On Tue, 2007-07-24 at 01:12 +0200, Jim Knuth wrote:
>
> --snip
> Warning: The modules file '/proc/modules' is missing.
>
RKH is trying to do a kernel module check. It cannot because the
file /proc/modules doesn't exist. You can disable the test, to avoid
continuously getting the warning, in the rkhunter.conf file (test name
'os_specific').
> Warning: The kernel module directory '/lib/modules/2.6.17.7-grsec-custom' is
> missing.
>
Similar to above. However, can you check this for me please as I want to
be sure the test is working correctly. Can you email me the output of:
ls -l /lib/modules
uname -r
ls -ld /proc/modules
> Warning: Process '/usr/sbin/p0f' (PID 2706) is listening on the network.
>
As it says, the process 2706 is listening on your network interface. If
it is a genuine process, then it can be whitelisted. If it is not
genuine then it is not something you want on your system.
> Warning: Suspicious files found in /dev:
> /dev/shm/resolvconf/resolv.conf: ASCII text
> /dev/shm/resolvconf/interface/lo.named: ASCII text
> /dev/shm/resolvconf/interface/eth0.inet: ASCII text
>
Again, these can be whitelisted if they are known to be genuine files
which should exist in /dev.
John.
--
---------------------------------------------------------------
John Horne, University of Plymouth, UK Tel: +44 (0)1752 233914
E-mail: [EMAIL PROTECTED] Fax: +44 (0)1752 233839
-------------------------------------------------------------------------
This SF.net email is sponsored by: Splunk Inc.
Still grepping through log files to find problems? Stop.
Now Search log events and configuration files using AJAX and a browser.
Download your FREE copy of Splunk now >> http://get.splunk.com/
_______________________________________________
Rkhunter-users mailing list
Rkhunter-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/rkhunter-users
