[root@cobalt mnist]# cat /var/mail/rootFrom root@cobalt.localdomain Tue May 26

1. [root@cobalt mnist]# cat /var/mail/root
2. From root@cobalt.localdomain Tue May 26 07:18:50 2015
3. Return-Path: <root@cobalt.localdomain>
4. X-Original-To: root@localhost
5. Delivered-To: root@localhost.localdomain
6. Received: by cobalt.localdomain (Postfix, from userid 0)
7. id BE0D3421B07F; Tue, 26 May 2015 07:18:50 +0800 (PHT)
8. Date: Tue, 26 May 2015 07:18:50 +0800
9. To: root@localhost.localdomain
10. Subject: rkhunter Daily Run on cobalt
11. User-Agent: Heirloom mailx 12.5 7/5/10
12. MIME-Version: 1.0
13. Content-Type: text/plain; charset=us-ascii
14. Content-Transfer-Encoding: 7bit
15. Message-Id: <20150525231850.BE0D3421B07F@cobalt.localdomain>
16. From: root@cobalt.localdomain (root)
17.  
18.  
19. --------------------- Start Rootkit Hunter Update ---------------------
20. [ Rootkit Hunter version 1.4.2 ]
21.  
22. Checking rkhunter data files...
23. Checking file mirrors.dat [ Update failed ]
24. Checking file programs_bad.dat [ Update failed ]
25. Checking file backdoorports.dat [ Update failed ]
26. Checking file suspscan.dat [ Update failed ]
27. Checking file i18n versions [ Update failed ]
28.  
29. Please check the log file (/var/log/rkhunter/rkhunter.log)
30.  
31.  
32. ---------------------- Start Rootkit Hunter Scan ----------------------
33. Warning: Checking for prerequisites [ Warning ]
34. The file of stored file properties (rkhunter.dat) does not exist, and should be created. To do this type in 'rkhunter --propupd'.
35. Warning: WARNING! It is the users responsibility to ensure that when the '--propupd' option
36. is used, all the files on their system are known to be genuine, and installed from a
37. reliable source. The rkhunter '--check' option will compare the current file properties
38. against previously stored values, and report if any values differ. However, rkhunter
39. cannot determine what has caused the change, that is for the user to do.
40. Warning: The command '/usr/sbin/ifdown' has been replaced by a script: /usr/sbin/ifdown: Bourne-Again shell script, ASCII text executable
41. Warning: The command '/usr/sbin/ifup' has been replaced by a script: /usr/sbin/ifup: Bourne-Again shell script, ASCII text executable
42. Warning: The command '/usr/bin/egrep' has been replaced by a script: /usr/bin/egrep: POSIX shell script, ASCII text executable
43. Warning: The command '/usr/bin/fgrep' has been replaced by a script: /usr/bin/fgrep: POSIX shell script, ASCII text executable
44. Warning: Unable to check for passwd file differences: no copy of the passwd file exists.
45. Warning: Unable to check for group file differences: no copy of the group file exists.
46.  
47. ----------------------- End Rootkit Hunter Scan -----------------------
48.  
49. From root@cobalt.localdomain Tue May 26 07:18:50 2015
50. Return-Path: <root@cobalt.localdomain>
51. X-Original-To: root
52. Delivered-To: root@cobalt.localdomain
53. Received: by cobalt.localdomain (Postfix, from userid 0)
54. id D29E841D3073; Tue, 26 May 2015 07:18:50 +0800 (PHT)
55. From: Anacron <root@cobalt.localdomain>
56. To: root@cobalt.localdomain
57. Content-Type: text/plain; charset="UTF-8"
58. Subject: Anacron job 'cron.daily' on cobalt
59. Message-Id: <20150525231850.D29E841D3073@cobalt.localdomain>
60. Date: Tue, 26 May 2015 07:18:50 +0800 (PHT)
61.  
62. /etc/cron.daily/logrotate:
63.  
64. error: stat of /var/log/rkhunter/rkhunter.log failed: No such file or directory
65.  
66. From root@cobalt.localdomain Wed May 27 16:07:07 2015
67. Return-Path: <root@cobalt.localdomain>
68. X-Original-To: root@localhost
69. Delivered-To: root@localhost.localdomain
70. Received: by cobalt.localdomain (Postfix, from userid 0)
71. id 70BF64894FF7; Wed, 27 May 2015 16:07:07 +0800 (PHT)
72. Date: Wed, 27 May 2015 16:07:07 +0800
73. To: root@localhost.localdomain
74. Subject: rkhunter Daily Run on cobalt
75. User-Agent: Heirloom mailx 12.5 7/5/10
76. MIME-Version: 1.0
77. Content-Type: text/plain; charset=us-ascii
78. Content-Transfer-Encoding: 7bit
79. Message-Id: <20150527080707.70BF64894FF7@cobalt.localdomain>
80. From: root@cobalt.localdomain (root)
81.  
82.  
83. --------------------- Start Rootkit Hunter Update ---------------------
84. [ Rootkit Hunter version 1.4.2 ]
85.  
86. Checking rkhunter data files...
87. Checking file mirrors.dat [ Update failed ]
88. Checking file programs_bad.dat [ Update failed ]
89. Checking file backdoorports.dat [ Update failed ]
90. Checking file suspscan.dat [ Update failed ]
91. Checking file i18n versions [ Update failed ]
92.  
