16
Sicurezza / Re: Possibili problemi di sicurezza sul mio server da watchdog
« il: 30 Aprile 2012, 01:41:30 »
[01:14:24] Checking for string 'FUCK' [ Not found ]
[01:14:24] Checking for string 'backdoor' [ Not found ]
[01:14:24] Checking for string 'vt200' [ Not found ]
[01:14:24] Checking for string '/usr/bin/xstat' [ Not found ]
[01:14:24] Checking for string '/bin/envpc' [ Not found ]
[01:14:24] Checking for string 'L4m3r0x' [ Not found ]
[01:14:24] Checking for string '/usr/lib/.tbd' [ Not found ]
[01:14:24] Checking for string '/dev/ptyxx/.file' [ Not found ]
[01:14:24] Checking for string '/dev/sgk' [ Not found ]
[01:14:24] Checking for string '/var/lock/subsys/...datafile...' [ Not found ]
[01:14:24] Checking for string '/usr/lib/.tbd' [ Not found ]
[01:14:24] Checking for string '/dev/proc/fuckit' [ Not found ]
[01:14:25] Checking for string '/lib/.sso' [ Not found ]
[01:14:25] Checking for string '/var/lock/subsys/...datafile...' [ Not found ]
[01:14:25] Checking for string '/dev/caca' [ Not found ]
[01:14:25] Checking for string '/dev/ttyoa' [ Not found ]
[01:14:25] Checking for string 'syg' [ Not found ]
[01:14:25] Checking for string '/dev/pts/01' [ Not found ]
[01:14:25] Checking for string 'tw33dl3' [ Not found ]
[01:14:25] Checking for string 'psniff' [ Not found ]
[01:14:25] Checking for string '/var/lock/subsys/...datafile...' [ Not found ]
[01:14:25] Checking for string '/dev/ptyxx' [ Not found ]
[01:14:25] Checking for string '/usr/lib/.tbd' [ Not found ]
[01:14:25] Checking for string 'in.inetd' [ Not found ]
[01:14:25] Checking for string '#<HIDE_.*>' [ Not found ]
[01:14:26] Checking for string 'bin/xchk' [ Not found ]
[01:14:26] Checking for string 'bin/xsf' [ Not found ]
[01:14:26] Checking for possible rootkit strings [ None found ]
[01:14:26]
[01:14:26] Performing malware checks
[01:14:26] Info: Starting test name 'malware'
[01:14:26]
[01:14:26] Info: Test 'deleted_files' disabled at users request.
[01:14:26] Info: Starting test name 'running_procs'
[01:14:26] Checking running processes for suspicious files [ None found ]
[01:14:26]
[01:14:26] Info: Test 'hidden_procs' disabled at users request.
[01:14:26]
[01:14:26] Info: Test 'suspscan' disabled at users request.
[01:14:26]
[01:14:26] Performing check for login backdoors
[01:14:26] Info: Starting test name 'other_malware'
[01:14:26] Checking for '/bin/.login' [ Not found ]
[01:14:26] Checking for '/sbin/.login' [ Not found ]
[01:14:26] Checking for login backdoors [ None found ]
[01:14:26]
[01:14:26] Performing check for suspicious directories
[01:14:26] Checking for directory '/usr/X11R6/bin/.,/copy' [ Not found ]
[01:14:26] Checking for directory '/dev/rd/cdb' [ Not found ]
[01:14:26] Checking for suspicious directories [ None found ]
[01:14:27]
[01:14:27] Checking for software intrusions [ Skipped ]
[01:14:27] Info: Check skipped - tripwire not installed
[01:14:27]
[01:14:27] Performing check for sniffer log files
[01:14:27] Checking for file '/usr/lib/libice.log' [ Not found ]
[01:14:27] Checking for sniffer log files [ None found ]
[01:14:27]
[01:14:27] Performing trojan specific checks
[01:14:27] Info: Starting test name 'trojans'
[01:14:27] Checking for enabled inetd services [ Skipped ]
[01:14:27] Info: Check skipped - file '/etc/inetd.conf' does not exist.
