i performed rkhunter -c on my server, and i get warnings for following files:
/bin/GET
/bin/wget
/usr/local/bin/rkhunter
Performing trojan specific checks
Checking for enabled xinetd services [ Warning ]
Checking for Apache backdoor [ Not found ]
can you give me some advices what to do with mentioned files?
also, why rkhunter gives warning for itself?
thank you in advance!
Best Answer
I am no rkhunter expert by anymeans, but their are some things I would want to know. Did you install rkhunter on a fresh install with known good packages? I believe you are supposed to install on a fresh system then run,
so it can build its database of known good files. Then when you run after that it knows what to compare it too. I also would run rkhunter now with '--report-warnings-only' flag. You would be better served posting the logs from rkhunter, pastebin them if they are really long. I would also verify all my packages are good, this will very depending on what distro you are running. Do you have a reason to be looking for rootkits?