055fa0c77f1dcb) [13:28:40] /bin/dmesg Hash NOT valid (My MD5: 2ce02f553e119ae67592baab0f09d94b, expected: ad1008e3b19a32f1353ff8c0f83a4dea) [13:28:41] /bin/egrep Hash NOT valid (My MD5: e41ba09db4d05bb217f679463ebe50e3, expected: 1a1c4e75e82a51bc570350aa22184913) [13:28:41] /bin/egrep Hash NOT valid (My MD5: e41ba09db4d05bb217f679463ebe50e3, expected: 306de2afe6362758025fd642172d0691) [13:28:41] /bin/egrep Hash NOT valid (My MD5: e41ba09db4d05bb217f679463ebe50e3, expected: 3460ad484263fed43fdd4957908a6567) [13:28:41] /bin/egrep hash valid, found in database [13:28:41] /bin/env hash valid, found in database [13:28:42] /bin/env Hash NOT valid (My MD5: 1964039ab5e5e3d3d18e61a4ae3d31c8, expected: af7b476952e3020560574c8733bec6e7) [13:28:42] /bin/fgrep Hash NOT valid (My MD5: e41ba09db4d05bb217f679463ebe50e3, expected: 01b9524c8e60a5e167132a6e85452cd0) [13:28:42] /bin/fgrep Hash NOT valid (My MD5: e41ba09db4d05bb217f679463ebe50e3, expected: 306de2afe6362758025fd642172d0691) [13:28:42] /bin/fgrep Hash NOT valid (My MD5: e41ba09db4d05bb217f679463ebe50e3, expected: 3460ad484263fed43fdd4957908a6567) [13:28:42] /bin/fgrep hash valid, found in database [13:28:43] /bin/grep Hash NOT valid (My MD5: e41ba09db4d05bb217f679463ebe50e3, expected: 306de2afe6362758025fd642172d0691) [13:28:43] /bin/grep Hash NOT valid (My MD5: e41ba09db4d05bb217f679463ebe50e3, expected: 3460ad484263fed43fdd4957908a6567) [13:28:43] /bin/grep Hash NOT valid (My MD5: e41ba09db4d05bb217f679463ebe50e3, expected: 92f09f237afcc6439abd0a864ff5df7d) [13:28:43] /bin/grep hash valid, found in database [13:28:44] /bin/kill Hash NOT valid (My MD5: ef1ddf26df38e26320c633596a1bee39, expected: 0264a1f26eb763add205d162f2a617df) [13:28:44] /bin/kill Hash NOT valid (My MD5: ef1ddf26df38e26320c633596a1bee39, expected: 41b5e952886b953887cad98a4614b8c9) [13:28:44] /bin/kill Hash NOT valid (My MD5: ef1ddf26df38e26320c633596a1bee39, expected: bf3e4bf2a80de3f2759db0d3bc5cffc0) [13:28:44] /bin/kill Hash NOT valid (My MD5: ef1ddf26df38e26320c633596a1bee39, expected: d406293bc378ac87cb3d7540fbe4cfe7) [13:28:44] /bin/kill hash valid, found in database [13:28:45] /bin/login Hash NOT valid (My MD5: da91d5a2e5f8f0968abbcdf1379ab16d, expected: 0dc02fbd7c919903cf3190347440c9d6) [13:28:45] /bin/login Hash NOT valid (My MD5: da91d5a2e5f8f0968abbcdf1379ab16d, expected: 31156deab37843ce664941f25f7188e5) [13:28:45] /bin/login Hash NOT valid (My MD5: da91d5a2e5f8f0968abbcdf1379ab16d, expected: 46a708eef80e3faed92d13783ca3ee4e) [13:28:45] /bin/login Hash NOT valid (My MD5: da91d5a2e5f8f0968abbcdf1379ab16d, expected: 5d9caccc9f89312140dd04835a1721e7) [13:28:45] /bin/login hash valid, found in database [13:28:45] /bin/ls Hash NOT valid (My MD5: 440fff1820cc2c8f2cadb47295e04b50, expected: 1d987a40e6903bc683f1241e196d5fa3) [13:28:46] /bin/ls