[01:14:27]
[01:14:27] Performing check for enabled xinetd services
[01:14:27] Info: Using xinetd configuration file '/etc/xinetd.conf'
[01:14:27] Checking '/etc/xinetd.conf' for enabled services [ None found ]
[01:14:27] Found 'includedir /etc/xinetd.d' directive
[01:14:27] Checking '/etc/xinetd.d/chargen-dgram' for enabled services [ None found ]
[01:14:27] Checking '/etc/xinetd.d/chargen-stream' for enabled services [ None found ]
[01:14:27] Checking '/etc/xinetd.d/daytime-dgram' for enabled services [ None found ]
[01:14:27] Checking '/etc/xinetd.d/daytime-stream' for enabled services [ None found ]
[01:14:27] Checking '/etc/xinetd.d/discard-dgram' for enabled services [ None found ]
[01:14:27] Checking '/etc/xinetd.d/discard-stream' for enabled services [ None found ]
[01:14:27] Checking '/etc/xinetd.d/echo-dgram' for enabled services [ None found ]
[01:14:27] Checking '/etc/xinetd.d/echo-stream' for enabled services [ None found ]
[01:14:27] Checking '/etc/xinetd.d/ftp_psa' for enabled services [ Warning ]
[01:14:27] Checking '/etc/xinetd.d/poppassd_psa' for enabled services [ Warning ]
[01:14:27] Checking '/etc/xinetd.d/rsync' for enabled services [ None found ]
[01:14:27] Checking '/etc/xinetd.d/smtp_psa' for enabled services [ Warning ]
[01:14:27] Checking '/etc/xinetd.d/smtps_psa' for enabled services [ Warning ]
[01:14:27] Checking '/etc/xinetd.d/tcpmux-server' for enabled services [ None found ]
[01:14:27] Checking '/etc/xinetd.d/time-dgram' for enabled services [ None found ]
[01:14:27] Checking '/etc/xinetd.d/time-stream' for enabled services [ None found ]
[01:14:27] Checking for enabled xinetd services [ Warning ]
[01:14:27] Warning: Found enabled xinetd service: /etc/xinetd.d/ftp_psa
[01:14:27] Warning: Found enabled xinetd service: /etc/xinetd.d/poppassd_psa
[01:14:27] Warning: Found enabled xinetd service: /etc/xinetd.d/smtp_psa
[01:14:28] Warning: Found enabled xinetd service: /etc/xinetd.d/smtps_psa
[01:14:28] Checking for Apache backdoor [ Not found ]
[01:14:28]
[01:14:28] Performing Linux specific checks
[01:14:28] Info: Starting test name 'os_specific'
[01:14:28] Checking loaded kernel modules [ OK ]
[01:14:28] Info: Using modules pathname of '/lib/modules/2.6.32-220.7.1.el6.x86_64'
[01:14:28] Checking kernel module names [ OK ]
[01:14:28]
[01:14:28] Checking the network...
[01:14:28] Info: Starting test name 'network'
[01:14:28] Info: Starting test name 'ports'
[01:14:28]
[01:14:28] Performing check for backdoor ports
[01:14:28] Checking for TCP port 1524 [ Not found ]
[01:14:28] Checking for TCP port 1984 [ Not found ]
[01:14:28] Checking for UDP port 2001 [ Not found ]
[01:14:28] Checking for TCP port 2006 [ Not found ]
[01:14:28] Checking for TCP port 2128 [ Not found ]
[01:14:28] Checking for TCP port 6666 [ Not found ]
[01:14:29] Checking for TCP port 6667 [ Not found ]
[01:14:29] Checking for TCP port 6668 [ Not found ]
[01:14:29] Checking for TCP port 6669 [ Not found ]
[01:14:29] Checking for TCP port 7000 [ Not found ]
[01:14:29] Checking for TCP port 13000 [ Not found ]
[01:14:29] Checking for TCP port 14856 [ Not found ]
[01:14:29] Checking for TCP port 25000 [ Not found ]
[01:14:29] Checking for TCP port 29812 [ Not found ]
[01:14:29] Checking for TCP port 31337 [ Not found ]
[01:14:29] Checking for TCP port 32982 [ Not found ]
[01:14:29] Checking for TCP port 33369 [ Not found ]
[01:14:30] Checking for TCP port 47107 [ Not found ]
[01:14:30] Checking for TCP port 47018 [ Not found ]
[01:14:30] Checking for TCP port 60922 [ Not found ]
[01:14:30] Checking for TCP port 62883 [ Not found ]
[01:14:30] Checking for TCP port 65535 [ Not found ]
[01:14:30]
[01:14:30] Performing checks on the network interfaces
[01:14:30] Info: Starting test name 'promisc'
[01:14:30] Checking for promiscuous interfaces [ None found ]
[01:14:30]
[01:14:30] Info: Test 'packet_cap_apps' disabled at users request.
