s/listinfo/rkhunter-users
>
>
>
> ___
> Rkhunter-users mailing list
> Rkhunter-users@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/rkhunter-users
--
John Horne | Senior Operations Analyst | Technology and Inform
On Fri, 2021-08-20 at 11:25 +0100, Adam Funk wrote:
> On 2021-08-19, John Horne wrote:
>
> > On Thu, 2021-08-19 at 13:43 +0100, Adam Funk wrote:
> > > On a fairly fresh installation of Raspberry Pi OS (buster image of
> > > 2021-05-07 kept up to date with `sudo ap
red library mechanism.
Nothing to do with the message itself.
John.
--
John Horne | Senior Operations Analyst | Technology and Information Services
University of Plymouth | Drake Circus | Plymouth | Devon | PL4 8AA | UK
[http://www.plymouth.ac.uk/images/email_f
name:
> [04:06:50]Possible Rootkit: Unknown rootkit
> [04:06:50]
Without the pathname not much can be said really. I vaguely remember a bug fix
in the dev version for when pathnames weren't being shown, but that might have
been with a different test.
John.
--
John Horne | Senior Oper
us-ascii
> regular_text: Content-Transfer-Encoding: 7b
>
The email you quoted is a bit old (28 July). Maybe your configuration file
changed in the mean time.
John.
--
John Horne | Senior Operations Analyst | Technology and Information Services
University of Plymouth | Drake Circus
/etc/rkhunter.conf.local file.)
Finally it seems they have disabled the mirrors file itself from being updated
- which is obviously useful if you are using local mirrors. However, if you
have modified the mirrors mode to use remote mirrors, then you may also want to
set 'U
should let you know
anyway.
John.
--
John Horne | Senior Operations Analyst | Technology and Information Services
University of Plymouth | Drake Circus | Plymouth | Devon | PL4 8AA | UK
[http://www.plymouth.ac.uk/images/email_footer.gif]<http://www.plymouth.ac
On Sat, 2021-02-06 at 18:30 +, John Horne wrote:
> Hello,
>
> I have now modified the rkhunter sourceforge (SF) site to use HTTPS rather
> than HTTP. This should only affect the '--update' and '--versioncheck'
> options, which download files from SF. The rkhunter code itse
I get a moment.
John.
--
John Horne | Senior Operations Analyst | Technology and Information Services
University of Plymouth | Drake Circus | Plymouth | Devon | PL4 8AA | UK
[http://www.plymouth.ac.uk/images/email_footer.gif]<http://www.plymouth.ac.uk/worldcl
hunter to actually monitor the file
(using USER_FILEPROP_FILES_DIRS)? The 'no hash value' message seems to indicate
that 'rkhunter --propupd' has not been run (once it has been told to monitor
the file).
John.
--
John Horne | Senior Operations Analyst | Technology and Information Services
University of Plymouth | Drak
servers to see if they are using different mail
commands.
John.
--
John Horne | Senior Operations Analyst | Technology and Information Services
University of Plymouth | Drake Circus | Plymouth | Devon | PL4 8AA | UK
[http://www.plymouth.ac.uk/images/email_f
root directory?
>
Yes, other than as above by using chroot.
> If so, then rkhunter is almost useless in my opinion.
>
Fair enough, you don't have to use it.
John.
--
John Horne | Senior Operations Analyst | Technology and Information Services
University of Plymouth | Drake Circus | P
Rkhunter-users mailing list
> Rkhunter-users@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/rkhunter-users
--
John Horne | Senior Operations Analyst | Technology and Information Services
University of Plymouth | Drake Circus | Plymouth | Devon | PL4 8AA | UK
_
; 2. what is the process, and how often are the RKH signatures updated?
> >
> > Thanks for your help.
> > Rob
>
> ___
> Rkhunter-users mailing list
> Rkhunter-users@lists.sourceforge.net
> https://lists.sourceforge.net/l
sure that the file is
checked in the file properties check. For that add:
USER_FILEPROP_FILES_DIRS=/opt/redmine/apache2/bin/httpd.bin
John.