hash valid, found in database [13:28:46] /bin/mount hash valid, found in database [13:28:46] /bin/mount Hash NOT valid (My MD5: 971a094650968164afd7b18c28421fb2, expected: 9c3f46d8a1d3b7a85a04e7b75a4e5b47) [13:28:46] /bin/mount Hash NOT valid (My MD5: 971a094650968164afd7b18c28421fb2, expected: b0e553bb7bc7db2aa2dcaa9836f86f70) [13:28:46] /bin/mount Hash NOT valid (My MD5: 971a094650968164afd7b18c28421fb2, expected: c20a55a5cf1dce5c90a66d894df21f40) [13:28:46] /bin/mount Hash NOT valid (My MD5: 971a094650968164afd7b18c28421fb2, expected: fd2386b7f69cbfafc4ce625da077dad0) [13:28:47] /bin/netstat Hash NOT valid (My MD5: f94ecf73c1a1374c4e7f3d231fbb3ed9, expected: 39861964a4e6dc35d6d31bc65513eac0) [13:28:47] /bin/netstat Hash NOT valid (My MD5: f94ecf73c1a1374c4e7f3d231fbb3ed9, expected: 46cf84840c1d985568ff85e675f10803) [13:28:47] /bin/netstat Hash NOT valid (My MD5: f94ecf73c1a1374c4e7f3d231fbb3ed9, expected: dbe0bb1484a941355adac67a67d346bf) [13:28:47] /bin/netstat hash valid, found in database [13:28:48] /bin/ps hash valid, found in database [13:28:48] /bin/ps Hash NOT valid (My MD5: 3b128af11b11823fd1c35a3f51f75718, expected: 4e64729be30119a2f755f9d300f460f9) [13:28:48] /bin/ps Hash NOT valid (My MD5: 3b128af11b11823fd1c35a3f51f75718, expected: 82a66bd2883f0ef1b31afe27c7591da8) [13:28:48] /bin/ps Hash NOT valid (My MD5: 3b128af11b11823fd1c35a3f51f75718, expected: 9bd8bf260adc81d3a43a086fce6b430a) [13:28:49] /bin/su hash valid, found in database [13:28:49] /bin/su Hash NOT valid (My MD5: 4c7ff921743dc3bdbb558d37198df658, expected: c0490221e929485b96b8b9a716a35e45) [13:28:49] /sbin/chkconfig Hash NOT valid (My MD5: 904aa87c69326796d6b855fd2310edb5, expected: 02a6770731c79ae3b489bce3a33c55eb) [13:28:49] /sbin/chkconfig Hash NOT valid (My MD5: 904aa87c69326796d6b855fd2310edb5, expected: 9bf498af39ca4dbbd8849fb475032ff7) [13:28:49] /sbin/chkconfig Hash NOT valid (My MD5: 904aa87c69326796d6b855fd2310edb5, expected: ccbe212e76cb2b2f550cf277c86f7be0) [13:28:49] Using whitelists to compare MD5 hash (searching for 904aa87c69326796d6b855fd2310edb5) [13:28:49] No whitelisted MD5 hash found for /sbin/chkconfig [13:28:49] MD5 hash for my file (/sbin/chkconfig) is 904aa87c69326796d6b855fd2310edb5, but is not in database [13:28:49] End of whitelist compare [13:28:49] Checking /sbin/chkconfig against hashes in database (02a6770731c79ae3b489bce3a33c55eb 9bf498af39ca4dbbd8849fb475032ff7 ccbe212e76cb2b2f550cf277c86f7be0) failed [13:28:50] RPM info: your package 'chkconfig-1.3.13.4-0.3' [13:28:50] RPM info: packages in database: chkconfig-1.3.8-3 chkconfig-1.3.11-0.3 chkconfig-1.3.13.2-0.3 [13:28:50] --- [13:28:50] 125:/sbin/chkconfig:904aa87c69326796d6b855fd2310edb5:-:-:chkconfig-1.3.13.4- 0.3 [13:28:50] --- [13:28:50] /sbin/depmod Hash NOT valid (My MD5: