On Tue, 08 Jun 2010 03:11:51 +0200 Duane Loftus <bu...@loftusweb.com> wrote: >1. How do I fix the skdet / rkhunter.dat issue? Should be added running 'rkhunter --propupd' *after* moving the binary to /usr/local/(s)bin/, which is where local system additions should live FSSTND/LFS-wise. The config warning ditto, if it doesn't add a line "USER_FILEPROP_FILES_DIRS=/etc/rkhunter.conf" to your rkhunter.conf(.local).
>2. What should I do about the Suckit Rootkit warning (or is it related to # 1 above? Not related. The Suckit Rookit additional checks comprise of: 0) checking hard link count on '/sbin/init', 1) checking for hidden file extensions and 2) running 'skdet'. >3. What the heck are all the [invisible] statements? That depends: 0) if the PIDs exist and belong to valid, regular processes ('lsof - Pwnp $PID') then that may be a problem with 'skdet', 1) if the PIDs no longer exist (short-lived processes) then you might not be able to trace them back (to conclude they are a problem with 'skdet'), 2) if the PIDs belong to unknown processes then please list details: see 'lsof'. Also maybe check with 'unhide' (http://www.security-projects.com/?Unhide). * I don't remember your host details so please post your full distribution, release version, kernel version, (para- )virtualization used (if any) in your reply. And if you want to list process details then please *attach* as plain text file. Best regards, unSpawn -- ------------------------------------------------------------------------------ ThinkGeek and WIRED's GeekDad team up for the Ultimate GeekDad Father's Day Giveaway. ONE MASSIVE PRIZE to the lucky parental unit. See the prize list and enter to win: http://p.sf.net/sfu/thinkgeek-promo _______________________________________________ Rkhunter-users mailing list Rkhunter-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/rkhunter-users