Hello there... I am new to this list but not to rkhunter. I have been using it for about 6 months or so. Below is the results of a daily check that has been giving the fp's since I upgraded samba to 3.2.7. I have done the following but I continue to get them:
# rkhunter --propupd # rkhunter --update here are the relevant lines from /etc/rkhunter.conf: SCRIPTWHITELIST=/sbin/ifup SCRIPTWHITELIST=/sbin/ifdown SCRIPTWHITELIST=/usr/bin/groups SCRIPTWHITELIST=/usr/bin/GET SCRIPTWHITELIST=/usr/bin/ldd SCRIPTWHITELIST=/usr/bin/whatis ALLOWHIDDENDIR=/etc/.java ALLOWHIDDENDIR=/dev/.udev ALLOWHIDDENFILE=/etc/.java ALLOWHIDDENFILE=/usr/share/man/man1/..1.gz XINETD_ALLOWED_SVC=/etc/xinetd.d/tftp >[ Rootkit Hunter version 1.3.4 ] > >[1;33mChecking rkhunter version...[0;39m > This version : 1.3.4 > Latest version: 1.3.4 >[ Rootkit Hunter version 1.3.4 ] > >[1;33mChecking rkhunter data files...[0;39m > Checking file mirrors.dat[34C[ [1;32mNo update[0;39m ] > Checking file programs_bad.dat[29C[ [1;32mNo update[0;39m ] > Checking file backdoorports.dat[28C[ [1;32mNo update[0;39m ] > Checking file suspscan.dat[33C[ [1;32mNo update[0;39m ] > Checking file i18n/cn[38C[ [1;32mNo update[0;39m ] > Checking file i18n/en[38C[ [1;32mNo update[0;39m ] > Checking file i18n/zh[38C[ [1;32mNo update[0;39m ] > Checking file i18n/zh.utf8[33C[ [1;32mNo update[0;39m ] >Warning: The command '/usr/bin/GET' has been replaced by a script: >/usr/bin/GET: perl script text executable >Warning: The command '/usr/bin/groups' has been replaced by a >script: /usr/bin/groups: Bourne shell script text executable >Warning: The command '/usr/bin/ldd' has been replaced by a script: >/usr/bin/ldd: Bourne shell script text executable >Warning: The command '/usr/bin/whatis' has been replaced by a >script: /usr/bin/whatis: Bourne shell script text executable >Warning: The command '/sbin/ifdown' has been replaced by a script: >/sbin/ifdown: Bourne-Again shell script text executable >Warning: The command '/sbin/ifup' has been replaced by a script: >/sbin/ifup: Bourne-Again shell script text executable >Warning: Found enabled xinetd service: /etc/xinetd.d/tftp >Warning: Hidden directory found: /etc/.java >Warning: Hidden directory found: /dev/.udev >Warning: Hidden file found: /usr/share/man/man1/..1.gz: gzip >compressed data, from Unix, max compression > >One or more warnings have been found while checking the system. >Please check the log file (/var/log/rkhunter.log) My googling turned up some results but they have been solved with proper conf entries. Any suggestions or ideas are welcome and greatly appreciated. Thanks! Ed Kasky ~~~~~~~~~ Randomly Generated Quote (698 of 1229): It is not so much our friends' help that helps us as the confident knowledge that they will help us. -Epicurus, Greek philosopher (341-270 BC) ------------------------------------------------------------------------------ Check out the new SourceForge.net Marketplace. It is the best place to buy or sell services for just about anything Open Source. http://p.sf.net/sfu/Xq1LFB _______________________________________________ Rkhunter-users mailing list Rkhunter-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/rkhunter-users
