Pages : 1
#1 Le 05/01/2009, à 19:24
- shensi
[Résolu ?][Rkhunter] multiple warning ce matin
Bonjour,
en ce moment je suis en train de faire pas mal de changement sur mon serveur ubuntu 7.10...
j'ai mis en place un serveur de messagerie avec courier-imap-ssl et tout et tout... enfin jusque là tout marchait bien et tout marche encore ! fort heureusment !
je me lève ce matin et voici le rapport de rkhunter:
Warning: The file properties have changed:
File: /bin/login
Current hash: fcfc4bc3fc930b62055992cb81205fc018547de5
Stored hash : 8229fd971b7934dd9ca7db729223ea9967c6d301
Current inode: 496020 Stored inode: 496018
Current file modification time: 1228727591
Stored file modification time : 1226558944
Warning: The file properties have changed:
File: /bin/su
Current inode: 496021 Stored inode: 496019
Current file modification time: 1228727591
Stored file modification time : 1226558944
Warning: The file properties have changed:
File: /usr/bin/lastlog
Current inode: 49704 Stored inode: 50472
Current file modification time: 1228727591
Stored file modification time : 1226558944
Warning: The file properties have changed:
File: /usr/bin/newgrp
Current inode: 49708 Stored inode: 50474
Current file modification time: 1228727591
Stored file modification time : 1226558944
Warning: The file properties have changed:
File: /usr/bin/passwd
Current inode: 53213 Stored inode: 50559
Current file modification time: 1228727589
Stored file modification time : 1226558941
Warning: The file properties have changed:
File: /usr/bin/perl
Current hash: 7308c1ae9a71eee0c1c4c1d149ded54ce4a6f66f
Stored hash : 9c4d220d96fbaf9aaedbe4e034a767e8d510d7f6
Current inode: 49781 Stored inode: 48772
Current size: 1078096 Stored size: 1078128
Current file modification time: 1229999605
Stored file modification time : 1196759924
Warning: The file properties have changed:
File: /usr/sbin/groupadd
Current inode: 178524 Stored inode: 178676
Current file modification time: 1228727589
Stored file modification time : 1226558941
Warning: The file properties have changed:
File: /usr/sbin/groupdel
Current inode: 178536 Stored inode: 178677
Current file modification time: 1228727589
Stored file modification time : 1226558941
Warning: The file properties have changed:
File: /usr/sbin/groupmod
Current inode: 178547 Stored inode: 178678
Current file modification time: 1228727589
Stored file modification time : 1226558941
Warning: The file properties have changed:
File: /usr/sbin/grpck
Current inode: 178557 Stored inode: 178679
Current file modification time: 1228727589
Stored file modification time : 1226558941
Warning: The file properties have changed:
File: /usr/sbin/nologin
Current inode: 178520 Stored inode: 178536
Current file modification time: 1228727591
Stored file modification time : 1226558944
Warning: The file properties have changed:
File: /usr/sbin/pwck
Current inode: 178593 Stored inode: 178683
Current file modification time: 1228727589
Stored file modification time : 1226558941
Warning: The file properties have changed:
File: /usr/sbin/useradd
Current inode: 178601 Stored inode: 178686
Current file modification time: 1228727589
Stored file modification time : 1226558941
Warning: The file properties have changed:
File: /usr/sbin/userdel
Current inode: 178602 Stored inode: 178687
Current file modification time: 1228727589
Stored file modification time : 1226558941
Warning: The file properties have changed:
File: /usr/sbin/usermod
Current inode: 178603 Stored inode: 178688
Current file modification time: 1228727589
Stored file modification time : 1226558941
Warning: The file properties have changed:
File: /usr/sbin/vipw
Current inode: 178604 Stored inode: 178689
Current file modification time: 1228727589
Stored file modification time : 1226558941
Warning: The modules file '/proc/modules' is missing.
Warning: The kernel module directory '/lib/modules/2.6.24.5-grsec-xxxx-grs-ipv4-32' is missing.
Warning: Hidden directory found: /dev/.udev
Warning: Hidden directory found: /dev/.static
Warning: Hidden directory found: /dev/.static/dev/.initramfs
Warning: Hidden directory found: /dev/.static/dev/.static
Warning: Hidden directory found: /dev/.static/dev/.udev
Warning: Hidden file found: /dev/.static/dev/.tmp-2-0: block special (2/0)
One or more warnings have been found while checking the system.
Please check the log file (/var/log/rkhunter.log)Que dois-je en penser ? voir des binaires dans sbin changer de signature n'annonce rien de bon ....
Cordialement,
Dernière modification par shensi (Le 05/01/2009, à 22:48)
Distrib: Ubuntu 9.04
Citation : Si chuck Norris te dit que ta mère est bonne... tu peux l'appeler Papa
Hors ligne
#2 Le 05/01/2009, à 22:48
- shensi
Re : [Résolu ?][Rkhunter] multiple warning ce matin
BOnsoir!
Pour donner suite à mon dilemne, j'ai trouvé un site parlant d'un paquet debian du nom de debsums.
Il est possible de vérifier les hash MD5 des binaires avec cet outil: debsums.
Du coup j'ai passé en revue l'ensemble des binaires sur lesquels je doutais et tout semble normal...
Donc je ne sais pas trop comment c'est possible vu que le dernier apt-get update && upgrade n'a pas mis à jour les binaires fautifs ?!
En tout cas voilà j'ai trouvé une solution ! pour celui qui tombe sur ce thread...
Je suis toujours à l'écoute des commentaires des spécialistes linux...
Autre chose: j'ai une autre ubuntu en 8.04 sur laquelle les mêmes paquets ont changé de signature ... je m'en suis rendu compte ce soir en rentrant....
Allez bonne soirée
Distrib: Ubuntu 9.04
Citation : Si chuck Norris te dit que ta mère est bonne... tu peux l'appeler Papa
Hors ligne
Pages : 1