这是我最近设置的 rkhunter 输出,因此我每天早上都会收到此报告,有人可以解释一下我这里是否存在严重问题吗(我知道 httpd、openssl、php 和 sshd 不是最新的,但所有其他命令我都不明白 - 我是否存在漏洞并且有人用他们自己的文件替换了他们的文件 - 例如'/usr/bin/whatis')
Warning: Checking for prerequisites [ Warning ]
The file of stored file properties (rkhunter.dat) does not exist, and should be created. To do this type in 'rkhunter --propupd'.
Warning: WARNING! It is the users responsibility to ensure that when the '--propupd' option
is used, all the files on their system are known to be genuine, and installed from a
reliable source. The rkhunter '--check' option will compare the current file properties
against previously stored values, and report if any values differ. However, rkhunter
cannot determine what has caused the change, that is for the user to do.
Warning: The command '/usr/bin/GET' has been replaced by a script: /usr/bin/GET: perl script text executable
Warning: The command '/usr/bin/groups' has been replaced by a script: /usr/bin/groups: Bourne shell script text executable
Warning: The command '/usr/bin/ldd' has been replaced by a script: /usr/bin/ldd: Bourne shell script text executable
Warning: The command '/usr/bin/whatis' has been replaced by a script: /usr/bin/whatis: Bourne shell script text executable
Warning: The command '/sbin/ifdown' has been replaced by a script: /sbin/ifdown: Bourne-Again shell script text executable
Warning: The command '/sbin/ifup' has been replaced by a script: /sbin/ifup: Bourne-Again shell script text executable
Warning: Found enabled xinetd service: /etc/xinetd.d/ftp_psa
Warning: Found enabled xinetd service: /etc/xinetd.d/poppassd_psa
Warning: No output found from the lsmod command or the /proc/modules file:
/proc/modules output:
lsmod output:
Warning: The kernel modules directory '/lib/modules' is missing or empty.
Warning: User 'hengifts-new' has been removed from the passwd file.
Warning: Hidden directory found: /dev/.udev
Warning: Hidden file found: /usr/share/man/man1/..1.gz: gzip compressed data, from Unix, max compression
Warning: Hidden file found: /usr/bin/.ssh.hmac: ASCII text
Warning: Hidden file found: /usr/bin/.fipscheck.hmac: ASCII text
Warning: Hidden file found: /usr/sbin/.sshd.hmac: ASCII text
Warning: Application 'httpd', version '2.2.3', is out of date, and possibly a security risk.
Warning: Application 'openssl', version '0.9.8e', is out of date, and possibly a security risk.
Warning: Application 'php', version '5.2.10', is out of date, and possibly a security risk.
Warning: Application 'sshd', version '4.3p2', is out of date, and possibly a security risk.
答案1
在我看来,您并没有使用发行版提供的 rkhunter,而是自己下载(最新的?)并安装,而且由于许多发行版细节尚未列入白名单,因此会生成这些警告。
哦,顺便说一下,我用的是 google.com。