Rkhunter log, need help

Portal Home > Knowledgebase > Articles Database > Rkhunter log, need help

Posted by bonjurkes, 09-27-2007, 11:14 AM
Hello, I would like some help about my rkhunter`s log. It gives some warnings but i dont know if they are really important ones. Here are the warnings it gives : Warning: The command '/usr/bin/GET' has been replaced by a script: /usr/bin/GET: perl script text executable Warning: The command '/usr/bin/groups' has been replaced by a script: /usr/bin/groups: Bourne shell script text executable Warning: The command '/usr/bin/ldd' has been replaced by a script: /usr/bin/ldd: Bourne shell script text executable Warning: The command '/usr/bin/whatis' has been replaced by a script: /usr/bin/whatis: Bourne shell script text executable Warning: The command '/sbin/ifdown' has been replaced by a script: /sbin/ifdown: Bourne-Again shell script text executable Warning: The command '/sbin/ifup' has been replaced by a script: /sbin/ifup: Bourne-Again shell script text executable Warning: Found enabled xinetd service: /etc/xinetd.d/ftp_psa Warning: Found enabled xinetd service: /etc/xinetd.d/poppassd_psa Warning: Found enabled xinetd service: /etc/xinetd.d/smtp_psa Warning: Found enabled xinetd service: /etc/xinetd.d/smtps_psa Warning: The SSH configuration option 'PermitRootLogin' has not been set. The default value may be 'yes', to allow root access. Warning: Hidden file found: /usr/share/man/man1/..1.gz: gzip compressed data, from Unix, max compression Warning: Application 'gpg', version '1.2.6', is out of date, and possibly a security risk. Warning: Application 'openssl', version '0.9.7a', is out of date, and possibly a security risk. Warning: Application 'php', version '4.3.9', is out of date, and possibly a security risk. I am using plesk and i am using yum update for updating files and scripts. So i dont know how can i update gpg php and openssl. Plus for some time it said like port 2006 is open and possible trojan backdoor. But when i check now it doesnt give any error like that. Can you help me about deciding if there is any major problem at those logs or not? edit : if someone also wants i can attach the full rkhunter.log or only warning output rkhunter.log
Posted by david510, 09-28-2007, 04:09 AM
The warning "has been replaced by a script" seems to be a false alarm. Yum update is not working on the server? You can try rpm in that case.
Posted by bonjurkes, 09-28-2007, 07:32 AM
I am using yum update for updating server files and scripts. Sometimes when i do yum update it shows updates for php and mysql but i guess they are minor updates. I don't know if it is a good idea to use any other commands because i dont want to mess up the server.
Posted by bryonhost1, 09-28-2007, 12:20 PM
Hi! Plesk can handle most updates if you tell it to...just like cpanel. There's really little risk in running yum update, though. I have not had much experience with Plesk on Linux..I have a few windows vps's with it. Sw-soft is really good about producing manuals. Download them..print what you need to. rkhunter is more useful over time. Take this one list of alerts..then..next time..be concerned if there are new ones added..then it's really useful. If you really want to see other common rkhunter false positives..just do a search with google. I'm sure someone has a list of known false positives..and ones you need to look out for. Bryon
Posted by bonjurkes, 09-28-2007, 04:26 PM
I don't know how plesk handles other updates also but it usually updates its own core files and related products like horde and etc. I will be glad if you can tell me if there is a way to make plesk handle other updates also. B
Posted by bryonhost1, 09-28-2007, 04:33 PM
Hi! I'm not sure. Let me check the manual. >>Yes there is: Changing Updater Settings By default, updates for Plesk and updates for your operating system are downloaded from the official Plesk Update server at http://autoinstall.plesk.com. If you want to receive Plesk updates from a local network storage, do the following: Click the Server shortcut in the navigation pane. Click the Updater icon in the Services group. Click Preferences. Click the Plesk Update Source tab. From the Source type menu, select the Network storage option and specify the URL to the directory where updates reside. Click OK to apply settings. If you want to receive updates for your server's operating system from the operating system vendor's site, do the following: Click the Server shortcut in the navigation pane. Click the Updater icon in the Services group. Click Preferences. Click the Sources of Operating System Updates tab. To exclude the Plesk Updates server from the updates sources, click the icon , corresponding to the Plesk updates server entry, in the S column. Click Add Source and specify the following: Source type. Leave the repomd (xml-rpm-metadata repository) value selected if you are going to receive updates from the vendor's site. To receive updates from a directory on the server's hard disk or from a mounted network share, select the directory (local directory) value. Source URL. Type the URL where the package files are located. For example, http://download.fedora.redhat.com/fe...updates/2/i386. Source priority. If you use several download sites, you can specify the order in which they should be polled for updates. To do this, specify different level of priority for each of the sources: select a value from the list, or select Custom and type a number from 1 (lowest) to 999 (highest). Authentication. If you need to authenticate at the vendor's site in order to receive updates, select the Authentication check box and specify your user name and password. Click OK. >>For your dining pleasure..manuals can be downloaded here: http://www.swsoft.com/en/products/plesk/docs/ adminstrator's guide is a good place to start. I have both html and pdf versions. i find the html version easier to navigate..but the pdf easier to print when I choose to do so. Bryon Last edited by bryonhost1; 09-28-2007 at 04:42 PM.

Add to Favourites Print this Article