I’m not seeing any “Errors" there, just “Warnings.” 

Every time you update your system, you should run rkhunter to see what has 
changed (“The file properties have changed”). After you are satisfied that 
those files were properly updated, run 
sudo rkhunter —propupd 
to store the new file properties for comparison the next time you check.

Is /usr/bin/wp-request supposed to be a Perl script with your platform? If so, 
then you can whitelist it and not see the warning next time.

Is it OK for SSH root access to be allowed on your system? If so, then 
configure rkhunter to match. If not then change your system configuration to 
disallow.

Is it OK for /etc/.java to be a hidden file or was it placed there 
surreptitiously?

-Al-

On Sun, Sep 18, 2016 at 10:10 PM, kel kintz wrote:
> root@kali:~# grep Warning /var/log/rkhunter.log
> [23:59:39] Warning: Checking for prerequisites               [ Warning ]
> [23:59:44]   /usr/bin/diff                                   [ Warning ]
> [23:59:44] Warning: The file properties have changed:
> [23:59:44]   /usr/bin/dpkg                                   [ Warning ]
> [23:59:44] Warning: The file properties have changed:
> [23:59:45]   /usr/bin/dpkg-query                             [ Warning ]
> [23:59:45] Warning: The file properties have changed:
> [23:59:47]   /usr/bin/perl                                   [ Warning ]
> [23:59:47] Warning: The file properties have changed:
> [23:59:51]   /usr/bin/lwp-request                            [ Warning ]
> [23:59:51] Warning: The command '/usr/bin/lwp-request' has been replaced by a 
> script: /usr/bin/lwp-request: Perl script text executable
> [23:59:59]   /bin/sed                                        [ Warning ]
> [23:59:59] Warning: The file properties have changed:
> [00:01:36]   Checking if SSH root access is allowed          [ Warning ]
> [00:01:36] Warning: The SSH and rkhunter configuration options should be the 
> same:
> [00:01:39]   Checking for hidden files and directories       [ Warning ]
> [00:01:39] Warning: Hidden directory found: /etc/.java
> 
> 
> root@kali:~# grep -i Warning /var/log/rkhunter.log
> [23:59:34] Info: No mail-on-warning address configured
> [23:59:35] Info: Using syslog for some logging - facility/priority level is 
> 'authpriv.warning'.
> [23:59:39] Warning: Checking for prerequisites               [ Warning ]
> [23:59:44]   /usr/bin/diff                                   [ Warning ]
> [23:59:44] Warning: The file properties have changed:
> [23:59:44]   /usr/bin/dpkg                                   [ Warning ]
> [23:59:44] Warning: The file properties have changed:
> [23:59:45]   /usr/bin/dpkg-query                             [ Warning ]
> [23:59:45] Warning: The file properties have changed:
> [23:59:47]   /usr/bin/perl                                   [ Warning ]
> [23:59:47] Warning: The file properties have changed:
> [23:59:51]   /usr/bin/lwp-request                            [ Warning ]
> [23:59:51] Warning: The command '/usr/bin/lwp-request' has been replaced by a 
> script: /usr/bin/lwp-request: Perl script text executable
> [23:59:59]   /bin/sed                                        [ Warning ]
> [23:59:59] Warning: The file properties have changed:
> [00:01:36]   Checking if SSH root access is allowed          [ Warning ]
> [00:01:36] Warning: The SSH and rkhunter configuration options should be the 
> same:
> [00:01:39]   Checking for hidden files and directories       [ Warning ]
> [00:01:39] Warning: Hidden directory found: /etc/.java
> 
> 
> winds 7 professional 64 bit 
> Microsoft dream-spark

Attachment: smime.p7s
Description: S/MIME cryptographic signature

------------------------------------------------------------------------------
_______________________________________________
Rkhunter-users mailing list
Rkhunter-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/rkhunter-users

Reply via email to