--
John Horne | Senior Operations Analyst | Technology and Information Services
University of Plymouth | Drake Circus | Plymouth | Devon | PL4 8AA
isory board: Peter
> Gerstmann
> Geschäftsführung - Management board: Alexander Wassermann (Vorsitzender -
> Chairman), Rochus C. Hofmann
>
>
>
> ___
> Rkhunter-users mailing list
> Rkhunter
e did say 'for example', so it may well not be curl that he was
actually trying to modify.
John.
>
> On Tue, Sep 10, 2019 at 15:05 PM, Stockwell, Steven [US] (MS) wrote:
> > Shouldn't curl be 755 or 700? Not 600 (not executable).
> >
> > S^2
> >
> > -----Origina
gt; How can I correct this?
>
If you are using the PKGMGR option then you'll need to exclude the file from
using the package manager. (See PKGMGR_NO_VRFY)
John.
--
John Horne | Senior Operations Analyst | Technology and Information Services
University of Plymouth | Drake Circus | Plymout
On Fri, 2019-08-09 at 12:39 +0300, Nerijus Baliūnas via Rkhunter-users wrote:
> 2019-08-09 12:18, John Horne rašė:
> > On Thu, 2019-08-08 at 21:49 +, Richard Shelquist wrote:
> > > I'm getting an ssh warning from rkhunter, even though the sshd and
> > > rkhunter opti
fy that the sshd and rkhunter config settings
> are both set to "no":
>
> $grep PermitRootLogin /etc/ssh/sshd_config
> PermitRootLogin no
>
You need the equal sign (=) in there.
PermitRootLogin=no
John.
--
John Horne | Senior Operations Analyst | Technology and Informa
e set it to
use local mirrors, then the mirrors file has no local mirrors in it (just the
remote sourceforge ones). Hence, there are no required mirrors and all the
other file checks fail.
Remove the MIRRORS_MODE option from the config file.
John.
--
John Horne | Senior Operations Analyst | Techn
n an 'install' page in there. To be honest though, the wiki hasn't
been updated in a few years now.
John.
--
John Horne | Senior Operations Analyst | Technology and Information Services
University of Plymouth | Drake Circus | Plymouth | Devon | PL4 8AA | UK
[http://www.pl
en corrected. Even so, these things can pop up
again at times.
John.
--
John Horne | Senior Operations Analyst | Technology and Information Services
University of Plymouth | Drake Circus | Plymouth | Devon | PL4 8AA | UK
[http://www.plymouth.ac.uk/images/email_foot
-repo-has-been-hacked
>
USER_FILEPROP_FILES_DIRS=/etc/cron.d/*
If the file appears then when an RKH check is run it will let you know.
John.
--
John Horne | Senior Operations Analyst | Technology and Information Services
University of Plymouth | Drake Circus | Plymouth | Devon |
ager;5cyt67yr' (PID 2813) is listening
> on the network.
>
I think we'll need to see the output from a debug run of rkhunter. Can you run
rkhunter with the '--debug' option and send me a copy of the file it produces
in '/tmp' please.
Thanks,
John.
--
John Horne | Senior Operations Analys
.
> Certanly it is not a PID and not a user-name. Could someone make it clear
> please?
>
Hello,
Can you show us the actual message from the log file please?
John.
--
John Horne | Senior Operations Analyst | Technology and Information Services
University of Plymouth | Drake Circus | Plymo
he
supplied configuration file). This will only work with version 1.4.2 and above.
For earlier versions use the '!' character with the USER_FILEPROP_FILES_DIRS
option as you have done.
As others have mentioned though 1.4.2 is very old now.
John.
--
John Horne | Senior Operations Analyst | Techn
can't find them properly) so I can't tell
> what has been changed between any version.
>
Look in the supplied CHANGELOG file.
John.
