Hi John, I contacted my server hoster and they confirmed that all modules are loaded from the host system.
To my humble understanding that explains the not existing /proc/ksyms and /proc/kallsyms files as well as the empty /proc/modules and that there are no files in /lib/modules. Now I will disabel the os_specific test again and ignore the skipped test. Thanks!!! Stefan > -----Ursprüngliche Nachricht----- > Von: Stefan Wolber > Gesendet: Montag, 5. Februar 2018 13:05 > An: John Horne <john.ho...@plymouth.ac.uk>; rkhunter- > us...@lists.sourceforge.net > Betreff: AW: [Rkhunter-users] Check for Kernel Symbols skipped > > > On Mon, 2018-02-05 at 10:05 +0000, Stefan Wolber wrote: > > > Sorry to molest you but I want my system to be malware free. I > > > searched for this topic about 2 hours in the internet but couldn´t > > > find an > > answer. > > > I have a linux server at server4you (administration by Plesk) with > > > debian wheezy (7) and rkhunter 1.4.4. > > > I am little bit confused why rkhunter is skipping the checks for kernel > > > symbols like “Checking for kernel symbol 'heroin' [ Skipped > > > ]”. > > > rkhunter does that numerous times. > > > > > This is because rkhunter cannot find either the /proc/ksyms or > > /proc/kallsyms file. > > That is right, both files are missing. > My server is a virtual server. The reason for disabeling the os_specific test > (please see below) is that there is no content in /proc/modules and no files > in /lib/modules (which throws warnings in the 'os_specific' test). Could the > reason for the missing /proc/ksyms and /proc/kallsyms as well as for the > warnings in the 'os_specific' test be that there is no loadable module support > enabled in the kernel because it is a virtual server? > > > Looking at one of our Debian 7 servers, I can see that it has the > > '/proc/kallsyms' file. The test will be run for each rootkit that uses > > kernel symbols, that is why it appears so often. I can only think that > > perhaps some hardening software is preventing access to it? > > > > > I did specify in the rkhunter.conf.local DISABLE_TESTS=os_specific)? > > > > > Why? There are specific test for Linux systems, so why not run them. > > Please see above ------------------------------------------------------------------------------ Check out the vibrant tech community on one of the world's most engaging tech sites, Slashdot.org! http://sdm.link/slashdot _______________________________________________ Rkhunter-users mailing list Rkhunter-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/rkhunter-users
