On 26/05/2010 14:26, Duane Loftus wrote: > Here is a section of my rkhunter.log. What should I be doing about the > "warning" items? > > [20:58:22] Performing trojan specific checks > [20:58:22] Info: Starting test name 'trojans' > [20:58:22] Checking for enabled inetd services [ Skipped ] > [20:58:22] Info: Check skipped - file '/etc/inetd.conf' does not exist. > [20:58:23] > [20:58:23] Performing check for enabled xinetd services > [20:58:23] Info: Using xinetd configuration file '/etc/xinetd.conf' > [20:58:23] Checking '/etc/xinetd.conf' for enabled services [ None > found ] > [20:58:23] Found 'includedir /etc/xinetd.d' directive > [20:58:23] Checking '/etc/xinetd.d/chargen-dgram' for enabled > services [ None found ] > [20:58:23] Checking '/etc/xinetd.d/chargen-stream' for enabled > services [ None found ] > [20:58:23] Checking '/etc/xinetd.d/daytime-dgram' for enabled > services [ None found ] > [20:58:23] Checking '/etc/xinetd.d/daytime-stream' for enabled > services [ None found ] > [20:58:23] Checking '/etc/xinetd.d/discard-dgram' for enabled > services [ None found ] > [20:58:23] Checking '/etc/xinetd.d/discard-stream' for enabled > services [ None found ] > [20:58:23] Checking '/etc/xinetd.d/echo-dgram' for enabled services > [ None found ] > [20:58:23] Checking '/etc/xinetd.d/echo-stream' for enabled services > [ None found ] > [20:58:24] Checking '/etc/xinetd.d/finger' for enabled services > [ None found ] > [20:58:24] Checking '/etc/xinetd.d/ftp_psa' for enabled services > [ Warning ] > [20:58:24] Checking '/etc/xinetd.d/ntalk' for enabled services > [ None found ] > [20:58:24] Checking '/etc/xinetd.d/poppassd_psa' for enabled > services [ Warning ] *snip*
Looks like you're running Plesk, is that right? These warnings are pretty normal for Plesk setups as it uses xinetd for a number of things. You just need to add a XINETD_ALLOWED_SVC line in your rkhunter.conf for each of the services you're using, eg. XINETD_ALLOWED_SVC=/etc/xinetd.d/ftp_psa XINETD_ALLOWED_SVC=/etc/xinetd.d/poppassd_psa Of course you should check first to make sure that all of the items warned about are services you actually want to be available :) Cheers, Dave ------------------------------------------------------------------------------ _______________________________________________ Rkhunter-users mailing list Rkhunter-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/rkhunter-users