--
John Horne | Senior Operations Analyst | Technology and Information Services
University of Plymouth | Drake Circus | Plymouth |
before, and have run rkhunter on the system before. So why is the pid
file only now created and detected? That seems suspicious.
In answer to your question though, take a look at the config option
RTKT_FILE_WHITELIST.
John.
--
John Horne | Senior Operations Analyst | Technology and Informat
ropupd'), but any
other modified files (packaged or not) will still be flagged when you run a
check.
John.
--
John Horne | Senior Operations Analyst | Technology and Information Services
University of Plymouth | Drake Circus | Plymouth | Devon | PL4 8AA | UK
[h
gt;
> > > For the likes of me, I cant figure this out.
> > >
> > > Please could you assist on what the problem could be.
> > >
> > > Many thanks
> > > Brent Clark
> > >
>
> ___
> Rkhunter-users mailing list
> Rkhunter
udo -i' and then run the installer. Then try 'sudo rkhunter --
propupd'.
I think just using 'sudo ./installer.sh' will confuse it a bit because it will
use the PATH of whatever account you are logged in as.
John.
--
John Horne | Senior Operations Analyst | Technology and Information Services
U
ject to it. (Use of '.' can allow programs to be run by
mistake.)
John.
--
John Horne | Senior Operations Analyst | Technology and Information Services
University of Plymouth | Drake Circus | Plymouth | Devon | PL4 8AA | UK
[http://www.plymouth.ac.uk/im
e correct.
>
> I am running XFCE so I wonder if rkhunter does not know about XFCE processes
>
It doesn't.
Look at the ALLOWIPCPROC config option.
John.
--
John Horne | Senior Operations Analyst | Technology and Information Services
University of Plymouth | Drake Circus
this has to do with RKH.
John.
--
John Horne | Senior Operations Analyst | Technology and Information Services
University of Plymouth | Drake Circus | Plymouth | Devon | PL4 8AA | UK
[http://www.plymouth.ac.uk/images/email_footer.gif]<http://www.plymouth.a
e because my root account doesn't include '/etc'.)
I'm not too sure what to do about this. I'll have to think about it.
John.
--
John Horne | Senior Operations Analyst | Technology and Information Services
University of Plymouth | Drake Circus | Plymouth | Devon | PL4
propupd segment.
> The --debug option gave no output
Correct because it writes everything to a debug file. Look in /tmp.
John.
--
John Horne | Senior Operations Analyst | Technology and Information Services
University of Plymouth | Drake Circus | Plymouth | De
ake a change to the /etc/passwd file. Then run 'rkhunter --enable
properties --debug' and send me the output file found in /tmp please.
John.
--
John Horne | Senior Operations Analyst | Technology and Information Services
University of Plymouth | Drake Circus | Plymouth | Devon |
FILES_DIRS="etc/passwd"
>
Remove the double-quotes. Also you need a '/' before 'etc' - that is:
EXCLUDE_USER_FILEPROP_FILES_DIRS=/etc/passwd
John.
--
John Horne | Senior Operations Analyst | Technology and Information Services
University of Plymouth | Drake Circus | Ply
ion says to monitor the file for changes.
I said to use the 'EXCLUDE_USER_FILEPROP_FILES_DIRS' option.
John.
--
John Horne | Senior Operations Analyst | Technology and Information Services
University of Plymouth | Drake Circus | Plymouth | Devon | PL4 8AA | UK
[http
On Mon, 2018-06-18 at 10:35 +, Kielbasiewicz, Peter wrote:
> I had tried this option before but it only works on USER files.
>
Not really. It is not possible to disable some commands, but /etc/passwd is
just a data file.
John.
--
John Horne | Senior Operations Analyst | Tech
On Sat, 2018-06-16 at 13:25 +, John Lorenz wrote:
> A question
> Is there any updates pushes happening at 4 AM PST time as this is very random
> and hits 10 to 20 of my servers
>
RKH does not 'push'. It is purely pull from the client.
John.
--
John Horne | Senior Operat
property changes but I did not
> find a way to disable the test on individual system files.
