rkhunter (root kit hunter) warning
Kevin Fenzi
kevin at scrye.com
Tue Aug 19 19:57:52 UTC 2008
On Mon, 18 Aug 2008 18:25:08 -0700 (PDT)
"Dean S. Messing" <deanm at sharplabs.com> wrote:
> Kevin Fenzi wrote:
> > On Mon, 18 Aug 2008 11:54:05 -0700 (PDT)
> > deanm at sharplabs.com ("Dean S. Messing") wrote:
> >
> > >
> > > I just installed rkhunter on this F7 machine
> >
> > Sadly, F7 is no longer supported...
> >
> > > and am using the default config file (probably
> > > a mistake.)
> >
> > Well, I maintain rkhunter, and some issues were found with the
> > config, but only after F7 was end of lifed. I thus wasn't able to
> > update it. ;(
> >
> > You could try rebuilding the F-9 src.rpm for F7.
> >
> > Also, make sure you run 'rkhunter -propupd' to update the
> > properties.
>
> Thanks a lot Kevin!
>
> Were the changes you mention made during F8? If so I might have more
> success rebuilding and installing the latest F8 rpm (1.3.2-4.fc8, I
> think). In the past I've had problems trying to build new packages on
> older systems due to changes in "rpm" and new package requirements
> (dependency hell).
Yeah, the changes should be in F8 as well.
It's a very simple build/setup anyhow, so any of them should work...
> Do you know if not having the Properties DB would cause the
> warning message I got:
>
> Please inspect this machine, because it may be infected.
Yes. It will do that until you run propery update.
> I had not run "-propupd" because the F7 machine is several
> months old and I could not guarantee what was required in the warning
> on the man page:
>
> WARNING: It is the users responsibility to ensure that the
> files on the system are genuine and from a reliable source.
> rkhunter can only report if a file has changed, but not on what
> has caused the change. Hence, if a file has changed, and the
> --propupd command option is used, then rkhunter will assume that the
> file is genuine.
Right. So, you might either not run it from cron, or filter those
emails, or just run the propupd anyhow.
> Dean
kevin
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 197 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/fedora-list/attachments/20080819/74082046/attachment-0001.sig>
More information about the fedora-list
mailing list