Re: [Rkhunter-users] rkhunter Daily Run: where's the warning?

On Thu, 2006-09-14 at 10:44 +0100, John Horne wrote: Warning: This operating system is not fully supported! Warning: Cannot find md5_not_known could be that. No, this doesn't set the warning variable in the code (at least that I can see!). Oops, my mistake. The warning messages

Re: [Rkhunter-users] new hashes

On Sun, 2006-10-01 at 02:43 +0300, Nerijus Baliunas wrote: On Sun, 01 Oct 2006 00:17:24 +0100 John Horne [EMAIL PROTECTED] wrote: No. From the sourceforge site, download the 'hashupd.sh' script and run that. I ran rkhunter --update, but it says all mirrors I tried are out of date. I

[Rkhunter-users] White colour and blank lines

it, but could perhaps try and find out. The second option is probably the easiest. Anyone have any comments about this? Thanks, John. -- --- John Horne, University of Plymouth, UK Tel: +44 (0)1752 233914 E-mail: [EMAIL PROTECTED] Fax

Re: [Rkhunter-users] Problem with MD5 hash on Fedora Core 5

this. = It may be that you need to leave SELinux disabled will RKH runs. John. -- --- John Horne, University of Plymouth, UK Tel: +44 (0)1752 233914 E-mail: [EMAIL PROTECTED] Fax: +44 (0)1752 233839

Re: [Rkhunter-users] Bad MD5 for /bin/kill

. -- --- John Horne, University of Plymouth, UK Tel: +44 (0)1752 233914 E-mail: [EMAIL PROTECTED] Fax: +44 (0)1752 233839 - Using Tomcat but need to do more? Need to support

Re: [Rkhunter-users] Centos 4 not recognised (fixed)

On Mon, 2006-10-16 at 10:41 +0100, Dave R wrote: Rootkit Hunter 1.2.8 is running Suggest you upgrade to 1.2.9 as well. (Your '--update' worked because the data files are aware of Centos 4.) John. -- --- John Horne

Re: [Rkhunter-users] Unkown application versions..

... Application not found $ which ssh /usr/bin/ssh The test looks for sshd, not ssh, since that is what will decide if someone can access your system or not. John. -- --- John Horne, University of Plymouth, UK Tel: +44 (0)1752 233914 E

Re: [Rkhunter-users] Unkown application versions..

On Sun, 2006-11-12 at 20:52 +, Dick Gevers wrote: On Sun, 12 Nov 2006 20:45:35 +, John Horne wrote about Re: [Rkhunter-users] Unkown application versions..: On Sun, 2006-11-12 at 20:36 +, Dick Gevers wrote: On Sun, 12 Nov 2006 20:02:12 +0100, Jacob Willig wrote about [Rkhunter

Re: [Rkhunter-users] Some questions for RKHunter newbie

. -- --- John Horne, University of Plymouth, UK Tel: +44 (0)1752 233914 E-mail: [EMAIL PROTECTED] Fax: +44 (0)1752 233839 - Take Surveys. Earn Cash. Influence the Future of IT Join

Re: [Rkhunter-users] Apache configuration absent but ...[ OK ]

this as a bug on the sourceforge web page please. John. -- --- John Horne, University of Plymouth, UK Tel: +44 (0)1752 233914 E-mail: [EMAIL PROTECTED] Fax: +44 (0)1752 233839

Re: [Rkhunter-users] (no subject)

that. It will update your local os.dat file with the current hashes. John. -- --- John Horne, University of Plymouth, UK Tel: +44 (0)1752 233914 E-mail: [EMAIL PROTECTED] Fax: +44 (0)1752 233839

Re: [Rkhunter-users] warnings but no problems reported

On Fri, 2006-12-08 at 11:57 -0700, JT Moree wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 John Horne wrote: On Thu, 2006-11-30 at 14:19 -0700, JT Moree wrote: I have rkhunter running on a system where I get a warning email even though when I run the report nothing seems

Re: [Rkhunter-users] re running hashupd then not running --update

. -- --- John Horne, University of Plymouth, UK Tel: +44 (0)1752 233914 E-mail: [EMAIL PROTECTED] Fax: +44 (0)1752 233839 - Take Surveys. Earn Cash. Influence the Future of IT Join

Re: [Rkhunter-users] RKH CVS tarball available: testers wanted

you what options are available. Note, references in the logfile to '-- hashupd' should of course be '--hashupd'. Step 3 is an installer bug. Oops. John. -- --- John Horne, University of Plymouth, UK Tel: +44 (0)1752 233914 E-mail

Re: [Rkhunter-users] system checks

the hostname in the subject for the mail-on-warnings setting. The log file also includes the hostname at the top (if a hostname has been set). John. -- --- John Horne, University of Plymouth, UK Tel: +44 (0)1752 233914 E-mail: [EMAIL

Re: [Rkhunter-users] noob here, should I be worried about these?

