Rkhunter

Rkhunter


После установки rkhunter надо его обновить rkhunter --update

потом прогнать проверку с выводом только ошибок rkhunter -c --rwo


и после уже можно добавить в /etc/rkhunter.conf


MAIL-ON-WARNING="test@test.ru"


Распостраненные ошибки

-----------------------------------------------------------------------------------------

Warning: The kernel modules directory '/lib/modules' is missing or empty.


This is due to the fact that your kernel does support modules but there are none actually on the system and so rkhunter thinks there MAY be a problem. To get rid of the warning simple edit /etc/rkhunter.conf and change:


DISABLE_TESTS="suspscan deleted_files packet_cap_apps apps"

to include “avail_modules”:


DISABLE_TESTS="suspscan deleted_files packet_cap_apps apps avail_modules"

all done. enjoy one less warning. ;)

-----------------------------------------------------------------------------------------


Warning: Hidden directory found: /dev/.udev


In vim /etc/rkhunter.conf


unhide ALLOWHIDDENDIR=/dev/.udev





Found string 'hdparm' in file '/etc/init.d/hdparm'. Possible rootkit: Xzibit Rootkit


unhide RTKT_FILE_WHITELIST="/etc/init.d/hdparm"







Warning: The SSH and rkhunter configuration options should be the same:SSH configuration option 'PermitRootLogin': without-password
Rkhunter configuration option 'ALLOW_SSH_ROOT_USER': no



unhide ALLOW_SSH_ROOT_USER=without-password

-----------------------------------------------------------------------------------------


Warning: Suspicious file types found in /dev:
/dev/shm/network/ifstate: ASCII text

If /dev/shm/network/ifstate is a known good file, you can white-list it by adding the following line in /etc/rkhunter.conf:


ALLOWDEVFILE=/dev/shm/network/ifstate


-----------------------------------------------------------------------------------------

*Warning: The file '/usr/sbin/unhide' exists on the system, but it is not present in the rkhunter.dat file.


Warning: The file '/usr/sbin/unhide-linux26' exists on the system, but it is not present in the rkhunter.dat file*.


rkhunter --propupd





Warning: Application 'exim', version '4.69', is out of date, and possibly a security risk.


APP_WHITELIST="openssl:0.9.8g gpg:1.4.9 sshd:5.1p1 php:5.2.6 proftpd:1.3.1"

-----------------------------------------------------------------------------------------

Warning: Found enabled xinetd service: /etc/xinetd.d/courierpassd
This setting tells rkhunter where the xinetd configuration
file is located. #
XINETD_CONF_PATH=/etc/xinetd.conf

#
Allow the following enabled xinetd services. Whilst it would be
nice to use the service names themselves, at the time of testing
we only have the pathname available. As such, these entries are
the xinetd file pathnames.
Only one service (file) per line (use multiple XINETD_ALLOWED_SVC lines). #
XINETD_ALLOWED_SVC=/etc/xinetd.d/courierpassd