On Mon, 2011-07-18 at 15:34 +0000, Rick wrote: > Has this been resolved? > Difficult to say. The problem was reported earlier this year and I haven't kept email msgs from that far back. I can see nothing having been done to RKH in respect to 'fixing' this, so I am more inclined to believe that the problem was fixed by the user using existing means.
> I have the exact same issue. > >From what I can determine the problem is to do with the file properties test, and that the cron job running RKH uses a PATH which includes /etc and as such RKH sees /etc/passwd as a command (and so to be checked). But when the user runs 'rkhunter --propupd' his PATH doesn't include /etc and so /etc/passwd is not recorded in the rkhunter.dat file. You could try adding: USER_FILEPROP_FILES_DIRS="/etc/passwd" to your config file. RKH should then always see the file regardless of the PATH. However, you will get warnings whenever someone changes something in the passwd file. Alternatively try adding: EXISTWHITELIST="/etc/passwd" This will cause the file to be monitored if it exists (and is in the PATH), but will not issue a warning if the file subsequently does not exist. (I assume that if someone deletes your /etc/passwd file then you have other measures on the system which will detect this!) The /etc/passwd file is not usually monitored by RKH as part of the file properties check, so the EXISTWHITELIST should be safe. The file will still be checked as part of the password and groups file checks to see if users entries have changed or not. John. -- John Horne, University of Plymouth, UK Tel: +44 (0)1752 587287 Fax: +44 (0)1752 587001 ------------------------------------------------------------------------------ Storage Efficiency Calculator This modeling tool is based on patent-pending intellectual property that has been used successfully in hundreds of IBM storage optimization engage- ments, worldwide. Store less, Store more with what you own, Move data to the right place. Try It Now! http://www.accelacomm.com/jaw/sfnl/114/51427378/ _______________________________________________ Rkhunter-users mailing list Rkhunter-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/rkhunter-users
