Re: [Rkhunter-users] Question re: os_specific check
On Sun, 2009-10-11 at 18:00 -0400, Tanstaafl wrote: > On 10/11/2009 5:30 PM, John Horne wrote: > >> I found a recommendation to disable the 'os_specific' check in > >> DISABLED_TESTS in rkhunter.conf to fix this > > > The config file provided by us makes no such recommendation. > > Sorry, I was not clear... the recommendation I found was while googling... > > Heh - and it was an email on this list, and you were the one doing the > recommending... ;) > I deny it all! :-) At that time the Linux os_specific test did just the one test, so disabling 'os_specific' was valid at that time. John. -- John Horne, University of Plymouth, UK Tel: +44 (0)1752 587287Fax: +44 (0)1752 587001 -- Come build with us! The BlackBerry(R) Developer Conference in SF, CA is the only developer event you need to attend this year. Jumpstart your developing skills, take BlackBerry mobile applications to market and stay ahead of the curve. Join us from November 9 - 12, 2009. Register now! http://p.sf.net/sfu/devconference ___ Rkhunter-users mailing list Rkhunter-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/rkhunter-users
Re: [Rkhunter-users] Question re: os_specific check
On 10/11/2009 5:30 PM, John Horne wrote: >> I found a recommendation to disable the 'os_specific' check in >> DISABLED_TESTS in rkhunter.conf to fix this > The config file provided by us makes no such recommendation. Sorry, I was not clear... the recommendation I found was while googling... Heh - and it was an email on this list, and you were the one doing the recommending... ;) http://www.mail-archive.com/rkhunter-users@lists.sourceforge.net/msg01431.html > The os_specific test runs different tests depending on the O/S you are > using. > > I assume you are using Linux, so there are two tests runs. The > 'loaded_modules' test, checks the modules currently loaded on your > system, but since you don't have /proc/modules you can disable this > test. The 'avail_modules' test checks the modules on disk. > I would suggest disabling just the 'loaded_modules' test. Perfect... no more warnings. Thanks for the explanation! -- Best regards, Charles Marcus I.T. Director Media Brokers International, Inc. 678.514.6200 x224 678.514.6299 fax -- Come build with us! The BlackBerry(R) Developer Conference in SF, CA is the only developer event you need to attend this year. Jumpstart your developing skills, take BlackBerry mobile applications to market and stay ahead of the curve. Join us from November 9 - 12, 2009. Register now! http://p.sf.net/sfu/devconference ___ Rkhunter-users mailing list Rkhunter-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/rkhunter-users
Re: [Rkhunter-users] Broken link on FAQ page
On Sun, 2009-10-11 at 16:37 -0400, Tanstaafl wrote: > Hello, > > I just wanted to report a broken link on the sourceforge FAQ page: > > https://sourceforge.net/docman/display_doc.php?docid=35179&group_id=155034 > > 3.1) Rootkit Hunter tells me there is something wrong with my > system. What do I do? > > A. Prior to any incident it is recommended that you have read >"Intruder Detection Checklist". This is available from >http://www.cert.org/tech_tips/intruder_detection_checklist.html > Thanks for reporting this. John. -- John Horne, University of Plymouth, UK Tel: +44 (0)1752 587287Fax: +44 (0)1752 587001 -- Come build with us! The BlackBerry(R) Developer Conference in SF, CA is the only developer event you need to attend this year. Jumpstart your developing skills, take BlackBerry mobile applications to market and stay ahead of the curve. Join us from November 9 - 12, 2009. Register now! http://p.sf.net/sfu/devconference ___ Rkhunter-users mailing list Rkhunter-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/rkhunter-users
Re: [Rkhunter-users] Question re: os_specific check
On Sun, 2009-10-11 at 16:37 -0400, Tanstaafl wrote: > > I found a recommendation to disable the 'os_specific' check in > DISABLED_TESTS in rkhunter.conf to fix this > The config file provided by us makes no such recommendation. > , but, what other tests/checks are being disabled by this? Or is it just the > check for > modules? If the latter, why not just rename this check to > 'loadable_modules' or something? > The os_specific test runs different tests depending on the O/S you are using. I assume you are using Linux, so there are two tests runs. The 'loaded_modules' test, checks the modules currently loaded on your system, but since you don't have /proc/modules you can disable this test. The 'avail_modules' test checks the modules on disk. It requires the pathname to the modules, which is usually something like /lib/modules or /lib/modules/2.6.30.8-64.fc11.x86_64 (where the O/S version is determined from 'uname -r'). You can set the pathname in the config file if RKH can't work it out for itself. I would suggest disabling just the 'loaded_modules' test. John. -- John Horne, University of Plymouth, UK Tel: +44 (0)1752 587287Fax: +44 (0)1752 587001 -- Come build with us! The BlackBerry(R) Developer Conference in SF, CA is the only developer event you need to attend this year. Jumpstart your developing skills, take BlackBerry mobile applications to market and stay ahead of the curve. Join us from November 9 - 12, 2009. Register now! http://p.sf.net/sfu/devconference ___ Rkhunter-users mailing list Rkhunter-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/rkhunter-users
[Rkhunter-users] Question re: os_specific check
Hello, New to rkhunter, just installed 1.3.4 and had a question. On the first run I had some of the normal false positives and fixed them (whitelisted the 3 commands that are replaced by scripts on my system (normal), and whitelisted the hidden .udev directory), but I want to be sure about what disabling the 'os_specific' check does... My system has modules disabled, so I'm also getting the 'Warning: The modules file '/proc/modules' is missing' warning... I found a recommendation to disable the 'os_specific' check in DISABLED_TESTS in rkhunter.conf to fix this, but, what other tests/checks are being disabled by this? Or is it just the check for modules? If the latter, why not just rename this check to 'loadable_modules' or something? Thanks, Charles -- Best regards, Charles Marcus I.T. Director Media Brokers International, Inc. 678.514.6200 x224 678.514.6299 fax -- Come build with us! The BlackBerry(R) Developer Conference in SF, CA is the only developer event you need to attend this year. Jumpstart your developing skills, take BlackBerry mobile applications to market and stay ahead of the curve. Join us from November 9 - 12, 2009. Register now! http://p.sf.net/sfu/devconference ___ Rkhunter-users mailing list Rkhunter-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/rkhunter-users
[Rkhunter-users] Broken link on FAQ page
Hello, I just wanted to report a broken link on the sourceforge FAQ page: https://sourceforge.net/docman/display_doc.php?docid=35179&group_id=155034 3.1) Rootkit Hunter tells me there is something wrong with my system. What do I do? A. Prior to any incident it is recommended that you have read "Intruder Detection Checklist". This is available from http://www.cert.org/tech_tips/intruder_detection_checklist.html This document will tell you what to check, and makes it easier for you to find out and answer any questions. The link: http://www.cert.org/tech_tips/intruder_detection_checklist.html is broken. Thanks, charles -- Best regards, Charles Marcus I.T. Director Media Brokers International, Inc. 678.514.6200 x224 678.514.6299 fax -- Come build with us! The BlackBerry(R) Developer Conference in SF, CA is the only developer event you need to attend this year. Jumpstart your developing skills, take BlackBerry mobile applications to market and stay ahead of the curve. Join us from November 9 - 12, 2009. Register now! http://p.sf.net/sfu/devconference ___ Rkhunter-users mailing list Rkhunter-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/rkhunter-users