Re: [Rkhunter-users] rkhunter Daily Run: where's the warning?

2006-09-14 Thread John Horne
On Thu, 2006-09-14 at 10:44 +0100, John Horne wrote: Warning: This operating system is not fully supported! Warning: Cannot find md5_not_known could be that. No, this doesn't set the warning variable in the code (at least that I can see!). Oops, my mistake. The warning messages

Re: [Rkhunter-users] new hashes

2006-09-30 Thread John Horne
On Sun, 2006-10-01 at 02:43 +0300, Nerijus Baliunas wrote: On Sun, 01 Oct 2006 00:17:24 +0100 John Horne [EMAIL PROTECTED] wrote: No. From the sourceforge site, download the 'hashupd.sh' script and run that. I ran rkhunter --update, but it says all mirrors I tried are out of date. I

[Rkhunter-users] White colour and blank lines

2006-10-01 Thread John Horne
it, but could perhaps try and find out. The second option is probably the easiest. Anyone have any comments about this? Thanks, John. -- --- John Horne, University of Plymouth, UK Tel: +44 (0)1752 233914 E-mail: [EMAIL PROTECTED] Fax

Re: [Rkhunter-users] Problem with MD5 hash on Fedora Core 5

2006-10-07 Thread John Horne
this. = It may be that you need to leave SELinux disabled will RKH runs. John. -- --- John Horne, University of Plymouth, UK Tel: +44 (0)1752 233914 E-mail: [EMAIL PROTECTED] Fax: +44 (0)1752 233839

Re: [Rkhunter-users] Bad MD5 for /bin/kill

2006-10-15 Thread John Horne
. -- --- John Horne, University of Plymouth, UK Tel: +44 (0)1752 233914 E-mail: [EMAIL PROTECTED] Fax: +44 (0)1752 233839 - Using Tomcat but need to do more? Need to support

Re: [Rkhunter-users] Centos 4 not recognised (fixed)

2006-10-16 Thread John Horne
On Mon, 2006-10-16 at 10:41 +0100, Dave R wrote: Rootkit Hunter 1.2.8 is running Suggest you upgrade to 1.2.9 as well. (Your '--update' worked because the data files are aware of Centos 4.) John. -- --- John Horne

Re: [Rkhunter-users] Unkown application versions..

2006-11-12 Thread John Horne
... Application not found $ which ssh /usr/bin/ssh The test looks for sshd, not ssh, since that is what will decide if someone can access your system or not. John. -- --- John Horne, University of Plymouth, UK Tel: +44 (0)1752 233914 E

Re: [Rkhunter-users] Unkown application versions..

2006-11-12 Thread John Horne
On Sun, 2006-11-12 at 20:52 +, Dick Gevers wrote: On Sun, 12 Nov 2006 20:45:35 +, John Horne wrote about Re: [Rkhunter-users] Unkown application versions..: On Sun, 2006-11-12 at 20:36 +, Dick Gevers wrote: On Sun, 12 Nov 2006 20:02:12 +0100, Jacob Willig wrote about [Rkhunter

Re: [Rkhunter-users] Some questions for RKHunter newbie

2006-11-23 Thread John Horne
. -- --- John Horne, University of Plymouth, UK Tel: +44 (0)1752 233914 E-mail: [EMAIL PROTECTED] Fax: +44 (0)1752 233839 - Take Surveys. Earn Cash. Influence the Future of IT Join

Re: [Rkhunter-users] Apache configuration absent but ...[ OK ]

2006-11-25 Thread John Horne
this as a bug on the sourceforge web page please. John. -- --- John Horne, University of Plymouth, UK Tel: +44 (0)1752 233914 E-mail: [EMAIL PROTECTED] Fax: +44 (0)1752 233839

Re: [Rkhunter-users] (no subject)

2006-12-05 Thread John Horne
that. It will update your local os.dat file with the current hashes. John. -- --- John Horne, University of Plymouth, UK Tel: +44 (0)1752 233914 E-mail: [EMAIL PROTECTED] Fax: +44 (0)1752 233839

Re: [Rkhunter-users] warnings but no problems reported

2006-12-08 Thread John Horne
On Fri, 2006-12-08 at 11:57 -0700, JT Moree wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 John Horne wrote: On Thu, 2006-11-30 at 14:19 -0700, JT Moree wrote: I have rkhunter running on a system where I get a warning email even though when I run the report nothing seems

