Hallo,
heute Nach hat mir rkhunter Untenstehendes gemeldet. Chkrootkit hat nichts gemeldet. Das System ist erst 3 Tage alt, es sind nur SMTP, SSH, HTTP offen und SSH nur per Publickey. Es ist ein Ubuntu 8.04 LTS. "Last" zeigt keine User ausser mir, "Logcheck" hatte nichts gemeldet und "fail2ban" auch nicht. Ich hatte an den Paketen eigentlich nur "Dash" und "NTP" eingespielt / geändert.
Woher können diese Warning kommen???
heute Nach hat mir rkhunter Untenstehendes gemeldet. Chkrootkit hat nichts gemeldet. Das System ist erst 3 Tage alt, es sind nur SMTP, SSH, HTTP offen und SSH nur per Publickey. Es ist ein Ubuntu 8.04 LTS. "Last" zeigt keine User ausser mir, "Logcheck" hatte nichts gemeldet und "fail2ban" auch nicht. Ich hatte an den Paketen eigentlich nur "Dash" und "NTP" eingespielt / geändert.
Woher können diese Warning kommen???
Code:
[13:07:43] Performing file properties checks
[13:07:43] Info: Starting test name 'properties'
[13:07:43] Checking for prerequisites [ OK ]
[13:07:44] /bin/bash [ Warning ]
[13:07:44] Warning: The file properties have changed:
[13:07:44] File: /bin/bash
[13:07:44] Current inode: 66104201 Stored inode: 91981237
[13:07:44] /bin/cat [ Warning ]
[13:07:44] Warning: The file properties have changed:
[13:07:44] File: /bin/cat
[13:07:44] Current inode: 66104184 Stored inode: 91980823
[13:07:44] /bin/chmod [ Warning ]
[13:07:44] Warning: The file properties have changed:
[13:07:44] File: /bin/chmod
[13:07:44] Current inode: 66104110 Stored inode: 91980825
[13:07:44] /bin/chown [ Warning ]
[13:07:44] Warning: The file properties have changed:
[13:07:44] File: /bin/chown
[13:07:44] Current inode: 66104108 Stored inode: 91980826
[13:07:44] /bin/cp [ Warning ]
[13:07:44] Warning: The file properties have changed:
[13:07:44] File: /bin/cp
[13:07:44] Current inode: 66104185 Stored inode: 91980827
[13:07:44] /bin/csh [ OK ]
[13:07:45] /bin/date [ Warning ]
[13:07:45] Warning: The file properties have changed:
[13:07:45] File: /bin/date
[13:07:45] Current inode: 66104113 Stored inode: 91980828
[13:07:45] /bin/df [ Warning ]
[13:07:45] Warning: The file properties have changed:
[13:07:45] File: /bin/df
[13:07:45] Current inode: 66104167 Stored inode: 91980830
[13:07:45] /bin/dmesg [ Warning ]
[13:07:45] Warning: The file properties have changed:
[13:07:45] File: /bin/dmesg
[13:07:45] Current inode: 66104189 Stored inode: 92014243
[13:07:45] /bin/echo [ Warning ]
[13:07:45] Warning: The file properties have changed:
[13:07:45] File: /bin/echo
[13:07:45] Current inode: 66103707 Stored inode: 91980832
[13:07:45] /bin/ed [ Warning ]
[13:07:45] Warning: The file properties have changed:
[13:07:45] File: /bin/ed
[13:07:45] Current inode: 66104174 Stored inode: 92080038
[13:07:46] /bin/egrep [ Warning ]
[13:07:46] Warning: The file properties have changed:
[13:07:46] File: /bin/egrep
[13:07:46] Current inode: 66104198 Stored inode: 91982292
[13:07:46] Info: Found file '/bin/egrep': it is whitelisted for the 'script replacement' check.
[13:07:46] /bin/fgrep [ Warning ]
[13:07:46] Warning: The file properties have changed:
[13:07:46] File: /bin/fgrep
[13:07:46] Current inode: 66104206 Stored inode: 91982293
[13:07:46] Info: Found file '/bin/fgrep': it is whitelisted for the 'script replacement' check.
