(Ask) Laporan "rkhunter.log"

Diskusi tentang Ubuntu Server baik webserver, database server, samba server dan service lainnya serta jaringan menggunakan Sistem Operasi Ubuntu.
User avatar
etcsession
Posts: 222
Joined: 26 Apr 2011, 13:26
Contact:

(Ask) Laporan "rkhunter.log"

Postby etcsession » 10 Oct 2013, 15:18

salam ubuntu Indonesia.
saya sudah menginstall "chkrootkit" dan "rkhunter" di Ubuntu 12.04 Desktop (bukan server) karena saya sering surfing dan mengakses proxy. Saya pun tetap melakukan update-system.
Setelah rajin melakukan pemeriksaan melalui 2 aplikasi di atas, di laporan log terdapat hal berikut ini :
1). Awalnya hanya laporan berikut
[09:25:01] /usr/bin/unhide.rb [ Warning ]
[09:25:01] Warning: The file '/usr/bin/unhide.rb' does not exist on the system, but it is present in the rkhunter.dat file.

file unhide.rb telah saya hapus, namun selalu muncul laporan karena sudah dicatat di rkhunter.dat

2) selang beberapa bulan nambah laporan ini :
[09:24:46] /usr/sbin/rsyslogd [ Warning ]
[09:24:46] Warning: The file properties have changed:
[09:24:46] File: /usr/sbin/rsyslogd
[09:24:46] Current inode: 22165 Stored inode: 15827
[09:24:46] Current file modification time: 1379621991 (20-Sep-2013 03:19:51)
[09:24:46] Stored file modification time : 1370461894 (06-Jun-2013 02:51:34)


3) bulan-bulan berikutnya sampai hari ini nambah lagi seperti ini :
[09:24:49] /usr/bin/curl [ Warning ]
[09:24:49] Warning: The file properties have changed:
[09:24:49] File: /usr/bin/curl
[09:24:49] Current inode: 7003 Stored inode: 4898
[09:24:49] Current file modification time: 1377888712 (31-Aug-2013 01:51:52)
[09:24:49] Stored file modification time : 1372361478 (28-Jun-2013 02:31:18)


[09:25:03] /sbin/ifdown [ Warning ]
[09:25:03] Warning: The file properties have changed:
[09:25:03] File: /sbin/ifdown
[09:25:03] Current hash: c3288f87fb6afc9690ead223cf85446e5b36ba7d
[09:25:03] Stored hash : 45d33275bee6dbc868870e269e2a89354629fdc0
[09:25:03] Current inode: 5749 Stored inode: 91
[09:25:03] Current size: 51608 Stored size: 51544
[09:25:03] Current file modification time: 1379620825 (20-Sep-2013 03:00:25)
[09:25:03] Stored file modification time : 1333588938 (05-Apr-2012 08:22:18)
[09:25:03] /sbin/ifup [ Warning ]
[09:25:03] Warning: The file properties have changed:
[09:25:03] File: /sbin/ifup
[09:25:03] Current hash: c3288f87fb6afc9690ead223cf85446e5b36ba7d
[09:25:03] Stored hash : 45d33275bee6dbc868870e269e2a89354629fdc0
[09:25:03] Current inode: 5749 Stored inode: 93
[09:25:03] Current size: 51608 Stored size: 51544
[09:25:03] Current file modification time: 1379620825 (20-Sep-2013 03:00:25)
[09:25:03] Stored file modification time : 1333588938 (05-Apr-2012 08:22:18)


Pertanyaannya :
1. Apakah file-file yang dilaporkan itu berbahaya?
2. Bagaimana mengatasi masalah di atas?

Sebelumnya saya ucapkan terima kasih :)

Return to “Ubuntu Server”

Who is online

Users browsing this forum: No registered users and 5 guests