Re: [Rkhunter-users] re running hashupd then not running --update

2006-12-12 Thread John Horne
. -- --- John Horne, University of Plymouth, UK Tel: +44 (0)1752 233914 E-mail: [EMAIL PROTECTED] Fax: +44 (0)1752 233839 - Take Surveys. Earn Cash. Influence the Future of IT Join

Re: [Rkhunter-users] RKH CVS tarball available: testers wanted

2006-12-12 Thread John Horne
you what options are available. Note, references in the logfile to '-- hashupd' should of course be '--hashupd'. Step 3 is an installer bug. Oops. John. -- --- John Horne, University of Plymouth, UK Tel: +44 (0)1752 233914 E-mail

Re: [Rkhunter-users] system checks

2006-12-15 Thread John Horne
the hostname in the subject for the mail-on-warnings setting. The log file also includes the hostname at the top (if a hostname has been set). John. -- --- John Horne, University of Plymouth, UK Tel: +44 (0)1752 233914 E-mail: [EMAIL

Re: [Rkhunter-users] noob here, should I be worried about these?

2006-12-18 Thread John Horne
, then restart sshd. John. -- --- John Horne, University of Plymouth, UK Tel: +44 (0)1752 233914 E-mail: [EMAIL PROTECTED] Fax: +44 (0)1752 233839 - Take

Re: [Rkhunter-users] rkhunter CVS

2006-12-18 Thread John Horne
have mentioned that. John. -- --- John Horne, University of Plymouth, UK Tel: +44 (0)1752 233914 E-mail: [EMAIL PROTECTED] Fax: +44 (0)1752 233839 - Take

Re: [Rkhunter-users] Suggestion and Thank You

2006-12-20 Thread John Horne
that by default the current colour set (red/yellow/green) will still be used, so users won't notice a difference unless they specify to use the second colour set. John. -- --- John Horne, University of Plymouth, UK Tel: +44 (0)1752 233914 E

Re: [Rkhunter-users] Fresh install FC6

2007-01-01 Thread John Horne
the file hashes. I would suggest you modify your os.dat file to make the first line something like 'version=00', and then run 'rkhunter --update' to get the latest version. John. -- --- John Horne, University of Plymouth, UK

Re: [Rkhunter-users] Solaris fingerprint DB ?

2007-01-01 Thread John Horne
then get missed :-) John. -- --- John Horne, University of Plymouth, UK Tel: +44 (0)1752 233914 E-mail: [EMAIL PROTECTED] Fax: +44 (0)1752 233839 - Take

Re: [Rkhunter-users] RE FC6 fresh install. GOT IT :D

2007-01-01 Thread John Horne
installation didn't complete successfully or had some problem causing SElinux to fail. John. -- --- John Horne, University of Plymouth, UK Tel: +44 (0)1752 233914 E-mail: [EMAIL PROTECTED] Fax: +44 (0)1752 233839

Re: [Rkhunter-users] Update as a cronjob

2007-01-03 Thread John Horne
' will be performed first to ensure the latest files are being used. The current release does it the other wrong way round - the system check first and then it updates the files. John. -- --- John Horne, University of Plymouth, UK Tel: +44

Re: [Rkhunter-users] rkhunter update

2007-01-04 Thread John Horne
. -- --- John Horne, University of Plymouth, UK Tel: +44 (0)1752 233914 E-mail: [EMAIL PROTECTED] Fax: +44 (0)1752 233839 - Take Surveys. Earn Cash. Influence the Future of IT Join SourceForge.net's Techsay

Re: [Rkhunter-users] Issue with mirror file on sourceforge

2007-01-04 Thread John Horne
. I have just checked the file on sourceforge and it looks fine: {john}28: cat mirrors.dat version=2006121200 mirror=http://rkhunter.sourceforge.net mirror=http://rkhunter.sourceforge.net John. -- --- John Horne

Re: [Rkhunter-users] CentOS release 4.4 (Final)

2007-01-09 Thread John Horne
to getting that all elusive next release out to you people :-) John. -- --- John Horne, University of Plymouth, UK Tel: +44 (0)1752 233914 E-mail: [EMAIL PROTECTED] Fax: +44 (0)1752 233839

