[Freeipa-users] FreeIPA, rkhunter & "unknown rootkit"
Anthony Messina
amessina at messinet.com
Fri Aug 17 18:42:07 UTC 2012
On Monday, July 23, 2012 04:08:25 AM Anthony Messina wrote:
> I have installed freeipa-server-2.2.0-1.fc17.x86_64 and it's running
> well. I have also installed rkhunter-1.4.0-1.fc17.noarch on the IPA
> server and each morning I receive the following report from rkhunter.
>
> I imagine/hope that these are not actual rootkits and was wondering if
> anyone knew of a way to inform rkhunter/rkhunter.conf to "never mind"
> these as they seem like they would be a normal part of the IPA/CA process.
>
> By the way, UID 995 is the pkiuser on my IPA system.
>
> Thanks for any input. -A
>
>
> rkhunter warning output follows:
>
> Warning: The following processes are using suspicious files:
> Command: java
> UID: 995 PID: 1513
> Pathname: /var/log/pki-ca/system
> Possible Rootkit: Unknown rootkit
> Command: java
> UID: 1518 PID: 1513
> Pathname: 14287633
> Possible Rootkit: Unknown rootkit
Is anyone able to offer some insight on this one? Perhaps there is some way
to undate the rkhunter configuration to 'allow' this behavior, if it's
intended. Thanks. -A
--
Anthony - http://messinet.com - http://messinet.com/~amessina/gallery
8F89 5E72 8DF0 BCF0 10BE 9967 92DC 35DC B001 4A4E
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 198 bytes
Desc: This is a digitally signed message part.
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20120817/c8de0607/attachment.sig>
More information about the Freeipa-users
mailing list