On Fri, 2012-08-17 at 13:42 -0500, Anthony Messina wrote:
> On Monday, July 23, 2012 04:08:25 AM Anthony Messina wrote:
> > I have installed freeipa-server-2.2.0-1.fc17.x86_64 and it's running
> > well.  I have also installed rkhunter-1.4.0-1.fc17.noarch on the IPA
> > server and each morning I receive the following report from rkhunter.
> > 
> > I imagine/hope that these are not actual rootkits and was wondering if
> > anyone knew of a way to inform rkhunter/rkhunter.conf to "never mind"
> > these as they seem like they would be a normal part of the IPA/CA process.
> > 
> > By the way, UID 995 is the pkiuser on my IPA system.
> > 
> > Thanks for any input. -A
> > 
> > 
> > rkhunter warning output follows:
> > 
> > Warning: The following processes are using suspicious files:
> >          Command: java
> >            UID: 995    PID: 1513
> >            Pathname: /var/log/pki-ca/system
> >            Possible Rootkit: Unknown rootkit
> >          Command: java
> >            UID: 1518    PID: 1513
> >            Pathname: 14287633
> >            Possible Rootkit: Unknown rootkit
> 
> Is anyone able to offer some insight on this one?  Perhaps there is some way 
> to undate the rkhunter configuration to 'allow' this behavior, if it's 
> intended.  Thanks.  -A


This looks to me like it's a false positive. Please file a bug against
the rkhunter package at bugzilla.redhat.com

Attachment: signature.asc
Description: This is a digitally signed message part

_______________________________________________
Freeipa-users mailing list
Freeipa-users@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-users

Reply via email to