Re: [Rkhunter-users] question about file's dependencies

2007-01-13 Thread John Horne
that something has changed. John. -- --- John Horne, University of Plymouth, UK Tel: +44 (0)1752 233914 E-mail: [EMAIL PROTECTED] Fax: +44 (0)1752 233839 - Take

Re: [Rkhunter-users] question about file's dependencies

2007-01-13 Thread John Horne
. -- --- John Horne, University of Plymouth, UK Tel: +44 (0)1752 233914 E-mail: [EMAIL PROTECTED] Fax: +44 (0)1752 233839 - Take Surveys. Earn Cash. Influence the Future of IT Join

Re: [Rkhunter-users] question about file's dependencies

2007-01-13 Thread John Horne
. John. -- --- John Horne, University of Plymouth, UK Tel: +44 (0)1752 233914 E-mail: [EMAIL PROTECTED] Fax: +44 (0)1752 233839 - Take Surveys. Earn Cash

Re: [Rkhunter-users] question about file's dependencies

2007-01-13 Thread John Horne
On Sat, 2007-01-13 at 17:04 +, John Horne wrote: On Sat, 2007-01-13 at 10:38 -0600, Mike Blezien wrote: Hello John, after running the following: - $ rpm -Vf /bin/more # OUTPUT .M../bin/mount .M../bin/umount .M../usr/bin/chfn

Re: [Rkhunter-users] CRON warning

2007-01-23 Thread John Horne
On Tue, 2007-01-23 at 19:02 +, Dick Gevers wrote: On Tue, 23 Jan 2007 10:37:48 +, John Horne wrote about Re: [Rkhunter-users] CRON warning: On Tue, 2007-01-23 at 07:45 +, steve wrote: Hello, Can anyone tell me what this means, the SME e-mail server gives this error

Re: [Rkhunter-users] wrong warning message

2007-02-12 Thread John Horne
. -- --- John Horne, University of Plymouth, UK Tel: +44 (0)1752 233914 E-mail: [EMAIL PROTECTED] Fax: +44 (0)1752 233839 - Using Tomcat but need to do more? Need to support web services, security? Get stuff done

Re: [Rkhunter-users] syslog remote logging detection

2007-02-28 Thread John Horne
above ('ps' options), it starts to get a bit messy. That's my thinking anyway :-) John. -- --- John Horne, University of Plymouth, UK Tel: +44 (0)1752 233914 E-mail: [EMAIL PROTECTED] Fax: +44 (0)1752 233839

Re: [Rkhunter-users] MD5 Hash for Rkhunter

2007-04-11 Thread John Horne
. The hash value I have is: b442c1a332746a7c40767aa587a5ca8a rkhunter-1.2.9.tar.gz John. -- --- John Horne, University of Plymouth, UK Tel: +44 (0)1752 233914 E-mail: [EMAIL PROTECTED] Fax: +44 (0)1752 233839

Re: [Rkhunter-users] Unknown apache version [vulnerable]

2007-04-24 Thread John Horne
Apache, but not changed the version number. Hence, the check does not really help the user. John. -- --- John Horne, University of Plymouth, UK Tel: +44 (0)1752 233914 E-mail: [EMAIL PROTECTED] Fax: +44 (0)1752 233839

Re: [Rkhunter-users] Apache 2.2.4 FC6

2007-04-26 Thread John Horne
. -- --- John Horne, University of Plymouth, UK Tel: +44 (0)1752 233914 E-mail: [EMAIL PROTECTED] Fax: +44 (0)1752 233839 - This SF.net email is sponsored by DB2 Express Download DB2

Re: [Rkhunter-users] Database updates but never really updates

2007-05-01 Thread John Horne
. -- --- John Horne, University of Plymouth, UK Tel: +44 (0)1752 233914 E-mail: [EMAIL PROTECTED] Fax: +44 (0)1752 233839 - This SF.net email is sponsored by DB2 Express Download DB2 Express C - the FREE

Re: [Rkhunter-users] Database updates but never really updates

2007-05-02 Thread John Horne
until I can sort it out. Good news is that the next release makes things easier - only one version number used per '.dat' file, so it just compares that against your running version. John. -- --- John Horne, University of Plymouth, UK

