Re: [Rkhunter-users] Some questions after upgrade

2007-10-26 Thread Pam Patterson
I am having this same problem with rkhunter 1.30 on SLES 10 The report from the cronjob is showing: Checking rkhunter data files... Checking file mirrors.dat[ No update ] Checking file programs_bad.dat[ No update ] Checking file backdoorports.dat[ No update ] Checking file

Re: [Rkhunter-users] Some questions after upgrade

2007-10-26 Thread John Horne
On Fri, 2007-10-26 at 12:11 -0400, Pam Patterson wrote: I am having this same problem with rkhunter 1.30 on SLES 10 Your debug output seems to indicate that you don't have the current version of rkhunter (although it says version 1.3.0). Can you run: ls -l /usr/local/bin/rkhunter and let

Re: [Rkhunter-users] Some questions after upgrade

2007-10-26 Thread Pam Patterson
John Horne wrote: On Fri, 2007-10-26 at 12:11 -0400, Pam Patterson wrote: I am having this same problem with rkhunter 1.30 on SLES 10 Your debug output seems to indicate that you don't have the current version of rkhunter (although it says version 1.3.0). Can you run: ls -l

Re: [Rkhunter-users] Some questions after upgrade

2007-10-26 Thread John Horne
On Fri, 2007-10-26 at 17:06 -0400, Pam Patterson wrote: John Horne wrote: On Fri, 2007-10-26 at 12:11 -0400, Pam Patterson wrote: I am having this same problem with rkhunter 1.30 on SLES 10 Your debug output seems to indicate that you don't have the current version of rkhunter (although

Re: [Rkhunter-users] Some questions after upgrade

2007-10-25 Thread John Horne
On Thu, 2007-10-25 at 16:33 +0100, Arthur Dent wrote: On Wed, Oct 24, 2007 at 11:31:50PM +0100, John Horne wrote: On Wed, 2007-10-24 at 10:35 +0100, Arthur Dent wrote: 'ls -l /dev/pts/0' does indeed report no such file even after a reboot. Should I be concerned about this? It is

Re: [Rkhunter-users] Some questions after upgrade

2007-10-24 Thread Arthur Dent
Well I'm beginning to make real progress here. My aim is to have a completely clean sheet with RKH running as many tests as possible. So far, point no. 1 (strange characters in cron output) has been cleared up nicely with the use of the --nocolors option. Thanks. Point no. 2 (deleted files).

Re: [Rkhunter-users] Some questions after upgrade

2007-10-24 Thread unspawn
On Tue, 23 Oct 2007 18:16:08 +0200 John Horne [EMAIL PROTECTED] wrote: On Tue, 2007-10-23 at 15:57 +0100, Arthur Dent wrote: Thanks in advance for your answers and thanks very much to unSpawn and all the RKH rpoject team for all their efforts in providing us with such a great product.

Re: [Rkhunter-users] Some questions after upgrade

2007-10-24 Thread John Horne
On Wed, 2007-10-24 at 10:35 +0100, Arthur Dent wrote: Point no. 2 (deleted files). Well, even after a reboot the same two files (but different PIDs) are still present. Warning: The following processes are using deleted files: Process: /bin/bashPID: 4041File: /dev/pts/0

Re: [Rkhunter-users] Some questions after upgrade

2007-10-23 Thread John Horne
On Tue, 2007-10-23 at 15:57 +0100, Arthur Dent wrote: This has produced a couple of questions none of which are really serious - just curious: 1) I run RKH from a daily cron job and in the resulting mail output I get these strange characters that I don't get when I run it from the command

Re: [Rkhunter-users] Some questions after upgrade

2007-10-23 Thread Arthur Dent
On Tue, Oct 23, 2007 at 05:16:08PM +0100, John Horne wrote: Hmmm... Funny - got your reply but my original mail never showed up at my end... On Tue, 2007-10-23 at 15:57 +0100, Arthur Dent wrote: I'm assuming you are running something like 'rkhunter --versioncheck' on its own in cron? In the

Re: [Rkhunter-users] Some questions after upgrade

2007-10-23 Thread John Horne
On Tue, 2007-10-23 at 21:10 +0100, Arthur Dent wrote: Well actually I run the script that I found years ago on the web (in the FAQ?) It is as follows: [EMAIL PROTECTED] ~]# cat scripts/rkhscript.sh #!/bin/sh ( /usr/local/bin/rkhunter --versioncheck /usr/local/bin/rkhunter --update

Re: [Rkhunter-users] Some questions after upgrade

2007-10-23 Thread Arthur Dent
On Tue, Oct 23, 2007 at 10:30:59PM +0100, John Horne wrote: I presume I need to add the argument --nocolors to the versioncheck line? Yes, but add it to the '--update' line as well. Alternatively, you can combine it all in one: rkhunter --versioncheck --update --cronjob

Re: [Rkhunter-users] Some questions after upgrade

2007-10-23 Thread John Horne
On Tue, 2007-10-23 at 23:15 +0100, Arthur Dent wrote: On Tue, Oct 23, 2007 at 10:30:59PM +0100, John Horne wrote: Also, the next official release will be version 1.3.2. The current CVS version is 1.3.1. There was an email about the version numbers a short while ago :-) OK - Sorry,