On 06/13/2014 07:15 PM, Scott Hale wrote: > > I am running rkhunter and getting a boatload of warnings. Is this normal > for a DJIGZO install or should I be concerned? > > Thanks, > > Scott > > Warning: Process '/usr/sbin/lldpad' (PID 1255) is listening on the network. > Warning: Process '/usr/sbin/lldpad' (PID 1255) is listening on the network. > > Warning: The command '/sbin/ifdown' has been replaced by a script: > /sbin/ifdown: Bourne-Again shell script text executable > Warning: The command '/sbin/ifup' has been replaced by a script: > /sbin/ifup: Bourne-Again shell script text executable > Warning: The command '/usr/bin/ldd' has been replaced by a script: > /usr/bin/ldd: Bourne-Again shell script text executable > Warning: The command '/usr/bin/whatis' has been replaced by a script: > /usr/bin/whatis: POSIX shell script text executable > > Warning: File '/tmp/hsperfdata_tomcat/1709' (score: 251) contains some > suspicious content and should be checked. > Warning: File '/tmp/hsperfdata_djigzo/1763' (score: 221) contains some > suspicious content and should be checked. > Warning: Checking for files with suspicious contents [ Warning ] > Warning: Process '/usr/sbin/lldpad' (PID 1255) is listening on the network. > Warning: Process '/usr/sbin/lldpad' (PID 1255) is listening on the network.
The problem with tools like that is that they give a lot of false warnings. I do not have any experience with rkhunter so I cannot really help but if I search for similar warnings I found a lot of posts that seem to indicate that these are false warnings. I'm not familiar with lldpad but according to this post it's "Link Layer Discovery Protocol (LLDP)" http://serverfault.com/questions/465472/what-is-lldpad-rhel I guess you are using CentOS and have installed the rpm's. LLDP is not installed by the djigzo installer so I guess someone installed this manually. The /tmp/hsperfdata files are automatically created by the Java runtime. See the following posting for some information: http://stackoverflow.com/questions/76327/how-can-i-prevent-java-from-creating-hsperfdata-files Not sure what is meant with "...contains some suspicious content and should be checked.". I think this is probably a false positive. Kind regards, Martijn -- DJIGZO email encryption _______________________________________________ Users mailing list [email protected] https://lists.djigzo.com/lists/listinfo/users