, then restart sshd. John. -- --- John Horne, University of Plymouth, UK Tel: +44 (0)1752 233914 E-mail: [EMAIL PROTECTED] Fax: +44 (0)1752 233839 - Take

Re: [Rkhunter-users] rkhunter CVS

have mentioned that. John. -- --- John Horne, University of Plymouth, UK Tel: +44 (0)1752 233914 E-mail: [EMAIL PROTECTED] Fax: +44 (0)1752 233839 - Take

Re: [Rkhunter-users] Suggestion and Thank You

that by default the current colour set (red/yellow/green) will still be used, so users won't notice a difference unless they specify to use the second colour set. John. -- --- John Horne, University of Plymouth, UK Tel: +44 (0)1752 233914 E

Re: [Rkhunter-users] Fresh install FC6

the file hashes. I would suggest you modify your os.dat file to make the first line something like 'version=00', and then run 'rkhunter --update' to get the latest version. John. -- --- John Horne, University of Plymouth, UK

Re: [Rkhunter-users] Solaris fingerprint DB ?

then get missed :-) John. -- --- John Horne, University of Plymouth, UK Tel: +44 (0)1752 233914 E-mail: [EMAIL PROTECTED] Fax: +44 (0)1752 233839 - Take

Re: [Rkhunter-users] RE FC6 fresh install. GOT IT :D

installation didn't complete successfully or had some problem causing SElinux to fail. John. -- --- John Horne, University of Plymouth, UK Tel: +44 (0)1752 233914 E-mail: [EMAIL PROTECTED] Fax: +44 (0)1752 233839

Re: [Rkhunter-users] Update as a cronjob

' will be performed first to ensure the latest files are being used. The current release does it the other wrong way round - the system check first and then it updates the files. John. -- --- John Horne, University of Plymouth, UK Tel: +44

Re: [Rkhunter-users] rkhunter update

. -- --- John Horne, University of Plymouth, UK Tel: +44 (0)1752 233914 E-mail: [EMAIL PROTECTED] Fax: +44 (0)1752 233839 - Take Surveys. Earn Cash. Influence the Future of IT Join SourceForge.net's Techsay

Re: [Rkhunter-users] Issue with mirror file on sourceforge

. I have just checked the file on sourceforge and it looks fine: {john}28: cat mirrors.dat version=2006121200 mirror=http://rkhunter.sourceforge.net mirror=http://rkhunter.sourceforge.net John. -- --- John Horne

Re: [Rkhunter-users] CentOS release 4.4 (Final)

to getting that all elusive next release out to you people :-) John. -- --- John Horne, University of Plymouth, UK Tel: +44 (0)1752 233914 E-mail: [EMAIL PROTECTED] Fax: +44 (0)1752 233839

Re: [Rkhunter-users] question about file's dependencies

that something has changed. John. -- --- John Horne, University of Plymouth, UK Tel: +44 (0)1752 233914 E-mail: [EMAIL PROTECTED] Fax: +44 (0)1752 233839 - Take

Re: [Rkhunter-users] question about file's dependencies

. -- --- John Horne, University of Plymouth, UK Tel: +44 (0)1752 233914 E-mail: [EMAIL PROTECTED] Fax: +44 (0)1752 233839 - Take Surveys. Earn Cash. Influence the Future of IT Join

Re: [Rkhunter-users] question about file's dependencies

. John. -- --- John Horne, University of Plymouth, UK Tel: +44 (0)1752 233914 E-mail: [EMAIL PROTECTED] Fax: +44 (0)1752 233839 - Take Surveys. Earn Cash

Re: [Rkhunter-users] question about file's dependencies

On Sat, 2007-01-13 at 17:04 +, John Horne wrote: On Sat, 2007-01-13 at 10:38 -0600, Mike Blezien wrote: Hello John, after running the following: - $ rpm -Vf /bin/more # OUTPUT .M../bin/mount .M../bin/umount .M../usr/bin/chfn

