On Sat, 2011-08-27 at 22:31 -0700, Wolfram Volpi wrote: > > 1) After I created a rkhunter.conf.local file, I attempted to config-check: > rkhunter --config-check > Invalid option specified: --config-check > rkhunter -C > Invalid option specified: -C > What version of rkhunter are you running? (Use 'rkhunter --version'). The above options are only valid from version 1.3.8 onwards (and if you are running an earlier version then I would suggest upgrading).
> > 2) Should I run Rootkit Hunter with the --propupd option every time, or just > the first time? > You need to run it before using rkhunter the first time. After that if rkhunter (RKH) gives you warnings about commands that have changed, then you need to check whether the changes are genuine or not (that is, have they been, for example, made by automatic patching, or has someone hacked into your system?) If you are happy that the changes are valid, then run 'rkhunter --propupd' to ensure that the same changes are not reported again. > 3) I am the only user of my home PC; does it make sense to run > rkhunter if no software was installed since the last run of Rootkit > Hunter? Or should I just run Rootkit Hunter after I install some > software? > You need to run RKH on a regular basis. Via cron is a possibility. RKH is used to detect changes, and possibly mis-configurations, made to your system. These changes may occur whilst your PC is up and running, but if you only run RKH after *you* have installed something then you may not be aware of the changes for some time. If the change is that someone has hacked into your PC, then your PC will have been compromised for potentially a long time. (Before you ask, I run RKH once an hour.) John. -- John Horne, University of Plymouth, UK Tel: +44 (0)1752 587287 Fax: +44 (0)1752 587001 ------------------------------------------------------------------------------ EMC VNX: the world's simplest storage, starting under $10K The only unified storage solution that offers unified management Up to 160% more powerful than alternatives and 25% more efficient. Guaranteed. http://p.sf.net/sfu/emc-vnx-dev2dev _______________________________________________ Rkhunter-users mailing list Rkhunter-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/rkhunter-users
