Запустил rkhunter:
rkhunter -c --pkgmgr DPKG
В логах всё чисто, кроме 2-х warning'ов:
...
[02:29:59] Performing filesystem checks
[02:29:59] Info: Starting test name 'filesystem'
[02:29:59] Info: SCAN_MODE_DEV set to 'THOROUGH'
[02:29:59] Checking /dev for suspicious file types [ Warning ]
[02:29:59] Warning: Suspicious file types found in /dev:
[02:29:59] /dev/shm/pulse-shm-3899111966: data
[02:29:59] /dev/shm/pulse-shm-2759295631: data
[02:29:59] Checking for hidden files and directories [ Warning ]
[02:29:59] Warning: Hidden directory found: /etc/.java
[02:29:59] Warning: Hidden directory found: /dev/.udev
[02:29:59] Warning: Hidden directory found: /dev/.initramfs
[02:30:27]
[02:30:27] Info: Test 'apps' disabled at users request.
[02:30:27]
[02:30:27] System checks summary
[02:30:28] =====================
[02:30:28]
[02:30:28] File properties checks...
[02:30:28] Files checked: 130
[02:30:28] Suspect files: 0
[02:30:28]
[02:30:28] Rootkit checks...
[02:30:28] Rootkits checked : 242
[02:30:28] Possible rootkits: 0
[02:30:28]
[02:30:28] Applications checks...
[02:30:28] All checks skipped
[02:30:28]
[02:30:28] The system checks took: 2 minutes and 41 seconds
[02:30:28]
[02:30:28] Info: End date is Sun Jun 27 02:30:28 EEST 2010
rkhunter написал, что тест 'apps' был отключен, хотя в хелпе написано, что все тесты включены по умолчанию. Так что я запустил тест 'apps':
rkhunter -c --enable apps --pkgmgr DPKG
Лог:
[02:33:20] Checking application versions...
[02:33:20] Info: Starting test name 'apps'
[02:33:21] Info: Application 'exim' not found.
[02:33:21] Checking version of GnuPG [ OK ]
[02:33:21] Info: Application 'gpg' version '1.4.10' found.
[02:33:21] Info: Application 'httpd' not found.
[02:33:21] Info: Application 'named' not found.
[02:33:21] Checking version of OpenSSL [ Warning ]
[02:33:21] Warning: Application 'openssl', version '0.9.8k', is out of date, and possibly a security risk.
[02:33:21] Info: Application 'php' not found.
[02:33:21] Info: Application 'procmail' not found.
[02:33:21] Info: Application 'proftpd' not found.
[02:33:21] Info: Application 'sshd' not found.
[02:33:21] Info: Applications checked: 2 out of 9
[02:33:21]
[02:33:21] System checks summary
[02:33:21] =====================
[02:33:21]
[02:33:21] File properties checks...
[02:33:21] All checks skipped
[02:33:21]
[02:33:21] Rootkit checks...
[02:33:21] All checks skipped
[02:33:21]
[02:33:21] Applications checks...
[02:33:21] Applications checked: 2
[02:33:21] Suspect applications: 1
[02:33:21]
[02:33:21] The system checks took: 1 second
[02:33:21]
[02:33:21] Info: End date is Sun Jun 27 02:33:21 EEST 2010
Более новой версии OpenSSL в репозитории нет, так что, наверное, этот warning не важен.
Также проверил контрольные суммы:
debsums -s
debsums: no md5sums for binutils
debsums: no md5sums for emacsen-common
debsums: no md5sums for g++
debsums: no md5sums for g++-multilib
debsums: no md5sums for gawk
debsums: no md5sums for gcc-multilib
debsums: no md5sums for gimp-dimage-color
debsums: no md5sums for installation-report
debsums: no md5sums for libaudio2
debsums: no md5sums for netbase
debsums: changed file /var/lib/PackageKit/transactions.db (from packagekit package)
debsums: no md5sums for sun-java6-fonts
debsums: no md5sums for xserver-xorg-input-all
debsums: no md5sums for xserver-xorg-video-all
Насколько я понял, transactions.db - постоянно меняющаяся база данных, так что её контрольная сумма не будет совпадать с изначальной.
Собственно вопросы:
- Что означают первые два warning'а?
- Нормально ли отсутствие контрольных сумм для перечисленных пакетов?
