Just to add my 2c, I'm seeing something similar. I recently set up a new
virtual server, and I get regular warnings of the form:
Warning: No output found from the lsmod command
or the /proc/modules file:
/proc/modules output:
lsmod output:
I believe that this test is part of 'os_specific'.
What's interesting is how it seems to vary from vendor to vendor. This
is an Ubuntu host on Linode; an equivalent server hosted on Digital
Ocean does not throw these warnings. The two servers are, at least as
far as I have any control over the configuration, identically-configured.
So this is a +1 for the theory that different vendors do things
differently, and that this can lead to different results where rkhunter
is concerned.
Angus
Stefan Wolber wrote:
Hi John,
I contacted my server hoster and they confirmed that all modules are loaded
from the host system.
To my humble understanding that explains the not existing /proc/ksyms and
/proc/kallsyms files as well as the empty /proc/modules and that there are no
files in /lib/modules. Now I will disabel the os_specific test again and
ignore the skipped test.
Thanks!!!
Stefan
-----Ursprüngliche Nachricht-----
Von: Stefan Wolber
Gesendet: Montag, 5. Februar 2018 13:05
An: John Horne<john.ho...@plymouth.ac.uk>; rkhunter-
us...@lists.sourceforge.net
Betreff: AW: [Rkhunter-users] Check for Kernel Symbols skipped
On Mon, 2018-02-05 at 10:05 +0000, Stefan Wolber wrote:
Sorry to molest you but I want my system to be malware free. I
searched for this topic about 2 hours in the internet but couldn´t
find an
answer.
I have a linux server at server4you (administration by Plesk) with
debian wheezy (7) and rkhunter 1.4.4.
I am little bit confused why rkhunter is skipping the checks for kernel
symbols like “Checking for kernel symbol 'heroin' [ Skipped ]”.
rkhunter does that numerous times.
This is because rkhunter cannot find either the /proc/ksyms or
/proc/kallsyms file.
That is right, both files are missing.
My server is a virtual server. The reason for disabeling the os_specific test
(please see below) is that there is no content in /proc/modules and no files
in /lib/modules (which throws warnings in the 'os_specific' test). Could the
reason for the missing /proc/ksyms and /proc/kallsyms as well as for the
warnings in the 'os_specific' test be that there is no loadable module support
enabled in the kernel because it is a virtual server?
Looking at one of our Debian 7 servers, I can see that it has the
'/proc/kallsyms' file. The test will be run for each rootkit that uses
kernel symbols, that is why it appears so often. I can only think that
perhaps some hardening software is preventing access to it?
I did specify in the rkhunter.conf.local DISABLE_TESTS=os_specific)?
Why? There are specific test for Linux systems, so why not run them.
Please see above
------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________
Rkhunter-users mailing list
Rkhunter-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/rkhunter-users
------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________
Rkhunter-users mailing list
Rkhunter-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/rkhunter-users
