I’m not seeing any “Errors" there, just “Warnings.” Every time you update your system, you should run rkhunter to see what has changed (“The file properties have changed”). After you are satisfied that those files were properly updated, run sudo rkhunter —propupd to store the new file properties for comparison the next time you check.
Is /usr/bin/wp-request supposed to be a Perl script with your platform? If so, then you can whitelist it and not see the warning next time. Is it OK for SSH root access to be allowed on your system? If so, then configure rkhunter to match. If not then change your system configuration to disallow. Is it OK for /etc/.java to be a hidden file or was it placed there surreptitiously? -Al- On Sun, Sep 18, 2016 at 10:10 PM, kel kintz wrote: > root@kali:~# grep Warning /var/log/rkhunter.log > [23:59:39] Warning: Checking for prerequisites [ Warning ] > [23:59:44] /usr/bin/diff [ Warning ] > [23:59:44] Warning: The file properties have changed: > [23:59:44] /usr/bin/dpkg [ Warning ] > [23:59:44] Warning: The file properties have changed: > [23:59:45] /usr/bin/dpkg-query [ Warning ] > [23:59:45] Warning: The file properties have changed: > [23:59:47] /usr/bin/perl [ Warning ] > [23:59:47] Warning: The file properties have changed: > [23:59:51] /usr/bin/lwp-request [ Warning ] > [23:59:51] Warning: The command '/usr/bin/lwp-request' has been replaced by a > script: /usr/bin/lwp-request: Perl script text executable > [23:59:59] /bin/sed [ Warning ] > [23:59:59] Warning: The file properties have changed: > [00:01:36] Checking if SSH root access is allowed [ Warning ] > [00:01:36] Warning: The SSH and rkhunter configuration options should be the > same: > [00:01:39] Checking for hidden files and directories [ Warning ] > [00:01:39] Warning: Hidden directory found: /etc/.java > > > root@kali:~# grep -i Warning /var/log/rkhunter.log > [23:59:34] Info: No mail-on-warning address configured > [23:59:35] Info: Using syslog for some logging - facility/priority level is > 'authpriv.warning'. > [23:59:39] Warning: Checking for prerequisites [ Warning ] > [23:59:44] /usr/bin/diff [ Warning ] > [23:59:44] Warning: The file properties have changed: > [23:59:44] /usr/bin/dpkg [ Warning ] > [23:59:44] Warning: The file properties have changed: > [23:59:45] /usr/bin/dpkg-query [ Warning ] > [23:59:45] Warning: The file properties have changed: > [23:59:47] /usr/bin/perl [ Warning ] > [23:59:47] Warning: The file properties have changed: > [23:59:51] /usr/bin/lwp-request [ Warning ] > [23:59:51] Warning: The command '/usr/bin/lwp-request' has been replaced by a > script: /usr/bin/lwp-request: Perl script text executable > [23:59:59] /bin/sed [ Warning ] > [23:59:59] Warning: The file properties have changed: > [00:01:36] Checking if SSH root access is allowed [ Warning ] > [00:01:36] Warning: The SSH and rkhunter configuration options should be the > same: > [00:01:39] Checking for hidden files and directories [ Warning ] > [00:01:39] Warning: Hidden directory found: /etc/.java > > > winds 7 professional 64 bit > Microsoft dream-spark
smime.p7s
Description: S/MIME cryptographic signature
------------------------------------------------------------------------------
_______________________________________________ Rkhunter-users mailing list Rkhunter-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/rkhunter-users