[01:14:30]
[01:14:30] Checking the local host...
[01:14:30] Info: Starting test name 'local_host'
[01:14:30]
[01:14:30] Performing system boot checks
[01:14:30] Info: Starting test name 'startup_files'
[01:14:30] Checking for local host name [ Found ]
[01:14:30] Info: Starting test name 'startup_malware'
[01:14:30] Checking for system startup files [ Found ]
[01:14:31] Checking system startup files for malware [ None found ]
[01:14:31]
[01:14:31] Performing group and account checks
[01:14:31] Info: Starting test name 'group_accounts'
[01:14:31] Checking for passwd file [ Found ]
[01:14:31] Info: Found password file: /etc/passwd
[01:14:31] Checking for root equivalent (UID 0) accounts [ None found ]
[01:14:31] Info: Found shadow file: /etc/shadow
[01:14:31] Checking for passwordless accounts [ None found ]
[01:14:31] Info: Starting test name 'passwd_changes'
[01:14:31] Checking for passwd file changes [ None found ]
[01:14:31] Info: Starting test name 'group_changes'
[01:14:31] Checking for group file changes [ None found ]
[01:14:31] Checking root account shell history files [ OK ]
[01:14:31]
[01:14:31] Performing system configuration file checks
[01:14:31] Info: Starting test name 'system_configs'
[01:14:31] Checking for SSH configuration file [ Found ]
[01:14:31] Info: Found SSH configuration file: /etc/ssh/sshd_config
[01:14:31] Info: Rkhunter option ALLOW_SSH_ROOT_USER set to 'unset'.
[01:14:31] Info: Rkhunter option ALLOW_SSH_PROT_V1 set to '2'.
[01:14:31] Checking if SSH root access is allowed [ Warning ]
[01:14:31] Warning: The SSH and rkhunter configuration options should be the same:
[01:14:31] SSH configuration option 'PermitRootLogin': no
[01:14:31] Rkhunter configuration option 'ALLOW_SSH_ROOT_USER': unset
[01:14:31] Checking if SSH protocol v1 is allowed [ Not allowed ]
[01:14:31] Checking for running syslog daemon [ Found ]
[01:14:31] Checking for syslog configuration file [ Found ]
[01:14:31] Info: Found syslog configuration file: /etc/rsyslog.conf
[01:14:31] Checking if syslog remote logging is allowed [ Not allowed ]
[01:14:31]
[01:14:31] Performing filesystem checks
[01:14:31] Info: Starting test name 'filesystem'
[01:14:31] Info: SCAN_MODE_DEV set to 'THOROUGH'
[01:14:32] Checking /dev for suspicious file types [ None found ]
[01:14:32] Checking for hidden files and directories [ Warning ]
[01:14:32] Warning: Hidden directory found: /dev/.udev
[01:14:32] Warning: Hidden file found: /etc/.php.ini.swo: Vim swap file, version 7.2
[01:14:32] Warning: Hidden file found: /etc/.resolv.conf.swj: Vim swap file, version 7.2
[01:14:32] Warning: Hidden file found: /etc/.resolv.conf.swk: Vim swap file, version 7.2
[01:14:32] Warning: Hidden file found: /etc/.resolv.conf.swl: Vim swap file, version 7.2
[01:14:32] Warning: Hidden file found: /etc/.resolv.conf.swn: Vim swap file, version 7.2
[01:14:32] Warning: Hidden file found: /etc/.resolv.conf.swo: Vim swap file, version 7.2
[01:14:32] Warning: Hidden file found: /etc/.resolv.conf.swp: Vim swap file, version 7.2
[01:14:32] Warning: Hidden file found: /usr/share/man/man1/..1.gz: gzip compressed data, from Unix, max compression
[01:14:32] Warning: Hidden file found: /usr/share/man/man5/.k5login.5.gz: gzip compressed data, from Unix, max compression
[01:14:32] Warning: Hidden file found: /usr/bin/.ssh.hmac: ASCII text
[01:14:32] Warning: Hidden file found: /usr/bin/.fipscheck.hmac: ASCII text
[01:14:32] Warning: Hidden file found: /usr/sbin/.ipsec.hmac: ASCII text
[01:14:32] Warning: Hidden file found: /usr/sbin/.sshd.hmac: ASCII text
[01:14:32]
[01:14:32] Checking application versions...