Re: [Rkhunter-users] CRON warning

On Tue, 2007-01-23 at 19:02 +, Dick Gevers wrote: On Tue, 23 Jan 2007 10:37:48 +, John Horne wrote about Re: [Rkhunter-users] CRON warning: On Tue, 2007-01-23 at 07:45 +, steve wrote: Hello, Can anyone tell me what this means, the SME e-mail server gives this error

Re: [Rkhunter-users] wrong warning message

. -- --- John Horne, University of Plymouth, UK Tel: +44 (0)1752 233914 E-mail: [EMAIL PROTECTED] Fax: +44 (0)1752 233839 - Using Tomcat but need to do more? Need to support web services, security? Get stuff done

Re: [Rkhunter-users] syslog remote logging detection

above ('ps' options), it starts to get a bit messy. That's my thinking anyway :-) John. -- --- John Horne, University of Plymouth, UK Tel: +44 (0)1752 233914 E-mail: [EMAIL PROTECTED] Fax: +44 (0)1752 233839

Re: [Rkhunter-users] MD5 Hash for Rkhunter

. The hash value I have is: b442c1a332746a7c40767aa587a5ca8a rkhunter-1.2.9.tar.gz John. -- --- John Horne, University of Plymouth, UK Tel: +44 (0)1752 233914 E-mail: [EMAIL PROTECTED] Fax: +44 (0)1752 233839

Re: [Rkhunter-users] Unknown apache version [vulnerable]

Apache, but not changed the version number. Hence, the check does not really help the user. John. -- --- John Horne, University of Plymouth, UK Tel: +44 (0)1752 233914 E-mail: [EMAIL PROTECTED] Fax: +44 (0)1752 233839

Re: [Rkhunter-users] Apache 2.2.4 FC6

. -- --- John Horne, University of Plymouth, UK Tel: +44 (0)1752 233914 E-mail: [EMAIL PROTECTED] Fax: +44 (0)1752 233839 - This SF.net email is sponsored by DB2 Express Download DB2

Re: [Rkhunter-users] Database updates but never really updates

. -- --- John Horne, University of Plymouth, UK Tel: +44 (0)1752 233914 E-mail: [EMAIL PROTECTED] Fax: +44 (0)1752 233839 - This SF.net email is sponsored by DB2 Express Download DB2 Express C - the FREE

Re: [Rkhunter-users] Database updates but never really updates

until I can sort it out. Good news is that the next release makes things easier - only one version number used per '.dat' file, so it just compares that against your running version. John. -- --- John Horne, University of Plymouth, UK

[Rkhunter-users] Update option working again

Hello, The '--update' option is now working again. I have updated the files on sourceforge (about 5 mins ago), and run RKH '--update' locally twice. If anyone wants to know, the new version number is 2007050201. John. -- --- John

Re: [Rkhunter-users] new warnings with current CVS build

. -- --- John Horne, University of Plymouth, UK Tel: +44 (0)1752 233914 E-mail: [EMAIL PROTECTED] Fax: +44 (0)1752 233839 - This SF.net email is sponsored by DB2 Express Download DB2 Express C - the FREE

Re: [Rkhunter-users] Kernel panic - possibly rkhunter's fault

it is a shell script running other binary programs. Lsof may be the cause. John. -- --- John Horne, University of Plymouth, UK Tel: +44 (0)1752 233914 E-mail: [EMAIL PROTECTED] Fax: +44 (0)1752 233839

Re: [Rkhunter-users] Bad hashes on RHEL, please help

. -- --- John Horne, University of Plymouth, UK Tel: +44 (0)1752 233914 E-mail: [EMAIL PROTECTED] Fax: +44 (0)1752 233839 - This SF.net email is sponsored by DB2 Express Download

Re: [Rkhunter-users] mechdarwin psybnc rootkit not found by rkhunter

, rather than you having to keep emailing individuals. Probably best if you put it in as a 'support request'. I would be interested to see if there is anything we can easily/quickly do for the next release. Thanks, John. -- --- John

Re: [Rkhunter-users] rkhunter 1.2.9

out better). For the moment though, as already suggested, you may have to use the --nocolors option. John. -- --- John Horne, University of Plymouth, UK Tel: +44 (0)1752 233914 E-mail: [EMAIL PROTECTED] Fax: +44 (0)1752 233839

