-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 On my FreeBSD I get this in the log file of rkhunter. I don't understand what the warning is for, the log file doesn't explain it.
[13:58:05] Performing check for possible rootkit strings [13:58:05] Info: Starting test name 'possible_rkt_strings' [13:58:05] Warning: Checking for possible rootkit strings [ Warning ] [13:58:05] No system startup files found. [13:58:05] Also I get warnings like this: [13:57:24] /usr/bin/whatis [ Warning ] [13:57:24] Warning: The command '/usr/bin/whatis' has been replaced by a script: /usr/bin/whatis: Bourne shell script text executable [13:57:27] /usr/sbin/adduser [ Warning ] [13:57:27] Warning: The command '/usr/sbin/adduser' has been replaced by a script: /usr/sbin/adduser: Bourne shell script text executable And more of them for other files that also normally are scripts on freebsd... These are completely normal on FreeBSD and should not be warned for. Another one is this. As far as I know it is normal for the psedo interface pflog to be promisc? It is used for the pf firewall on FreeBSD. (FreeBSD supports three different firewalls) [13:59:07] Checking for promiscuous interfaces [ Warning ] [13:59:07] Warning: Possible promiscuous interfaces: [13:59:07] 'ifconfig' command output: pflog0: flags=141<UP,RUNNING,PROMISC> mtu 33208 Another one: [13:59:12] Info: Found password file: /etc/passwd [13:59:12] Checking for root equivalent (UID 0) accounts [ Warning ] [13:59:12] Warning: Account 'toor' is root equivalent (UID = 0) Again completely normal. toor is root but with bash shell. root uses csh. This is standard on FreeBSD. I hope these issues get fixed Regards, AnMaster -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.7 (GNU/Linux) iD8DBQFHY+D3WmK6ng/aMNkRCn08AKCqdEbtmLh7L1dWT7lyaeHOm8/iRgCfX9s6 dI9/LdW7ZSUPiB01fFE20O0= =MIft -----END PGP SIGNATURE----- ------------------------------------------------------------------------- SF.Net email is sponsored by: Check out the new SourceForge.net Marketplace. It's the best place to buy or sell services for just about anything Open Source. http://ad.doubleclick.net/clk;164216239;13503038;w?http://sf.net/marketplace _______________________________________________ Rkhunter-users mailing list Rkhunter-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/rkhunter-users
