Hi,
I'm using Rootkit Hunter 1.4.0 (source file, not RPM) on Centos 5.9 (Final) 32
bit
I've put this in /etc/rkunter.conf:
ALLOWPROCDELFILE="/usr/sbin/httpd"
ALLOWPROCDELFILE="/usr/local/apache/bin/httpd"
# file /usr/sbin/httpd
/usr/sbin/httpd: symbolic link to `/usr/local/apache/bin/apachectl'
.ac.uk
>Data: 26/03/2013 17.02
>A:
>Ogg: Re: [Rkhunter-users] Question about deleted file
>
>On Tue, 2013-03-26 at 09:08 +0100, absolutely_f...@libero.it wrote:
>
>> I've put this in /etc/rkunter.conf:
>>
>> ALLOWPROCDELFILE="/usr/sbin/httpd&quo
process '/usr/local/apache/bin/httpd': it is
whitelisted.
>Messaggio originale
>Da: absolutely_f...@libero.it
>Data: 28/03/2013 9.43
>A:
>Ogg: [Rkhunter-users] R: Re: Question about deleted file
>
>I had the same error last night, now I'll use the
Hi,
I got every day this alert:
Warning: The following processes are using deleted files:
Process: /usr/libexec/hald-addon-keyboard.#prelink#.cbbhikPID:
3785File: /usr/libexec/hald-addon-keyboard.#prelink#.cbbhik
I'm using CentOS 5.9 with cPanel.
My rkhunter's configuration is:
ile"
>
>On Thu, 18 Apr 2013 09:24:18 +0200 absolutely_f...@libero.it wrote:
>>Why I still get error?
>
>With ALLOWPROCDELFILE you may use wildcards -=but in file names
>only =-
>
>
>Regards,
>unSpawn
>---
>
>
---
3 8.37
>A: ,
>Ogg: Re: [Rkhunter-users] R: Re: Question about "deleted file"
>
>On Mon, 22 Apr 2013 10:00:50 +0200 absolutely_f...@libero.it wrote:
>>Hi,
>>so this will be the correct config?
>>ALLOWPROCDELFILE="/usr/libexec/hald-addon-
>>keyboard:/
Hi,
I received this alert in rkhunter's mail:
Warning: Hidden processes found:
Found HIDDEN PID: 9333 " ... maybe a transitory process"
When I logged on the server, the process was no longer there.
How can I diagnose this alert?
In /var/log/rkhunter.log I've no further details.
Thank
/root
However, processes 17106 and 17149 are not present.
Do you think I've a security problem?
Best regards
Messaggio originale
Da: yje...@security-projects.com
Data: 29/07/2013 13.18
A: "absolutely_f...@libero.it"
Cc:
Ogg: Re: [Rkhunter-users] Hidden process
Hi,
I thi
ide is for systems using Linux
>= 2.6
[10:15:35] Used options:
[10:15:35]
Thank you for your patience
Messaggio originale
Da: yje...@security-projects.com
Data: 02/08/2013 15.50
A: "absolutely_f...@libero.it"
Cc:
Ogg: Re: Re: [Rkhunter-users] Hidden process
Ple
Hi,
I'm using rkhunter 1.4.0 compiled from sources, on Debian 7.1
Thank you
>Messaggio originale
>Da: john.ho...@plymouth.ac.uk
>Data: 05/08/2013 11.40
>A:
>Ogg: Re: [Rkhunter-users] R: Re: Re: Hidden process
>
>On Mon, 2013-08-05 at 10:18 +0200, absol
Hi,
I received this warning:
Warning: Process '/usr/local/apache/bin/httpd' (PID 8058) is listening on the
network.
Warning: Process '/usr/local/apache/bin/httpd' (PID 8058) is listening on the
network.
Warning: Process '/usr/local/apache/bin/httpd' (PID 8058) is listening on the
network.
Warn
Hi,
thank you for your reply.
Onestly, I don't know if binary is legit. I've no previous md5sum.
I run rkhunter and I've no warning:
# rkhunter --enable packet_cap_apps --nolog --nomow
[ Rootkit Hunter version 1.4.0 ]
Checking the network...
Performing checks on the network interfaces
Check
t;
>On Tue, 26 Nov 2013 16:23:45 +0100 absolutely_f...@libero.it wrote:
>>Onestly, I don't know if binary is legit. I've no previous md5sum.
>
>It's CentOS so you could run 'rpm -Vv httpd' or run &#x
It seems that it's definitely a false positive, by comparing binary's timestamp
with last cPanel update log.
>Messaggio originale
>Da: absolutely_f...@libero.it
>Data: 27/11/2013 9.25
>A:
>Ogg: [Rkhunter-users] R: Re: R: Re: Warning on http listening
Hi,
after a few days, I switched from PKGMGR=NONE to PKGMGR=RPM on several CentOS
server.
Since this moment I receive every day this kind of alert:
Warning: Package manager verification has failed:
File: /usr/bin/newgrp
The file permissions have changed
Warning: Package manager
Right?
Thank you
>Messaggio originale----
>Da: absolutely_f...@libero.it
>Data: 21/07/2014 11.17
>A:
>Ogg: [Rkhunter-users] Question about PKGMGR
>
>Hi,
>
>after a few days, I switched from PKGMGR=NONE to PKGMGR=RPM on several
CentOS
>server.
>Since this m
Hi,
I am trying to tune Rkhunter configuration on our production server in order
to minimize false positive results.
What configuration do you use? Which test do you keep enabled?
Thank you
--
Slashdot TV.
