[Rkhunter-users] How to disable the "lsmod" and "/proc/modules" warning?
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Dear rkhunter users, on one of my systems, I'm experiencing the following entries in the rkhunter logfiles: Warning: No output found from the lsmod command or the /proc/modules file: /proc/modules output: lsmod output: Is there a way to disable this check? The kernel on this machine is not configured to support modules so it's perfectly fine that the output of lsmod and the contents of /proc/modules are empty. Regards, - -- | .-. | Alexander Griesser -- <[EMAIL PROTECTED]> | .''`. | | /v\ \ http://www.tuxx-home.at/ / : :' : | | /( )\ | GPG-KeyID: 0xA2949B5A | `. `' | | ^^ ^^ `-'`- | -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.9 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iEYEARECAAYFAkjGFVEACgkQ66HVD6KUm1o4qgCfZOpXLKvTF3IIN2nJIYApMFy1 YTUAn0PNUK2Nq/SPC7SBtGRe7SKljgYx =2fz3 -END PGP SIGNATURE- - This SF.Net email is sponsored by the Moblin Your Move Developer's challenge Build the coolest Linux based applications with Moblin SDK & win great prizes Grand prize is a trip for two to an Open Source event anywhere in the world http://moblin-contest.org/redirect.php?banner_id=100&url=/ ___ Rkhunter-users mailing list Rkhunter-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/rkhunter-users
Re: [Rkhunter-users] How to disable the "lsmod" and "/proc/modules" warning?
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 John Horne wrote: >> Warning: No output found from the lsmod command or the /proc/modules file: >> /proc/modules output: >> lsmod output: >> >> Is there a way to disable this check? >> > You can disable the 'os_specific' check in your rkhunter.conf file. Add > it to the DISABLE_TESTS list. Well but then _ALL_ os_spcific tests would be disabled. What's part of the os_specific test suite? It's just that this warning is annoying, but I'd rather live with it instead of disabling other possibly useful tests. ciao, - -- | .-. |Alexander Griesser -- <[EMAIL PROTECTED]> | .''`. | | /v\ \ http://www.tuxx-home.at/ / : :' : | | /( )\ | GPG-KeyID: 0xA2949B5A | `. `' | | ^^ ^^ `-'`- | -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.9 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iEYEARECAAYFAkjGUmAACgkQ66HVD6KUm1rJgwCfb6ABrJ+3AkZWmo6V7oJPs4Ih ezkAoJU1/L9xf37oLLHaq2r7GfR9ESPZ =aunW -END PGP SIGNATURE- - This SF.Net email is sponsored by the Moblin Your Move Developer's challenge Build the coolest Linux based applications with Moblin SDK & win great prizes Grand prize is a trip for two to an Open Source event anywhere in the world http://moblin-contest.org/redirect.php?banner_id=100&url=/ ___ Rkhunter-users mailing list Rkhunter-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/rkhunter-users
Re: [Rkhunter-users] How to disable the "lsmod" and "/proc/modules" warning?
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 John Horne wrote: >>> You can disable the 'os_specific' check in your rkhunter.conf file. Add >>> it to the DISABLE_TESTS list. >> Well but then _ALL_ os_spcific tests would be disabled. What's part of >> the os_specific test suite? It's just that this warning is annoying, >> but I'd rather live with it instead of disabling other possibly useful >> tests. >> > The linux specific tests relate to modules, so none of them are relevant > for a system not using modules. Oh, OK, great, thanks for your answer! ciao, - -- | .-. |Alexander Griesser -- <[EMAIL PROTECTED]> | .''`. | | /v\ \ http://www.tuxx-home.at/ / : :' : | | /( )\ | GPG-KeyID: 0xA2949B5A | `. `' | | ^^ ^^ `-'`- | -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.9 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iEYEARECAAYFAkjGXHwACgkQ66HVD6KUm1qbNgCdET/c7/JIKkzsKiiccYoK2YF6 7DoAn0HDFqeZIDC6uC3ALWheoTdZfu/g =Sa0f -END PGP SIGNATURE- - This SF.Net email is sponsored by the Moblin Your Move Developer's challenge Build the coolest Linux based applications with Moblin SDK & win great prizes Grand prize is a trip for two to an Open Source event anywhere in the world http://moblin-contest.org/redirect.php?banner_id=100&url=/ ___ Rkhunter-users mailing list Rkhunter-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/rkhunter-users
Re: [Rkhunter-users] false postive
Am 18.09.2010 21:51, Richard Spencer wrote: > I dont recall installing curlthoughas i have a ubuntu > lucid but it might have come with the other thingsi have > installed as a dependence curl almost always comes as a dependency to something else. Since you're running Ubuntu, you can check if the file in /usr/bin/curl really belongs to a package on your system with the command: dpkg -S /usr/bin/curl > i did run a updatebefore i scannedand it showed no > updates available No, you do not need to update rkhunter itself, but update the properties file rkhunter stores after every invocation. rkhunter monitors system directories for new files every time it is run, to make sure noone put new files in there without you knowing about that. So anytime you do install new tools, you need to run `rkhunter --propupd` (== properties update, not program update) to make sure the new files get included in this list. If you want to know if the file /usr/bin/curl is really coming from the curl package and not by someone else, you can verify its checksum against the checksum stored in your package repository. To do that, simply `cd` to your system root and run md5sum to verify the md5sums like this: thor:/# md5sum -c /var/lib/dpkg/info/curl.md5sums usr/bin/curl: OK usr/share/man/man1/curl.1.gz: OK usr/share/doc/curl/README: OK usr/share/doc/curl/TheArtOfHttpScripting.gz: OK usr/share/doc/curl/copyright: OK usr/share/doc/curl/BUGS: OK usr/share/doc/curl/TODO.gz: OK usr/share/doc/curl/THANKS.gz: OK usr/share/doc/curl/VERSIONS: OK usr/share/doc/curl/changelog.gz: OK usr/share/doc/curl/MANUAL.gz: OK usr/share/doc/curl/FAQ.gz: OK usr/share/doc/curl/changelog.Debian.gz: OK usr/share/doc/curl/KNOWN_BUGS.gz: OK usr/share/doc/curl/FEATURES: OK usr/share/doc/curl/BINDINGS.gz: OK bye, Alex -- Start uncovering the many advantages of virtual appliances and start using them to simplify application deployment and accelerate your shift to cloud computing. http://p.sf.net/sfu/novell-sfdev2dev ___ Rkhunter-users mailing list Rkhunter-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/rkhunter-users
Re: [Rkhunter-users] false postive
Am 18.09.2010 21:42, Richard Spencer wrote: > [19:55:25] /usr/bin/curl [ Warning ] > [19:55:25] Warning: The file '/usr/bin/curl' exists on the system, but > it is not present in the rkhunter.dat file. This is most likely because you installed curl and haven't updated your rkhunter propertiers file with the `rkhunter --propupd` command, could that be true? bye, Alex -- Start uncovering the many advantages of virtual appliances and start using them to simplify application deployment and accelerate your shift to cloud computing. http://p.sf.net/sfu/novell-sfdev2dev ___ Rkhunter-users mailing list Rkhunter-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/rkhunter-users