e04bb50fa4b356e6a8ad67d9b2db70d6, expected: 1d0e78d33a8c49414dff94ae65c5cc11) [13:28:50] /sbin/depmod Hash NOT valid (My MD5: e04bb50fa4b356e6a8ad67d9b2db70d6, expected: 3ee8e8b380f7c2d61a92058d893c026b) [13:28:50] /sbin/depmod hash valid, found in database [13:28:50] /sbin/depmod Hash NOT valid (My MD5: e04bb50fa4b356e6a8ad67d9b2db70d6, expected: f22674a73db6a1b68bd929b427338821) [13:28:51] /sbin/depmod Hash NOT valid (My MD5: e04bb50fa4b356e6a8ad67d9b2db70d6, expected: f67d966ebf39ac884e99a60ed29f451a) [13:28:51] /sbin/ifconfig Hash NOT valid (My MD5: 256a3fcc0aba710a67c25e0d6bd5ac4a, expected: 0116198d1a5d499cd4d9e78d9fae8384) [13:28:51] /sbin/ifconfig hash valid, found in database [13:28:51] /sbin/ifconfig Hash NOT valid (My MD5: 256a3fcc0aba710a67c25e0d6bd5ac4a, expected: 956f4ea0a7d47da7e0de2bc28e2982bd) [13:28:51] /sbin/ifconfig Hash NOT valid (My MD5: 256a3fcc0aba710a67c25e0d6bd5ac4a, expected: d42e51b5488c266d1b067b1071c5cb49) [13:28:52] /sbin/init Hash NOT valid (My MD5: c635c3c8778596be4a83593b26c27cec, expected: 3a7f0f828e6c0f625dd5619400192cfc) [13:28:52] /sbin/init Hash NOT valid (My MD5: c635c3c8778596be4a83593b26c27cec, expected: 90888c9fc0d9968b7d338740bb00122c) [13:28:52] /sbin/init hash valid, found in database [13:28:53] /sbin/insmod Hash NOT valid (My MD5: ad098e1d882b841b88a2fc817ea7cbd1, expected: 262664a94cccc7ea3acc95c4ed6cf65b) [13:28:53] /sbin/insmod Hash NOT valid (My MD5: ad098e1d882b841b88a2fc817ea7cbd1, expected: 3978a5ac9070563276e83016d32282c4) [13:28:53] /sbin/insmod Hash NOT valid (My MD5: ad098e1d882b841b88a2fc817ea7cbd1, expected: 3ea3cbafcd7db7595969beb2043536f5) [13:28:53] /sbin/insmod hash valid, found in database [13:28:53] /sbin/insmod Hash NOT valid (My MD5: ad098e1d882b841b88a2fc817ea7cbd1, expected: f998c3e41531ade97b2c7d7933687da8) [13:28:54] /sbin/modinfo Hash NOT valid (My MD5: 77b7b07cdd4aab7867129ce298b4a06c, expected: 500ea6824d2810f133b3949a42a3ad50) [13:28:54] /sbin/modinfo hash valid, found in database [13:28:54] /sbin/modinfo Hash NOT valid (My MD5: 77b7b07cdd4aab7867129ce298b4a06c, expected: 7cf43bb904863baa740566b73bef836d) [13:28:54] /sbin/modinfo Hash NOT valid (My MD5: 77b7b07cdd4aab7867129ce298b4a06c, expected: 8934944c5ce4742fa91801fea2721d4d) [13:28:54] /sbin/modinfo Hash NOT valid (My MD5: 77b7b07cdd4aab7867129ce298b4a06c, expected: c7302e0b33375b3f968ce8f8e7674667) [13:28:54] /sbin/runlevel Hash NOT valid (My MD5: 8175cc96f3a2cd134fc35c6739a6b4c3, expected: 01b9c173c26d89b66e485ce124669c16) [13:28:55] /sbin/runlevel Hash NOT valid (My MD5: 8175cc96f3a2cd134fc35c6739a6b4c3, expected: 1ee5df34d0b75cf7b3fca7a82a4b6184) [13:28:55] /sbin/runlevel hash valid, found in database [13:28:55] /sbin/sysctl Hash NOT valid (My MD5: fef29c540b2a7813f8b74b47ce976040, expected: 2115eb229dc7378a4dcc60875ec1cf3f) [13:28:55] /sbin/sysctl