Re: [Rkhunter-users] Apache2 installed but application httpd not found

Rado Rovny Sun, 31 Jan 2010 02:47:46 -0800

Hello Christian

The problem seems to be in do_app_checks() function and configured
applications in APP_NAMES variable


        APP_NAMES="exim:Exim MTA
                   gpg:GnuPG
                   httpd:Apache
                   named:Bind DNS
                   openssl:OpenSSL
                   php:PHP
                   procmail:Procmail MTA
                   proftpd:ProFTPd
                   sshd:OpenSSH"


Unfortunatelly, Apache2 process name is apache2 and not httpd, so this
check will not succeed.
I have the same problem on same OS.

bianca:/etc# ps -ef | grep apache|grep -v grep
www-data  3524 14652  0 10:55 ?        00:00:00 /usr/sbin/apache2 -k start
www-data 12584 14652  0 Jan20 ?        00:00:01 /usr/sbin/apache2 -k start
root     14652     1  0 Jan15 ?        00:00:23 /usr/sbin/apache2 -k start
www-data 15228     1  0  2009 ?        00:00:05 /usr/sbin/apache2 -k start
www-data 20441     1  0  2009 ?        00:00:00 /usr/sbin/apache2 -k start
www-data 22213 14652  0 11:06 ?        00:00:00 /usr/sbin/apache2 -k start
www-data 22216 14652  0 11:06 ?        00:00:00 /usr/sbin/apache2 -k start
www-data 22217 14652  0 11:06 ?        00:00:00 /usr/sbin/apache2 -k start
www-data 22218 14652  0 11:06 ?        00:00:00 /usr/sbin/apache2 -k start
www-data 22219 14652  0 11:06 ?        00:00:00 /usr/sbin/apache2 -k start
www-data 22371     1  0  2009 ?        00:00:07 /usr/sbin/apache2 -k start
www-data 25602 14652  0 10:53 ?        00:00:00 /usr/sbin/apache2 -k start
www-data 25605 14652  0 10:53 ?        00:00:00 /usr/sbin/apache2 -k start
www-data 25606 14652  0 10:53 ?        00:00:00 /usr/sbin/apache2 -k start
www-data 25607 14652  0 10:53 ?        00:00:00 /usr/sbin/apache2 -k start
www-data 25608 14652  0 10:53 ?        00:00:00 /usr/sbin/apache2 -k start
www-data 25609 14652  0 10:53 ?        00:00:00 /usr/sbin/apache2 -k start
www-data 25610 14652  0 10:53 ?        00:00:00 /usr/sbin/apache2 -k start
www-data 25611 14652  0 10:53 ?        00:00:00 /usr/sbin/apache2 -k start
www-data 25612 14652  0 10:53 ?        00:00:00 /usr/sbin/apache2 -k start
www-data 25613 14652  0 10:53 ?        00:00:01 /usr/sbin/apache2 -k start
www-data 25614 14652  0 10:53 ?        00:00:00 /usr/sbin/apache2 -k start
bianca:/etc# grep Application /var/log/rkhunter/rkhunter.log|grep http
[11:01:56] Info: Application 'httpd' not found.
bianca:/etc#

This is something for developers to fix.

Regards,
Rado

Christian Lauf wrote:
> Hello,
>
> is rkhunter able to scan Apache2 and Postfix/Dovecot under Debian Lenny
> (amd64)?
>
> On my system I've got an Apache2 runing along with Postfix and Dovecot.
>
> All rkhunter logs is the following:
> Info: Application 'exim' not found.
> Info: Application 'httpd' not found.
> Info: Application 'named' not found.
>
> The entry for named is ok, because there is indeed no DNS-Server runing.
> But the remaining are runing under their debian-names.
>
> server:~# ps -ef |grep apache2
> root      2855     1  0 Jan22 ?        00:00:10 /usr/sbin/apache2 -k start
> www-data 20282  2855  0 19:07 ?        00:00:01 /usr/sbin/apache2 -k start
> [...]
>
> server:~# ps -ef |grep postfix
> root      2721     1  0 Jan22 ?        00:00:05 /usr/lib/postfix/master
> postfix   2730  2721  0 Jan22 ?        00:00:01 qmgr -l -t fifo -u
> postfix   2901  2721  0 Jan22 ?        00:00:00 tlsmgr -l -t unix -u -c
> postfix  19078  2721  0 18:02 ?        00:00:00 pickup -l -t fifo -u -c
> postfix  20470  2721  0 19:16 ?        00:00:00 smtp -t unix -u -c
> postfix  20497  2721  0 19:18 ?        00:00:00 bounce -z -n defer -t unix
> -u -c
>
> server:~# ps -ef |grep dovecot
> root      2758     1  0 Jan22 ?        00:00:08 /usr/sbin/dovecot
> root      2767  2758  0 Jan22 ?        00:00:07 dovecot-auth
> dovecot  12473  2758  0 Jan26 ?        00:00:03 pop3-login
> dovecot  12474  2758  0 Jan26 ?        00:00:03 pop3-login
> dovecot  12475  2758  0 Jan26 ?        00:00:03 pop3-login
> dovecot  20450  2758  0 19:14 ?        00:00:00 imap-login
> dovecot  20453  2758  0 19:14 ?        00:00:00 imap-login
> dovecot  20456  2758  0 19:14 ?        00:00:00 imap-login
> root     26597  2758  0 18:54 ?        00:00:00 dovecot-auth -w
>
> How do I configure rkhunter to also check this programs?
>
> Thanks,
> Christian
>

signature.asc
Description: OpenPGP digital signature

------------------------------------------------------------------------------
The Planet: dedicated and managed hosting, cloud storage, colocation
Stay online with enterprise data centers and the best network in the business
Choose flexible plans and management services without long-term contracts
Personal 24x7 support from experience hosting pros just a phone call away.
http://p.sf.net/sfu/theplanet-com

_______________________________________________
Rkhunter-users mailing list
Rkhunter-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/rkhunter-users

Re: [Rkhunter-users] Apache2 installed but application httpd not found

Reply via email to