Re: [Rkhunter-users] opensuse 10.2

which doesn't run the hash checks if it doesn't know the O/S). John. -- --- John Horne, University of Plymouth, UK Tel: +44 (0)1752 233914 E-mail: [EMAIL PROTECTED] Fax: +44 (0)1752 233839

Re: [Rkhunter-users] opensuse 10.2

. As what? John. -- --- John Horne, University of Plymouth, UK Tel: +44 (0)1752 233914 E-mail: [EMAIL PROTECTED] Fax: +44 (0)1752 233839 - This SF.net email

Re: [Rkhunter-users] re- vol 12 issue 11

. -- --- John Horne, University of Plymouth, UK Tel: +44 (0)1752 233914 E-mail: [EMAIL PROTECTED] Fax: +44 (0)1752 233839 - This SF.net email is sponsored

Re: [Rkhunter-users] Aliases and issues

. -- --- John Horne, University of Plymouth, UK Tel: +44 (0)1752 233914 E-mail: [EMAIL PROTECTED] Fax: +44 (0)1752 233839 - This SF.net email is sponsored by DB2 Express Download DB2 Express C - the FREE version of DB2

Re: [Rkhunter-users] Aliases and issues

installation is done). John. -- --- John Horne, University of Plymouth, UK Tel: +44 (0)1752 233914 E-mail: [EMAIL PROTECTED] Fax: +44 (0)1752 233839

Re: [Rkhunter-users] Possible false positive

. John. -- --- John Horne, University of Plymouth, UK Tel: +44 (0)1752 233914 E-mail: [EMAIL PROTECTED] Fax: +44 (0)1752 233839 - This SF.net email is sponsored

Re: [Rkhunter-users] rkhunter-1.2.9 sha1 checksum

, the second one is the current SHA1 value for the corrected tarball. John. -- --- John Horne, University of Plymouth, UK Tel: +44 (0)1752 233914 E-mail: [EMAIL PROTECTED] Fax: +44 (0)1752 233839

Re: [Rkhunter-users] run from CDROM?

. Overall I think it should be possible :-) John. -- --- John Horne, University of Plymouth, UK Tel: +44 (0)1752 233914 E-mail: [EMAIL PROTECTED] Fax: +44 (0)1752 233839

Re: [Rkhunter-users] RHEL5/prelink

. -- --- John Horne, University of Plymouth, UK Tel: +44 (0)1752 233914 E-mail: [EMAIL PROTECTED] Fax: +44 (0)1752 233839 - This SF.net email is sponsored by DB2 Express Download DB2 Express C - the FREE version of DB2

Re: [Rkhunter-users] CVS code stability / release status

it and there are bugs, well hopefully they won't be too bad :-) Don't forget, of course, to report them! John. -- --- John Horne, University of Plymouth, UK Tel: +44 (0)1752 233914 E-mail: [EMAIL PROTECTED] Fax: +44 (0)1752 233839

Re: [Rkhunter-users] bourne shell replacements detected by cvs rkh

it doesn't seem worth testing. John. -- --- John Horne, University of Plymouth, UK Tel: +44 (0)1752 233914 E-mail: [EMAIL PROTECTED] Fax: +44 (0)1752 233839

Re: [Rkhunter-users] request the wiki to be at sourceforge site

to do, but I suspect testing would be easier if a list were provided. John. -- --- John Horne, University of Plymouth, UK Tel: +44 (0)1752 233914 E-mail: [EMAIL PROTECTED] Fax: +44 (0)1752 233839

Re: [Rkhunter-users] Md5 hash problem in server

. -- --- John Horne, University of Plymouth, UK Tel: +44 (0)1752 233914 E-mail: [EMAIL PROTECTED] Fax: +44 (0)1752 233839 - This SF.net email is sponsored by DB2 Express Download DB2 Express C - the FREE version

Re: [Rkhunter-users] rkhunter 1.2.9

installation. John. -- --- John Horne, University of Plymouth, UK Tel: +44 (0)1752 233914 E-mail: [EMAIL PROTECTED] Fax: +44 (0)1752 233839 - This SF.net

Re: [Rkhunter-users] rkhunter of rpmverify problems

, rkhunter knows nothing about RPM verification. The first 8 '.' refer to the various file properties. I don't know what the 'C' is and my FC3 system gives no indication of what that is either. John. -- --- John Horne, University of Plymouth

