This morning rkhunter detected a hidden process. I'm guessing it was a false positive but I wanted to try to be sure. I had been using LibreOffice (in ubuntu studio 12.10) when rkhunter ran. I had the idea to test by running rkhunter again with LibreOffice not running. No hidden processes were detected. Then to double check I again ran rkhunter, this time with LibreOffice again running, but this time no hidden processes were detected. Maybe it's important to mention that rkhunter is using unhide.rb for this test instead of unhide.
Anyway, when I then looked at the rkhunter logs, the original log entries were missing! That is, rkhunter.log had had entries for 9:23 AM onward, which made sense, but now when I look there's no entry earlier than [10:01:47]. rkhunter.log.old has entries starting at [09:57:50]. I have rkhunter configured to create logs with date stamps, but I unfortunately prematurely deleted those, since till now it always seemed that the entries in those logs were duplicated in rkhunter.log. Does the log output of rkhunter accumulate in rkhunter.log only when there are no (potential) problems, or, what is the difference between what's being logged in the date stamped logs vs rkhunter.log?? Unfortunately I'm now unable to look up the exact warning that rkhunter had given. best, sam -- http://www.fastmail.fm - Does exactly what it says on the tin ------------------------------------------------------------------------------ HPCC Systems Open Source Big Data Platform from LexisNexis Risk Solutions Find What Matters Most in Your Big Data with HPCC Systems Open Source. Fast. Scalable. Simple. Ideal for Dirty Data. Leverages Graph Analysis for Fast Processing & Easy Data Exploration http://p.sf.net/sfu/hpccsystems _______________________________________________ Rkhunter-users mailing list Rkhunter-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/rkhunter-users