[01:14:32] Info: Starting test name 'apps'
[01:14:32] Info: Application 'exim' not found.
[01:14:32] Checking version of GnuPG [ OK ]
[01:14:33] Info: Application 'gpg' version '2.0.14' found.
[01:14:33] Checking version of Apache [ Warning ]
[01:14:33] Warning: Application 'httpd', version '2.2.15', is out of date, and possibly a security risk.
[01:14:33] Checking version of Bind DNS [ OK ]
[01:14:33] Info: Application 'named' version '9.7.3' found.
[01:14:33] Checking version of OpenSSL [ Warning ]
[01:14:33] Warning: Application 'openssl', version '0.9.7k', is out of date, and possibly a security risk.
[01:14:33] Checking version of PHP [ OK ]
[01:14:33] Info: Application 'php' version '5.3.3' found.
[01:14:33] Checking version of Procmail MTA [ OK ]
[01:14:33] Info: Application 'procmail' version '3.22' found.
[01:14:33] Checking version of ProFTPd [ Skipped ]
[01:14:33] Info: Unable to obtain version number for 'proftpd': version option gives: ProFTPD Version 1.3.3e
[01:14:33] Checking version of OpenSSH [ OK ]
[01:14:33] Info: Application 'sshd' version '5.3p1' found.
[01:14:33] Info: Applications checked: 8 out of 9
[01:14:33]
[01:14:33] System checks summary
[01:14:33] =====================
[01:14:33]
[01:14:33] File properties checks...
[01:14:33] Files checked: 121
[01:14:33] Suspect files: 0
[01:14:33]
[01:14:33] Rootkit checks...
[01:14:33] Rootkits checked : 111
[01:14:33] Possible rootkits: 0
[01:14:33]
[01:14:33] Applications checks...
[01:14:33] Applications checked: 8
[01:14:33] Suspect applications: 2
[01:14:33]
[01:14:33] The system checks took: 52 seconds
[01:14:24] Checking for string 'backdoor' [ Not found ]
[01:14:24] Checking for string 'vt200' [ Not found ]
[01:14:24] Checking for string '/usr/bin/xstat' [ Not found ]
[01:14:24] Checking for string '/bin/envpc' [ Not found ]
[01:14:24] Checking for string 'L4m3r0x' [ Not found ]
[01:14:24] Checking for string '/usr/lib/.tbd' [ Not found ]
[01:14:24] Checking for string '/dev/ptyxx/.file' [ Not found ]
[01:14:24] Checking for string '/dev/sgk' [ Not found ]
[01:14:24] Checking for string '/var/lock/subsys/...datafile...' [ Not found ]
[01:14:24] Checking for string '/usr/lib/.tbd' [ Not found ]
[01:14:24] Checking for string '/dev/proc/fuckit' [ Not found ]
[01:14:25] Checking for string '/lib/.sso' [ Not found ]
[01:14:25] Checking for string '/var/lock/subsys/...datafile...' [ Not found ]
[01:14:25] Checking for string '/dev/caca' [ Not found ]
[01:14:25] Checking for string '/dev/ttyoa' [ Not found ]
[01:14:25] Checking for string 'syg' [ Not found ]
[01:14:25] Checking for string '/dev/pts/01' [ Not found ]
[01:14:25] Checking for string 'tw33dl3' [ Not found ]
[01:14:25] Checking for string 'psniff' [ Not found ]
[01:14:25] Checking for string '/var/lock/subsys/...datafile...' [ Not found ]
[01:14:25] Checking for string '/dev/ptyxx' [ Not found ]
[01:14:25] Checking for string '/usr/lib/.tbd' [ Not found ]
[01:14:25] Checking for string 'in.inetd' [ Not found ]
[01:14:25] Checking for string '#<HIDE_.*>' [ Not found ]
[01:14:26] Checking for string 'bin/xchk' [ Not found ]
[01:14:26] Checking for string 'bin/xsf' [ Not found ]
[01:14:26] Checking for possible rootkit strings [ None found ]
[01:14:26]
[01:14:26] Performing malware checks
[01:14:26] Info: Starting test name 'malware'
[01:14:26]
[01:14:26] Info: Test 'deleted_files' disabled at users request.