Re: [Rkhunter-users] Should I be worried?

it to 'PermitRootLogin no', unless you have some specific reason for allowing root logins. John. -- --- John Horne, University of Plymouth, UK Tel: +44 (0)1752 233914 E-mail: [EMAIL PROTECTED] Fax: +44 (0)1752 233839

Re: [Rkhunter-users] The internationalisation directory does not exist

a default installation. Did you change the rkhunter.conf file after installation, in particular the 'DBDIR' entry? John. -- --- John Horne, University of Plymouth, UK Tel: +44 (0)1752 233914 E-mail: [EMAIL PROTECTED] Fax: +44 (0)1752

Re: [Rkhunter-users] rkhunter-1.3.0 false warnings (hopefully;-))

On Mon, 2007-07-23 at 15:33 +0200, andre piewak wrote: [14:26:18] Checking if SSH root access is allowed [ Warning ] The log file will contain the reason for this warning. You haven't shown us that bit. John. -- --- John Horne

Re: [Rkhunter-users] Problems with V 1.3.0

script look like? It is now perfectly possible to combine updates with a check (using '--update -c --cronjob'), but if you are running the update seperately then RKH assumes colours will be used for the output. John. -- --- John Horne

Re: [Rkhunter-users] Problems with V 1.3.0

-q /usr/local/bin/rkhunter --update -q /usr/local/bin/rkhunter --cronjob --rwo You can, if you want, check the return code when '-q' is used to see if everything went okay. John. -- --- John Horne, University of Plymouth, UK Tel

Re: [Rkhunter-users] (no subject)

. -- --- John Horne, University of Plymouth, UK Tel: +44 (0)1752 233914 E-mail: [EMAIL PROTECTED] Fax: +44 (0)1752 233839 - This SF.net email is sponsored by: Splunk

Re: [Rkhunter-users] Problems with 1.30 after upgrade

. -- --- John Horne, University of Plymouth, UK Tel: +44 (0)1752 233914 E-mail: [EMAIL PROTECTED] Fax: +44 (0)1752 233839 - This SF.net email is sponsored by: Splunk

Re: [Rkhunter-users] Problems with hashes after upgrading to 1.30

look in the log file to see why you have been given warnings. Then look in the rkhunter.conf file to see if the entries can be whitelisted (assuming they are valid). John. -- --- John Horne, University of Plymouth, UK Tel: +44 (0)1752

Re: [Rkhunter-users] How to add support for other distros?

that. John. -- --- John Horne, University of Plymouth, UK Tel: +44 (0)1752 233914 E-mail: [EMAIL PROTECTED] Fax: +44 (0)1752 233839 - This SF.net email

Re: [Rkhunter-users] How to add support for other distros?

. an '*-version' file is found but it is nothing to do with the operating system. I think it was felt better to not do this, and for users to let us know if their O/S was not recognised. John. -- --- John Horne, University of Plymouth, UK Tel

Re: [Rkhunter-users] v1.2.9, OS 730 (Debian 4.0 (i386)): Unknown PermitRootLogin value

On Thu, 2007-08-16 at 23:41 +0200, [EMAIL PROTECTED] wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA512 John Horne wrote: On Thu, 2007-08-16 at 22:25 +0200, [EMAIL PROTECTED] wrote: What I have in /etc/ssh/sshd_config is this (hexdump, output rewrapped): *** quote (start

Re: [Rkhunter-users] v1.2.9, OS 730 (Debian 4.0 (i386)): Unknown PermitRootLogin value

On Thu, 2007-08-16 at 23:41 +0200, [EMAIL PROTECTED] wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA512 John Horne wrote: On Thu, 2007-08-16 at 22:25 +0200, [EMAIL PROTECTED] wrote: What I have in /etc/ssh/sshd_config is this (hexdump, output rewrapped): *** quote (start

Re: [Rkhunter-users] false positive portsentry port 2001

of whitelisting ports that are known to be in use, or ports (which may vary) that are in use by a known process (requires lsof for this). I would suggest either waiting for the full release or test the beta, or CVS, version. John. -- --- John

Re: [Rkhunter-users] Ubuntu Feisty Fawn and Known Goods

. -- --- John Horne, University of Plymouth, UK Tel: +44 (0)1752 233914 E-mail: [EMAIL PROTECTED] Fax: +44 (0)1752 233839 - This SF.net email is sponsored by: Splunk Inc. Still

Re: [Rkhunter-users] Ubuntu Feisty Fawn and Known Goods

-properties check. I would suggest looking through the log file to see why the warnings occur. Then perhaps look through the configuration file to see if there is any whitelisting available for the reasons given. John. -- --- John Horne

Re: [Rkhunter-users] Fix for ksh+OpenBSD, other systems?

