Re: rkhunter (root kit hunter) warning

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

On Mon, 18 Aug 2008 18:25:08 -0700 (PDT)
"Dean S. Messing" <deanm@xxxxxxxxxxxxx> wrote:

> Kevin Fenzi wrote:
> > On Mon, 18 Aug 2008 11:54:05 -0700 (PDT)
> > deanm@xxxxxxxxxxxxx ("Dean S. Messing") wrote:
> > 
> > > 
> > > I just installed rkhunter on this F7 machine
> > 
> > Sadly, F7 is no longer supported... 
> > 
> > > and am using the default config file (probably
> > > a mistake.)
> > 
> > Well, I maintain rkhunter, and some issues were found with the
> > config, but only after F7 was end of lifed. I thus wasn't able to
> > update it. ;( 
> > 
> > You could try rebuilding the F-9 src.rpm for F7. 
> > 
> > Also, make sure you run 'rkhunter -propupd' to update the
> > properties. 
> 
> Thanks a lot Kevin!
> 
> Were the changes you mention made during F8? If so I might have more
> success rebuilding and installing the latest F8 rpm (1.3.2-4.fc8, I
> think).  In the past I've had problems trying to build new packages on
> older systems due to changes in "rpm" and new package requirements
> (dependency hell).

Yeah, the changes should be in F8 as well. 
It's a very simple build/setup anyhow, so any of them should work... 

> Do you know if not having the Properties DB would cause the
> warning message I got:
> 
>    Please inspect this machine, because it may be infected.

Yes. It will do that until you run propery update. 

> I had not run  "-propupd" because the F7 machine is several
> months old and I could not guarantee what was required in the warning
> on the man page:
> 
>       WARNING: It is the users responsibility to ensure that the
> files on the system are genuine and from a  reliable  source.
> rkhunter  can only  report  if a file has changed, but not on what
> has caused the change. Hence, if a file has changed,  and  the
> --propupd  command option is used, then rkhunter will assume that the
> file is genuine.

Right. So, you might either not run it from cron, or filter those
emails, or just run the propupd anyhow. 

> Dean

kevin

Attachment: signature.asc
Description: PGP signature

-- 
fedora-list mailing list
fedora-list@xxxxxxxxxx
To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list
[Index of Archives]     [Current Fedora Users]     [Fedora Desktop]     [Fedora SELinux]     [Yosemite News]     [Yosemite Photos]     [KDE Users]     [Fedora Tools]     [Fedora Docs]

  Powered by Linux