Jump to content

Rootkit Hunter


Bruno

Recommended Posts

villager.gifhunter0cj.gifbek150.gifguerrero2xc.gifI hope my "Enter" finger holds out!Application advisories* Application scan Checking Apache2 modules ... [ Not found ] Checking Apache configuration ... [ OK ]* Application version scan - GnuPG 1.2.4 [ OK ] - OpenSSL 0.9.7d [ OK ] - Procmail MTA 3.22 [ OK ] - OpenSSH 3.8p1 [ OK ]Security advisories* Check: Groups and Accounts Searching for /etc/passwd... [ Found ] Checking users with UID '0' (root)... [ OK ]* Check: SSH Searching for sshd_config... Found /etc/ssh/sshd_config Checking for allowed root login... [ OK (Remote root login permitted by explicit option) ] Checking for allowed protocols... [ Warning (SSH v1 allowed) ]* Check: Events and Logging Search for syslog configuration... [ OK ] Checking for running syslog slave... [ OK ] Checking for logging to remote system... [ OK (no remote logging) ][Press <ENTER> to continue]
Link to comment
Share on other sites

  • Replies 121
  • Created
  • Last Reply

Top Posters In This Topic

  • Bruno

    44

  • Shamgar

    22

  • linuxdude32

    6

  • trigggl

    6

spock.gifpirate33st.gifLooks like we are at the end . . . smilie_pop_eyes.gif---------------------------- Scan results ----------------------------MD5MD5 compared: 56Incorrect MD5 checksums: 0File scanScanned files: 342Possible infected files: 0Application scanVulnerable applications: 0Scanning took 1699 secondsScan results written to logfile (/var/log/rkhunter.log)-----------------------------------------------------------------------Do you have some problems, undetected rootkits, false positives, ideasor suggestions?Please e-mail me by filling in the contact form (@http://www.rootkit.nl)-----------------------------------------------------------------------linux:/home/Shamgar # Edited by Shamgar
Link to comment
Share on other sites

Thanks Bruno. Now do I close the terminal? Where am I going to find this when I try to add a toolbar button (Non KDE Application)?1074.gifclap.giftrigggl: It's an extension from firefox called smxtra1ag.gif

Link to comment
Share on other sites

No no . . no toolbar button . . . First you have to run it as root ( and toolbar buttons are only for the user )Second: you always need to run it in a terminal anyway to see the output ( and press <Enter> . . . LOL ! )Yes you can close the terminal now . . your system is healty ans safe !:D Bruno

Link to comment
Share on other sites

So if I want to run this program I have to type in this:linux:/home/Shamgar # /usr/local/bin/rkhunter -c --createlogfileHave another round SuSE . . . . uglypanzer.gif SuSE 9.1

Edited by Shamgar
Link to comment
Share on other sites

Nope you just type ( as root )rkhunter -c --createlogfileThat is all . . . ( we made a new link remember ? and this time I did put the link in /usr/sbin . . where root can find it . . . so then just typing "rkhunter" with the options after it will do ):D Bruno

Link to comment
Share on other sites

Once every month will do Shamgar . . . .and if you suspect something fishy going on with your system and expect that it is compromised ( cracked :D ):thumbsup: Bruno

Link to comment
Share on other sites

  • 6 months later...
  • 10 months later...
muckshifter

Hey! don't blame me for the resurrection of this thread ... Scot did it. :thumbsup: Oh, and Suse 10.1 installs rkhunter fine via YaST ... :w00t: :hysterical:

Link to comment
Share on other sites

Where is the log file for this thing after you run it? When I type whereis logfile, it indicates it should be in my home, but where? When I enter "whereis rkhunter" I get: /usr/sbin/rkhunter /etc/rkhunter.conf /lib/rkhunter but in looking in these places, there is no logfile there that I can see.Not to hijack this thread, but this points up a fundamental problem I have run into in Linux: I cannot find things I am looking for. Is there some better way, than using "whereis"?Thank you.Bill

Edited by BillD
Link to comment
Share on other sites

Hi BillDid you have a look at the output on your screen ?? At the end it says:

---------------------------- Scan results ----------------------------MD5MD5 compared: 38Incorrect MD5 checksums: 0File scanScanned files: 342Possible infected files: 0Application scanVulnerable applications: 0Scanning took 130 secondsScan results written to logfile (/var/log/rkhunter.log)-----------------------------------------------------------------------
;):thumbsup: BrunoPS: I just created a special thread for questions about the Newsletter & Linux Explorer: http://forums.scotsnewsletter.com/index.php?showtopic=15774 please post your comments over there :hysterical:
Link to comment
Share on other sites

As I told Bruno, it pays to read. I had been so busy looking at the stuff as it scrolled down the screen and wondering what a red warning was and also what the yellow on white stuff was, that by the time it reached the end, I failed to note the end. After finding the original log, I tried it again, and of course, there was the notice.Thank you . . . sorry to ask something that should have been obvious . . . but wasn't to me!Bill

Link to comment
Share on other sites

It happens to all of us Bill, including me. :P You should hear me sometimes yelling at my self 'you stupid %$##*:++_), are you blind?' Just last friday I forgot to get in as root before doing a simple /sbin/lilo.... :w00t: never happened before. :thumbsup: We're just human. :hysterical:

Link to comment
Share on other sites

There is no point in me not admiting it. If you go back through this forum to three years ago (yikes already 3 years???) you will find threads where I asked 1000 questions and did a lot of dumb things! I can usually go awhile without doing something dumb these days. :D :(

Link to comment
Share on other sites

Frank Golden
:D :(
Neat tool No GUI but I made launcher for program. Terminal shuts down at end of scan.But I can see problems before it does. If I see problems I can always re-runin terminal proper.found some hidden files outside /home/dev/.static/dev/./dev/.initramfs/dev/.udev/dev/.initramfs-tools /etc/.pwd.lock/etc/.javaand one unknown GnuPG 1.4.2.2Don't see log in /var/log
Link to comment
Share on other sites

Neat tool No GUI but I made launcher for program. Terminal shuts down at end of scan.But I can see problems before it does. If I see problems I can always re-runin terminal proper.found some hidden files outside /home/dev/.static/dev/./dev/.initramfs/dev/.udev/dev/.initramfs-tools /etc/.pwd.lock/etc/.javaand one unknown GnuPG 1.4.2.2Don't see log in /var/log
Frank, Try this:rkhunter -c --createlogfile --nocolorsThis checks the system, performs all tests,creates a logfile in /var/log/rkhunter.log, anddoesn't use colors for the output (some terminals don't like colors or extended layout characters).
Link to comment
Share on other sites

Frank Golden
Frank, Try this:rkhunter -c --createlogfile --nocolorsThis checks the system, performs all tests,creates a logfile in /var/log/rkhunter.log, anddoesn't use colors for the output (some terminals don't like colors or extended layout characters).
Thanks Striker worked charm. Didn't need --nocolors, terminal has no problem colors etc.
Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.


×
×
  • Create New...