[13:07:46] /bin/grep [ Warning ]
[13:07:46] Warning: The file properties have changed:
[13:07:46] File: /bin/grep
[13:07:46] Current inode: 66104194 Stored inode: 91982291
[13:07:46] /bin/ip [ Warning ]
[13:07:46] Warning: The file properties have changed:
[13:07:46] File: /bin/ip
[13:07:46] Current inode: 66103708 Stored inode: 92078775
[13:07:46] /bin/kill [ Warning ]
[13:07:46] Warning: The file properties have changed:
[13:07:46] File: /bin/kill
[13:07:46] Current inode: 66103709 Stored inode: 92078495
[13:07:47] /bin/login [ Warning ]
[13:07:47] Warning: The file properties have changed:
[13:07:47] File: /bin/login
[13:07:47] Current inode: 66104234 Stored inode: 91981801
[13:07:47] /bin/ls [ Warning ]
[13:07:47] Warning: The file properties have changed:
[13:07:47] File: /bin/ls
[13:07:47] Current inode: 66104226 Stored inode: 91980835
[13:07:47] /bin/lsmod [ Warning ]
[13:07:47] Warning: The file properties have changed:
[13:07:47] File: /bin/lsmod
[13:07:47] Current inode: 66104230 Stored inode: 92078424
[13:07:47] /bin/mktemp [ Warning ]
[13:07:47] Warning: The file properties have changed:
[13:07:47] File: /bin/mktemp
[13:07:47] Current inode: 66104220 Stored inode: 91981144
[13:07:47] /bin/more [ Warning ]
[13:07:47] Warning: The file properties have changed:
[13:07:47] File: /bin/more
[13:07:47] Current inode: 66104173 Stored inode: 92014244
[13:07:47] /bin/mount [ Warning ]
[13:07:47] Warning: The file properties have changed:
[13:07:48] File: /bin/mount
[13:07:48] Current inode: 66104114 Stored inode: 92012556
[13:07:48] /bin/mv [ Warning ]
[13:07:48] Warning: The file properties have changed:
[13:07:48] File: /bin/mv
[13:07:48] Current inode: 66104221 Stored inode: 91980838
[13:07:48] /bin/netstat [ Warning ]
[13:07:48] Warning: The file properties have changed:
[13:07:48] File: /bin/netstat
[13:07:48] Current inode: 66104210 Stored inode: 92078313
[13:07:48] /bin/ps [ Warning ]
[13:07:48] Warning: The file properties have changed:
[13:07:48] File: /bin/ps
[13:07:48] Current inode: 66104208 Stored inode: 92078496
[13:07:48] /bin/pwd [ Warning ]
[13:07:48] Warning: The file properties have changed:
[13:07:48] File: /bin/pwd
[13:07:48] Current inode: 66104188 Stored inode: 91980839
[13:07:48] /bin/readlink [ Warning ]
[13:07:48] Warning: The file properties have changed:
[13:07:48] File: /bin/readlink
[13:07:48] Current inode: 66104191 Stored inode: 91980840
[13:07:49] /bin/sed [ Warning ]
[13:07:49] Warning: The file properties have changed:
[13:07:49] File: /bin/sed
[13:07:49] Current inode: 66104197 Stored inode: 92012638
[13:07:49] /bin/sh [ Warning ]
[13:07:49] Warning: The file properties have changed:
[13:07:49] File: /bin/sh
[13:07:49] Current inode: 66104193 Stored inode: 91981274
[13:07:49] Current file modification time: 1256431483
[13:07:49] Stored file modification time : 1210617405
[13:07:49] /bin/su [ Warning ]
[13:07:49] Warning: The file properties have changed:
[13:07:49] File: /bin/su
[13:07:49] Current inode: 66104186 Stored inode: 91981802
[13:07:49] /bin/touch [ Warning ]
[13:07:49] Warning: The file properties have changed:
[13:07:49] File: /bin/touch
[13:07:49] Current inode: 66104111 Stored inode: 91980847
[13:07:49] /bin/uname [ Warning ]
[13:07:49] Warning: The file properties have changed:
[13:07:49] File: /bin/uname
[13:07:49] Current inode: 66104177 Stored inode: 91980849
[13:07:50] /bin/which [ Warning ]
[13:07:50] Warning: The file properties have changed:
[13:07:50] File: /bin/which
[13:07:50] Current inode: 66104225 Stored inode: 91981159
[13:07:50] Info: Found file '/bin/which': it is whitelisted for the 'script replacement' check.
[13:07:50] /bin/tcsh [ Warning ]
[13:07:50] Warning: The file properties have changed:
[13:07:50] File: /bin/tcsh
[13:07:50] Current inode: 66104214 Stored inode: 92242359
Last edited by a moderator:
