On Tue, 2011-09-20 at 12:47 +0200, Daniel Polombo wrote: > Le 20 sept. 2011 à 12:03, John Horne a écrit : > > On Mon, 2011-09-19 at 16:46 +0200, dan...@polombo.fr wrote: > >> Greetings, > >> > >> I've been testing Rootkit Hunter 1.3.8 on a handful of Solaris 10 > >> (x86) servers, and I have an interesting problem. While running the > >> script manually (rkhunter --check --rwo --sk), everything works as > >> expected. However, when running a check via crontab, I get errors about > >> files that don't exist on the system though they are in the rkhunter.dat > >> files. > >> > > Hello, > > > > I would very much first check that you only have one version of rkhunter > > on the system(s). Use something like glocate (just 'locate' or mlocate, > > slocate on other systems). It sounds like your cron system is picking up > > one version of RKH, whereas when run interactively you are getting a > > different one (or the same version but different data files). > > > There's only one version, which I packaged and installed very recently. > There was no RKH install before that. > Hello,
Okay, in which case I would suspect that the PATH used when run via cron is different from when used interactively. As such if you ran 'rkhunter --propupd' interactively, then some files may well be reported as present or missing from the system. If you are using 'sudo', then maybe using 'sudo su -' will give you the same PATH as used by cron. The '--nocolors' option simply suppresses showing the colour escape codes in the output. John. -- John Horne, University of Plymouth, UK Tel: +44 (0)1752 587287 Fax: +44 (0)1752 587001 ------------------------------------------------------------------------------ All the data continuously generated in your IT infrastructure contains a definitive record of customers, application performance, security threats, fraudulent activity and more. Splunk takes this data and makes sense of it. Business sense. IT sense. Common sense. http://p.sf.net/sfu/splunk-d2dcopy1 _______________________________________________ Rkhunter-users mailing list Rkhunter-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/rkhunter-users
