Hello, I'm using rkhunter v1.4.2 on macOS, installed via Homebrew. Before I had run rkhunter (after --propupd) and wouldn't receive any warnings, but now I keep receiving these warnings even after --propupd.
The files listed as being replaced by a script do not appear different on a VM of macOS I installed fresh. Also, the promiscuous interfaces were never identified in the past: en1 and en2 (currently unused), and awdl0 (which is an Apple interface for AirDrop I believe). Here are the warnings: 1 - Warning: The command '/usr/bin/fuser' has been replaced by a script: /usr/bin/fuser: a /usr/bin/perl -w script text executable, ASCII text Warning: The command '/usr/bin/whatis' has been replaced by a script: /usr/bin/whatis: POSIX shell script text executable, ASCII text Warning: The command '/usr/bin/shasum' has been replaced by a script: /usr/bin/shasum: a /usr/bin/perl script text executable, ASCII text 2 - Warning: Checking for possible rootkit strings [ Warning ] No system startup files found. 3 - Warning: Possible promiscuous interfaces 4 - Warning: No system startup files found. I had attempted to --propupd multiple times, --update and -C before running as privileged user. This is the result from --propupd: "File updated: searched for 166 files, found 98" Unsure if this is related to performing several hardening procedures (none of which should have affected these warnings, that I'm aware of) or from using Homebrew and/or RubyGems/Bundle. Thanks, -Mark ------------------------------------------------------------------------------ Check out the vibrant tech community on one of the world's most engaging tech sites, SlashDot.org! http://sdm.link/slashdot _______________________________________________ Rkhunter-users mailing list Rkhunter-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/rkhunter-users