. -- --- John Horne, University of Plymouth, UK Tel: +44 (0)1752 233914 E-mail: [EMAIL PROTECTED] Fax: +44 (0)1752 233839 - This SF.net email is sponsored by: Splunk Inc. Still

Re: [Rkhunter-users] beta2 custom layout test of uninstall

yourself if you wish. Hence the 'please double-check' message. Does that help? John. -- --- John Horne, University of Plymouth, UK Tel: +44 (0)1752 233914 E-mail: [EMAIL PROTECTED] Fax: +44 (0)1752 233839

Re: [Rkhunter-users] suggestion for conf file in beta2

. -- --- John Horne, University of Plymouth, UK Tel: +44 (0)1752 233914 E-mail: [EMAIL PROTECTED] Fax: +44 (0)1752 233839 - This SF.net email is sponsored by: Microsoft Defy all challenges

Re: [Rkhunter-users] Incorrect MD5 checksums: 7

the sourceforge site. Alternatively try the 1.3.0 beta 2 version (and read the README file about installation). John. -- --- John Horne, University of Plymouth, UK Tel: +44 (0)1752 233914 E-mail: [EMAIL PROTECTED] Fax: +44 (0

Re: [Rkhunter-users] Parallels eth adapter detected as promiscuous

. John. -- --- John Horne, University of Plymouth, UK Tel: +44 (0)1752 233914 E-mail: [EMAIL PROTECTED] Fax: +44 (0)1752 233839 - This SF.net email

Re: [Rkhunter-users] Email warnings

is to check the return code instead. It will be non-zero if something has occurred - the README has more details about the return code. John. -- --- John Horne, University of Plymouth, UK Tel: +44 (0)1752 233914 E-mail: [EMAIL PROTECTED

Re: [Rkhunter-users] Updating mirror hangs

/mirrors.dat Does running the wget command manually from the command-line work? John. -- --- John Horne, University of Plymouth, UK Tel: +44 (0)1752 233914 E-mail: [EMAIL PROTECTED] Fax: +44 (0)1752 233839

Re: [Rkhunter-users] Updating mirror hangs

rkhunter.sourceforge.net 80 Trying 66.35.250.209... Connected to rkhunter.sourceforge.net. Escape character is '^]'. ^] telnet quit Connection closed. John. -- --- John Horne, University of Plymouth, UK Tel: +44 (0)1752 233914 E

Re: [Rkhunter-users] Warning Message

. -- --- John Horne, University of Plymouth, UK Tel: +44 (0)1752 233914 E-mail: [EMAIL PROTECTED] Fax: +44 (0)1752 233839 - This SF.net email is sponsored

Re: [Rkhunter-users] Warning Message

there though, and have reported the name as '# root'. John. -- --- John Horne, University of Plymouth, UK Tel: +44 (0)1752 233914 E-mail: [EMAIL PROTECTED] Fax: +44 (0)1752 233839

Re: [Rkhunter-users] What's this mean?

. -- --- John Horne, University of Plymouth, UK Tel: +44 (0)1752 233914 E-mail: [EMAIL PROTECTED] Fax: +44 (0)1752 233839 - This SF.net email is sponsored by: Microsoft Defy all challenges. Microsoft(R) Visual

Re: [Rkhunter-users] Warning Messages

, the file please. John. -- --- John Horne, University of Plymouth, UK Tel: +44 (0)1752 233914 E-mail: [EMAIL PROTECTED] Fax: +44 (0)1752 233839 - This SF.net

Re: [Rkhunter-users] Warning Messages

will show you how to do this). John. -- --- John Horne, University of Plymouth, UK Tel: +44 (0)1752 233914 E-mail: [EMAIL PROTECTED] Fax: +44 (0)1752 233839

Re: [Rkhunter-users] Another Warnings question

the processes, /usr/local/apache/bin/httpd and /usr/bin/perl, have file descriptors open for files which no longer exist, which is suspicious. Look for ALLOWPROCDELFILE in the config file to see about whitelisting. John. -- --- John