[01:14:26] Info: Starting test name 'running_procs'
[01:14:26] Checking running processes for suspicious files [ None found ]
[01:14:26]
[01:14:26] Info: Test 'hidden_procs' disabled at users request.
[01:14:26]
[01:14:26] Info: Test 'suspscan' disabled at users request.
[01:14:26]
[01:14:26] Performing check for login backdoors
[01:14:26] Info: Starting test name 'other_malware'
[01:14:26] Checking for '/bin/.login' [ Not found ]
[01:14:26] Checking for '/sbin/.login' [ Not found ]
[01:14:26] Checking for login backdoors [ None found ]
[01:14:26]
[01:14:26] Performing check for suspicious directories
[01:14:26] Checking for directory '/usr/X11R6/bin/.,/copy' [ Not found ]
[01:14:26] Checking for directory '/dev/rd/cdb' [ Not found ]
[01:14:26] Checking for suspicious directories [ None found ]
[01:14:27]
[01:14:27] Checking for software intrusions [ Skipped ]
[01:14:27] Info: Check skipped - tripwire not installed
[01:14:27]
[01:14:27] Performing check for sniffer log files
[01:14:27] Checking for file '/usr/lib/libice.log' [ Not found ]
[01:14:27] Checking for sniffer log files [ None found ]
[01:14:27]
[01:14:27] Performing trojan specific checks
[01:14:27] Info: Starting test name 'trojans'
[01:14:27] Checking for enabled inetd services [ Skipped ]
[01:14:27] Info: Check skipped - file '/etc/inetd.conf' does not exist.
[01:14:27]
[01:14:27] Performing check for enabled xinetd services
[01:14:27] Info: Using xinetd configuration file '/etc/xinetd.conf'
[01:14:27] Checking '/etc/xinetd.conf' for enabled services [ None found ]
[01:14:27] Found 'includedir /etc/xinetd.d' directive
[01:14:27] Checking '/etc/xinetd.d/chargen-dgram' for enabled services [ None found ]
[01:14:27] Checking '/etc/xinetd.d/chargen-stream' for enabled services [ None found ]
[01:14:27] Checking '/etc/xinetd.d/daytime-dgram' for enabled services [ None found ]
[01:14:27] Checking '/etc/xinetd.d/daytime-stream' for enabled services [ None found ]
[01:14:27] Checking '/etc/xinetd.d/discard-dgram' for enabled services [ None found ]
[01:14:27] Checking '/etc/xinetd.d/discard-stream' for enabled services [ None found ]
[01:14:27] Checking '/etc/xinetd.d/echo-dgram' for enabled services [ None found ]
[01:14:27] Checking '/etc/xinetd.d/echo-stream' for enabled services [ None found ]
[01:14:27] Checking '/etc/xinetd.d/ftp_psa' for enabled services [ Warning ]
[01:14:27] Checking '/etc/xinetd.d/poppassd_psa' for enabled services [ Warning ]
[01:14:27] Checking '/etc/xinetd.d/rsync' for enabled services [ None found ]
[01:14:27] Checking '/etc/xinetd.d/smtp_psa' for enabled services [ Warning ]
[01:14:27] Checking '/etc/xinetd.d/smtps_psa' for enabled services [ Warning ]
[01:14:27] Checking '/etc/xinetd.d/tcpmux-server' for enabled services [ None found ]
[01:14:27] Checking '/etc/xinetd.d/time-dgram' for enabled services [ None found ]
[01:14:27] Checking '/etc/xinetd.d/time-stream' for enabled services [ None found ]
[01:14:27] Checking for enabled xinetd services [ Warning ]
[01:14:27] Warning: Found enabled xinetd service: /etc/xinetd.d/ftp_psa
[01:14:27] Warning: Found enabled xinetd service: /etc/xinetd.d/poppassd_psa
[01:14:27] Warning: Found enabled xinetd service: /etc/xinetd.d/smtp_psa
[01:14:28] Warning: Found enabled xinetd service: /etc/xinetd.d/smtps_psa
[01:14:28] Checking for Apache backdoor [ Not found ]
[01:14:28]
[01:14:28] Performing Linux specific checks
[01:14:28] Info: Starting test name 'os_specific'
[01:14:28] Checking loaded kernel modules [ OK ]
[01:14:28] Info: Using modules pathname of '/lib/modules/2.6.32-220.7.1.el6.x86_64'
[01:14:28] Checking kernel module names [ OK ]
[01:14:28]
[01:14:28] Checking the network...
