Le 20 sept. 2011 à 12:03, John Horne a écrit : > On Mon, 2011-09-19 at 16:46 +0200, dan...@polombo.fr wrote: >> Greetings, >> >> I've been testing Rootkit Hunter 1.3.8 on a handful of Solaris 10 >> (x86) servers, and I have an interesting problem. While running the >> script manually (rkhunter --check --rwo --sk), everything works as >> expected. However, when running a check via crontab, I get errors about >> files that don't exist on the system though they are in the rkhunter.dat >> files. >> > Hello, > > I would very much first check that you only have one version of rkhunter > on the system(s). Use something like glocate (just 'locate' or mlocate, > slocate on other systems). It sounds like your cron system is picking up > one version of RKH, whereas when run interactively you are getting a > different one (or the same version but different data files).
There's only one version, which I packaged and installed very recently. There was no RKH install before that. I also checked for duplicate config files, but there's only one, the /etc/rkhunter.conf file - and the whitelisting declared in that file is correctly applied whether running through the command line or as a cron job. I've made a very slight change to the job, I wasn't using the --cronjob option. I doubt the --nocolors will change anything, but it's worth a try. -- Daniel ------------------------------------------------------------------------------ All the data continuously generated in your IT infrastructure contains a definitive record of customers, application performance, security threats, fraudulent activity and more. Splunk takes this data and makes sense of it. Business sense. IT sense. Common sense. http://p.sf.net/sfu/splunk-d2dcopy1 _______________________________________________ Rkhunter-users mailing list Rkhunter-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/rkhunter-users
