My server's running fine... but these rootkit hunter logs always make me paranoid.. why cant something eventually be done about this ? Even my techies till me WatchDog has issues and I should ignore most of the warnings.
All my stuff in my /bin/ folder has warnings on it similar to this -
Maybe because when running 'Yum Update', those files are suppose to change as well ?
Also, there's always something up with xinet.d.
Can someone tell me all is good...so I dont always have to be paranoid when running Watchdog ?
a couple more -
any help = much appreciated..
thinkin about installing ASL is the price comes down a tad.
All my stuff in my /bin/ folder has warnings on it similar to this -
[06:52:24] Checking for prerequisites [ OK ]
[06:52:24] /bin/awk [ Warning ]
[06:52:24] Warning: No hash value found for file '/bin/awk' in the rkhunter.dat file.
[06:52:24] /bin/basename [ Warning ]
[06:52:24] Warning: The file properties have changed:
[06:52:24] File: /bin/basename
[06:52:24] Current size: 18484 Stored size: 16056
[06:52:24] /bin/bash [ Warning ]
[06:52:24] Warning: The file properties have changed:
[06:52:24] File: /bin/bash
[06:52:24] Current size: 735004 Stored size: 729292
[06:52:25] /bin/cat [ Warning ]
[06:52:25] Warning: The file properties have changed:
[06:52:25] File: /bin/cat
[06:52:25] Current size: 23132 Stored size: 20648
[06:52:25] /bin/chmod [ Warning ]
[06:52:25] Warning: The file properties have changed:
[06:52:25] File: /bin/chmod
[06:52:25] Current size: 38564 Stored size: 35932
[06:52:25] /bin/chown [ Warning ]
[06:52:25] Warning: The file properties have changed:
[06:52:25] File: /bin/chown
[06:52:25] Current size: 44020 Stored size: 41320
[06:52:25] /bin/cp [ Warning ]
[06:52:25] Warning: The file properties have changed:
[06:52:25] File: /bin/cp
[06:52:25] Current size: 71524 Stored size: 68248
[06:52:25] /bin/csh [ Warning ]
[06:52:25] Warning: The file properties have changed:
[06:52:25] File: /bin/csh
[06:52:25] Current hash: 8d52c4e0045758989269e783510c98c48339de3ce626
[06:52:25] Stored hash : a4264d4d8b0ce01b73e21440186657786874ba8f4308
[06:52:26] Current file modification time: 1263407715
[06:52:26] Stored file modification time : 1262871459
[06:52:26] /bin/cut [ Warning ]
[06:52:26] Warning: The file properties have changed:
[06:52:26] File: /bin/cut
[06:52:26] Current size: 34408 Stored size: 31752
[06:52:26] /bin/date [ Warning ]
Maybe because when running 'Yum Update', those files are suppose to change as well ?
Also, there's always something up with xinet.d.
[06:53:31] Checking '/etc/xinetd.d/smtp_psa' for enabled services [ Warning ]
[06:53:31] Checking '/etc/xinetd.d/smtps_psa' for enabled services [ Warning ]
[06:53:32] Checking '/etc/xinetd.d/submission_psa' for enabled services [ Warning ]
[06:53:32] Checking '/etc/xinetd.d/tcpmux-server' for enabled services [ None found ]
[06:53:32] Checking '/etc/xinetd.d/time-dgram' for enabled services [ None found ]
[06:53:32] Checking '/etc/xinetd.d/time-stream' for enabled services [ None found ]
[06:53:32] Checking for enabled xinetd services [ Warning ]
[06:53:32] Warning: Found enabled xinetd service: /etc/xinetd.d/ftp_psa
[06:53:32] Warning: Found enabled xinetd service: /etc/xinetd.d/poppassd_psa
[06:53:32] Warning: Found enabled xinetd service: /etc/xinetd.d/smtp_psa
[06:53:32] Warning: Found enabled xinetd service: /etc/xinetd.d/smtps_psa
[06:53:32] Warning: Found enabled xinetd service: /etc/xinetd.d/submission_psa
[06:53:32] Checking for Apache backdoor [ Not found ]
Can someone tell me all is good...so I dont always have to be paranoid when running Watchdog ?
a couple more -
[06:53:40] Checking for hidden files and directories [ Warning ]
[06:53:40] Warning: Hidden directory found: /dev/.udev
[06:53:40] Warning: Hidden file found: /usr/share/man/man1/..1.gz: gzip compressed data, from Unix, max compression
[06:53:41] Warning: Hidden file found: /usr/bin/.fipscheck.hmac: ASCII text
[06:53:41] Warning: Hidden file found: /usr/bin/.ssh.hmac: ASCII text
[06:53:41] Warning: Hidden file found: /usr/sbin/.sshd.hmac: ASCII text
any help = much appreciated..
thinkin about installing ASL is the price comes down a tad.