Is it normal that this appears in the daily rkhunter log after a restore from desktop to a new installed SME 7.3?
I hope this doesn't disclose any secret information...
There was also a few lines like these on the server that I backed up from, regarding admin being removed and added. Is that normal too?
Both servers are SME 7.3 updated yesterday.
--------------------
/etc/cron.daily/01-rkhunter:
Warning: Users have been added to the passwd file:
root:x:0:0:root:/root:/bin/bash
bin:x:1:1:bin:/bin:/sbin/nologin
daemon:x:2:2:daemon:/sbin:/sbin/nologin
adm:x:3:4:adm:/var/adm:/sbin/nologin
lp:x:4:7:lp:/var/spool/lpd:/sbin/nologin
mail:x:8:12:mail:/var/spool/mail:/sbin/nologin
news:x:9:13:news:/etc/news:
uucp:x:10:14:uucp:/var/spool/uucp:/sbin/nologin
operator:x:11:0:operator:/root:/sbin/nologin
games:x:12:100:games:/usr/games:/sbin/nologin
gopher:x:13:30:gopher:/var/gopher:/sbin/nologin
ftp:x:14:50:FTP User:/var/ftp:/sbin/nologin
squid:x:23:23::/var/spool/squid:/sbin/nologin
mysql:x:27:27:MySQL Server:/var/lib/mysql:/bin/bash
rpm:x:37:37::/var/lib/rpm:/sbin/nologin
ntp:x:38:38::/etc/ntp:/sbin/nologin
apache:x:48:48:Apache:/var/www:/sbin/nologin
dns:x:53:53:Name server:/var/service/tinydns:/bin/false
ldap:x:55:55:LDAP User:/var/lib/ldap:/bin/false
nut:x:57:57:Network UPS Tools:/var/lib/ups:/bin/false
haldaemon:x:68:68:HAL daemon:/:/sbin/nologin
vcsa:x:69:69:virtual console memory owner:/dev:/sbin/nologin
sshd:x:74:74:Privilege-separated SSH:/var/empty/sshd:/sbin/nologin
pcap:x:77:77::/var/arpwatch:/sbin/nologin
dbus:x:81:81:System message bus:/:/sbin/nologin
radiusd:x:95:95:radiusd user:/:/bin/false
dovecot:x:97:97:dovecot:/usr/libexec/dovecot:/sbin/nologin
nobody:x:99:99:Nobody:/:/sbin/nologin
admin:x:101:101:e-smith administrator:/home/e-smith:/sbin/e-smith/console
www:x:102:102:e-smith web server:/home/e-smith:/bin/false
public:x:103:103:e-smith guest:/home/e-smith:/bin/false
alias:x:400:400::/var/qmail/alias:/bin/false
qmaild:x:401:400::/var/qmail:/bin/false
qmaill:x:402:400::/var/qmail:/bin/false
qmailp:x:403:400::/var/qmail:/bin/false
qmailq:x:404:401::/var/qmail:/bin/false
qmailr:x:405:401::/var/qmail:/bin/false
qmails:x:406:401::/var/qmail:/bin/false
clamav:x:407:402:Clam Anti Virus Checker:/var/clamav:/sbin/nologin
dnscache:x:410:410:DNScache user:/var/service/dnscache:/bin/false
dnslog:x:411:411:DNS log user:/var/log:/bin/false
stunnel:x:451:451:chrooted stunnel user user:/var/log/imap/ssl:/bin/false
qpsmtpd:x:453:453:qpsmtpd system user:/var/service/qpsmtpd:/bin/false
imaplog:x:1001:1001:imap output log user:/var/log/imap:/bin/false
smelog:x:1002:1002:sme log user:/var/log/smelog:/bin/false
cvmlog:x:1003:1003:cvm output log user:/var/log/imap:/bin/false
spamd:x:1005:1005:spamassassin daemon user:/var/spool/spamd:/bin/false
smelastsys:x:2999:2999:sme last system user marker:/tmp:/bin/false
Warning: Users have been removed from the passwd file:
root::0:0:root:/root:/bin/bash
bin:*:1:1:bin:/bin:/sbin/nologin
daemon:*:2:2:daemon:/sbin:/sbin/nologin
adm:*:3:4:adm:/var/adm:/sbin/nologin
