Re: [Rkhunter-users] Rkhunter warnings on Ubuntu 12.04
rj_sew...@hotmail.com wrote: I am running Ubuntu 12.04.2 LTS on a dedicated web server. I just upgraded my Rkhunter install to 1.4.0, set up the conf file, ran --propud and then ran a check. Below are the warnings that appear in the log file. Does any of this look like something anyone has seen before? Please forgive me if any of these have been answered previously unsp...@hushmail.com wrote All are common concerns addressed previously. Efficiency-wise it would be good to start by reading the README, the FAQ, reviewing the comments in rkhunter.conf and maybe even search the rkhunter- users mailing list archive. I was actually looking to see if this could be a specific pattern which may have been an indication of a broader problem. However, at this point I will assume that all of these warnings are a result of Rkhunter running on Ubuntu, and specifically on 12.04, and that the standing recommendation is to whitelist all of the below: /usr/sbin/adduser /usr/bin/ldd /usr/bin/unhide.rb /usr/bin/lwp-request /bin/which /dev/.blkid.tab /dev/.initramfs Thanks, Ralph -- Precog is a next-generation analytics platform capable of advanced analytics on semi-structured data. The platform includes APIs for building apps and a phenomenal toolset for data science. Developers can use our toolset for easy data analysis visualization. Get a free account! http://www2.precog.com/precogplatform/slashdotnewsletter___ Rkhunter-users mailing list Rkhunter-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/rkhunter-users
Re: [Rkhunter-users] RKHunter warning: file does not exist
In rkhunter.conf the following line appears to specify where RKHunter expects the executables to be: BINDIR=/bin /usr/bin /sbin /usr/sbin By default this is commented out, and rkhunter will work out what PATH to use. I suggest you comment this out again. So, the final resolution to this issue is that I included /usr/local/bin in the BINDIR directive above.BINDIR=/bin /usr/bin /sbin /usr/sbin /usr/local/bin and now RKHunter does not throw the warnings as before. Commenting it out would be another possibility. Ralph John. -- John Horne, Plymouth University, UK Tel: +44 (0)1752 587287Fax: +44 (0)1752 587001 -- All the data continuously generated in your IT infrastructure contains a definitive record of customers, application performance, security threats, fraudulent activity and more. Splunk takes this data and makes sense of it. Business sense. IT sense. Common sense. http://p.sf.net/sfu/splunk-d2d-oct ___ Rkhunter-users mailing list Rkhunter-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/rkhunter-users -- All the data continuously generated in your IT infrastructure contains a definitive record of customers, application performance, security threats, fraudulent activity and more. Splunk takes this data and makes sense of it. Business sense. IT sense. Common sense. http://p.sf.net/sfu/splunk-d2d-oct___ Rkhunter-users mailing list Rkhunter-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/rkhunter-users
[Rkhunter-users] RKHunter warning: file does not exist
Dear All: I recently upgraded my RKHunter to 1.3.8 and I think I finally managed to get it configured properly. Today I received a warning that says: Warning: The file '/usr/local/bin/curl' does not exist on the system, but it is present in the rkhunter.dat file. Warning: The file '/usr/local/bin/rkhunter' does not exist on the system, but it is present in the rkhunter.dat file. I went to the server in question and verified that these two files are indeed on the system. ls -al /usr/local/bin/rkhunter-rwxr-x--- 1 root root 496564 2011-10-04 09:35 /usr/local/bin/rkhunterls -al /usr/local/bin/curl-rwxr-xr-x 1 root root 250823 2010-02-16 15:58 /usr/local/bin/curl Any idea why this is reporting that they are not present? Thanks in advance,Ralph -- All the data continuously generated in your IT infrastructure contains a definitive record of customers, application performance, security threats, fraudulent activity and more. Splunk takes this data and makes sense of it. Business sense. IT sense. Common sense. http://p.sf.net/sfu/splunk-d2d-oct___ Rkhunter-users mailing list Rkhunter-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/rkhunter-users
Re: [Rkhunter-users] RKHunter warning: file does not exist
John: OK, I see in the conf file this line: INSTALLDIR=/usr/local If this means that it wants rkhunter to be there, this could be the problem. No, that is fine. I don't see a PATH indicated in the log file: This is the line: [03:05:03] Info: Using '/sbin /bin /usr/sbin /usr/bin' as the command directories In rkhunter.conf the following line appears to specify where RKHunter expects the executables to be:BINDIR=/bin /usr/bin /sbin /usr/sbin So, I would think that modifying this to:BINDIR=/bin /usr/bin /sbin /usr/sbin /usr/local/binshould solve this problem. As can be seen it is not looking /usr/local/bin and so won't find the /usr/local/bin/rkhunter command. You need to either: 1) Run 'rkhunter --propupd' with the PATH the same as above, 2) or modify your root PATH to include /usr/local/bin. By root PATH do you mean the OS PATH or that specified in the conf file as above? It looks like /usr/local/bin is already in the OS system path: echo $PATH/usr/lib64/qt-3.3/bin:/usr/kerberos/bin:/usr/lib64/ccache:/usr/local/bin:/bin:/usr/bin:/usr/local/sbin:/usr/sbin:/sbin Ralph John. -- John Horne Tel: +44 (0)1752 587287 Plymouth University, UK Fax: +44 (0)1752 587001 -- John Horne Tel: +44 (0)1752 587287 Plymouth University, UK Fax: +44 (0)1752 587001 -- All the data continuously generated in your IT infrastructure contains a definitive record of customers, application performance, security threats, fraudulent activity and more. Splunk takes this data and makes sense of it. Business sense. IT sense. Common sense. http://p.sf.net/sfu/splunk-d2d-oct___ Rkhunter-users mailing list Rkhunter-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/rkhunter-users
