Mandriva Fórum

Systém a serverové služby => Bezpečnost => : Cyder August 02, 2009, 10:09:37



: rkhunter hlasi warning
: Cyder August 02, 2009, 10:09:37
Mam rkhunter 1.3.4 z repozitařů, hlasi warning u 3 položek(viz obrazek) zde popis z logu:

[09:57:46] Warning: The file properties have changed:
[09:57:46]          File: /bin/rpm
[09:57:46]          Current inode: 243557    Stored inode: 243675
[09:57:46]          Current file modification time: 1248977469
[09:57:46]          Stored file modification time : 1245315433

[09:57:59] Warning: The file properties have changed:
[09:57:59]          File: /sbin/ifdown
[09:57:59]          Current inode: 40678    Stored inode: 40679
[09:57:59] Info: Found file '/sbin/ifdown': it is whitelisted for the 'script replacement' check.

[09:57:59] Warning: The file properties have changed:
[09:57:59]          File: /sbin/ifup
[09:57:59]          Current inode: 40679    Stored inode: 40680
[09:57:59]          Current file modification time: 1248784125
[09:57:59]          Stored file modification time : 1246718839
[09:57:59] Info: Found file '/sbin/ifup': it is whitelisted for the 'script replacement' check.

virus? dřív detekovany nebyli


: Re: rkhunter hlasi warning
: Hobil August 04, 2009, 10:50:10
Soubory /sbin/ifdown a /sbin/ifup jsou normalni bashove scripty, tedy vlastne bezne textove soubory. Zkus se do nich podivat, je-li ta neco nepatricneho, melo by to byt zrejme na prvni pohled (lze vyloucit plany poplach), pripadne je dej sem.

Obecne kazdy soubor lze zkontrolovovat pomoci md5sum a porovnat se souborem, ktery si muzes stahnout (neinstalovat) z internetovych repozitaru. Zjistis pripadne zmeny.

To samozrejme neplati v pripade, ze se soubory musi menit aby prizpusobily konfiguraci konkretnimu hardware a uzivateli. V binarnich souborech vetsinou zmeny nebyvaji, ale i tady jsou vyjimky.
H.