[Rkhunter-users] Update option working again

2007-05-02 Thread John Horne
Hello, The '--update' option is now working again. I have updated the files on sourceforge (about 5 mins ago), and run RKH '--update' locally twice. If anyone wants to know, the new version number is 2007050201. John. -- --- John

Re: [Rkhunter-users] new warnings with current CVS build

2007-05-02 Thread John Horne
. -- --- John Horne, University of Plymouth, UK Tel: +44 (0)1752 233914 E-mail: [EMAIL PROTECTED] Fax: +44 (0)1752 233839 - This SF.net email is sponsored by DB2 Express Download DB2 Express C - the FREE

Re: [Rkhunter-users] Kernel panic - possibly rkhunter's fault

2007-05-08 Thread John Horne
it is a shell script running other binary programs. Lsof may be the cause. John. -- --- John Horne, University of Plymouth, UK Tel: +44 (0)1752 233914 E-mail: [EMAIL PROTECTED] Fax: +44 (0)1752 233839

Re: [Rkhunter-users] Bad hashes on RHEL, please help

2007-05-09 Thread John Horne
. -- --- John Horne, University of Plymouth, UK Tel: +44 (0)1752 233914 E-mail: [EMAIL PROTECTED] Fax: +44 (0)1752 233839 - This SF.net email is sponsored by DB2 Express Download

Re: [Rkhunter-users] mechdarwin psybnc rootkit not found by rkhunter

2007-05-14 Thread John Horne
, rather than you having to keep emailing individuals. Probably best if you put it in as a 'support request'. I would be interested to see if there is anything we can easily/quickly do for the next release. Thanks, John. -- --- John

Re: [Rkhunter-users] rkhunter 1.2.9

2007-05-15 Thread John Horne
out better). For the moment though, as already suggested, you may have to use the --nocolors option. John. -- --- John Horne, University of Plymouth, UK Tel: +44 (0)1752 233914 E-mail: [EMAIL PROTECTED] Fax: +44 (0)1752 233839

Re: [Rkhunter-users] opensuse 10.2

2007-05-22 Thread John Horne
which doesn't run the hash checks if it doesn't know the O/S). John. -- --- John Horne, University of Plymouth, UK Tel: +44 (0)1752 233914 E-mail: [EMAIL PROTECTED] Fax: +44 (0)1752 233839

Re: [Rkhunter-users] opensuse 10.2

2007-05-22 Thread John Horne
. As what? John. -- --- John Horne, University of Plymouth, UK Tel: +44 (0)1752 233914 E-mail: [EMAIL PROTECTED] Fax: +44 (0)1752 233839 - This SF.net email

Re: [Rkhunter-users] re- vol 12 issue 11

2007-05-31 Thread John Horne
. -- --- John Horne, University of Plymouth, UK Tel: +44 (0)1752 233914 E-mail: [EMAIL PROTECTED] Fax: +44 (0)1752 233839 - This SF.net email is sponsored

Re: [Rkhunter-users] Aliases and issues

2007-06-04 Thread John Horne
. -- --- John Horne, University of Plymouth, UK Tel: +44 (0)1752 233914 E-mail: [EMAIL PROTECTED] Fax: +44 (0)1752 233839 - This SF.net email is sponsored by DB2 Express Download DB2 Express C - the FREE version of DB2

Re: [Rkhunter-users] Aliases and issues

2007-06-04 Thread John Horne
installation is done). John. -- --- John Horne, University of Plymouth, UK Tel: +44 (0)1752 233914 E-mail: [EMAIL PROTECTED] Fax: +44 (0)1752 233839

Re: [Rkhunter-users] Possible false positive

2007-06-05 Thread John Horne
. John. -- --- John Horne, University of Plymouth, UK Tel: +44 (0)1752 233914 E-mail: [EMAIL PROTECTED] Fax: +44 (0)1752 233839 - This SF.net email is sponsored

Re: [Rkhunter-users] rkhunter-1.2.9 sha1 checksum

2007-06-08 Thread John Horne
, the second one is the current SHA1 value for the corrected tarball. John. -- --- John Horne, University of Plymouth, UK Tel: +44 (0)1752 233914 E-mail: [EMAIL PROTECTED] Fax: +44 (0)1752 233839

Re: [Rkhunter-users] run from CDROM?