Re: [Rkhunter-users] RKHunter warning: file does not exist
John: I am not sure what kicked out this error. Nor do I know who kbbs.mana...@gmail.com refers to. BTW, is it possible to change my email address in this mailing list? If so, how? thanks,Ralph Subject: RE: [Rkhunter-users] RKHunter warning: file does not exist From: john.ho...@plymouth.ac.uk To: rj_sew...@hotmail.com Date: Wed, 12 Oct 2011 17:02:17 +0100 Your 'reply-to' email address does not exist: = A message that you sent could not be delivered to all of its recipients. The following address(es) failed: kbbs.mana...@gmail.com SMTP error from remote mail server after RCPT TO:kbbs.mana...@gmail.com: host gmail-smtp-in.l.google.com [209.85.143.26]: 550-5.1.1 The email account that you tried to reach does not exist. Please try 550-5.1.1 double-checking the recipient's email address for typos or 550-5.1.1 unnecessary spaces. Learn more at 550 5.1.1 http://mail.google.com/support/bin/answer.py?answer=6596 w43si1960535weq.9 = John. -- John Horne Tel: +44 (0)1752 587287 Plymouth University, UK Fax: +44 (0)1752 587001 -- All the data continuously generated in your IT infrastructure contains a definitive record of customers, application performance, security threats, fraudulent activity and more. Splunk takes this data and makes sense of it. Business sense. IT sense. Common sense. http://p.sf.net/sfu/splunk-d2d-oct___ Rkhunter-users mailing list Rkhunter-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/rkhunter-users
Re: [Rkhunter-users] Warning: The file properties have changed: File: /usr/bin/sudo
Brian: A couple of days ago I began receiving the following warning from RKHunter from one of my servers running Ubintu: Warning: The file properties have changed: File: /usr/bin/sudo Ubuntu has recently updated the sudo package. e.g. == sudo zgrep sudo dpkg.log* dpkg.log.2.gz:2010-03-05 09:03:45 upgrade sudo 1.6.9p10-1ubuntu3.5 1.6.9p10-1ubuntu3.6 On my machines however rkhunter --propupd is run when that happens, so no intervention is required on my part. Not sure what combination of things would make that not happen for you. It's also interesting your two machines have different hashes for that file. Different releases etc? I'd find a known good one to compare to before I ran --propupd The difference is probably due to the fact that one machine is a 64-bit OS whereas the other is 32-bit. Ralph Brian _ The New Busy think 9 to 5 is a cute idea. Combine multiple calendars with Hotmail. http://www.windowslive.com/campaign/thenewbusy?tile=multicalendarocid=PID28326::T:WLMTAGL:ON:WL:en-US:WM_HMP:042010_5-- Download Intel#174; Parallel Studio Eval Try the new software tools for yourself. Speed compiling, find bugs proactively, and fine-tune applications for parallel performance. See why Intel Parallel Studio got high marks during beta. http://p.sf.net/sfu/intel-sw-dev___ Rkhunter-users mailing list Rkhunter-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/rkhunter-users
[Rkhunter-users] Applications warnings
Dear All: This morning I ran Rkhunter on my Linux box running 64-bit Fedora 10 and I found the following warnings toward the end of the run: [10:19:15] Checking application versions... [10:19:15] Info: Starting test name 'apps' [10:19:15] Info: Application 'exim' not found. [10:19:15] Checking version of GnuPG [ Warning ] [10:19:15] Warning: Application 'gpg', version '1.4.9', is out of date, and possibly a security risk. [10:19:15] Checking version of Apache [ Warning ] [10:19:15] Warning: Application 'httpd', version '2.2.11', is out of date, and possibly a security risk. [10:19:15] Info: Application 'named' not found. [10:19:15] Checking version of OpenSSL [ Warning ] [10:19:15] Warning: Application 'openssl', version '0.9.8g', is out of date, and possibly a security risk. [10:19:15] Checking version of PHP [ Warning ] [10:19:15] Warning: Application 'php', version '5.2.9', is out of date, and possibly a security risk. [10:19:15] Checking version of Procmail MTA[ OK ] [10:19:15] Info: Application 'procmail' version '3.22' found. [10:19:15] Info: Application 'proftpd' not found. [10:19:15] Checking version of OpenSSH [ Warning ] [10:19:16] Warning: Application 'sshd', version '5.1p1', is out of date, and possibly a security risk. [10:19:16] Info: Applications checked: 6 out of 9 Yet when I attempt an update nothing appears to need updating: # yum update Loaded plugins: protect-packages, refresh-packagekit Setting up Update Process No Packages marked for Update So, what's up with this? Thanks, R _ Hotmail: Trusted email with powerful SPAM protection. http://clk.atdmt.com/GBL/go/177141665/direct/01/-- Let Crystal Reports handle the reporting - Free Crystal Reports 2008 30-Day trial. Simplify your report design, integration and deployment - and focus on what you do best, core application coding. Discover what's new with Crystal Reports now. http://p.sf.net/sfu/bobj-july___ Rkhunter-users mailing list Rkhunter-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/rkhunter-users