security scan show " warning "

[AyazA]

Hi every one...

yesterday i installed the watchdog on my sever and i scanned my server by the watchdog security which is show me " warning " word with some files and also i got email in show to me below message:
" Please inspect this machine, because it may be infected. "

also in watchdog security area show me below message:
" Warning: Scanning completed at Sep 13, 2010 02:29 PM. Considerable existing/potential security problems were detected in the system. For details, see the log below. "

below my watchdog security summary with only warning:

[ Rootkit Hunter version 1.3.4 ]

Checking rkhunter data files...
Checking file mirrors.dat [ No update ]
Checking file programs_bad.dat [ Updated ]
Checking file backdoorports.dat [ Updated ]
Checking file suspscan.dat [ Updated ]
Checking file i18n/cn [ No update ]
Checking file i18n/de [ Updated ]
Checking file i18n/en [ No update ]
Checking file i18n/zh [ No update ]
Checking file i18n/zh.utf8 [ No update ]

[ Rootkit Hunter version 1.3.4 ]
File created: searched for 150 files, found 125

Checking system commands...

Performing 'strings' command checks
Checking 'strings' command [ OK ]

Performing file properties checks
Checking for prerequisites [ Warning ]

/usr/bin/GET [ Warning ]
/sbin/ifdown [ Warning ]
/sbin/ifup [ Warning ]




Performing additional rootkit checks
Suckit Rookit additional checks [ OK ]

Performing trojan specific checks
Checking for enabled xinetd services [ Warning ]
Checking for Apache backdoor [ Not found ]

Performing Linux specific checks
Checking loaded kernel modules [ Warning ]
Checking kernel module names [ Skipped ]

Checking for passwd file changes [ Warning ]
Checking for group file changes [ Warning ]


Performing system configuration file checks
Checking for SSH configuration file [ Found ]
Checking if SSH root access is allowed [ Warning ]
Checking if SSH protocol v1 is allowed [ Not allowed ]
Checking for running syslog daemon [ Found ]
Checking for syslog configuration file [ Found ]
Checking if syslog remote logging is allowed [ Not allowed ]

Performing filesystem checks
Checking /dev for suspicious file types [ None found ]
Checking for hidden files and directories [ Warning ]

[Press <ENTER> to continue]

Checking application versions...


Checking version of Apache [ Warning ]
Checking version of Bind DNS [ Warning ]

Checking version of ProFTPd [ Skipped ]
Checking version of OpenSSH [ Warning ]


System checks summary
=====================

File properties checks...
Required commands check failed
Files checked: 125
Suspect files: 3

Rootkit checks...
Rootkits checked : 113
Possible rootkits: 0

Applications checks...
Applications checked: 8
Suspect applications: 3

The system checks took: 6 minutes and 20 seconds

All results have been written to the logfile (/var/log/rkhunter.log)

One or more warnings have been found while checking the system.
Please check the log file (/var/log/rkhunter.log)

so now what i do for that and how i can remove the warning or infection.


Thanks
Best Regards
Admin of NSW
Ayaz Ali
http://www.newsoftworld.com

 

[IgorG]

Did you tried to read clarifications about these warnings in /var/log/rkhunter.log ?