Hello,
I'm using rkhunter v1.4.2 on macOS, installed via Homebrew. Before I had
run rkhunter (after --propupd) and wouldn't receive any warnings, but
now I keep receiving these warnings even after --propupd.
The files listed as being replaced by a script do not appear different
on a VM of macOS I installed fresh. Also, the promiscuous interfaces
were never identified in the past: en1 and en2 (currently unused), and
awdl0 (which is an Apple interface for AirDrop I believe). Here are the
warnings:
1 - Warning: The command '/usr/bin/fuser' has been replaced by a script:
/usr/bin/fuser: a /usr/bin/perl -w script text executable, ASCII text
Warning: The command '/usr/bin/whatis' has been replaced by a script:
/usr/bin/whatis: POSIX shell script text executable, ASCII text
Warning: The command '/usr/bin/shasum' has been replaced by a script:
/usr/bin/shasum: a /usr/bin/perl script text executable, ASCII text
2 - Warning: Checking for possible rootkit strings [ Warning ]
No system startup files found.
3 - Warning: Possible promiscuous interfaces
4 - Warning: No system startup files found.
I had attempted to --propupd multiple times, --update and -C before
running as privileged user. This is the result from --propupd:
"File updated: searched for 166 files, found 98"
Unsure if this is related to performing several hardening procedures
(none of which should have affected these warnings, that I'm aware of)
or from using Homebrew and/or RubyGems/Bundle.
Thanks,
-Mark
------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, SlashDot.org! http://sdm.link/slashdot
_______________________________________________
Rkhunter-users mailing list
Rkhunter-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/rkhunter-users
