Re: [Rkhunter-users] [opensuse] oS 13.1 : rkhunter warnings
On 12/05/2013 05:54 PM, Nerijus Baliunas wrote: > On Thu, 05 Dec 2013 17:27:25 +0200 ellanios82 wrote: > >>- indeed, even after executing : >> >># rkhunter --propupd rkhunter.conf >> >>- i still continue to receive report : >> >> "Warning: Package manager verification has failed: >>File: /etc/rkhunter.conf >>The file modification time has changed " >> . >> >>. . . whereas the file modification time has NOT changed > rpm --verify rkhunter will tell you if it's changed or not. Probably it is, > so the simpliest thing > would be to reinstall rkhunter package after deleting /etc/rkhunter.conf, and > after that > please make your modifications in a newly created file > /etc/rkhunter.conf.local. > > Regards, > Nerijus -- Thank you, & John . . . will remove /etc/rkhunter.conf, and then re-install . regards -- Sponsored by Intel(R) XDK Develop, test and display web and hybrid apps with a single code base. Download it for free now! http://pubads.g.doubleclick.net/gampad/clk?id=111408631&iu=/4140/ostg.clktrk ___ Rkhunter-users mailing list Rkhunter-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/rkhunter-users
Re: [Rkhunter-users] [opensuse] oS 13.1 : rkhunter warnings
On Thu, 2013-12-05 at 17:27 +0200, ellanios82 wrote: > > "Warning: Package manager verification has failed: > File: /etc/rkhunter.conf > The file modification time has changed " > You are using a package manager (I assume RPM) with a packaged version of rkhunter. So if 'rpm -V rkhunter' shows anything then it will be reported as a warning. You could set 'PKGMGR_NO_VRFY=/etc/rkhunter.conf' and then run 'rkhunter --propupd'. It won't then use the package manager for that file. John. -- John Horne Tel: +44 (0)1752 587287 Plymouth University, UK Fax: +44 (0)1752 587001 -- Sponsored by Intel(R) XDK Develop, test and display web and hybrid apps with a single code base. Download it for free now! http://pubads.g.doubleclick.net/gampad/clk?id=111408631&iu=/4140/ostg.clktrk ___ Rkhunter-users mailing list Rkhunter-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/rkhunter-users
Re: [Rkhunter-users] [opensuse] oS 13.1 : rkhunter warnings
On Thu, 05 Dec 2013 17:27:25 +0200 ellanios82 wrote: > - indeed, even after executing : > > # rkhunter --propupd rkhunter.conf > > - i still continue to receive report : > > "Warning: Package manager verification has failed: > File: /etc/rkhunter.conf > The file modification time has changed " > . > > . . . whereas the file modification time has NOT changed rpm --verify rkhunter will tell you if it's changed or not. Probably it is, so the simpliest thing would be to reinstall rkhunter package after deleting /etc/rkhunter.conf, and after that please make your modifications in a newly created file /etc/rkhunter.conf.local. Regards, Nerijus -- Sponsored by Intel(R) XDK Develop, test and display web and hybrid apps with a single code base. Download it for free now! http://pubads.g.doubleclick.net/gampad/clk?id=111408631&iu=/4140/ostg.clktrk ___ Rkhunter-users mailing list Rkhunter-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/rkhunter-users
Re: [Rkhunter-users] [opensuse] oS 13.1 : rkhunter warnings
On 12/05/2013 02:49 PM, jdd wrote: > Le 05/12/2013 13:43, ellanios82 a écrit : > >>- odd : . . . i had indeed run "rkhunter --propupd" > > did you try adding the file name? > > if it keeps complaining, it could be worth a bug report > > jdd - indeed, even after executing : # rkhunter --propupd rkhunter.conf - i still continue to receive report : "Warning: Package manager verification has failed: File: /etc/rkhunter.conf The file modification time has changed " . . . . whereas the file modification time has NOT changed - perhaps a bug ? thanks -- Sponsored by Intel(R) XDK Develop, test and display web and hybrid apps with a single code base. Download it for free now! http://pubads.g.doubleclick.net/gampad/clk?id=111408631&iu=/4140/ostg.clktrk ___ Rkhunter-users mailing list Rkhunter-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/rkhunter-users
Re: [Rkhunter-users] [opensuse] oS 13.1 : rkhunter warnings
Hello List - Marcus Meissner has kindly sent me the Original rkhunter.conf for openSuSE 13.1 which i have compared with my installed rkhunter.conf - there were 2 small differences referring : Mail on Warning = root Allow SSH root user = no - i am re-installing Marcus' original rkhunter.conf Thank you, all, very much -- Sponsored by Intel(R) XDK Develop, test and display web and hybrid apps with a single code base. Download it for free now! http://pubads.g.doubleclick.net/gampad/clk?id=111408631&iu=/4140/ostg.clktrk ___ Rkhunter-users mailing list Rkhunter-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/rkhunter-users
Re: [Rkhunter-users] [opensuse] oS 13.1 : rkhunter warnings
On 12/04/2013 02:44 PM, Marcus Meissner wrote: > On Wed, Dec 04, 2013 at 12:13:05PM +0200, ellanios82 wrote: >> Hello List >> >> - further, rkhunter mails to root : >> >> " Please inspect this machine, because it may be infected." >> >> ... >> >> rkhunter produces these warnings : >> >> >> "Warning: Package manager verification has failed: >> File: /etc/rkhunter.conf >> The file hash value has changed >> The file size has changed >> The file modification time has changed" >> >> . >> >> - are there legitimate reasons why above changes have taken place >> . . . could this be a false alarm ? > If you edited this specific configuration file, it is not a problem. __ Thank you Marcus : perhaps it is a problem : because 'midnight commander' shows date November 27 , as file-date [presumably when last altered ? the full output i am getting is : " Warning: Package manager verification has failed: File: /etc/rkhunter.conf The file hash value has changed The file size has changed The file modification time has changed Warning: The SSH configuration option 'Protocol' has not been set. The default value may be '2,1', to allow the use of protocol version 1. Warning: Suspicious file types found in /dev: /dev/shm/com.google.Chrome.shmem.A2128B79EDC81A503E4CD6DE6DBE0741C3663744._service_shmem: data Warning: Hidden file found: /dev/.udev: symbolic link to `/run/udev' " ... thank you -- Sponsored by Intel(R) XDK Develop, test and display web and hybrid apps with a single code base. Download it for free now! http://pubads.g.doubleclick.net/gampad/clk?id=111408631&iu=/4140/ostg.clktrk ___ Rkhunter-users mailing list Rkhunter-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/rkhunter-users
