Advertência sinalizada pelo 'rkhunter'

Question

Advertência sinalizada pelo 'rkhunter'

#1 resposta do (3 votos)

2

quando eu fiz a varredura do meu Ubuntu 10.04 com o rkhunter um kit de ferramentas do root kit hunter, ele deu o seguinte aviso:

Existe algo com o qual eu tenho que me preocupar.

            [23:06:19]   /usr/sbin/adduser                               [ Warning ]
            [23:06:19] Warning: The command '/usr/sbin/adduser' has been replaced by a script: /usr/sbin/adduser: a /usr/bin/perl script text executable
            [23:06:20]   /usr/sbin/rsyslogd                              [ Warning ]
            [23:06:20] Warning: The file properties have changed:
            [23:06:22]   /usr/bin/dpkg                                   [ Warning ]
            [23:06:22] Warning: The file properties have changed:
            [23:06:22]   /usr/bin/dpkg-query                             [ Warning ]
            [23:06:22] Warning: The file properties have changed:
            [23:06:24]   /usr/bin/ldd                                    [ Warning ]
            [23:06:24] Warning: The file properties have changed:
            [23:06:24] Warning: The command '/usr/bin/ldd' has been replaced by a script: /usr/bin/ldd: Bourne-Again shell script text executable
            [23:06:24]   /usr/bin/logger                                 [ Warning ]
            [23:06:24] Warning: The file properties have changed:
            [23:06:25]   /usr/bin/mail                                   [ Warning ]
            [23:06:25] Warning: The file '/usr/bin/mail' exists on the system, but it is not present in the rkhunter.dat file.
            [23:06:27]   /usr/bin/sudo                                   [ Warning ]
            [23:06:27] Warning: The file properties have changed:
            [23:06:29]   /usr/bin/whereis                                [ Warning ]
            [23:06:29] Warning: The file properties have changed:
            [23:06:29]   /usr/bin/lwp-request                            [ Warning ]
            [23:06:29] Warning: The command '/usr/bin/lwp-request' has been replaced by a script: /usr/bin/lwp-request: a /usr/bin/perl -w script text executable
            [23:06:29]   /usr/bin/bsd-mailx                              [ Warning ]
            [23:06:29] Warning: The file '/usr/bin/bsd-mailx' exists on the system, but it is not present in the rkhunter.dat file.
            [23:06:30]   /sbin/fsck                                      [ Warning ]
            [23:06:30] Warning: The file properties have changed:
            [23:06:30]   /sbin/ifdown                                    [ Warning ]
            [23:06:30] Warning: The file properties have changed:
            [23:06:31]   /sbin/ifup                                      [ Warning ]
            [23:06:31] Warning: The file properties have changed:
            [23:06:34]   /bin/dmesg                                      [ Warning ]
            [23:06:34] Warning: The file properties have changed:
            [23:06:35]   /bin/more                                       [ Warning ]
            [23:06:35] Warning: The file properties have changed:
            [23:06:36]   /bin/mount                                      [ Warning ]
            [23:06:36] Warning: The file properties have changed:
            [23:06:37]   /bin/which                                      [ Warning ]
            [23:06:37] Warning: The command '/bin/which' has been replaced by a script: /bin/which: POSIX shell script text executable
            [23:08:58]   Checking /dev for suspicious file types         [ Warning ]
            [23:08:58] Warning: Suspicious file types found in /dev:
            [23:08:58]   Checking for hidden files and directories       [ Warning ]
            [23:08:58] Warning: Hidden directory found: /etc/.java
            [23:08:58] Warning: Hidden directory found: /dev/.udev
            [23:08:58] Warning: Hidden directory found: /dev/.initramfs
            [23:09:01]   Checking version of Exim MTA                    [ Warning ]
            [23:09:01] Warning: Application 'exim', version '4.71', is out of date, and possibly a security risk.
            [23:09:01]   Checking version of GnuPG                       [ Warning ]
            [23:09:01] Warning: Application 'gpg', version '1.4.10', is out of date, and possibly a security risk.
            [23:09:01]   Checking version of OpenSSL                     [ Warning ]
            [23:09:01] Warning: Application 'openssl', version '0.9.8k', is out of date, and possibly a security risk.

security linux ubuntu

por gkt 01.02.2011 / 18:45

1 resposta

Tags security linux ubuntu

A atualização para x64 resulta em HTTP 500 Registro de data e hora da última atualização de definição para o Microsoft Security Essentials via Script

score 3 · Answer 1

Com relação aos avisos sobre as propriedades e os comandos do arquivo que foram alterados, você precisará executar o seguinte comando após cada atualização de software e depois de cada alteração de definições do sistema:

rkhunter --propupd

Caso contrário, você não poderá saber se as propriedades foram alteradas devido à sua própria alteração ou devido a um comportamento malicioso. Este comando atualiza o banco de dados de arquivos que o rkhunter conhece.

E ainda melhor: execute rkhunter antes de executar qualquer atualização de software.

Falando sobre atualizações de software, você tem vários aplicativos que são relatados como 'desatualizados'. Você deve verificar se seus repositórios têm versões mais recentes:

sudo apt-get update && sudo apt-get upgrade

Boa caçada!