> Look in the rkhunter log file, it will say why the test was skipped. I knew that I had unhide.rb but never realized that I should install the unhide package in ubuntu that contains both unhide and unhide-tcp. Sorry! I overlooked that in the log.
I realize that my previous email was way too long. Sorry for that. I'm just trying to understand, if it's not too much to ask: rkhunter now (after I installed unhide-tcp) reports: [21:08:55] Info: Starting test name 'deleted_files' [21:08:56] Checking running processes for deleted files [ Warning ] [21:08:56] Warning: The following processes are using deleted files: ... [21:08:56] Process: /sbin/dhclient PID: 3044 File: /sbin/dhclient ... [21:09:29] Info: Starting test name 'packet_cap_apps' [21:09:29] Checking for packet capturing applications [ Warning ] [21:09:29] Warning: Process '/sbin/dhclient' (PID 3044) is listening on the network. while chkrootkit is still reporting: Checking `bindshell'... INFECTED (PORTS: 4000) ... eth1: PACKET SNIFFER(/sbin/dhclient[3044]) Is there any cause for alarm, or is this a false positive?? Thanks a lot in any case, but if somebody that knows would care to comment I'd much appreciate it. Very best to everybody, Sam On Wed, Aug 21, 2013, at 19:20, John Horne wrote: > On Wed, 2013-08-21 at 18:46 +0200, Sam Ashley wrote: > > > And another question if I may: I have edited /etc/rkhunter.conf.local to > > enable all checks except "apps" and yet when I run rkhunter manually it > > says: > > Checking for hidden ports [ Skipped ] > > It seems to me it would be nice if that test were enabled but I don't > > seem to know how to make it so. > > > Look in the rkhunter log file, it will say why the test was skipped. > Probably something missing from your system. > > > > John. > > -- > John Horne, Plymouth University, UK > Tel: +44 (0)1752 587287 Fax: +44 (0)1752 587001 > > > ------------------------------------------------------------------------------ > Introducing Performance Central, a new site from SourceForge and > AppDynamics. Performance Central is your source for news, insights, > analysis and resources for efficient Application Performance Management. > Visit us today! > http://pubads.g.doubleclick.net/gampad/clk?id=48897511&iu=/4140/ostg.clktrk > _______________________________________________ > Rkhunter-users mailing list > Rkhunter-users@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/rkhunter-users -- http://www.fastmail.fm - Accessible with your email software or over the web ------------------------------------------------------------------------------ Introducing Performance Central, a new site from SourceForge and AppDynamics. Performance Central is your source for news, insights, analysis and resources for efficient Application Performance Management. Visit us today! http://pubads.g.doubleclick.net/gampad/clk?id=48897511&iu=/4140/ostg.clktrk _______________________________________________ Rkhunter-users mailing list Rkhunter-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/rkhunter-users