Hash NOT valid (My MD5: fef29c540b2a7813f8b74b47ce976040, expected: 425f95a6465587aa08918a914c2324d0) [13:28:55] /sbin/sysctl Hash NOT valid (My MD5: fef29c540b2a7813f8b74b47ce976040, expected: 82a525c3d126171354210f87a5c9995a) [13:28:56] /sbin/sysctl hash valid, found in database [13:28:56] /sbin/syslogd Hash NOT valid (My MD5: 75a7302bae84528783e510cd82e84374, expected: 0664e45906c107fc0856ca8a2c40ab0a) [13:28:56] /sbin/syslogd Hash NOT valid (My MD5: 75a7302bae84528783e510cd82e84374, expected: 3d3d77f77a76c7362b24a8b07051b098) [13:28:56] /sbin/syslogd Hash NOT valid (My MD5: 75a7302bae84528783e510cd82e84374, expected: 4f1c0a24761deb8fd95e467add18a97f) [13:28:56] /sbin/syslogd hash valid, found in database [13:28:56] /sbin/syslogd Hash NOT valid (My MD5: 75a7302bae84528783e510cd82e84374, expected: 784cac9348ad6d899c536d6e256707ce) [13:28:57] /usr/bin/file hash valid, found in database [13:28:57] /usr/bin/file Hash NOT valid (My MD5: 0fc8cd768e8ed57c5406c5f4e788492f, expected: cecb4e2c282d20c85b85464154453653) [13:28:57] /usr/bin/find hash valid, found in database [13:28:58] /usr/bin/groups hash valid, found in database [13:28:58] /usr/bin/kill Hash NOT valid (My MD5: ccf1e8d08898f4df6660353f1ffde513, expected: 4029b1bef36b1c035b93160e1053877f) [13:28:58] /usr/bin/kill hash valid, found in database [13:28:58] /usr/bin/killall Hash NOT valid (My MD5: f8f08fe5f5c1c76f1c29e097c0258c90, expected: deebbf7265582b22478b932b5d581697) [13:28:59] /usr/bin/killall hash valid, found in database [13:28:59] /usr/bin/lsattr hash valid, found in database [13:28:59] /usr/bin/lsattr Hash NOT valid (My MD5: 1c0e39488fdca9787cbbaf3280cbe026, expected: 3815a58e9a5ca6f9d44b95ca29809005) [13:28:59] /usr/bin/pstree Hash NOT valid (My MD5: b3304fad243e8826d1f336695041686e, expected: 6e2becbb0b34a20cdb6a0574720f53a0) [13:29:00] /usr/bin/pstree hash valid, found in database [13:29:00] /usr/bin/sha1sum hash valid, found in database [13:29:00] /usr/bin/sha1sum Hash NOT valid (My MD5: 1758734b93ef845999c0f2f76841944e, expected: 9aba745b2e2d1d1ad6b1a62e53ced195) [13:29:00] /usr/bin/stat Hash NOT valid (My MD5: d31ed49b57e7dad63fa96563fe82775f, expected: 8965db34b2586c6739330ba57ed7dedf) [13:29:01] /usr/bin/stat hash valid, found in database [13:29:01] /usr/bin/users Hash NOT valid (My MD5: d676fadc6371f6f0d68833ba51beade5, expected: 5c747d4d41fa0611a5f0165bab5a8877) [13:29:01] /usr/bin/users hash valid, found in database [13:29:01] /usr/bin/w Hash NOT valid (My MD5: f19a52aefdfd929efda4467172ca1ceb, expected: 780585d4459338aa5e6745b7f13bfe62) [13:29:02] /usr/bin/w Hash NOT valid (My MD5: f19a52aefdfd929efda4467172ca1ceb, expected: ba79babee73417dd35074f15dc69d311) [13:29:02] /usr/bin/w Hash NOT valid (My MD5: f19a52aefdfd929efda4467172ca1ceb, expected: