On Tue, 16 Jun 2020, vze1amckv--- via Rkhunter-users wrote: > [22:28:06] Info: Starting test name 'passwd_changes' > [22:28:06] Checking for passwd file changes [ Warning ] > [22:28:07] Warning: User 'tcpdump' has been added to the passwd file. > [22:28:07] > > I haven't installed tcpdump recently. Is there any other reason why a > "tcpdump" user would be created? For example do you know what other common > software might have tcpdump bundled with it?
Most of this should already be covered in the FAQ: https://sourceforge.net/p/rkhunter/rkh_code/ci/master/tree/files/FAQ Especially 3.1, "Rootkit Hunter tells me there is something wrong with my system. What do I do?" We don't know anything about your system and can't tell what caused the additional "tcpdump" user to be created. Better consult your logs and install/update scripts to find out if this is a benign addition or not. Good luck, C. -- BOFH excuse #104: backup tape overwritten with copy of system manager's favourite CD _______________________________________________ Rkhunter-users mailing list Rkhunter-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/rkhunter-users
