RKHUNTER reporting on my system
Nils Breunese (Lemonbit Internet)
nils at lemonbit.nl
Wed Apr 12 19:09:45 UTC 2006
Max Pyziur wrote:
>> I have an FC2 system which rkhunter reports some suspicious
>> files. In particular, during the MD5 hash scan, it reports
>>
>> /bin/dmesg
>> /bin/kill
>> /bin/login
>> /bin/mount
>> /usr/bin/kill
>
> I run FC2 and have a similar issue. I've run rkhunter --update
> many times
> in the hopes of updating the installed database to resolve this
> problem.
> Is there a way of updating the the FC2-related rkhunter database in
> order
> to resolve this?
I experience the same (for the same files). I tried installing an
older version of util-linux and everything was fine again. I updated
util-linux again and it didn't recognize these files again. So I
wouldn't be to worried. If rkhunter doesn't recognize certain files
you're supposed to report this on the rkhunter website. I reported
this issue twice already, but apparently no one has looked into this.
>> It also doesn't like the fact that root can log in, and that
>> SSHv1 is permitted to run.
Rightly so. Do not allow these things or change /etc/rkhunter.conf to
not let it warn you about these things.
Nils.
More information about the fedora-legacy-list
mailing list