Il y a une raison pour que tu aie un stock de binaires avec un hash différent de ce qui est attendu ?
Le mar. 6 août 2024 à 13:23, Jean Bernon <jber...@free.fr> a écrit : > Je viens de passer rkhunter. J'ai plus de warnings que toi (sur une > dizaine de fichiers). Rien de grave apparemment, j'essaierai d'approfondir > à l'occasion. > > cat /var/log/rkhunter.log | grep -C2 Warning > [13:04:44] /usr/bin/awk [ OK ] > [13:04:44] /usr/bin/basename [ OK ] > [13:04:45] /usr/bin/bash [ Warning ] > [13:04:45] Warning: The file properties have changed: > [13:04:45] File: /usr/bin/bash > [13:04:45] Current hash: > a4b895f98db75079f2af6e510c95db0d5c5d596e448bf3fe689d0bfdd182e28e > -- > [13:04:45] /usr/bin/chown [ OK ] > [13:04:46] /usr/bin/cp [ OK ] > [13:04:46] /usr/bin/curl [ Warning ] > [13:04:46] Warning: The file properties have changed: > [13:04:46] File: /usr/bin/curl > [13:04:46] Current hash: > da9f50c6f6a90ef1991917a3d7c3217f475af5e527ec6996cce2e464ee4d6099 > -- > [13:04:50] /usr/bin/last [ OK ] > [13:04:50] /usr/bin/lastlog [ OK ] > [13:04:50] /usr/bin/ldd [ Warning ] > [13:04:50] Warning: The file properties have changed: > [13:04:50] File: /usr/bin/ldd > [13:04:50] Current hash: > 5a6d7197748a8e1cba94c65359df147add3f66d2f87e210772cfa926bc6bccb6 > -- > [13:04:50] Stored file modification time : 1713544444 > (19-avril-2024 18:34:04) > [13:04:51] Info: Found file '/usr/bin/ldd': it is whitelisted for the > 'script replacement' check. > [13:04:51] /usr/bin/less [ Warning ] > [13:04:51] Warning: The file properties have changed: > [13:04:51] File: /usr/bin/less > [13:04:51] Current hash: > 411d7dabb7fb71fc65a0ad4bc0349d543c36b4df8d2f875e192dbee934b2b13f > -- > [13:04:56] /usr/bin/size [ OK ] > [13:04:56] /usr/bin/sort [ OK ] > [13:04:57] /usr/bin/ssh [ Warning ] > [13:04:57] Warning: The file properties have changed: > [13:04:57] File: /usr/bin/ssh > [13:04:57] Current hash: > 5fd74cf5f131896d17f49ae0f6ac2a6d2ea433620650418ee879afa262259078 > -- > [13:05:00] /usr/bin/numfmt [ OK ] > [13:05:01] /usr/bin/gawk [ OK ] > [13:05:01] /usr/bin/lwp-request [ Warning ] > [13:05:01] Warning: The command '/usr/bin/lwp-request' has been replaced > by a script: /usr/bin/lwp-request: Perl script text executable > [13:05:01] /usr/bin/locate.findutils [ OK ] > [13:05:01] /usr/bin/kmod [ OK ] > -- > [13:05:02] /usr/bin/which.debianutils [ OK ] > [13:05:02] Info: Found file '/usr/bin/which.debianutils': it is > whitelisted for the 'script replacement' check. > [13:05:02] /usr/bin/systemd [ Warning ] > [13:05:02] Warning: The file properties have changed: > [13:05:02] File: /usr/bin/systemd > [13:05:02] Current hash: > ee6b3cfb7d27c0df5d75bb63de56ca5c912c3dbe9f4d35059dd35181f1c282d2 > -- > [13:05:02] Current file modification time: 1718531071 > (16-juin-2024 11:44:31) > [13:05:02] Stored file modification time : 1706305716 > (26-janv.