Mailinglist Archive: opensuse (911 mails)

< Previous Next >
[opensuse] Have I been hacked or "visited"? seccheck and rkhunter outputs
I get the following two separte messages by seccheck and rkhunter.

Rkhunter:

Warning: The file properties have changed:
File: /usr/bin/rkhunter
Current inode: 1458231 Stored inode: 1455628
Warning: The file '/usr/bin/ssh' exists on the system, but it is not present in
the 'rkhunter.dat' file.
Warning: The file '/usr/sbin/sshd' exists on the system, but it is not present
in the 'rkhunter.dat' file.
Warning: The file properties have changed:
File: /etc/rkhunter.conf
Current inode: 525324 Stored inode: 525329
Warning: The file '/etc/rkhunter.d/00-opensuse.conf' exists on the system, but
it is not present in the 'rkhunter.dat' file.
Warning: Hidden file found: /usr/bin/.fipscheck.hmac: ASCII text

Seccheck complains about:

Please note that these security checks are neither complete nor reliable.
Any attacker with proper experience and root access to your system can
deceive *any* security check!

Changes in your weekly security configuration of linux-ge2e:


Please check and perhaps disable the following unused accounts:
Warning: user root has got a password and a valid shell but never logged in

Question: The latter could be because of sudo?
Instead for ssh and sshd I do not have any explanation. It is deactivated on
this system. Has there been an update that can cause this?

lastlog does not show anything special. Only local user did log in...at least
following the log.




---
Alle Postfächer an einem Ort. Jetzt wechseln und E-Mail-Adresse mitnehmen!
http://email.freenet.de/basic/Informationen


--
To unsubscribe, e-mail: opensuse+unsubscribe@xxxxxxxxxxxx
To contact the owner, e-mail: opensuse+owner@xxxxxxxxxxxx

< Previous Next >