• If you are still using CentOS 7.9, it's time to convert to Alma 8 with the free centos2alma tool by Plesk or Plesk Migrator. Please let us know your experiences or concerns in this thread:
    CentOS2Alma discussion

RKHunter Warnings

karadayi

Basic Pleskian
Hi,

I am using Plesk 11 with Ubuntu 12.04 and got some warnings with RKHunter. Is it normal while Plesk is installed?

As the Log file is too big I have uploaded it to pastebin.com

The complete Log
http://pastebin.com/sUm5hP1t

The warnings

[16:31:18] Warning: Checking for prerequisites [ Warning ]
[16:31:18] Unable to find 'lsattr' command - all file immutable-bit checks will be skipped.
[16:33:49] /usr/bin/unhide.rb [ Warning ]
[16:33:50] Warning: The command '/usr/bin/unhide.rb' has been replaced by a script: /usr/bin/unhide.rb: Ruby script, ASCII text
[16:43:45] Checking '/etc/xinetd.d/ftp_psa' for enabled services [ Warning ]
[16:43:45] Checking '/etc/xinetd.d/poppassd_psa' for enabled services [ Warning ]
[16:43:46] Warning: Found enabled xinetd service: /etc/xinetd.d/ftp_psa
[16:43:46] Warning: Found enabled xinetd service: /etc/xinetd.d/poppassd_psa
[16:43:48] Checking loaded kernel modules [ Warning ]
[16:43:48] Warning: No output found from the lsmod command or the /proc/modules file:
[16:43:48] /proc/modules output:
[16:43:48] lsmod output:
[16:43:49] Info: Using modules pathname of '/lib/modules/2.6.32-042stab104.1'
[16:44:31] Checking for hidden files and directories [ Warning ]
[16:44:31] Warning: Hidden directory found: /dev/.udev
 
Hi karadayi,

/usr/bin/unhide.rb
Defined as uncritically ( because "normal with Ubuntu" - it's a ruby script ).

Warning: Found enabled xinetd service: /etc/xinetd.d/ftp_psa
Warning: Found enabled xinetd service: /etc/xinetd.d/poppassd_psa
Defined as uncritically ( because "normal with Plesk" - xinetd is a service, needed by Plesk i. ex. for the FTP-server and MAIL and depending services ).

Warning: Hidden directory found: /dev/.udev
Defined as uncritically ( because "normal with Ubuntu" - rkhunter doesn't expect the hidden directory at this place, but Ubuntu's basic/default installation just placed it there ).
 
If I change the "/opt/psa/etc/modules/watchdog/rkhunter.conf" then will it be overwritten like I can read in the first line of the file?
Where can I do changes that will not be overwritten by plesk?
 
Hello,

I just installed watchdog for the first time and run security scan.

I have few warnings, can you help me to understand it, and if they are critical

Checking file i18n versions [ Update failed ]
Checking for prerequisites [ Warning ]
/usr/bin/rkhunter [ Warning ]
Checking for enabled xinetd services [ Warning ]
Checking for passwd file changes [ Warning ]
Checking for group file changes [ Warning ]
Checking if SSH root access is allowed [ Warning ]
Checking for hidden files and directories [ Warning ]

File properties checks...
Required commands check failed
Files checked: 126
Suspect files: 1 <--- which file is suspected? rkhunter?
 

Attachments

  • rkhunter.log
    79.1 KB · Views: 2
Hi, thank you for answer,

Here is the log from yesterday in attachment.
There I see this warning. I attached rkhunter.txt

Code:
[21:59:54] Warning: The command '/usr/bin/rkhunter' has been replaced and is not a script: /usr/bin/rkhunter: POSIX shell script, ASCII text executable
 

Attachments

  • rkhunter.log.1.txt
    79.1 KB · Views: 0
  • rkhunter.txt
    522.5 KB · Views: 0
Plesk uses own rkhunter /usr/local/psa/admin/bin/modules/watchdog/rkhunter instad of /usr/bin/rkhunter. You can run it manually with

# /usr/local/psa/admin/bin/modules/watchdog/rkhunter -c

It is part of psa-watchdog package.
Looks like that you have /usr/bin/rkhunter from OS vendor or third-party repository installed. Check it with

# rpm -qf /usr/bin/rkhunter

But anyway, I think that you shouldn't worry about it.
 
Hi Igor,

thank you, you are right, I executed it manually, and there is no suspicious files.

Also, I can't remember if my previous colleague installed rkhunter earlier... I installed last night modsecurity, and i supposed that is installed plesk's rkhunter also.

Can you tell me in short lines, how to safely set Plesk's rkhunter and uninstall that from OS ventor?
 
First of all make sure that rkhunter package is installed with

# rpm -qa | grep rkhunter

After that remove it with

# rpm -e correct_name_of_installed_package
 
Back
Top