dear List, i have recently moved to SuSE 12.2 Tumbleweed [continuous
distro-update]
- and am now getting rkhunter errors which hopefully are false positives?? :
..........................................
Warning: The O/S name or version has changed since the last run:
Old O/S value: NAME=openSUSE New value: openSUSE 12.2 (i586)
Because of the change(s) the file properties checks may give
some false-positive results.
You may need to re-run rkhunter with the '--propupd' option.
Warning: WARNING! It is the users responsibility to ensure that when the
'--propupd' option
is used, all the files on their system are known to be
genuine, and installed from a
reliable source. The rkhunter '--check' option will compare
the current file properties
against previously stored values, and report if any values
differ. However, rkhunter
cannot determine what has caused the change, that is for the
user to do.
Warning: Package manager verification has failed:
File: /etc/rkhunter.conf
The file hash value has changed
The file size has changed
The file modification time has changed
Warning: The following processes are using suspicious files:
Command: cron
UID: 0 PID: 3178
Pathname: /etc/crontab
Possible Rootkit: Unknown rootkit
Command: cron
UID: 0 PID: 18243
Pathname: /etc/crontab
Possible Rootkit: Unknown rootkit
Command: egrep
UID: 0 PID: 15236
Pathname: /etc/crontab
Possible Rootkit: Unknown rootkit
Command: rkhunter
UID: 0 PID: 19414
Pathname: /etc/crontab
Possible Rootkit: Unknown rootkit
Command: run-crons
UID: 0 PID: 18245
Pathname: /etc/crontab
Possible Rootkit: Unknown rootkit
Command: sh
UID: 0 PID: 18244
Pathname: /etc/crontab
Possible Rootkit: Unknown rootkit
Command: sort
UID: 0 PID: 15237
Pathname: /etc/crontab
Possible Rootkit: Unknown rootkit
Command: suse.de-rkhunte
UID: 0 PID: 19411
Pathname: /etc/crontab
Possible Rootkit: Unknown rootkit
Command: uniq
UID: 0 PID: 15238
Pathname: /etc/crontab
Possible Rootkit: Unknown rootkit
Warning: Suspicious file types found in /dev:
/dev/.sysconfig/network/started-remotefs: ASCII text
/dev/.sysconfig/network/ifup-eth0: ASCII text
/dev/.sysconfig/network/if-eth0: ASCII text
/dev/.sysconfig/network/config-eth0: ASCII text
/dev/.sysconfig/network/ifup-lo: ASCII text
/dev/.sysconfig/network/if-lo: ASCII text
/dev/.sysconfig/network/config-lo: ASCII text
/dev/.sysconfig/network/started: ASCII text
/dev/.sysconfig/network/new-stamp-2: ASCII text
Warning: Hidden directory found: '/dev/.sysconfig'
...................................................
Please opine : Is this a threat, OR, false-positive??
................
thanks
Anna
------------------------------------------------------------------------------
How fast is your code?
3 out of 4 devs don\\\'t know how their code performs in production.
Find out how slow your code is with AppDynamics Lite.
http://ad.doubleclick.net/clk;262219672;13503038;z?
http://info.appdynamics.com/FreeJavaPerformanceDownload.html
_______________________________________________
Rkhunter-users mailing list
Rkhunter-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/rkhunter-users
