On Sat, 2008-02-16 at 23:31 +0100, Colin Brace wrote: > On Feb 16, 2008 10:53 PM, John Horne <[EMAIL PROTECTED]> wrote: > > On Sat, 2008-02-16 at 15:55 +0100, Colin Brace wrote: > > > > > > OK, I unmounted /dev/fd. rkhunter then runs fine. > > > > > > The one thing I notice though is that rkh didn't explicitly check the > > > log files mentioned in the error messages I was getting. Do you have > > > any idea why with fdesc enabled it is suddenly looking in /var/log? > > > > > I don't understand this bit. I saw nothing in the original message about > > RKH looking in /var/log for anything. > > On the basis of the error messages I see, rkh *appears* to be > searching /dev/fd# for log files, i.e., the contents of /var/log. Here > is a small sample of what I see: > > find: /dev/fd/3/mount.yesterday: No such file or directory > find: /dev/fd/3/setuid.today: No such file or directory > I suspect RKH is running the hidden files/directories test. It looks in /dev for these using the 'find' command. I don't think it looks in /var/log for any of the tests. Of course I could be wrong :-)
Can you run 'rkhunter --debug ...' with any other options you usually use. This will create the file '/tmp/rkhunter-debug'. Can you then email that file to me please. I probably can't help too much with the fdesc problem itself, but may be able to get RKH to be a bit more friendly/helpful in this situation. It will also show me which actual test is being run. John. -- --------------------------------------------------------------- John Horne, University of Plymouth, UK Tel: +44 (0)1752 233914 E-mail: [EMAIL PROTECTED] Fax: +44 (0)1752 233839 ------------------------------------------------------------------------- This SF.net email is sponsored by: Microsoft Defy all challenges. Microsoft(R) Visual Studio 2008. http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/ _______________________________________________ Rkhunter-users mailing list Rkhunter-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/rkhunter-users