> Is there a trick to do this?
>
Hi,
Take a look at the EXCLUDE_USER_FILEPROP_FILES_DIRS option.
John.
--
John Horne | Senior Operations Analyst | Technology and Information Services
University o
b71051624ea85ea60add9a /etc/group
>
Okay, so there shouldn't really be a reason why the hashes are not read.
Can you run 'rkhunter --propupd' and then send me a copy of the log file please
(found at /var/log/rkhunter.log).
John.
--
John Horne | Senior Operations Analyst | Technology and Informa
On Mon, 2018-05-21 at 00:02 +0300, ellanios82 wrote:
> On 20/05/18 23:47, John Horne wrote:
> > On Sun, 2018-05-20 at 21:33 +0300, ellanios82 wrote:
> > > Dear List ,
> > >
> > >
> > >upon running "rkhunter --propupd" , i see "fou
On Sun, 2018-05-20 at 21:33 +0300, ellanios82 wrote:
> Dear List ,
>
>
> upon running "rkhunter --propupd" , i see "found 199, missing
> hashes 199"
>
> : what do i need to do please ?
>
What version of rkhunter?
What O/S?
John.
--
John Ho
account shell,
or re-install rkhunter specifying the installation directory as /usr,
or create a link from /usr/bin/rkhunter pointing to /usr/local/bin/rkhunter.
John.
--
John Horne | Senior Operations Analyst | Technology and Information Services
University of Plymouth | Drake Circus | Plymouth |
ot' user log in and type 'echo $PATH'. This will show you the list of
directories that are searched for commands by the 'root' user. It should
include '/usr/local/bin'.
You might also want to type in 'alias' just to see if an alias for the rkhunter
command has been set up.
John.
--
John Horne | Senio
sum for the 'rkhunter'
command you have. Since rkhunter is a script, and assuming the packager hasn't
modified it, then the size/checksum should match with mine.
John.
--
John Horne | Senior Operations Analyst | Technology and Information Services
University of Plymouth | Drake Circus | Plymo
that "--update" is an invalid
> option.
>
> rkhunter -V
> Rootkit Hunter 1.4.6
>
> rkhunter --update
> Invalid option specified: --update
>
Try 'rkhunter --update | cat -vet' to see if any 'odd' characters are
appearing.
Does 'rkhunter -h' work?
John.
--
Joh
rootkits: 1
>
> I have looked through the var/log/rkhunter.log and don't find anything
> that stands out to me as what this might be.
>
Try running 'grep -i warning /var/log/rkhunter.log'.
Also what version of rkhunter are you running?
John.
--
John Horne | Senior Operations Analyst | Tech
epend on how many of those PHP files you have.
If you run something like 'top' while 'rkhunter -C' is running, then you should
see it doing something.
John.
--
John Horne | Senior Operations Analyst | Technology and Information Services
University of Plymouth | Drake Circus | Plymouth | Devon
77-1916 | m...@rideamigos.co
> > > m
>
> --
> Mark Stosberg
> Senior Systems Engineer | RideAmigos | 765-277-1916 | m...@rideamigos.com
> ---
> ---
> Check out the vibrant tech community on one of the
On Tue, 2018-04-03 at 09:47 -0300, marcos sr wrote:
> 2018-04-03 6:46 GMT-03:00 John Horne <john.ho...@plymouth.ac.uk>:
> > >That's because you are using the package manager. Running rkhunter won't
> > change
> > >the output from the package manager, an
n if I run "rkhunter --propupd" the errors remain.
>
That's because you are using the package manager. Running rkhunter won't change
the output from the package manager, and it is that which is telling you that
your file permissions have changed. You will need to find out why the file
t; > No manual entry for shopt
> > *:~$ which shopt
> > *:~$
> >
> > How do I check the shell it's using?
