Hello. 1. I am using rkhunter with CentOS 4.4. It used to work just fine, but recently I have been encountering problems. First, when I run:
rkhunter --update I get "Mirror outdated" error messages. At this point in time, I am no longer getting those error messages (otherwise I would cut-and-paste them into this email), but I have noticed that it is only using the mirror "http://rkhunter.sourceforge.net";, even though it states it rotated the "Mirrorfile". 2. When I run rkhunter, it is stating that the '/bin/kill' binary is bad. At first, I thought I had an owned server, but, upon scanning more CentOS 4.4 servers I am getting the same results with about 15 different servers. Is this just a problem with rkhunter not supporting CentOS 4.4 properly? 3. Is it possible to run rkhunter so that any external binaries or libraries it accesses in order to perform it's job (such as sed, awk, cut, tail, strings, cat, ls ... ) are from a trusted source? With chkrootkit, you can provide it with a different path to search for those binaries. Otherwise, it's possible for an attacker to compromise a those binaries in such a way so that rkhunter always reports a clean server even though it has been compromised. Thanks. ------------------------------------------------------------------------- Using Tomcat but need to do more? Need to support web services, security? Get stuff done quickly with pre-integrated technology to make your job easier Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo http://sel.as-us.falkag.net/sel?cmd=lnk&kid=120709&bid=263057&dat=121642 _______________________________________________ Rkhunter-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/rkhunter-users
