“rkhunter”标记的警告

“rkhunter”标记的警告

当我使用 rkhunter(一个 root kit 猎手工具包)扫描我的 Ubuntu 10.04 时,它给出了以下警告:

有什么事我需要担心吗?

            [23:06:19]   /usr/sbin/adduser                               [ Warning ]
            [23:06:19] Warning: The command '/usr/sbin/adduser' has been replaced by a script: /usr/sbin/adduser: a /usr/bin/perl script text executable
            [23:06:20]   /usr/sbin/rsyslogd                              [ Warning ]
            [23:06:20] Warning: The file properties have changed:
            [23:06:22]   /usr/bin/dpkg                                   [ Warning ]
            [23:06:22] Warning: The file properties have changed:
            [23:06:22]   /usr/bin/dpkg-query                             [ Warning ]
            [23:06:22] Warning: The file properties have changed:
            [23:06:24]   /usr/bin/ldd                                    [ Warning ]
            [23:06:24] Warning: The file properties have changed:
            [23:06:24] Warning: The command '/usr/bin/ldd' has been replaced by a script: /usr/bin/ldd: Bourne-Again shell script text executable
            [23:06:24]   /usr/bin/logger                                 [ Warning ]
            [23:06:24] Warning: The file properties have changed:
            [23:06:25]   /usr/bin/mail                                   [ Warning ]
            [23:06:25] Warning: The file '/usr/bin/mail' exists on the system, but it is not present in the rkhunter.dat file.
            [23:06:27]   /usr/bin/sudo                                   [ Warning ]
            [23:06:27] Warning: The file properties have changed:
            [23:06:29]   /usr/bin/whereis                                [ Warning ]
            [23:06:29] Warning: The file properties have changed:
            [23:06:29]   /usr/bin/lwp-request                            [ Warning ]
            [23:06:29] Warning: The command '/usr/bin/lwp-request' has been replaced by a script: /usr/bin/lwp-request: a /usr/bin/perl -w script text executable
            [23:06:29]   /usr/bin/bsd-mailx                              [ Warning ]
            [23:06:29] Warning: The file '/usr/bin/bsd-mailx' exists on the system, but it is not present in the rkhunter.dat file.
            [23:06:30]   /sbin/fsck                                      [ Warning ]
            [23:06:30] Warning: The file properties have changed:
            [23:06:30]   /sbin/ifdown                                    [ Warning ]
            [23:06:30] Warning: The file properties have changed:
            [23:06:31]   /sbin/ifup                                      [ Warning ]
            [23:06:31] Warning: The file properties have changed:
            [23:06:34]   /bin/dmesg                                      [ Warning ]
            [23:06:34] Warning: The file properties have changed:
            [23:06:35]   /bin/more                                       [ Warning ]
            [23:06:35] Warning: The file properties have changed:
            [23:06:36]   /bin/mount                                      [ Warning ]
            [23:06:36] Warning: The file properties have changed:
            [23:06:37]   /bin/which                                      [ Warning ]
            [23:06:37] Warning: The command '/bin/which' has been replaced by a script: /bin/which: POSIX shell script text executable
            [23:08:58]   Checking /dev for suspicious file types         [ Warning ]
            [23:08:58] Warning: Suspicious file types found in /dev:
            [23:08:58]   Checking for hidden files and directories       [ Warning ]
            [23:08:58] Warning: Hidden directory found: /etc/.java
            [23:08:58] Warning: Hidden directory found: /dev/.udev
            [23:08:58] Warning: Hidden directory found: /dev/.initramfs
            [23:09:01]   Checking version of Exim MTA                    [ Warning ]
            [23:09:01] Warning: Application 'exim', version '4.71', is out of date, and possibly a security risk.
            [23:09:01]   Checking version of GnuPG                       [ Warning ]
            [23:09:01] Warning: Application 'gpg', version '1.4.10', is out of date, and possibly a security risk.
            [23:09:01]   Checking version of OpenSSL                     [ Warning ]
            [23:09:01] Warning: Application 'openssl', version '0.9.8k', is out of date, and possibly a security risk.

答案1

关于已更改的文件属性和命令的警告,您需要在每次软件更新后以及每次执行系统定义更改后运行以下命令:

rkhunter --propupd

否则,您无法知道属性是否由于您自己的更改而发生变化,或者由于恶意行为而发生变化。此命令更新 rkhunter 所知道的文件的数据库。

甚至更好:运行 rkhunter您执行任何软件更新。

说到软件更新,您有几个应用程序被报告为“过期”。您应该检查您的存储库是否有较新的版本:

sudo apt-get update && sudo apt-get upgrade

祝狩猎愉快!

相关内容