> On Mon, 2018-02-05 at 10:05 +0000, Stefan Wolber wrote: > > Sorry to molest you but I want my system to be malware free. I > > searched for this topic about 2 hours in the internet but couldn´t find an > answer. > > I have a linux server at server4you (administration by Plesk) with > > debian wheezy (7) and rkhunter 1.4.4. > > I am little bit confused why rkhunter is skipping the checks for kernel > > symbols like “Checking for kernel symbol 'heroin' [ Skipped ]”. > > rkhunter does that numerous times. > > > This is because rkhunter cannot find either the /proc/ksyms or > /proc/kallsyms file.
That is right, both files are missing. My server is a virtual server. The reason for disabeling the os_specific test (please see below) is that there is no content in /proc/modules and no files in /lib/modules (which throws warnings in the 'os_specific' test). Could the reason for the missing /proc/ksyms and /proc/kallsyms as well as for the warnings in the 'os_specific' test be that there is no loadable module support enabled in the kernel because it is a virtual server? > Looking at one of our Debian 7 servers, I can see that it > has the '/proc/kallsyms' file. The test will be run for each rootkit that uses > kernel symbols, that is why it appears so often. I can only think that perhaps > some hardening software is preventing access to it? > > > I did specify in the rkhunter.conf.local DISABLE_TESTS=os_specific)? > > > Why? There are specific test for Linux systems, so why not run them. Please see above ------------------------------------------------------------------------------ Check out the vibrant tech community on one of the world's most engaging tech sites, Slashdot.org! http://sdm.link/slashdot _______________________________________________ Rkhunter-users mailing list Rkhunter-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/rkhunter-users
