Hello,
since upgrading RKHunter to the current version 1.3.0 i got multiple new
warning messages on my FreeBSD box. I was able to get rid of many of
them by using whitelists etc. But for some of them is have no clue how
do suppress them.
Can anyone give me a hint how to suppress the following
Hallo, Avalon,
Du (third-chance) meintest am 23.10.07:
Can anyone give me a hint how to suppress the following messages:
/usr/bin/whatis [ Warning ]
Warning: The command '/usr/bin/whatis' has been replaced by a script:
/usr/bin/whatis: Bourne shell script text executable
Take
Hello folks,
I have a small home network which I am fairly sure (thanks largely to
RKHunter) is not actually compromised in any way. I recently upgraded to 1.3.0
and, having done so, decided to give it a good run by turning all pretty much
all of the tests to see what would happen. This has
On Tue, 2007-10-23 at 13:02 +0200, Avalon wrote:
since upgrading RKHunter to the current version 1.3.0 i got multiple new
warning messages on my FreeBSD box. I was able to get rid of many of
them by using whitelists etc. But for some of them is have no clue how
do suppress them.
Hello,
Hi,
thank you, Helmut, for your fast reply. I must have been blind when i
was looking over the default config. I found the settings you described
and they worked well.
Also thank you, John, for the other details, but i have some more
questions regarding these warnings:
Helmut Hullen has
On Tue, 2007-10-23 at 15:57 +0100, Arthur Dent wrote:
This has produced a couple of
questions none of which are really serious - just curious:
1) I run RKH from a daily cron job and in the resulting mail output I get
these
strange characters that I don't get when I run it from the command
On Tue, 2007-10-23 at 17:41 +0200, Avalon wrote:
Info: Starting test name 'possible_rkt_strings'
Warning: Checking for possible rootkit strings [ Warning ]
No system startup files found.
- Why is this resulting in a warning if no startup file was found?
The test is looking for
Hi John,
I would suggest checking /etc/rc.conf to see if 'local_startup' has been
set, and then set LOCAL_RC_PATH in rkhunter.conf to that path. If it is
not set, then look in the above directories
(/usr/local/etc/rc.d, /usr/X11R6/etc/rc.d) to see if some local startup
script has been set in
Hallo, John,
Du (john.horne) meintest am 23.10.07:
This seems to be different under FreeBSD too. Both settings
PermitRootLogin no and Protocol 2 are commented out in my
sshd_config, which is the default on FreeBSD. Root-Login is
definitely not permitted under FreeBSD out-of-the-box - until
Hallo, Avalon,
Du (third-chance) meintest am 23.10.07:
thank you, Helmut, for your fast reply. I must have been blind when i
was looking over the default config. I found the settings you
described and they worked well.
Don't mention - I had searched for these errors some hours ago ...
This
On Tue, 2007-10-23 at 19:37 +0200, Helmut Hullen wrote:
Hallo, John,
Du (john.horne) meintest am 23.10.07:
since upgrading RKHunter to the current version 1.3.0 i got multiple
new warning messages on my FreeBSD box.
Warning: No local startup files found.
- Why is this resulting
Hallo, John,
Du (john.horne) meintest am 23.10.07:
But when RKH can find the actual value of PermitRootLogin: why
does it need an entry in /etc/rkhunter.conf?
To see if the value has been changed. If a hacker changes your
PermitRootLogin to 'yes' in sshd_config, then you will probably
want
On Tue, Oct 23, 2007 at 05:16:08PM +0100, John Horne wrote:
Hmmm... Funny - got your reply but my original mail never showed up at my
end...
On Tue, 2007-10-23 at 15:57 +0100, Arthur Dent wrote:
I'm assuming you are running something like 'rkhunter --versioncheck' on
its own in cron? In the
On Tue, 2007-10-23 at 21:10 +0100, Arthur Dent wrote:
Well actually I run the script that I found years ago on the web (in the FAQ?)
It is as follows:
[EMAIL PROTECTED] ~]# cat scripts/rkhscript.sh
#!/bin/sh
(
/usr/local/bin/rkhunter --versioncheck
/usr/local/bin/rkhunter --update
On Tue, Oct 23, 2007 at 10:30:59PM +0100, John Horne wrote:
I presume I need to add the argument --nocolors to the versioncheck line?
Yes, but add it to the '--update' line as well. Alternatively, you can
combine it all in one:
rkhunter --versioncheck --update --cronjob
On Tue, 2007-10-23 at 23:15 +0100, Arthur Dent wrote:
On Tue, Oct 23, 2007 at 10:30:59PM +0100, John Horne wrote:
Also, the next official release will be version 1.3.2. The current CVS
version is 1.3.1. There was an email about the version numbers a short
while ago :-)
OK - Sorry,
16 matches
Mail list logo