How to Know valunable applications in rkhunter

Portal Home > Knowledgebase > Articles Database > How to Know valunable applications in rkhunter

Posted by nabeelamjad, 11-11-2007, 07:54 PM
Im not having a much knowledge of server managing well i have a question rkhunter showing after scan that there is two valunable applications he found but im unable to get the name of these files which are valunable how do i know the name of them ???
Posted by david510, 11-11-2007, 10:40 PM
can you paste the warnings here?
Posted by nabeelamjad, 11-11-2007, 11:19 PM
System checks * Allround tests Checking hostname... Found. Hostname is test.domain.com Checking for passwordless user accounts... OK Checking for differences in user accounts... OK. No changes. Checking for differences in user groups... OK. No changes. Checking boot.local/rc.local file... - /etc/rc.local [ OK ] - /etc/rc.d/rc.local [ OK ] - /usr/local/etc/rc.local [ Not found ] - /usr/local/etc/rc.d/rc.local [ Not found ] - /etc/conf.d/local.start [ Not found ] - /etc/init.d/boot.local [ Not found ] Checking rc.d files... Processing........................................ ........................................ ........................................ ........................................ ........................................ ........................................ ........................................ ........................................ ........................................ ........................................ ........................................ ........................................ ......................... Result rc.d files check [ OK ] Checking history files Bourne Shell [ OK ] * Filesystem checks Checking /dev for suspicious files... [ OK ] Scanning for hidden files... [ OK ] [Press to continue] Application advisories * Application scan Checking Apache2 modules ... [ Not found ] Checking Apache configuration ... [ OK ] * Application version scan - Exim MTA 4.68 [ Unknown ] - GnuPG 1.2.6 [ Old or patched v ersion ] - Apache [unknown] [ OK ] - Bind DNS 9.2.4 [ OK ] - OpenSSL 0.9.7a [ Old or patched v ersion ] - PHP 4.4.6 [ OK ] - PHP 4.4.6 [ OK ] - Procmail MTA 3.22 [ OK ] - OpenSSH 3.9p1 [ OK ] Your system contains some unknown version numbers. Please run Rootkit Hunter with the --update parameter or contact us through the Rootkit Hunter mailinglist at rkhunter-users@lists.sourceforge.net. Security advisories * Check: Groups and Accounts Searching for /etc/passwd... [ Found ] Checking users with UID '0' (root)... [ OK ] * Check: SSH Searching for sshd_config... Found /etc/ssh/sshd_config Checking for allowed root login... Watch out Root login possible. Possible ri sk! info: No 'PermitRootLogin' entry found in file /etc/ssh/sshd_config Hint: See logfile for more information about this issue Checking for allowed protocols... [ OK (Only SSH2 al lowed) ] * Check: Events and Logging Search for syslog configuration... [ OK ] Checking for running syslog slave... [ OK ] Checking for logging to remote system... [ OK (no remote lo gging) ] ---------------------------- Scan results ---------------------------- MD5 scan Scanned files: 0 Incorrect MD5 checksums: 0 File scan Scanned files: 342 Possible infected files: 0 Application scan Vulnerable applications: 2 Scanning took 137 seconds
Posted by david510, 11-12-2007, 12:23 AM
It shows warning because direct root login is enabled. You may ignore this warning provided you have a strong root password.

Add to Favourites Print this Article