niepokojące logi rkhuntera
: 28 listopada 2013, 18:32
Ostatnio przeskanowałem system rkhunterem i kilka rzeczy mnie zaniepokoiło
Oto wycinki niepokojących mnie logów:
Z tego co wnioskuję to nastąpiło zmodyfikowanie tych plików. Pytanie czy to normalne przykładowo w procesie aktualizacji itp. i nie przejmować się tym, czy stanowi to jakieś zagrożenie?
-------------
Ok. Dzięki za rzeczową odpowiedź.
Kod: Zaznacz cały
Debian GNU/Linux jessie/sid \n \l
3.11-2-amd64 #1 SMP Debian 3.11.8-1 (2013-11-13) x86_64 GNU/Linux
Kod: Zaznacz cały
Rootkit Hunter version 1.4.0
Kod: Zaznacz cały
[18:07:23] /sbin/ifdown [ Warning ]
[18:07:23] Warning: The file properties have changed:
[18:07:23] File: /sbin/ifdown
[18:07:23] Current hash: ca518ce32208fdefd3760b7498aad8911024238d
[18:07:23] Stored hash : e500f13eb6a0452470bfa4ba52a8084f356e8692
[18:07:23] Current inode: 263355 Stored inode: 266971
[18:07:23] Current size: 58504 Stored size: 54312
[18:07:23] Current file modification time: 1384349989 (13-lis-2013 14:39:49)
[18:07:23] Stored file modification time : 1375998831 (08-sie-2013 23:53:51)
[18:07:23] /sbin/ifup [ Warning ]
[18:07:23] Warning: The file properties have changed:
[18:07:23] File: /sbin/ifup
[18:07:23] Current hash: ca518ce32208fdefd3760b7498aad8911024238d
[18:07:23] Stored hash : e500f13eb6a0452470bfa4ba52a8084f356e8692
[18:07:24] Current inode: 263355 Stored inode: 266971
[18:07:24] Current size: 58504 Stored size: 54312
[18:07:24] Current file modification time: 1384349989 (13-lis-2013 14:39:49)
[18:07:24] Stored file modification time : 1375998831 (08-sie-2013 23:53:51)
Kod: Zaznacz cały
[18:07:28] /bin/egrep [ Warning ]
[18:07:28] Warning: The file properties have changed:
[18:07:28] File: /bin/egrep
[18:07:28] Current hash: 9fa91c41791568b5022d06a260319dfac7d8f07d
[18:07:28] Stored hash : b32f82e8b33168a48eeb688c67b60b7221726fd2
[18:07:28] Current inode: 524327 Stored inode: 523272
[18:07:28] Current size: 183608 Stored size: 183576
[18:07:28] Current file modification time: 1385312347 (24-lis-2013 17:59:07)
[18:07:28] Stored file modification time : 1380719184 (02-paź-2013 15:06:24)
[18:07:28] Info: Found file '/bin/egrep': it is whitelisted for the 'script replacement' check.
[18:07:28] /bin/fgrep [ Warning ]
[18:07:28] Warning: The file properties have changed:
[18:07:28] File: /bin/fgrep
[18:07:29] Current hash: e4b26fc29ada49f79a035a7298fd6650220b3d48
[18:07:29] Stored hash : b60e85df3b6a0219fc689e638bf8b5578fdad7cd
[18:07:29] Current inode: 523466 Stored inode: 523270
[18:07:29] Current size: 138264 Stored size: 134168
[18:07:29] Current file modification time: 1385312347 (24-lis-2013 17:59:07)
[18:07:29] Stored file modification time : 1380719184 (02-paź-2013 15:06:24)
[18:07:29] Info: Found file '/bin/fgrep': it is whitelisted for the 'script
Kod: Zaznacz cały
[18:07:29] /bin/grep [ Warning ]
[18:07:29] Warning: The file properties have changed:
[18:07:29] File: /bin/grep
[18:07:29] Current hash: 6b99469c706d30aee063ec455c5ec3cf98b27f8a
[18:07:29] Stored hash : b7e6c5da2622619c4735aa485e434034fbb92433
[18:07:29] Current inode: 523612 Stored inode: 523271
[18:07:29] Current size: 187768 Stored size: 187704
[18:07:29] Current file modification time: 1385312347 (24-lis-2013 17:59:07)
[18:07:29] Stored file modification time : 1380719184 (02-paź-2013 15:06:24)
-------------
Ok. Dzięki za rzeczową odpowiedź.