Hi,
please see the attached .txt-file.
Regards,
André
--------
Verschlüsselungssoftware unter www.gnupg.de
An mich gerichtete E-Mails, wenn sie persönliche oder anderweitig sensible
Daten beinhalten, bitte immer mit folgendem GPG-Key verschlüsseln: 0x0A51E72D
--------
Heute schon einen Blick in die Zukunft von E-Mails wagen? Versuchen Sie´s
mit dem neuen Yahoo! Mail. www.yahoo.de/mailHi,
today I installed the beta-version of the very usefull rkhunter-1.3.0.
After running the programm [rkhunter -c --sk]
it gave me some warnings of wich I think that they are false positives.
I am running Novell Suse Linux 10.0,
[uname -a
Linux linux 2.6.13-15.16-default #1 Fri Jun 8 15:35:39 UTC 2007 i686 athlon
i386 GNU/Linux]
the warnings are:
============================================================
[14:24:50] /bin/egrep [ Warning ]
[14:24:50] Warning: The command '/bin/egrep' has been replaced by a script:
/bin/egrep: Bourne shell script text
[14:24:50] /bin/fgrep [ Warning ]
[14:24:50] Warning: The command '/bin/fgrep' has been replaced by a script:
/bin/fgrep: Bourne shell script text
.
.
[14:25:00] /usr/bin/groups [ Warning ]
[14:25:00] Warning: The command '/usr/bin/groups' has been replaced by a
script: /usr/bin/groups: Bourne shell script text
.
.
[14:25:01] /usr/bin/ldd [ Warning ]
[14:25:01] Warning: The command '/usr/bin/ldd' has been replaced by a script:
/usr/bin/ldd: Bourne shell script text
.
.
[14:25:11] /sbin/chkconfig [ Warning ]
[14:25:11] Warning: The command '/sbin/chkconfig' has been replaced by a
script: /sbin/chkconfig: perl script text
.
.
[14:25:12] /sbin/ifup [ Warning ]
[14:25:12] Warning: The command '/sbin/ifup' has been replaced by a script:
/sbin/ifup: Bourne-Again shell script text
#I believe that Novell uses theses scripts per default or has linked the
original commands to them. The warnings would then #be false.
#rkhunter-1.2.9 did not gave me this warnings.
===============================
[14:26:18] Checking if SSH root access is allowed [ Warning ]
#I have had disabled root access since rkhunter-1.2.9. Therefore I think
rkhunter-1.3.0 gave me a false positive.
================================
[14:26:38] Checking /dev for suspicious file types [ Warning ]
[14:26:38] Warning: Suspicious files found in /dev:
[14:26:38] /dev/shm/jack-shm-registry: data
[14:26:38] Checking for hidden files and directories [ Warning ]
[14:26:38] Warning: Hidden directory found: /dev/.udevdb
#The jack-shm belongs to Jack. Jack is an audioplayer for Linux. Ask your
preferred search-engine about #â/dev/shm/jack-shm-registryâ.
#
#About /dev/udev I found information at
http://www.kernel.org/pub/linux/utils/kernel/hotplug/udev-FAQ
#as well as at http://en.wikipedia.org/wiki/Udev:
#âudev is the device manager for the Linux 2.6 kernel series. Its primary
function is managing device nodes in /dev. It is #the successor of devfs and
hotplug, which means that it handles the /dev directory and all user space
actions when #adding/removing devices, including firmware load.â
#Therefore I think the warning about /dev/udev is a false positive.
================================
Thats it. Keep up the good work.
André
-------------------------------------------------------------------------
This SF.net email is sponsored by: Splunk Inc.
Still grepping through log files to find problems? Stop.
Now Search log events and configuration files using AJAX and a browser.
Download your FREE copy of Splunk now >> http://get.splunk.com/
_______________________________________________
Rkhunter-users mailing list
Rkhunter-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/rkhunter-users
