On Wed, 10 Oct 2007 11:12:22 +0200 Simon <[EMAIL PROTECTED]> wrote: > Yesterday the cron daemon send me a mail because of a missing file which rkh tried to access, (..) > So I think this whole alarm was just a big failure of rkh, but why?
Did you try to find out *why* the file suddenly disappeared to start with? Did you verify the package contents if you installed from RPM? Did you use a checklist like http://www.cert.org/tech_tips/intruder_detection_checklist.html to guide your examination of the system? (Any compelling reasons not to run current, which is version 1.3.0?) Can you at least reproduce the situation and run RKH again to produce a debug log? * If you can then please bzip2 the log before attaching and send it directly to John Horne and me. Regards, unSpawn ------------------------------------------------------------------------- This SF.net email is sponsored by: Splunk Inc. Still grepping through log files to find problems? Stop. Now Search log events and configuration files using AJAX and a browser. Download your FREE copy of Splunk now >> http://get.splunk.com/ _______________________________________________ Rkhunter-users mailing list Rkhunter-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/rkhunter-users