> >
> > On Tue, Mar 27, 2018 at 11:01 AM, John Horne <john.ho...@plymouth.ac.uk>
> > wrote:
> > > On Tue, 2018-03-27 at 10:03 -0500, J
; [ Rootkit Hunter version 1.4.6 ]
> File updated: searched for 179 files, found 170, missing hashes 1
>
> Output of shopt:
>
What shell is RKH using?
Can you run something like 'which shopt' to see where the command is in your
PATH?
Might need something like the manpage for 'shopt' as
o see a warning for the numfmt binary.
>
You will until you run RKH with '--propupd'.
The 'numfmt' command is used in 1.4.6 just to display some large numbers in a
human-readable format.
John.
--
John Horne | Senior Operations Analyst | Technology and Information Services
University of Plymo
s, thanks. Lots of problems with that list for some reason. I'll see if I can
force a message out to it.
John.
--
John Horne | Senior Operations Analyst | Technology and Information Services
University of Plymouth | Drake Circus | Plymouth | Devon | PL4 8AA | UK
[http:
bug. (An email about this has been sent to the list, but sourceforge have
had email problems.)
John.
--
John Horne | Senior Operations Analyst | Technology and Information Services
University of Plymouth | Drake Circus | Plymouth | Devon | PL4 8AA | UK
[http
,
the git repository on sourceforge will show a tag of version 1.4.6a for the re-
released version.
Apologies for the confusion, but the bug was sufficiently serious that the
version should be re-released.
John.
--
John Horne | Senior Operations Analyst | Technology and Information Services
Hello,
Version 1.4.6 of rootkit hunter has now been released.
Details of the changes in this release can be found in the CHANGELOG file, or
online at
https://sourceforge.net/p/rkhunter/rkh_code/ci/master/tree/files/CHANGELOG
John.
--
John Horne | Senior Operations Analyst | Technology
to it?
> I did specify in the rkhunter.conf.local DISABLE_TESTS=os_specific)?
>
Why? There are specific test for Linux systems, so why not run them.
John.
--
John Horne | Senior Operations Analyst | Technology and Information Services
University of Plymouth | Drake Circus | P
> /programs_bad.dat 2>/dev/null',
>
Seems like everything is running slow today as I've only just received this
email.
The problem seems to have been with sourceforge running slow.
John.
--
John Horne | Senior Operations Analyst | Technology and Information Services
University of Plymou
o.preload file to use pathnames (ldconfig has shown you what these
are). You would then need to add a SHARED_LIB_WHITELIST RKH config line for
each of the shared library pathnames.
IF (a big if) I get time, I'll see about getting the test to search for simple
filenames.
John.
--
John Horne | Senior Operations Ana
On Sat, 2017-12-16 at 10:50 -0800, Kevin Fenzi wrote:
> On 12/13/2017 02:45 AM, John Horne wrote:
> > On Tue, 2017-12-12 at 11:08 -0800, Kevin Fenzi wrote:
> > > Greetings.
> > >
> > > From downstream bug: https://bugzilla.redhat.com/show_bug.cgi?id=1524456
>
bug. The return code during the IPC memory test can be lost, so a
warning could be issued then forgotten about when the program ends. The warning
is valid; the 'summary' at the end of the program run is not (in this
instance).
It is fixed in the next release and the current development version.
> >
> > -Al-
>
> OK, I see the problem. Version 1.4.2 is looking in the wrong place <http://rk
> hunter.sourceforge.net/1.3/rkhunter_latest.dat> which shows 1.4.2. Should be
> an easy fix to just change that page to read "1.4.4".
>
Just changed the file. So try us
kit Hunter version 1.4.2 ]
>
> Checking rkhunter version...
>This version : 1.4.2
>Latest version: 1.4.2
>
> Does anyone know why it has not updated?
>
Read the man page. It only updates the data files, not the software.
John.
--
John Horne | Senior Operations
will be updated, and a 'version-
1.4.6' tag created (and so on for future releases).
The 'develop' branch contains the current development code (aka version 1.4.5).
John.
