Hallo, Chris,
Du meintest am 10.07.10:
> After upgrading to Mandriva 2010.1 yesterday I ran rkhunter --propupd
> since I'm sure a lot of files were changed. I still got the usual
> "please check your system as it may be infected" this morning after
> the rkhunter cronjob was ran. I got to looking at the log this
> evening and noticed:
> /usr/sbin/rkhunter [ Warning ]
> Warning: The command '/usr/sbin/rkhunter' has been replaced and is
> not a script: /usr/sbin/rkhunter: a /bin/sh script text executable
Here (Slackware 13, rkhunter 1.3.6)
which -a rkhunter
only shows
/usr/bin/rkhunter
#
ls -l $(which rkhunter)
shows
... root root 425608 29. Nov 2009 /usr/bin/rkhunter
#
file $(which rkhunter)
shows
/usr/bin/rkhunter: POSIX shell script text executable
Maybe the Mandriva packet uses another path for "rkhunter": that's no
problem.
> Checking for string 'hdparm' [ Warning ]
> Warning: Checking for possible rootkit strings [ Warning ]
> Found string 'hdparm' in file '/etc/rc.d/init.d/bootlogd'. Possible
> rootkit: Xzibit Rootkit
> Found string 'hdparm' in file '/etc/rc.d/rc.sysinit'. Possible
> rootkit: Xzibit Rootkit
That's perhaps a false alarm - using "hdparm" in these files is allowed.
Viele Gruesse!
Helmut
------------------------------------------------------------------------------
This SF.net email is sponsored by Sprint
What will you do first with EVO, the first 4G phone?
Visit sprint.com/first -- http://p.sf.net/sfu/sprint-com-first
_______________________________________________
Rkhunter-users mailing list
Rkhunter-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/rkhunter-users