2007-06-11 Thread John Horne
. Overall I think it should be possible :-) John. -- --- John Horne, University of Plymouth, UK Tel: +44 (0)1752 233914 E-mail: [EMAIL PROTECTED] Fax: +44 (0)1752 233839

Re: [Rkhunter-users] RHEL5/prelink

2007-06-14 Thread John Horne
. -- --- John Horne, University of Plymouth, UK Tel: +44 (0)1752 233914 E-mail: [EMAIL PROTECTED] Fax: +44 (0)1752 233839 - This SF.net email is sponsored by DB2 Express Download DB2 Express C - the FREE version of DB2

Re: [Rkhunter-users] CVS code stability / release status

2007-06-15 Thread John Horne
it and there are bugs, well hopefully they won't be too bad :-) Don't forget, of course, to report them! John. -- --- John Horne, University of Plymouth, UK Tel: +44 (0)1752 233914 E-mail: [EMAIL PROTECTED] Fax: +44 (0)1752 233839

Re: [Rkhunter-users] bourne shell replacements detected by cvs rkh

2007-06-15 Thread John Horne
it doesn't seem worth testing. John. -- --- John Horne, University of Plymouth, UK Tel: +44 (0)1752 233914 E-mail: [EMAIL PROTECTED] Fax: +44 (0)1752 233839

Re: [Rkhunter-users] request the wiki to be at sourceforge site

2007-06-20 Thread John Horne
to do, but I suspect testing would be easier if a list were provided. John. -- --- John Horne, University of Plymouth, UK Tel: +44 (0)1752 233914 E-mail: [EMAIL PROTECTED] Fax: +44 (0)1752 233839

Re: [Rkhunter-users] Md5 hash problem in server

2007-06-28 Thread John Horne
. -- --- John Horne, University of Plymouth, UK Tel: +44 (0)1752 233914 E-mail: [EMAIL PROTECTED] Fax: +44 (0)1752 233839 - This SF.net email is sponsored by DB2 Express Download DB2 Express C - the FREE version

Re: [Rkhunter-users] rkhunter 1.2.9

2007-06-29 Thread John Horne
installation. John. -- --- John Horne, University of Plymouth, UK Tel: +44 (0)1752 233914 E-mail: [EMAIL PROTECTED] Fax: +44 (0)1752 233839 - This SF.net

Re: [Rkhunter-users] rkhunter of rpmverify problems

2007-07-10 Thread John Horne
, rkhunter knows nothing about RPM verification. The first 8 '.' refer to the various file properties. I don't know what the 'C' is and my FC3 system gives no indication of what that is either. John. -- --- John Horne, University of Plymouth

Re: [Rkhunter-users] Should I be worried?

2007-07-17 Thread John Horne
it to 'PermitRootLogin no', unless you have some specific reason for allowing root logins. John. -- --- John Horne, University of Plymouth, UK Tel: +44 (0)1752 233914 E-mail: [EMAIL PROTECTED] Fax: +44 (0)1752 233839

Re: [Rkhunter-users] The internationalisation directory does not exist

2007-07-24 Thread John Horne
a default installation. Did you change the rkhunter.conf file after installation, in particular the 'DBDIR' entry? John. -- --- John Horne, University of Plymouth, UK Tel: +44 (0)1752 233914 E-mail: [EMAIL PROTECTED] Fax: +44 (0)1752

Re: [Rkhunter-users] rkhunter-1.3.0 false warnings (hopefully;-))

2007-07-24 Thread John Horne
On Mon, 2007-07-23 at 15:33 +0200, andre piewak wrote: [14:26:18] Checking if SSH root access is allowed [ Warning ] The log file will contain the reason for this warning. You haven't shown us that bit. John. -- --- John Horne

Re: [Rkhunter-users] Problems with V 1.3.0

2007-07-24 Thread John Horne
script look like? It is now perfectly possible to combine updates with a check (using '--update -c --cronjob'), but if you are running the update seperately then RKH assumes colours will be used for the output. John. -- --- John Horne

Re: [Rkhunter-users] Problems with V 1.3.0

2007-07-25 Thread John Horne
-q /usr/local/bin/rkhunter --update -q /usr/local/bin/rkhunter --cronjob --rwo You can, if you want, check the return code when '-q' is used to see if everything went okay. John. -- --- John Horne, University of Plymouth, UK Tel

Re: [Rkhunter-users] (no subject)