93. Please check the log file (/var/log/rkhunter/rkhunter.log)
94.  
95.  
96. ---------------------- Start Rootkit Hunter Scan ----------------------
97. Warning: Checking for prerequisites [ Warning ]
98. The file of stored file properties (rkhunter.dat) does not exist, and should be created. To do this type in 'rkhunter --propupd'.
99. Warning: WARNING! It is the users responsibility to ensure that when the '--propupd' option
100. is used, all the files on their system are known to be genuine, and installed from a
101. reliable source. The rkhunter '--check' option will compare the current file properties
102. against previously stored values, and report if any values differ. However, rkhunter
103. cannot determine what has caused the change, that is for the user to do.
104. Warning: The command '/usr/sbin/ifdown' has been replaced by a script: /usr/sbin/ifdown: Bourne-Again shell script, ASCII text executable
105. Warning: The command '/usr/sbin/ifup' has been replaced by a script: /usr/sbin/ifup: Bourne-Again shell script, ASCII text executable
106. Warning: The command '/usr/bin/egrep' has been replaced by a script: /usr/bin/egrep: POSIX shell script, ASCII text executable
107. Warning: The command '/usr/bin/fgrep' has been replaced by a script: /usr/bin/fgrep: POSIX shell script, ASCII text executable
108. Warning: User 'usbmuxd' has been added to the passwd file.
109. Warning: User 'rtkit' has been added to the passwd file.
110. Warning: User 'pulse' has been added to the passwd file.
111. Warning: User 'colord' has been added to the passwd file.
112. Warning: User 'gdm' has been added to the passwd file.
113. Warning: User 'saslauth' has been added to the passwd file.
114. Warning: User 'unbound' has been added to the passwd file.
115. Warning: Group 'usbmuxd' has been added to the group file.
116. Warning: Group 'rtkit' has been added to the group file.
117. Warning: Group 'pulse-access' has been added to the group file.
118. Warning: Group 'pulse' has been added to the group file.
119. Warning: Group 'colord' has been added to the group file.
120. Warning: Group 'gdm' has been added to the group file.
121. Warning: Group 'slocate' has been added to the group file.
122. Warning: Group 'saslauth' has been added to the group file.
123. Warning: Group 'unbound' has been added to the group file.
124.  
125. ----------------------- End Rootkit Hunter Scan -----------------------
126.  
127. From root@cobalt.localdomain Thu May 28 04:12:04 2015
128. Return-Path: <root@cobalt.localdomain>
129. X-Original-To: root@localhost
130. Delivered-To: root@localhost.localdomain
131. Received: by cobalt.localdomain (Postfix, from userid 0)
132. id D985D4586EAB; Thu, 28 May 2015 04:12:03 +0800 (PHT)
133. Date: Thu, 28 May 2015 04:12:03 +0800
134. To: root@localhost.localdomain
135. Subject: rkhunter Daily Run on cobalt
136. User-Agent: Heirloom mailx 12.5 7/5/10
137. MIME-Version: 1.0
138. Content-Type: text/plain; charset=us-ascii
139. Content-Transfer-Encoding: 7bit
140. Message-Id: <20150527201203.D985D4586EAB@cobalt.localdomain>
141. From: root@cobalt.localdomain (root)
142.  
143.  
144. --------------------- Start Rootkit Hunter Update ---------------------
145. [ Rootkit Hunter version 1.4.2 ]
146.  
147. Checking rkhunter data files...
148. Checking file mirrors.dat [ Update failed ]
149. Checking file programs_bad.dat [ Update failed ]
150. Checking file backdoorports.dat [ Update failed ]
151. Checking file suspscan.dat [ Update failed ]
152. Checking file i18n versions [ Update failed ]
153.  
154. Please check the log file (/var/log/rkhunter/rkhunter.log)
155.  
156.  
157. ---------------------- Start Rootkit Hunter Scan ----------------------
158. Warning: Checking for prerequisites [ Warning ]
159. The file of stored file properties (rkhunter.dat) does not exist, and should be created. To do this type in 'rkhunter --propupd'.
160. Warning: WARNING! It is the users responsibility to ensure that when the '--propupd' option
161. is used, all the files on their system are known to be genuine, and installed from a
162. reliable source. The rkhunter '--check' option will compare the current file properties
163. against previously stored values, and report if any values differ. However, rkhunter
164. cannot determine what has caused the change, that is for the user to do.
165. Warning: The command '/usr/sbin/ifdown' has been replaced by a script: /usr/sbin/ifdown: Bourne-Again shell script, ASCII text executable
166. Warning: The command '/usr/sbin/ifup' has been replaced by a script: /usr/sbin/ifup: Bourne-Again shell script, ASCII text executable
167. Warning: The command '/usr/bin/egrep' has been replaced by a script: /usr/bin/egrep: POSIX shell script, ASCII text executable
168. Warning: The command '/usr/bin/fgrep' has been replaced by a script: /usr/bin/fgrep: POSIX shell script, ASCII text executable
169.  
170. ----------------------- End Rootkit Hunter Scan -----------------------