Re: [Rkhunter-users] Another Warnings question

On Thu, 2007-09-27 at 09:55 -0500, Mike Blezien wrote: John, - Original Message - From: John Horne [EMAIL PROTECTED] To: RkhunerList rkhunter-users@lists.sourceforge.net Sent: Thursday, September 27, 2007 9:10 AM Subject: Re: [Rkhunter-users] Another Warnings question On Thu

Re: [Rkhunter-users] Another Warnings question

On Thu, 2007-09-27 at 10:46 -0500, Mike Blezien wrote: John, - Original Message - From: John Horne [EMAIL PROTECTED] To: RkhunerList rkhunter-users@lists.sourceforge.net Sent: Thursday, September 27, 2007 10:13 AM Subject: Re: [Rkhunter-users] Another Warnings question

Re: [Rkhunter-users] rkh 1.3.0 config note

called 'USING TEST NAMES' which explains about enabling and disabling tests. John. -- --- John Horne, University of Plymouth, UK Tel: +44 (0)1752 233914 E-mail: [EMAIL PROTECTED] Fax: +44 (0)1752 233839

Re: [Rkhunter-users] Scriptdir

. -- --- John Horne, University of Plymouth, UK Tel: +44 (0)1752 233914 E-mail: [EMAIL PROTECTED] Fax: +44 (0)1752 233839 - This SF.net email is sponsored by: Microsoft Defy all challenges. Microsoft(R) Visual

Re: [Rkhunter-users] Scriptdir

. -- --- John Horne, University of Plymouth, UK Tel: +44 (0)1752 233914 E-mail: [EMAIL PROTECTED] Fax: +44 (0)1752 233839 - This SF.net email is sponsored by: Microsoft Defy all challenges. Microsoft(R

Re: [Rkhunter-users] Scriptdir

On Tue, 2007-10-02 at 17:54 +0100, John Horne wrote: On Sun, 2007-09-30 at 22:59 -0400, Mark Misulich wrote: Hi, I started out using rkhunter version 1.2.8, then upgraded to 1.2.9 a few weeks ago. I wasn't able to get 1.2.9 to update after I installed it, but it would check for rootkits

Re: [Rkhunter-users] SUSPSCAN_HITCOUNT variable

. -- --- John Horne, University of Plymouth, UK Tel: +44 (0)1752 233914 E-mail: [EMAIL PROTECTED] Fax: +44 (0)1752 233839 - This SF.net email is sponsored by: Splunk Inc. Still grepping through log files

Re: [Rkhunter-users] Fwd: [rkhunter] Daily run

version of RKH. I would say first of all upgrade. John. -- --- John Horne, University of Plymouth, UK Tel: +44 (0)1752 233914 E-mail: [EMAIL PROTECTED] Fax: +44 (0)1752 233839

Re: [Rkhunter-users] Fwd: [rkhunter] Daily run

On Tue, 2007-10-09 at 11:40 +0200, Nils Breunese (Lemonbit) wrote: John Horne wrote: On Mon, 2007-10-08 at 13:43 +0300, Pacala Jr wrote: I am using your tool on an Linux Debian setup with openvz Unfortunately your product doesn't recognize openvz Any plans/dates to support openvz

[Rkhunter-users] RKH CVS version numbers

it saying that the latest version is less than your running version. Regards, John. -- --- John Horne, University of Plymouth, UK Tel: +44 (0)1752 233914 E-mail: [EMAIL PROTECTED] Fax: +44 (0)1752 233839

Re: [Rkhunter-users] Unusual warning

. -- --- John Horne, University of Plymouth, UK Tel: +44 (0)1752 233914 E-mail: [EMAIL PROTECTED] Fax: +44 (0)1752 233839 - This SF.net email is sponsored by: Splunk Inc

Re: [Rkhunter-users] RKH 1.3.0, Send logfile as attachment (on warnings)

, you only want to see any warning messages then look at the '--report-warnings-only' option (in the man page or just type 'rkhunter -h'). Note, I have removed the ' echo ' you had because it was unnecessary. John. -- --- John Horne

Re: [Rkhunter-users] Updates

. -- --- John Horne, University of Plymouth, UK Tel: +44 (0)1752 233914 E-mail: [EMAIL PROTECTED] Fax: +44 (0)1752 233839 - This SF.net email is sponsored by: Splunk Inc. Still grepping through log files

  1   2   3   4   5   6   7   >