Sorry - I was out on travel. I'll see about getting a full log with debug. It
will have to be next week, though.
Thanks!
Robert
On Jul 15, 2010, at 12:18 PM, Mike McCarty wrote:
> John Horne wrote:
>> On Wed, 2010-07-14 at 21:05 -0500, Mike McCarty wrote:
>>> Robert Fields wrote:
>>>> Does anyone know what would cause rkhunter to actually execute the
>>>> commands for all the system binaries and scripts it checks?
>>>>
>>>> I had never seen this behavior before but a coworker showed it to me
>>>> in the rkhunter.log file on a machine she admins.
>>>>
>>>> For example:
>>>>
>>>> [05:10:06] /sbin/lsmod [Warning]
>>>> [05:10:06] Warning: The file properties have changed:
>>>> [05:10:06] File: /sbin/lsmod
>>>> [05:10:06] Current hash: Module
>>>> ipv6
>>>> nf_conntrack_ipv4
>>> These entries are warning you that the properties of the executable
>>> file have changed in some way, not that it ran the program.
>>>
>> But the output certainly looks as if the program ran. The 'lsmod'
>> command starts with a header line containing 'Module', and 'ipv6' and
>> 'nf_conntrack_ipv4' are certainly module names.
>
> Hmm. You are right, and That's Puzzling.
>
>> What I would like to see is the rkhunter log file for this, or better
>> still output from a run when the '--debug' was used.
>>
>> I have looked through the code but cannot see how such output could be
>> produced.
>
> Weird. That would be interesting to see, indeed.
>
> Mike
> --
> p="p=%c%s%c;main(){printf(p,34,p,34);}";main(){printf(p,34,p,34);}
> Oppose globalization and One World Governments like the UN.
> This message made from 100% recycled bits.
> You have found the bank of Larn.
> I speak only for myself, and I am unanimous in that!
>
> ------------------------------------------------------------------------------
> This SF.net email is sponsored by Sprint
> What will you do first with EVO, the first 4G phone?
> Visit sprint.com/first -- http://p.sf.net/sfu/sprint-com-first
> _______________________________________________
> Rkhunter-users mailing list
> Rkhunter-users@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/rkhunter-users
>
------------------------------------------------------------------------------
This SF.net email is sponsored by Sprint
What will you do first with EVO, the first 4G phone?
Visit sprint.com/first -- http://p.sf.net/sfu/sprint-com-first
_______________________________________________
Rkhunter-users mailing list
Rkhunter-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/rkhunter-users