[01:14:28] Info: Starting test name 'network'
[01:14:28] Info: Starting test name 'ports'
[01:14:28]
[01:14:28] Performing check for backdoor ports
[01:14:28] Checking for TCP port 1524 [ Not found ]
[01:14:28] Checking for TCP port 1984 [ Not found ]
[01:14:28] Checking for UDP port 2001 [ Not found ]
[01:14:28] Checking for TCP port 2006 [ Not found ]
[01:14:28] Checking for TCP port 2128 [ Not found ]
[01:14:28] Checking for TCP port 6666 [ Not found ]
[01:14:29] Checking for TCP port 6667 [ Not found ]
[01:14:29] Checking for TCP port 6668 [ Not found ]
[01:14:29] Checking for TCP port 6669 [ Not found ]
[01:14:29] Checking for TCP port 7000 [ Not found ]
[01:14:29] Checking for TCP port 13000 [ Not found ]
[01:14:29] Checking for TCP port 14856 [ Not found ]
[01:14:29] Checking for TCP port 25000 [ Not found ]
[01:14:29] Checking for TCP port 29812 [ Not found ]
[01:14:29] Checking for TCP port 31337 [ Not found ]
[01:14:29] Checking for TCP port 32982 [ Not found ]
[01:14:29] Checking for TCP port 33369 [ Not found ]
[01:14:30] Checking for TCP port 47107 [ Not found ]
[01:14:30] Checking for TCP port 47018 [ Not found ]
[01:14:30] Checking for TCP port 60922 [ Not found ]
[01:14:30] Checking for TCP port 62883 [ Not found ]
[01:14:30] Checking for TCP port 65535 [ Not found ]
[01:14:30]
[01:14:30] Performing checks on the network interfaces
[01:14:30] Info: Starting test name 'promisc'
[01:14:30] Checking for promiscuous interfaces [ None found ]
[01:14:30]
[01:14:30] Info: Test 'packet_cap_apps' disabled at users request.
[01:14:30]
[01:14:30] Checking the local host...
[01:14:30] Info: Starting test name 'local_host'
[01:14:30]
[01:14:30] Performing system boot checks
[01:14:30] Info: Starting test name 'startup_files'
[01:14:30] Checking for local host name [ Found ]
[01:14:30] Info: Starting test name 'startup_malware'
[01:14:30] Checking for system startup files [ Found ]
[01:14:31] Checking system startup files for malware [ None found ]
[01:14:31]
[01:14:31] Performing group and account checks
[01:14:31] Info: Starting test name 'group_accounts'
[01:14:31] Checking for passwd file [ Found ]
[01:14:31] Info: Found password file: /etc/passwd
[01:14:31] Checking for root equivalent (UID 0) accounts [ None found ]
[01:14:31] Info: Found shadow file: /etc/shadow
[01:14:31] Checking for passwordless accounts [ None found ]
[01:14:31] Info: Starting test name 'passwd_changes'
[01:14:31] Checking for passwd file changes [ None found ]
[01:14:31] Info: Starting test name 'group_changes'
[01:14:31] Checking for group file changes [ None found ]
[01:14:31] Checking root account shell history files [ OK ]
[01:14:31]
[01:14:31] Performing system configuration file checks
[01:14:31] Info: Starting test name 'system_configs'
[01:14:31] Checking for SSH configuration file [ Found ]
[01:14:31] Info: Found SSH configuration file: /etc/ssh/sshd_config
[01:14:31] Info: Rkhunter option ALLOW_SSH_ROOT_USER set to 'unset'.
[01:14:31] Info: Rkhunter option ALLOW_SSH_PROT_V1 set to '2'.
