Helllo, I have a question about an error message I keep receiving everytime I try to execute the ./rkcheck command on my linux server. Everytime I execute the ./rkcheck command in the /usr/local/bin directory of my server I keep getting the following error message: Invalid BINDIR configuration option: Invalid directory found: . Invalid BINDIR configuration option: Invalid directory found: I have been told that the path of the file may point to the wrong location. I am using a Putty to do this command. I need this command to work and give me the proper output so I can see what, if any, rootkits have been found. I don't want this error message to appear anymore. How can I get the path of the file to point to the right location?
May be it would be a good idea to post what Linux Distro and Version you're using?! in Debian Wheezy the output of your command is as follow: Code: root@server:~# cd /usr/local/bin root@server:/usr/local/bin# ./rkcheck -bash: ./rkcheck: No such file or directory root@server:/usr/local/bin# /rkcheck -bash: /rkcheck: No such file or directory root@server:/usr/local/bin# The command I was give was include the ./ and exclude as / and both didn't working!
The Linux Distribution I am using is CentOS release 6.4. Codename: final I truly would appreciate any help you can give me because I am getting real tired of that error message. I don't know what is causing it and I want to see what rootkits if any are being run on it. I need to know if my servers are in danger of being hacked. These servers are for a company and I can't seem to find an answer anywhere.
One other thing I want to ask is I am trying to figure out which files are false positives which have been white listed and which ones are warnings I need to take seriously. I was told that the README, rkhunter.conf comments and FAQ Rootkit Hunter comes with tells you how: use your distributions package management to verify files and (visually) inspect the rest. How would I go about finding these items if they are not in their proper directories?
Virustotal Regarding your suspicious files, which maybe infected as you think, you could on line check them at: https://www.virustotal.com/, just need to upload the suspicious file and check. For to get the files to your desktop, install WinSCP (Freeware) and copy those files to your pc from where you could freely upload them without any interference on your running server. If you don't have WinSCP, download from: http://winscp.net/eng/index.php install on your desktop under Windows and use the SSH settings for to connect to your server. If you run Linux on your destop, use an SCP Client for linux instead.