2007-07-26 Thread John Horne
. -- --- John Horne, University of Plymouth, UK Tel: +44 (0)1752 233914 E-mail: [EMAIL PROTECTED] Fax: +44 (0)1752 233839 - This SF.net email is sponsored by: Splunk

Re: [Rkhunter-users] Problems with 1.30 after upgrade

2007-08-06 Thread John Horne
. -- --- John Horne, University of Plymouth, UK Tel: +44 (0)1752 233914 E-mail: [EMAIL PROTECTED] Fax: +44 (0)1752 233839 - This SF.net email is sponsored by: Splunk

Re: [Rkhunter-users] Problems with hashes after upgrading to 1.30

2007-08-08 Thread John Horne
look in the log file to see why you have been given warnings. Then look in the rkhunter.conf file to see if the entries can be whitelisted (assuming they are valid). John. -- --- John Horne, University of Plymouth, UK Tel: +44 (0)1752

Re: [Rkhunter-users] How to add support for other distros?

2007-08-08 Thread John Horne
that. John. -- --- John Horne, University of Plymouth, UK Tel: +44 (0)1752 233914 E-mail: [EMAIL PROTECTED] Fax: +44 (0)1752 233839 - This SF.net email

Re: [Rkhunter-users] How to add support for other distros?

2007-08-08 Thread John Horne
. an '*-version' file is found but it is nothing to do with the operating system. I think it was felt better to not do this, and for users to let us know if their O/S was not recognised. John. -- --- John Horne, University of Plymouth, UK Tel

Re: [Rkhunter-users] v1.2.9, OS 730 (Debian 4.0 (i386)): Unknown PermitRootLogin value

2007-08-16 Thread John Horne
On Thu, 2007-08-16 at 23:41 +0200, [EMAIL PROTECTED] wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA512 John Horne wrote: On Thu, 2007-08-16 at 22:25 +0200, [EMAIL PROTECTED] wrote: What I have in /etc/ssh/sshd_config is this (hexdump, output rewrapped): *** quote (start

Re: [Rkhunter-users] v1.2.9, OS 730 (Debian 4.0 (i386)): Unknown PermitRootLogin value

2007-08-16 Thread John Horne
On Thu, 2007-08-16 at 23:41 +0200, [EMAIL PROTECTED] wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA512 John Horne wrote: On Thu, 2007-08-16 at 22:25 +0200, [EMAIL PROTECTED] wrote: What I have in /etc/ssh/sshd_config is this (hexdump, output rewrapped): *** quote (start

Re: [Rkhunter-users] false positive portsentry port 2001

2007-09-02 Thread John Horne
of whitelisting ports that are known to be in use, or ports (which may vary) that are in use by a known process (requires lsof for this). I would suggest either waiting for the full release or test the beta, or CVS, version. John. -- --- John

Re: [Rkhunter-users] Ubuntu Feisty Fawn and Known Goods

2007-09-02 Thread John Horne
. -- --- John Horne, University of Plymouth, UK Tel: +44 (0)1752 233914 E-mail: [EMAIL PROTECTED] Fax: +44 (0)1752 233839 - This SF.net email is sponsored by: Splunk Inc. Still

Re: [Rkhunter-users] Ubuntu Feisty Fawn and Known Goods

2007-09-03 Thread John Horne
-properties check. I would suggest looking through the log file to see why the warnings occur. Then perhaps look through the configuration file to see if there is any whitelisting available for the reasons given. John. -- --- John Horne

Re: [Rkhunter-users] Fix for ksh+OpenBSD, other systems?

2007-09-04 Thread John Horne
. -- --- John Horne, University of Plymouth, UK Tel: +44 (0)1752 233914 E-mail: [EMAIL PROTECTED] Fax: +44 (0)1752 233839 - This SF.net email is sponsored by: Splunk Inc. Still

Re: [Rkhunter-users] beta2 custom layout test of uninstall

2007-09-06 Thread John Horne
yourself if you wish. Hence the 'please double-check' message. Does that help? John. -- --- John Horne, University of Plymouth, UK Tel: +44 (0)1752 233914 E-mail: [EMAIL PROTECTED] Fax: +44 (0)1752 233839

Re: [Rkhunter-users] suggestion for conf file in beta2

2007-09-09 Thread John Horne
. -- --- John Horne, University of Plymouth, UK Tel: +44 (0)1752 233914 E-mail: [EMAIL PROTECTED] Fax: +44 (0)1752 233839 - This SF.net email is sponsored by: Microsoft Defy all challenges