Video for Ne
Hi,
I got this warning:
Warning: No hash value found for file '/bin/rpm' in the 'rkhunter.dat' file.
In /var/log/rkhunter.log I found this:
[04:13:46] Warning: No hash value found for file '/bin/rpm'
[04:13:46] Hash command output: /usr/sbin/prelink: /bin/rpm: at least
one of file's de
Hi,
I am using Rkhunter 1.4.2 on CentOS release 5.10 (Final) - cPanel server.
I get this error:
Warning: The following processes are using deleted files:
Process: /usr/libexec/hald-addon-keyboard.#prelink#.HVZwbGPID:
3591File: /usr/libexec/hald-addon-keyboard.#prelink#.HVZwbG
w
>Correct. It's not possible to whitelist the process (or file) as it has
>been deleted. With prelinked systems it's a problem.
Thanks both of you!
--
Slashdot TV.
Video for Nerds. Stuff that matters.
http://tv.slashdo
Hi,
I received this warning:
[04:11:08] Warning: The following processes are using deleted files:
[04:11:08] Process: /usr/sbin/pure-authdPID: 2139File:
/dev/pts/0
I followed instructions here:
http://sourceforge.net/p/rkhunter/wiki/investigate/
root@server:/proc/2139/fd# l
Hi,
what is your recommended way to install Rkhunter on RPM based OS?
Generally I install RK from source, and I create my own cronjob scripts to
check updates and run scan; however it is quite long work, I was looking for
some "standardized" way to do this on many CentOS server.
On Debian it's
khunter on rpm based OS
>
>Hallo, absolutely_f...@libero.it,
>
>Du meintest am 28.02.15:
>
>> what is your recommended way to install Rkhunter on RPM based OS?
>
>Sorry - what about a quick google search for
>
>rkhunter rpm download
>
>You find
Hi,
I found this package
http://www.rpmfind.net/linux/RPM/epel/6/x86_64/rkhunter-1.4.2-4.el6.noarch.
html
which includes cronjob.
Thank you
>Messaggio originale
>Da: rkhun...@jubileegroup.co.uk
>Data: 02/03/2015 11.30
>A: "absolutely_f...@libero.it"
>Cc:
Hi,
is there a way to configure http proxy to get updates with RK (version 1.4.2)?
Thank you
--
Dive into the World of Parallel Programming The Go Parallel Website, sponsored
by Intel and developed in partnership with Sla
Hi,I am using Rkhunter 1.4.2 port on FreeBSD 10.2
I get this warning:
[16:15:22] Info: Found file '/dev/fd/3': it is whitelisted.[16:15:22]
Checking /dev for suspicious file types [ Warning ][16:15:22] Warning:
Suspicious file types found in /dev:[16:15:22] /dev/fd/4: cannot op
Hi,
according to RK documentation (rkhunter.conf file):
# NOTE: Only files and directories which have been added by the user, and are#
not part of the internal lists, can be excluded. So, for example, it is not#
possible to exclude the 'ps' command by using '/bin/ps'. These will be#
silently ign
Hi,I am using Rkhunter 1.4.0 on CentOS 5 (rpm from Sourceforge).
This package puts a cron in /etc/cron.daily/rkhunter with this line:
RKHUNTER_FLAGS="--checkall --skip-keypress --nocolors --quiet --appendlog
--display-logfile"
I don't find any reference to "--checkall", is it an official
but only report, correct?
Thank you
>Messaggio originale
>Da: John Horne
>Data: 22/03/2016 12.05
>A: "absolutely_f...@libero.it",
>Ogg: Re: [Rkhunter-users] checkall option?
>
>On Tue, 2016-03-22 at 09:53 +0100, absolutely_f...@libero.it wrote:
>> Hi,
Hi,
I noticed this message in my last rkhunter log:
Warning: The system has changed to not using prelinking since the last run.
Because of the change(s) the file properties checks may give some
false-positive results. You may need to re-run rkhunter with the
'--propupd' option.
verification has failed:
Thank you
>Messaggio originale
>Da: "John Horne"
>Data: 10/08/2016 23.41
>A: "rkhunter-users@lists.sourceforge.net", "absolutely_f...@libero.it"
>Ogg: Re: [Rkhunter-users] Question about prelink
>
>On Wed, 2016-08
11/08/2016 22.46
>A: "rkhunter-users@lists.sourceforge.net", "absolutely_f...@libero.it"
>Ogg: Re: [Rkhunter-users] R: Re: Question about prelink
>
>On Thu, 2016-08-11 at 09:25 +0200, absolutely_f...@libero.it wrote:
>> Hi John,
>>
>> [04:25:57] Warning:
users@lists.sourceforge.net", "absolutely_f...@libero.it"
>Ogg: Re: [Rkhunter-users] R: Re: R: Re: Question about prelink
>
>On Fri, 2016-08-12 at 09:47 +0200, absolutely_f...@libero.it wrote:
>> Hi John,
>>
>> thank you very much. I followed y
Ok, why --propupd it is not fixing this?
Should I change PKGMGR from RPM to NONE?
Thank you
>Messaggio originale
>Da: "John Horne"
>Data: 12/08/2016 12.45
>A: "rkhunter-users@lists.sourceforge.net", "absolutely_f...@libero.it"
>Og
Hi John,
yes, I agree, at this point I think that root cause of those changes are due
to prelink uninstallation.
Thank you
>Messaggio originale
>Da: "John Horne"
>Data: 12/08/2016 13.44
>A: "rkhunter-users@lists.sourceforge.net", "absolutely_f...@li
35 matches
Mail list logo
