• If you are still using CentOS 7.9, it's time to convert to Alma 8 with the free centos2alma tool by Plesk or Plesk Migrator. Please let us know your experiences or concerns in this thread:
    CentOS2Alma discussion

Security Scan - Operating System not fully supported & others

K

kuhle

Guest
I have carried out a security scan of a new server with a temp Plesk licence before I migrate all data from an old server to the new one. Some of the results cause some concern, and I would appreciate some help please. I have only included the things below which may be cause for concern:

Rootkit Hunter 1.2.8 is running

Determining OS... Unknown
Warning: This operating system is not fully supported!
Warning: Cannot find md5_not_known
All MD5 checks will be skipped!

* Trojan specific characteristics
shv4
Checking /etc/inetd.conf [ Not found ]
Checking /etc/xinetd.conf [ Clean ]

System checks
* Allround tests
Checking hostname... Found. Hostname is plesk.MYDOMAIN.co.uk
Checking boot.local/rc.local file...
- /etc/rc.local [ OK ]
- /etc/rc.d/rc.local [ OK ]
- /usr/local/etc/rc.local [ Not found ]
- /usr/local/etc/rc.d/rc.local [ Not found ]
- /etc/conf.d/local.start [ Not found ]
- /etc/init.d/boot.local [ Not found ]

Application advisories
* Application scan
Checking Apache2 modules ... [ Not found ]
Checking Apache configuration ... [ OK ]

* Application version scan
- GnuPG 1.4.5 [ OK ]
- Apache 2.2.3 [ OK ]
- Bind DNS 9.3.4-P1 [ Unknown ]
- OpenSSL 0.9.8b [ OK ]
- PHP 5.2.6 [ Unknown ]
- Procmail MTA 3.22 [ OK ]
- ProFTPd 1.3.1 [ Unknown ]
- OpenSSH 4.3p2 [ OK ]

Your system contains some unknown version numbers. Please run Rootkit Hunter
with the --update parameter or fill in the contact form (www.rootkit.nl).

* Check: SSH
Searching for sshd_config...
Found /etc/ssh/sshd_config
Checking for allowed root login... Watch out. Root login possible. Possible risk!
info:
Hint: See logfile for more information about this issue
Click to expand...

Where is the error log for this file?

Can anyone lend any advice on those areas that are in bold, and tell me what I can do to rectify them?

Thanks all,
 
In case it is importnat (I think it is), I'm fairly sure that I have Apache 2, because /etc/httpd/conf/httpd.conf says:

# This is the main Apache server configuration file. It contains the
# configuration directives that give the server its instructions.
# See <URL:http://httpd.apache.org/docs/2.2/> for detailed information.
# In particular, see
# <URL:http://httpd.apache.org/docs/2.2/mod/directives.html>
# for a discussion of each configuration directive.
Click to expand...
 
Does this show what distro I'm using? OS is centos-5

awstats 6.6-1.swsoft
bind 9.3.4-6.0.2.P1.el5_2
coldfusion Component was not installed
coldfusion-support 8.6.0-cos5.build86080722.00
courier-imap 3.0.8-cos5.build86080722.00
drweb 4.33-rh5_psa
drweb-qmail 4.33-cos5.build86080722.00
frontpage Component was not installed
httpd 2.2.3-11.el5_1.centos.3
kav4ms 5.5-1-Plesk
mailman 2.1.9-4.el5
mod_bw 0.8-5
mod_perl 2.0.2-6.3.el5
mod_python 3.2.8-3.1
mysql 5.0.45-7.el5
perl-Apache-ASP 2.59-0.93298
php 5.2.6-1.el5.art
plesk-billing 5.6.1-3
postgresql-server 8.1.11-1.el5_1.1
psa 8.6.0-cos5.build86080722.00
psa-api-rpc 8.6.0-cos5.build86080822.20
psa-autoinstaller 3.3.2-080710.09
psa-backup-manager 8.6.0-cos5.build86080822.20
psa-horde 3.1.7-cos5.build86080722.00
psa-imp 4.1.6-cos5.build86080722.00
psa-logrotate 3.7-cos5.build86080722.00
psa-manual-custom-skin-guide 8.6.0-cos5.build86080722.00
psa-migration-manager 8.6.0-cos5.build86080822.20
psa-miva 8.6.0-cos5.build86080722.00
psa-mod-fcgid-configurator 1.0-14
psa-proftpd 1.3.1-cos5.build86080722.00
psa-qmail 1.03-cos5.build86080822.20
psa-qmail-rblsmtpd 0.70-cos5.build86080722.00
psa-rubyrails-configurator 1.1.6-cos5.build86080722.00
psa-spamassassin 8.6.0-cos5.build86080722.00
psa-tomcat-configurator 8.6.0-cos5.build86080722.00
psa-turba 2.1.7-cos5.build86080722.00
ruby 1.8.5-5.el5_2.3
samba 3.0.28-1.el5_2.1
sitebuilder Component was not installed
spamassassin 3.2.5-1.el5.art
SSHTerm Component was not installed
tomcat 5.5.23-0jpp.7.el5_2.1
webalizer 2.01_10-30.1
Click to expand...
 
I upgraded (I think) various things:

# yum upgrade
Click to expand...
and then
# rkhunter --update
[ Rootkit Hunter version 1.3.2 ]

Checking rkhunter data files...
Checking file mirrors.dat [ No update ]
Checking file programs_bad.dat [ No update ]
Checking file backdoorports.dat [ No update ]
Checking file suspscan.dat [ No update ]
Checking file i18n/cn [ No update ]
Checking file i18n/en [ No update ]
Checking file i18n/zh [ No update ]
Checking file i18n/zh.utf8 [ No update ]
Click to expand...

But in Plesk CP at Modules>Watchdog>Security, when I do a security scan it still tell me that I'm running Rootkit Hunter 1.2.8.

Can anyone help on that, or any of the other things in bold on my initial post?
 
You must log in or register to reply here.

Similar threads

revisium
Input Revisium Antivirus for Websites
Replies
17
Views
7K
Chris Wokes
C
L
Cannot complete upgrade
Replies
12
Views
3K
Loic66
L
A
security scan show " warning "
Replies
1
Views
4K
IgorG
IgorG
R
watchdog (rkhunter) scan misreports warning
Replies
3
Views
4K
Sam12
S
D
problem with watchdog no md5
Replies
1
Views
2K
Dr Tyler
D
Back
Top