lp:*:4:7:lp:/var/spool/lpd:/sbin/nologin
sync:*:5:0:sync:/sbin:/bin/sync
shutdown:*:6:0:shutdown:/sbin:/sbin/shutdown
halt:*:7:0:halt:/sbin:/sbin/halt
mail:*:8:12:mail:/var/spool/mail:/sbin/nologin
news:*:9:13:news:/etc/news:
uucp:*:10:14:uucp:/var/spool/uucp:/sbin/nologin
operator:*:11:0:operator:/root:/sbin/nologin
games:*:12:100:games:/usr/games:/sbin/nologin
gopher:*:13:30:gopher:/var/gopher:/sbin/nologin
ftp:*:14:50:FTP User:/var/ftp:/sbin/nologin
nobody:*:99:99:Nobody:/:/sbin/nologin
dbus:!!:81:81:System message bus:/:/sbin/nologin
vcsa:!!:69:69:virtual console memory owner:/dev:/sbin/nologin
mysql:!!:27:27:MySQL Server:/var/lib/mysql:/bin/bash
alias:!!:400:400::/var/qmail/alias:/bin/false
qmaild:!!:401:400::/var/qmail:/bin/false
qmaill:!!:402:400::/var/qmail:/bin/false
qmailp:!!:403:400::/var/qmail:/bin/false
qmailq:!!:404:401::/var/qmail:/bin/false
qmailr:!!:405:401::/var/qmail:/bin/false
qmails:!!:406:401::/var/qmail:/bin/false
haldaemon:!!:68:68:HAL daemon:/:/sbin/nologin
apache:!!:48:48:Apache:/var/www:/sbin/nologin
ldap:!!:55:55:LDAP User:/var/lib/ldap:/bin/false
pcap:!!:77:77::/var/arpwatch:/sbin/nologin
nut:!!:57:57:Network UPS Tools:/var/lib/ups:/bin/false
clamav:!!:407:402:Clam Anti Virus Checker:/var/clamav:/sbin/nologin
www:!!:102:102:e-smith web server:/home/e-smith:/bin/false
admin:!!:101:101:e-smith administrator:/home/e-smith:/sbin/e-smith/console
public:!!:103:103:e-smith guest:/home/e-smith:/bin/false
smelog:!!:1002:1002:sme log user:/var/log/smelog:/bin/false
ntp:!!:38:38::/etc/ntp:/sbin/nologin
rpm:!!:37:37::/var/lib/rpm:/sbin/nologin
Warning: Groups have been added to the group file:
root:x:0:admin,root
bin:x:1:bin,daemon,root
daemon:x:2:bin,daemon,root
sys:x:3:adm,bin,root
adm:x:4:adm,daemon,root
tty:x:5:
disk:x:6:root
lp:x:7:daemon,lp
mem:x:8:
kmem:x:9:
wheel:x:10:root
mail:x:12:mail
news:x:13:news
uucp:x:14:nut,uucp
man:x:15:
games:x:20:
squid:x:23:
mysql:x:27:
gopher:x:30:
rpm:x:37:
ntp:x:38:
dip:x:40:
ftp:x:50:
dns:x:53:
lock:x:54:
nut:x:57:
haldaemon:x:68:
vcsa:x:69:
sshd:x:74:
dbus:x:81:
radiusd:x:95:
dovecot:x:97:
nobody:x:99:
users:x:100:
admin:x:101:
nofiles:x:400:
qmail:x:401:
clamav:x:402:
dnscache:x:410:
dnslog:x:411:
stunnel:x:451:
qpsmtpd:x:453:
shared:x:500:admin,public,www
imaplog:x:1001:
cvmlog:x:1003:
spamd:x:1005:
smelastsys:x:2999:
Warning: Groups have been removed from the group file:
root::0:root,admin
bin::1:root,bin,daemon
daemon::2:root,bin,daemon
sys::3:root,bin,adm
adm::4:root,adm,daemon
tty::5:
disk::6:root
lp::7:daemon,lp
mem::8:
kmem::9:
wheel::10:root
mail::12:mail
news::13:news
uucp::14:uucp,nut
man::15:
games::20:
gopher::30:
dip::40:
ftp::50:
lock::54:
nobody::99:
users::100:
dbus:x:81:
vcsa:x:69:
mysql:x:27:
nofiles:x:400:
qmail:x:401:
haldaemon:x:68:
nut:x:57:
clamav:x:402:
shared:x:500:www,admin,public
admin:x:101:
ntp:x:38:
rpm:x:37:
One or more warnings have been found while checking the system.
Please check the log file (/var/log/rkhunter.log)
/etc/cron.daily/sa_update:
'spamassassin' is not a valid service name
1 Replies
956 Views