Re: rkhunter (root kit hunter) warning

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Kevin Fenzi wrote:
> On Mon, 18 Aug 2008 11:54:05 -0700 (PDT)
> deanm@xxxxxxxxxxxxx ("Dean S. Messing") wrote:
> 
> > 
> > I just installed rkhunter on this F7 machine
> 
> Sadly, F7 is no longer supported... 
> 
> > and am using the default config file (probably
> > a mistake.)
> 
> Well, I maintain rkhunter, and some issues were found with the config,
> but only after F7 was end of lifed. I thus wasn't able to update it. ;( 
> 
> You could try rebuilding the F-9 src.rpm for F7. 
> 
> Also, make sure you run 'rkhunter -propupd' to update the properties. 

Thanks a lot Kevin!

Were the changes you mention made during F8? If so I might have more
success rebuilding and installing the latest F8 rpm (1.3.2-4.fc8, I
think).  In the past I've had problems trying to build new packages on
older systems due to changes in "rpm" and new package requirements
(dependency hell).

Do you know if not having the Properties DB would cause the
warning message I got:

   Please inspect this machine, because it may be infected.

I had not run  "-propupd" because the F7 machine is several
months old and I could not guarantee what was required in the warning
on the man page:

      WARNING: It is the users responsibility to ensure that the files on
      the system are genuine and from a  reliable  source.  rkhunter  can
      only  report  if a file has changed, but not on what has caused the
      change. Hence, if a file has changed,  and  the  --propupd  command
      option is used, then rkhunter will assume that the file is genuine.

Dean

-- 
fedora-list mailing list
fedora-list@xxxxxxxxxx
To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list

[Index of Archives]     [Current Fedora Users]     [Fedora Desktop]     [Fedora SELinux]     [Yosemite News]     [Yosemite Photos]     [KDE Users]     [Fedora Tools]     [Fedora Docs]

  Powered by Linux