--
John Horne | Senior Operations Analyst | Technology and Information Services
University of Plymouth | Drake Circus
to daily "shared segment" warnings about this one:
>
Hello,
I'm wondering if perhaps you have a control character stuck in there somewhere,
so causing the pathname not to match. Try running
'cat -vet rkhunter.conf.local | grep IPC' and check the output to see if it
shows anything unusu
he database.
>
You added something new to the system, so you must use just '--propupd'.
Specifying a pathname aswell assumes that the entry already exists in the
database, and can be used when just that particular file changes.
John.
--
John Horne | Senior Operations Analyst | Technology
no further explanation.
>
Because it is not really possible to set up RKH to scan other system types.
When the option was available it did not work at all well, so it was best to
remove it.
John.
--
John Horne | Senior Operations Analyst | Technology and Information Services
University of Plym
______
> Rkhunter-users mailing list
> Rkhunter-users@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/rkhunter-users
--
John Horne | Senior Operations Analyst | Technology and Information Services
University of Plymouth | Drake Circus | Plymou
and only provide static data at each
release. Again, not ideal, however the data files themselves do rarely change.
John.
--
John Horne | Senior Operations Analyst | Technology and Information Services
University of Plymouth | Drake Circus | Plymouth | Devon | PL4 8AA | UK
__
On Mon, 2017-07-24 at 15:59 -0400, drohde wrote:
> AjaKit Rootkit
> Adore Rootkit
> BOBKit Rootkit
>
I think we would need to see the actual output from using rkhunter, or the
relevant output from the log file.
John.
--
John Horne | Senior Operations Analyst | Technology and
om CVS to using GIT instead. I
don't think this is anything to do with that though.
John.
--
John Horne | Senior Operations Analyst | Technology and Information Services
University of Plymouth | Drake Circus | Plymouth | Devon | PL4 8AA | UK
[http://www.pl
. I think it’s an intrinsic
> check, but I could be wrong. Is there any way to prevent those two specific
> checks?
>
Hi,
Disable the 'group_changes' and 'passwd_changes' tests.
John.
--
John Horne | Senior Operations Analyst | Technology and Information Services
University of Plymouth |
its
way around the servers.
John.
--
John Horne | Senior Operations Analyst | Technology and Information Services
University of Plymouth | Drake Circus | Plymouth | Devon | PL4 8AA | UK
[http://www.plymouth.ac.uk/images/email_footer.gif]<http://www.plymout
by providing code, submitting ideas, bugs, fixes,
documentation, helping out on the rkhunter-users mailing list and
promoting Rootkit Hunter. For more details please see the
ACKNOWLEDGMENTS file.
Rootkit Hunter release 1.4.4 obsoletes all previous releases.
Thanks,
John.
--
John Horne | Senior
On Thu, 2017-06-29 at 00:57 -0700, Al Varnell wrote:
> On Sun, Jun 25, 2017 at 03:36 PM, John Horne wrote:
> >
> >
> > On Sun, 2017-06-25 at 15:24 -0700, Al Varnell wrote:
> > > CVS version at <https://sourceforge.net/p/rkhunter/wiki/cvs/> appears to
> &g
function now defaults to SHA-256.
2) The 'apps' test is now disabled by default in the config file.
3) The DISABLE_UNHIDE config option has been removed.
4) The 'other_malware' test name has been removed (or rather replaced).
John.
--
John Horne | Senior Operations Analyst | Technology
istinguish
> between my alterations and those of a rogue; because my
> changes are never updated with --propupd [file].??
>
As mentioned above, check that the local config file is itself listed in the
main config file. Any changes should then get reported unless you run 'rkhunter
--propupd
t; daemon process is running.
>
Not possible. The two tests are dependent on each other for information.
John.
--
John Horne | Senior Operations Analyst | Technology and Information Services
University of Plymouth | Drake Circus | Plymouth | Devon | PL4 8AA | UK
[h
. Monitoring something like '/var/spool/cron/*' and in particular the
'/etc/crontab', '/etc/cron.d/*', '/etc/cron.daily/*, '/etc/cron.hourly/*' etc
files and directories will help alert you to these sort of things soon after
they happen (depending on how often you run RKH).