ef428d61e99a1263bb0bfc35eaffaea9) [13:29:02] /usr/bin/w hash valid, found in database [13:29:02] /usr/bin/watch Hash NOT valid (My MD5: 95fabf9105647430fd040f964f56ab57, expected: 041f940e8a9753460978e32634a31af5) [13:29:02] /usr/bin/watch Hash NOT valid (My MD5: 95fabf9105647430fd040f964f56ab57, expected: 47da5050adc6907ae8c3adf9535def58) [13:29:03] /usr/bin/watch Hash NOT valid (My MD5: 95fabf9105647430fd040f964f56ab57, expected: 625d436d2ce7b0915529c1bd04fc6902) [13:29:03] /usr/bin/watch hash valid, found in database [13:29:03] /usr/bin/who Hash NOT valid (My MD5: feb52bd67ed6c6fd8c8b07577e4796f8, expected: 5e456c0bb307fb8b01a3d57f780dde3e) [13:29:03] /usr/bin/who hash valid, found in database [13:29:04] /usr/bin/whoami Hash NOT valid (My MD5: 51880372d1c5cd99ed81105346ff1236, expected: 2b25ede140e2ab888356c40c39b9406d) [13:29:04] /usr/bin/whoami hash valid, found in database [13:31:49] ------------------------ Application advisories ----------------------- [13:31:50] ---------------------- Application version check ---------------------- [13:31:50] ---------------------------------------------------------- [13:31:50] Scanning Exim%%MTA... [13:31:50] Application not found [13:31:50] ---------------------------------------------------------- [13:31:50] Scanning GnuPG... [13:31:50] /usr/bin/gpg found [13:31:50] Version 1.2.1 seems to be vulnerable (if unpatched)! [13:31:50] ---------------------------------------------------------- [13:31:50] Scanning Apache... [13:31:50] /usr/sbin/httpd found [13:31:50] Version 2.0.46 seems to be vulnerable (if unpatched)! [13:31:50] ---------------------------------------------------------- [13:31:50] Scanning Bind%%DNS... [13:31:50] Debug: [13:31:50] /usr/sbin/named found [13:31:50] Version 9.2.4 is available in non-vulnerable group and seems to be OK! [13:31:50] ---------------------------------------------------------- [13:31:50] Scanning OpenSSL... [13:31:50] /usr/bin/openssl found [13:31:51] Version 0.9.7a seems to be vulnerable (if unpatched)! [13:31:51] ---------------------------------------------------------- [13:31:51] Scanning PHP... [13:31:51] /usr/bin/php found [13:31:51] Version 4.3.2 seems to be vulnerable (if unpatched)! [13:31:51] ---------------------------------------------------------- [13:31:51] Scanning Procmail%%MTA... [13:31:51] /usr/bin/procmail found [13:31:51] Version 3.22 is available in non-vulnerable group and seems to be OK! [13:31:51] ---------------------------------------------------------- [13:31:51] Scanning ProFTPd... [13:31:51] Application not found [13:31:51] ---------------------------------------------------------- [13:31:51] Scanning OpenSSH... [13:31:51] /usr/sbin/sshd found [13:31:51] Version 3.6.1p2 seems to be vulnerable (if unpatched)! Trevor Lee |
Thanks for helping keep SourceForge clean.
X