[01:14:31] Checking if SSH root access is allowed [ Warning ]
[01:14:31] Warning: The SSH and rkhunter configuration options should be the same:
[01:14:31] SSH configuration option 'PermitRootLogin': no
[01:14:31] Rkhunter configuration option 'ALLOW_SSH_ROOT_USER': unset
[01:14:31] Checking if SSH protocol v1 is allowed [ Not allowed ]
[01:14:31] Checking for running syslog daemon [ Found ]
[01:14:31] Checking for syslog configuration file [ Found ]
[01:14:31] Info: Found syslog configuration file: /etc/rsyslog.conf
[01:14:31] Checking if syslog remote logging is allowed [ Not allowed ]
[01:14:31]
[01:14:31] Performing filesystem checks
[01:14:31] Info: Starting test name 'filesystem'
[01:14:31] Info: SCAN_MODE_DEV set to 'THOROUGH'
[01:14:32] Checking /dev for suspicious file types [ None found ]
[01:14:32] Checking for hidden files and directories [ Warning ]
[01:14:32] Warning: Hidden directory found: /dev/.udev
[01:14:32] Warning: Hidden file found: /etc/.php.ini.swo: Vim swap file, version 7.2
[01:14:32] Warning: Hidden file found: /etc/.resolv.conf.swj: Vim swap file, version 7.2
[01:14:32] Warning: Hidden file found: /etc/.resolv.conf.swk: Vim swap file, version 7.2
[01:14:32] Warning: Hidden file found: /etc/.resolv.conf.swl: Vim swap file, version 7.2
[01:14:32] Warning: Hidden file found: /etc/.resolv.conf.swn: Vim swap file, version 7.2
[01:14:32] Warning: Hidden file found: /etc/.resolv.conf.swo: Vim swap file, version 7.2
[01:14:32] Warning: Hidden file found: /etc/.resolv.conf.swp: Vim swap file, version 7.2
[01:14:32] Warning: Hidden file found: /usr/share/man/man1/..1.gz: gzip compressed data, from Unix, max compression
[01:14:32] Warning: Hidden file found: /usr/share/man/man5/.k5login.5.gz: gzip compressed data, from Unix, max compression
[01:14:32] Warning: Hidden file found: /usr/bin/.ssh.hmac: ASCII text
[01:14:32] Warning: Hidden file found: /usr/bin/.fipscheck.hmac: ASCII text
[01:14:32] Warning: Hidden file found: /usr/sbin/.ipsec.hmac: ASCII text
[01:14:32] Warning: Hidden file found: /usr/sbin/.sshd.hmac: ASCII text
[01:14:32]
[01:14:32] Checking application versions...
[01:14:32] Info: Starting test name 'apps'
[01:14:32] Info: Application 'exim' not found.
[01:14:32] Checking version of GnuPG [ OK ]
[01:14:33] Info: Application 'gpg' version '2.0.14' found.
[01:14:33] Checking version of Apache [ Warning ]
[01:14:33] Warning: Application 'httpd', version '2.2.15', is out of date, and possibly a security risk.
[01:14:33] Checking version of Bind DNS [ OK ]
[01:14:33] Info: Application 'named' version '9.7.3' found.
[01:14:33] Checking version of OpenSSL [ Warning ]
[01:14:33] Warning: Application 'openssl', version '0.9.7k', is out of date, and possibly a security risk.
[01:14:33] Checking version of PHP [ OK ]
[01:14:33] Info: Application 'php' version '5.3.3' found.
[01:14:33] Checking version of Procmail MTA [ OK ]
[01:14:33] Info: Application 'procmail' version '3.22' found.
[01:14:33] Checking version of ProFTPd [ Skipped ]
[01:14:33] Info: Unable to obtain version number for 'proftpd': version option gives: ProFTPD Version 1.3.3e
[01:14:33] Checking version of OpenSSH [ OK ]
[01:14:33] Info: Application 'sshd' version '5.3p1' found.
[01:14:33] Info: Applications checked: 8 out of 9
[01:14:33]
[01:14:33] System checks summary
[01:14:33] =====================
[01:14:33]
[01:14:33] File properties checks...
[01:14:33] Files checked: 121
[01:14:33] Suspect files: 0
[01:14:33]
[01:14:33] Rootkit checks...
[01:14:33] Rootkits checked : 111
[01:14:33] Possible rootkits: 0
[01:14:33]
[01:14:33] Applications checks...
[01:14:33] Applications checked: 8
[01:14:33] Suspect applications: 2
[01:14:33]
[01:14:33] The system checks took: 52 seconds