John.
--
John Ho
ace-condition".
...
>
> I believe I am experiencing this problem in rkhunter 1.4.2. Has there been a
> regression?
>
Not that I can see from the CHANGELOG.
John.
--
John Horne | Senior Operations Analyst | Technology and Information Services
Plymouth Universit
r us to ignore any mounted shares when running rkhunter as a
> cronjob?
>
What's on the shares? RKH is only going to look at them if there is
something on them that it has been configured to look at.
John.
--
John Horne Tel: +44 (0)1752 587287
ine
which does not.
John.
--
John Horne Tel: +44 (0)1752 587287
Plymouth University, UK
[http://www.plymouth.ac.uk/images/email_footer.gif]<http://www.plymouth.ac.uk/worldclass>
This email and any files with it are confidential and intended sol
On Fri, 2016-08-12 at 15:25 +0300, Nerijus Baliūnas wrote:
> 2016-08-12 14:44, John Horne rašė:
> >
> > On Fri, 2016-08-12 at 13:32 +0200, absolutely_f...@libero.it wrote:
> > >
> > > Ok, why --propupd it is not fixing this?
> > >
> > Because
GMGR from RPM to NONE?
>
You can do, but I think you are then just hiding the problem. You need
to find out why the files have changed.
John.
--
John Horne Tel: +44 (0)1752 587287
Plymouth University, UK
[http://www.plymouth.
On Fri, 2016-08-12 at 09:47 +0200, absolutely_f...@libero.it wrote:
> Hi John,
>
> thank you very much. I followed your suggestion, I still have
> warnings:
>
...
> /sbin/insmod [Warning ]
?
So what happens if you run 'rpm -Vf /sbin/insmod'?
Jo
hunter --enable properties'.
John.
----
John Horne Tel: +44 (0)1752 587287
Plymouth University, UK
[http://www.plymouth.ac.uk/images/email_footer.gif]<http://www.plymouth.ac.uk/worldclass>
Thi
may give
> some false-positive results.
> You may need to re-run rkhunter with the '--propupd' option.
>
> I ran rkhunter --propupd but it seems I still have several alerts
> about many binaries.
>
What alerts?
John.
--
----
J
nfigs --debug' and email me
the debug file produced in '/tmp' please.
John.
--
----
John Horne Tel: +44 (0)1752 587287
Plymouth University, UK
[http://www.plymouth.ac.uk/images/email_footer.gif
it recognises!)
Can you email the relevant option lines in your SSH config file, and
your rkhunter config file please? I'm wondering if the format of one of
the options is not what rkhunter is expecting.
John.
--
John Horne
ith that set to 0 it always runs --propupd. How
> can I turn this off??
>
How do you know that '--propupd' is being run?
John.
--
John Horne Tel: +44 (0)1752 587287
Plymouth University, UK
--
Wha
forge.
> I'm using using Fedora 14
>
Wow! That is really old too. I would seriously suggest you update your
PC/laptop/whatever.
John.
--
----
John Horne
SHA1 and since then it
> complains about this. I also reinstalled the files from Samba and
> Firefox, no luck. Does anyone know how to fix this?
>
Delete the '/etc/prelink.cache' file. Then run 'rkhunter --propupd'.
John.
--
John Horne Tel: +44 (0)1752 587287
hould not see a warning on an item that "dnf upgrade"
> did touch if that was done cleanly.
>
Hi,
Take a look in the config file at the PKGMGR option. For Fedora, set it
to RPM (and then run 'rkhunter --propupd').
John.
--
John
RKHUNTER_FLAGS="--cronjob --nocolors --report-warnings-only"
>
> doesn't affect the number of tests, but only report, correct?
>
Correct.
John.
--
John Horne Tel: +44 (0)1752 587287
Plymouth University, UK
-
1 - 100 of 597 matches
Mail list logo