Re: [Rkhunter-users] Incorrect MD5 checksums: 7

2007-09-09 Thread John Horne
the sourceforge site. Alternatively try the 1.3.0 beta 2 version (and read the README file about installation). John. -- --- John Horne, University of Plymouth, UK Tel: +44 (0)1752 233914 E-mail: [EMAIL PROTECTED] Fax: +44 (0

Re: [Rkhunter-users] Parallels eth adapter detected as promiscuous

2007-09-13 Thread John Horne
. John. -- --- John Horne, University of Plymouth, UK Tel: +44 (0)1752 233914 E-mail: [EMAIL PROTECTED] Fax: +44 (0)1752 233839 - This SF.net email

Re: [Rkhunter-users] Email warnings

2007-09-24 Thread John Horne
is to check the return code instead. It will be non-zero if something has occurred - the README has more details about the return code. John. -- --- John Horne, University of Plymouth, UK Tel: +44 (0)1752 233914 E-mail: [EMAIL PROTECTED

Re: [Rkhunter-users] Updating mirror hangs

2007-09-24 Thread John Horne
/mirrors.dat Does running the wget command manually from the command-line work? John. -- --- John Horne, University of Plymouth, UK Tel: +44 (0)1752 233914 E-mail: [EMAIL PROTECTED] Fax: +44 (0)1752 233839

Re: [Rkhunter-users] Updating mirror hangs

2007-09-24 Thread John Horne
rkhunter.sourceforge.net 80 Trying 66.35.250.209... Connected to rkhunter.sourceforge.net. Escape character is '^]'. ^] telnet quit Connection closed. John. -- --- John Horne, University of Plymouth, UK Tel: +44 (0)1752 233914 E

Re: [Rkhunter-users] Warning Message

2007-09-25 Thread John Horne
. -- --- John Horne, University of Plymouth, UK Tel: +44 (0)1752 233914 E-mail: [EMAIL PROTECTED] Fax: +44 (0)1752 233839 - This SF.net email is sponsored

Re: [Rkhunter-users] Warning Message

2007-09-25 Thread John Horne
there though, and have reported the name as '# root'. John. -- --- John Horne, University of Plymouth, UK Tel: +44 (0)1752 233914 E-mail: [EMAIL PROTECTED] Fax: +44 (0)1752 233839

Re: [Rkhunter-users] What's this mean?

2007-09-25 Thread John Horne
. -- --- John Horne, University of Plymouth, UK Tel: +44 (0)1752 233914 E-mail: [EMAIL PROTECTED] Fax: +44 (0)1752 233839 - This SF.net email is sponsored by: Microsoft Defy all challenges. Microsoft(R) Visual

Re: [Rkhunter-users] Warning Messages

2007-09-25 Thread John Horne
, the file please. John. -- --- John Horne, University of Plymouth, UK Tel: +44 (0)1752 233914 E-mail: [EMAIL PROTECTED] Fax: +44 (0)1752 233839 - This SF.net

Re: [Rkhunter-users] Warning Messages

2007-09-25 Thread John Horne
will show you how to do this). John. -- --- John Horne, University of Plymouth, UK Tel: +44 (0)1752 233914 E-mail: [EMAIL PROTECTED] Fax: +44 (0)1752 233839

Re: [Rkhunter-users] Another Warnings question

2007-09-27 Thread John Horne
the processes, /usr/local/apache/bin/httpd and /usr/bin/perl, have file descriptors open for files which no longer exist, which is suspicious. Look for ALLOWPROCDELFILE in the config file to see about whitelisting. John. -- --- John

Re: [Rkhunter-users] Another Warnings question

2007-09-27 Thread John Horne
On Thu, 2007-09-27 at 09:55 -0500, Mike Blezien wrote: John, - Original Message - From: John Horne [EMAIL PROTECTED] To: RkhunerList rkhunter-users@lists.sourceforge.net Sent: Thursday, September 27, 2007 9:10 AM Subject: Re: [Rkhunter-users] Another Warnings question On Thu

