On 13/02/2013, at 14.17, W Forum W <wfor...@gmail.com>
wrote:
> txs
>
> the last part I get with
> trace -p PID
>
> stat64("/usr/local/sbin/uniq", 0xbfd81c70) = -1 ENOENT (No such file or
> directory)
> stat64("/usr/local/bin/uniq", 0xbfd81c70) = -1 ENOENT (No such file or
> directory)
> stat64("/usr/sbin/uniq", 0xbfd81c70) = -1 ENOENT (No such file or
> directory)
> stat64("/usr/bin/uniq", {st_mode=S_IFREG|0755, st_size=30592, ...}) = 0
> clone(child_stack=0, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD,
> child_tidptr=0xb7620938) = 5921
> close(3) = 0
> close(-1) = -1 EBADF (Bad file descriptor)
> wait4(-1,
>
> and then its waiting forever, no idea why
Thanks for including a few lines above the "Bad file descriptor".
As you can see it looks for the uniq program. So I suggest that you read up on
what a "Bad file descriptor" means and looks in the rkhunter script, probably
/usr/bin/rkhunter and see if you can read up on what it is supposed to do right
after looking for uniq. Maybe you can spot the problem.
My version of rkhunter is 1.4.0-1 from Debian Wheezy, and as far as I know,
rkhunter was changed significantly between 1.3.x and 1.4.0, it actually lost a
feature that I used to use all the time, namely the -r ROOTDIR= option, which I
used to scan all the backups of my servers from a secured backup server.
Occasionally I also used to boot up from a linux rescue CD and run rkhunter on
the servers. Therefore I do not think it helps you much that I look in my
1.4.0-1 version how it uses uniq.
JonB
------------------------------------------------------------------------------
Free Next-Gen Firewall Hardware Offer
Buy your Sophos next-gen firewall before the end March 2013
and get the hardware for free! Learn more.
http://p.sf.net/sfu/sophos-d2d-feb
_______________________________________________
Rkhunter-users mailing list
Rkhunter-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/rkhunter-users