-2024 22:48:36) > [13:05:02] /usr/bin/systemctl [ Warning ] > [13:05:02] Warning: The file properties have changed: > [13:05:02] File: /usr/bin/systemctl > [13:05:02] Current hash: > 4da401fbcd4690c1bd116460ef20d93d89fe5354dc0f0eae913e365a090706cc > -- > [13:05:10] /usr/sbin/ifup [ OK ] > [13:05:10] /usr/sbin/inetd [ OK ] > [13:05:10] /usr/sbin/init [ Warning ] > [13:05:10] Warning: The file properties have changed: > [13:05:10] File: /usr/sbin/init > [13:05:10] Current hash: > ee6b3cfb7d27c0df5d75bb63de56ca5c912c3dbe9f4d35059dd35181f1c282d2 > -- > [13:05:12] /usr/sbin/route [ OK ] > [13:05:13] /usr/sbin/rsyslogd [ OK ] > [13:05:13] /usr/sbin/runlevel [ Warning ] > [13:05:13] Warning: The file properties have changed: > [13:05:13] File: /usr/sbin/runlevel > [13:05:13] Current hash: > 4da401fbcd4690c1bd116460ef20d93d89fe5354dc0f0eae913e365a090706cc > -- > [13:05:13] Current file modification time: 1718531071 > (16-juin-2024 11:44:31) > [13:05:13] Stored file modification time : 1706305716 > (26-janv.-2024 22:48:36) > [13:05:13] /usr/sbin/sshd [ Warning ] > [13:05:13] Warning: The file properties have changed: > [13:05:13] File: /usr/sbin/sshd > [13:05:14] Current hash: > 838332fe9777b307794760e1c4800b16ac17a93a2fe3f2580ceca8ca6ca2caa5 > -- > [13:05:15] /usr/sbin/unhide-posix [ OK ] > [13:05:16] /usr/sbin/unhide-tcp [ OK ] > [13:05:24] /usr/lib/systemd/systemd [ Warning ] > [13:05:24] Warning: The file properties have changed: > [13:05:24] File: /usr/lib/systemd/systemd > [13:05:24] Current hash: > ee6b3cfb7d27c0df5d75bb63de56ca5c912c3dbe9f4d35059dd35181f1c282d2 > -- > [13:07:08] Info: Rkhunter option ALLOW_SSH_ROOT_USER set to 'no'. > [13:07:08] Info: Rkhunter option ALLOW_SSH_PROT_V1 set to '2'. > [13:07:09] Checking if SSH root access is allowed [ Warning ] > [13:07:09] Warning: The SSH configuration option 'PermitRootLogin' has not > been set. > The default value may be 'yes', to allow root access. > [13:07:09] Checking if SSH protocol v1 is allowed [ Not set ] > -- > [13:07:09] Info: SCAN_MODE_DEV set to 'THOROUGH' > [13:07:13] Checking /dev for suspicious file types [ None found ] > [13:07:13] Checking for hidden files and directories [ Warning ] > [13:07:13] Warning: Hidden directory found: /etc/.java > [13:07:13] Checking for missing log files [ Skipped ] > [13:07:13] Info: No missing log file names configured. > > > > ----- Mail original ----- > > > De: "ajh-valmer" <ajh.val...@free.fr> > > À: debian-user-french@lists.debian.org > > Envoyé: Mardi 6 Août 2024 12:22:03 > > Objet: Re: [HS] Panne informatique mondiale > > > re Hello, > > Je viens de faire un 2ème test avec "rkhunter" : > > # rkhunter --checkhunter > > Résultat : > > "Checking if SSH root access is allowed [ Warning ]" > > Une ligne de configuration dans sshd.conf à préciser, > > mais ssh n'est pas lancé. > > C'est tout. > > Bilan : négatif, tout est OK sur un ordinateur ou la dernière fois > > que j'ai lancé "rootkit" et "rkhunter" date de plusieurs années. > > > On Tuesday 06 August 2024 11:38:20 ajh-valmer wrote: > > > Pas de panique, Warning : > > > - /usr/lib/python3 > > > - /usr/lib/jvm/.java... > > > - /usr/lib/debug/.build-id > > > - /usr/lib/ruby > > > - /usr/lib/hashcat/modules/.lock > > > - /usr/lib/llvm-15/build > > > - SNIFFER(/usr/sbin/NetworkManager : wpa_supplicant (Wifi) > > > Et des suoppressions (deletion) en 2022 et le dernier en 28/09/2023 > > > Chez moi, j'ai quasi le même bilan. > > > Rien de grave Docteur ? : non. > > > Il y a souvent des faux positifs. > >
