False positives, or am I missing something going on that I shouldn't be?
I am not quite sure what to make of what rkhunter told me. This is my first time running it, and I am a VERY "paranoid" sysadmin. (which is, for all intents and purposes, good!) I check daily every command users on my machine execute, I look at logwatch everyday, ect ect.
I ran rkhunter out of curiosity more than anything, and here is what it showed me:
* System tools
Info: prelinked files found
Performing 'known good' check...
/usr/bin/find [ OK ]
/usr/bin/file [ OK ]
/usr/bin/kill [ BAD ]
/usr/bin/killall [ OK ]
/usr/bin/lsattr [ OK ]
/usr/bin/pstree [ OK ]
/usr/bin/sha1sum [ OK ]
/usr/bin/stat [ OK ]
/usr/bin/users [ OK ]
/usr/bin/w [ OK ]
/usr/bin/watch [ OK ]
/usr/bin/who [ OK ]
/usr/bin/whoami [ OK ]
/bin/mount [ BAD ]
/bin/netstat [ OK ]
/bin/egrep [ OK ]
/bin/fgrep [ OK ]
/bin/grep [ OK ]
/bin/cat [ OK ]
/bin/chmod [ OK ]
/bin/chown [ OK ]
/bin/env [ OK ]
/bin/ls [ OK ]
/bin/su [ OK ]
/bin/ps [ OK ]
/bin/dmesg [ BAD ]
/bin/kill [ BAD ]
/bin/login [ BAD ]
/sbin/chkconfig [ OK ]
/sbin/depmod [ OK ]
/sbin/ifconfig [ OK ]
/sbin/insmod [ OK ]
/sbin/ip [ OK ]
/sbin/modinfo [ OK ]
/sbin/sysctl [ OK ]
/sbin/syslogd [ OK ]
/sbin/init [ OK ]
/sbin/runlevel [ OK ]
This is a fedora core 2 server, updated via yum every night. The only thing that has been ran that could (but shouldnt) change the hashes of those files is LES, (linux security environment), which is basically a script that "locks down" your box for you. (www.rfxnetworks.com)
Any ideas? Perhaps these are false positives? I sure hope they are, or else I have been missing something that I shouldn't be.
There were no other errors about anything else other than what it reported above.
Any ideas guys?