Re: [Rkhunter-users] Another Warnings question

2007-09-27 Thread John Horne
On Thu, 2007-09-27 at 10:46 -0500, Mike Blezien wrote: John, - Original Message - From: John Horne [EMAIL PROTECTED] To: RkhunerList rkhunter-users@lists.sourceforge.net Sent: Thursday, September 27, 2007 10:13 AM Subject: Re: [Rkhunter-users] Another Warnings question

Re: [Rkhunter-users] rkh 1.3.0 config note

2007-09-30 Thread John Horne
called 'USING TEST NAMES' which explains about enabling and disabling tests. John. -- --- John Horne, University of Plymouth, UK Tel: +44 (0)1752 233914 E-mail: [EMAIL PROTECTED] Fax: +44 (0)1752 233839

Re: [Rkhunter-users] Scriptdir

2007-10-01 Thread John Horne
. -- --- John Horne, University of Plymouth, UK Tel: +44 (0)1752 233914 E-mail: [EMAIL PROTECTED] Fax: +44 (0)1752 233839 - This SF.net email is sponsored by: Microsoft Defy all challenges. Microsoft(R) Visual

Re: [Rkhunter-users] Scriptdir

2007-10-02 Thread John Horne
. -- --- John Horne, University of Plymouth, UK Tel: +44 (0)1752 233914 E-mail: [EMAIL PROTECTED] Fax: +44 (0)1752 233839 - This SF.net email is sponsored by: Microsoft Defy all challenges. Microsoft(R

Re: [Rkhunter-users] Scriptdir

2007-10-02 Thread John Horne
On Tue, 2007-10-02 at 17:54 +0100, John Horne wrote: On Sun, 2007-09-30 at 22:59 -0400, Mark Misulich wrote: Hi, I started out using rkhunter version 1.2.8, then upgraded to 1.2.9 a few weeks ago. I wasn't able to get 1.2.9 to update after I installed it, but it would check for rootkits

Re: [Rkhunter-users] SUSPSCAN_HITCOUNT variable

2007-10-07 Thread John Horne
. -- --- John Horne, University of Plymouth, UK Tel: +44 (0)1752 233914 E-mail: [EMAIL PROTECTED] Fax: +44 (0)1752 233839 - This SF.net email is sponsored by: Splunk Inc. Still grepping through log files

Re: [Rkhunter-users] Fwd: [rkhunter] Daily run

2007-10-09 Thread John Horne
version of RKH. I would say first of all upgrade. John. -- --- John Horne, University of Plymouth, UK Tel: +44 (0)1752 233914 E-mail: [EMAIL PROTECTED] Fax: +44 (0)1752 233839

Re: [Rkhunter-users] Fwd: [rkhunter] Daily run

2007-10-09 Thread John Horne
On Tue, 2007-10-09 at 11:40 +0200, Nils Breunese (Lemonbit) wrote: John Horne wrote: On Mon, 2007-10-08 at 13:43 +0300, Pacala Jr wrote: I am using your tool on an Linux Debian setup with openvz Unfortunately your product doesn't recognize openvz Any plans/dates to support openvz

[Rkhunter-users] RKH CVS version numbers

2007-10-09 Thread John Horne
it saying that the latest version is less than your running version. Regards, John. -- --- John Horne, University of Plymouth, UK Tel: +44 (0)1752 233914 E-mail: [EMAIL PROTECTED] Fax: +44 (0)1752 233839

Re: [Rkhunter-users] Unusual warning

2007-10-10 Thread John Horne
. -- --- John Horne, University of Plymouth, UK Tel: +44 (0)1752 233914 E-mail: [EMAIL PROTECTED] Fax: +44 (0)1752 233839 - This SF.net email is sponsored by: Splunk Inc

Re: [Rkhunter-users] RKH 1.3.0, Send logfile as attachment (on warnings)

2007-10-11 Thread John Horne
, you only want to see any warning messages then look at the '--report-warnings-only' option (in the man page or just type 'rkhunter -h'). Note, I have removed the ' echo ' you had because it was unnecessary. John. -- --- John Horne

Re: [Rkhunter-users] Updates

2007-10-17 Thread John Horne
. -- --- John Horne, University of Plymouth, UK Tel: +44 (0)1752 233914 E-mail: [EMAIL PROTECTED] Fax: +44 (0)1752 233839 - This SF.net email is sponsored by: Splunk Inc. Still grepping through log files

  1   2   3   4   5   6   7   >