rkhunter Question.
John Horne
john.horne at plymouth.ac.uk
Thu Jan 8 16:50:15 UTC 2009
On Thu, 2009-01-08 at 16:42 +0000, John Horne wrote:
> On Thu, 2009-01-08 at 09:38 -0500, Gene Heskett wrote:
> > They say a little paranoia is a good thing, so I installed the rkhunter rpm,
> > which in turn apparently sets itself up as a cron job.
> >
> > I got emails from it bitching about a couple of perfectly legit files, and I
> > found out where to whitelist them, so that warning is gone. While I was at
> > it I enabled another set of tests that weren't by default, the
> > additional_rkts.
> >
> > Now it is complaining about the lack of copies for passwd and group, but they
> > do exist as name- files. Is this a foible of rkhunter, or a redhatism?
> >
> > Recommended fix?
> >
> Do nothing. When rkhunter is first run it has no copy of the
> passwd/group files to check against for changes. Hence the warning. As
> it runs, it will take a copy. When it runs again, it then has a copy, so
> the warning goes away.
>
Hmm, actually thinking about it the rkhunter.spec file specifies to
install copies of the files when the rpm is installed. As such the error
should not have occurred. May want to raise that with the packager of
the rpm (i.e. report it via the fedora bugzilla).
John.
--
---------------------------------------------------------------
John Horne, University of Plymouth, UK Tel: +44 (0)1752 587287
E-mail: John.Horne at plymouth.ac.uk Fax: +44 (0)1752 587001
More information about the fedora-list
mailing list