Mike McCarty wrote: > Brenton Taylor wrote: > >> Hello, >> Every time I run rkhunter I get a message that says something like: >> >> [1]+ Stopped /usr/local/bin/rkhunter >> >> and when I run rkhunter --check it get up to [Press <ENTER> to >> continue] and I press the Enter key and it doesn't complete the >> scanning and the process is still alive until I type skill rkhunter. >> > > Have you tried "fg"? > I have tried fg . I just did it again to see what the output was:
[Press <ENTER> to continue] [1]+ Stopped rkhunter --check www:~# fg rkhunter --check [1]+ Stopped rkhunter --check www:~# fg rkhunter --check [1]+ Stopped rkhunter --check www:~# > >> I'm new to the mailing list and have never used one before. Here >> is > > You are doing great. > > >> some output I have gathered: >> >> www:/usr/src/rkhunter-1.3.4# /usr/local/bin/rkhunter --propupd >> [ Rootkit Hunter version 1.3.4 ] >> >> [1]+ Stopped /usr/local/bin/rkhunter --propupd >> > > This is odd. It's as though you typed a ^Z to put it in the > background or sth. > > >> www:/usr/src/rkhunter-1.3.4# File updated: searched for 153 files, >> found 122 >> /usr/local/bin/rkhunter --check >> [ Rootkit Hunter version 1.3.4 ] >> >> Checking system commands... >> >> Performing 'strings' command checks >> [1] Done /usr/local/bin/rkhunter --propupd >> >> [2]+ Stopped /usr/local/bin/rkhunter --check >> www:/usr/src/rkhunter-1.3.4# Checking 'strings' >> command [ OK ] >> > > You keep getting more and more of them in the bg, and stopped. > Perhaps a bad download. Have you tried downloading again? > > [...] > i also tried: apt-get purge rkhunter apt-get install rkhunter and also installing from source (sourceforge) > >> Performing file properties checks >> Checking for prerequisites [ OK ] >> > > [...] > > >> /bin/which [ Warning ] >> > > This is likely because "which" is a script on your machine. If you use > a package manager you may be able to make this go away. > > >> /usr/bin/groups [ Warning ] >> > > ditto > > >> /usr/bin/ldd [ Warning ] >> > > ditto > > [...] > > Not quite _all_ of that was necessary to post. However, it's better to > provide a little too much than too little. > > >> [Press <ENTER> to continue] >> >> >> [2]+ Stopped /usr/local/bin/rkhunter --check >> www:/usr/src/rkhunter-1.3.4#cat /var/log/rkhunter.log >> >> [00:28:21] Running Rootkit Hunter version 1.3.4 on www >> [00:28:21] >> [00:28:21] Info: Start date is Thu Aug 6 00:28:21 EST 2009 >> [00:28:21] >> [00:28:21] Checking configuration file and command-line options... >> [00:28:21] Info: Detected operating system is 'Linux' >> [00:28:21] Info: Found O/S name: Debian 5.0 >> > > Ok, you probably use apt or synaptic with DPKG. > > [...] > > >> [00:28:23] Info: The hash function field index is set to 1 >> [00:28:23] Info: No package manager specified: using hash function >> '/usr/bin/sha1sum' >> > > Try putting > > --pkgmgr DPKG > > on your command line, or in /etc/rkhunter.conf a line like > > PKGMGR=DPKG > > [...] > rkhunter --check --pkgmgr DPKG stopped the warnings thanks > >> [00:28:43] /bin/which [ Warning ] >> [00:28:43] Warning: The command '/bin/which' has been replaced by a >> script: /bin/which: POSIX shell script text >> > > Yep, that's what I thought. This is almost surely a false alarm, which > if you tell rkhunter about your package manager may go away. > > [...] > > This looks like a normal run with a few false positives, except that it > cuts off, like the run got aborted. Is it possible that you have a > problem with your keyboard sending ^Z when you don't type it? > > I'm pretty sure there's nothing wrong with my keyboard I used Putty to access "www" and also my Debian laptop, rkhunter works fine on my laptop. >> Thanks, >> Brenton >> > > Mike Brenton Send instant messages to your online friends http://au.messenger.yahoo.com ------------------------------------------------------------------------------ Let Crystal Reports handle the reporting - Free Crystal Reports 2008 30-Day trial. Simplify your report design, integration and deployment - and focus on what you do best, core application coding. Discover what's new with Crystal Reports now. http://p.sf.net/sfu/bobj-july _______________________________________________ Rkhunter-users mailing list Rkhunter-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/rkhunter-users
