Portal Home > Knowledgebase > Articles Database > How to Know valunable applications in rkhunter
How to Know valunable applications in rkhunter
Posted by nabeelamjad, 11-11-2007, 07:54 PM |
Im not having a much knowledge of server managing well i have a question rkhunter showing after scan that there is two valunable applications he found but im unable to get the name of these files which are valunable how do i know the name of them ???
|
Posted by david510, 11-11-2007, 10:40 PM |
can you paste the warnings here?
|
Posted by nabeelamjad, 11-11-2007, 11:19 PM |
System checks
* Allround tests
Checking hostname... Found. Hostname is test.domain.com
Checking for passwordless user accounts... OK
Checking for differences in user accounts... OK. No changes.
Checking for differences in user groups... OK. No changes.
Checking boot.local/rc.local file...
- /etc/rc.local [ OK ]
- /etc/rc.d/rc.local [ OK ]
- /usr/local/etc/rc.local [ Not found ]
- /usr/local/etc/rc.d/rc.local [ Not found ]
- /etc/conf.d/local.start [ Not found ]
- /etc/init.d/boot.local [ Not found ]
Checking rc.d files...
Processing........................................
........................................
........................................
........................................
........................................
........................................
........................................
........................................
........................................
........................................
........................................
........................................
.........................
Result rc.d files check [ OK ]
Checking history files
Bourne Shell [ OK ]
* Filesystem checks
Checking /dev for suspicious files... [ OK ]
Scanning for hidden files... [ OK ]
[Press to continue]
Application advisories
* Application scan
Checking Apache2 modules ... [ Not found ]
Checking Apache configuration ... [ OK ]
* Application version scan
- Exim MTA 4.68 [ Unknown ]
- GnuPG 1.2.6 [ Old or patched v ersion ]
- Apache [unknown] [ OK ]
- Bind DNS 9.2.4 [ OK ]
- OpenSSL 0.9.7a [ Old or patched v ersion ]
- PHP 4.4.6 [ OK ]
- PHP 4.4.6 [ OK ]
- Procmail MTA 3.22 [ OK ]
- OpenSSH 3.9p1 [ OK ]
Your system contains some unknown version numbers. Please run Rootkit Hunter
with the --update parameter or contact us through the Rootkit Hunter mailinglist
at rkhunter-users@lists.sourceforge.net.
Security advisories
* Check: Groups and Accounts
Searching for /etc/passwd... [ Found ]
Checking users with UID '0' (root)... [ OK ]
* Check: SSH
Searching for sshd_config...
Found /etc/ssh/sshd_config
Checking for allowed root login... Watch out Root login possible. Possible ri sk!
info: No 'PermitRootLogin' entry found in file /etc/ssh/sshd_config
Hint: See logfile for more information about this issue
Checking for allowed protocols... [ OK (Only SSH2 al lowed) ]
* Check: Events and Logging
Search for syslog configuration... [ OK ]
Checking for running syslog slave... [ OK ]
Checking for logging to remote system... [ OK (no remote lo gging) ]
---------------------------- Scan results ----------------------------
MD5 scan
Scanned files: 0
Incorrect MD5 checksums: 0
File scan
Scanned files: 342
Possible infected files: 0
Application scan
Vulnerable applications: 2
Scanning took 137 seconds
|
Posted by david510, 11-12-2007, 12:23 AM |
It shows warning because direct root login is enabled. You may ignore this warning provided you have a strong root password.
|
Add to Favourites Print this Article
Also Read