rkhunter missing
Manuel Arostegui Ramirez
manuel at todo-linux.com
Wed Oct 11 06:41:47 UTC 2006
El Miércoles, 11 de Octubre de 2006 04:07, hanpingtian at gmail.com escribió:
> Today I find that some strange things happened on rkhunter, some files
> belong to it missing:
> $ rpm -V rkhunter
> ..?..... /etc/cron.daily/01-rkhunter
> ..?..... /etc/rkhunter.conf
> ..?..... /etc/sysconfig/rkhunter
> ..?..... /usr/bin/rkhunter
> missing /usr/lib/rkhunter/scripts/check_modules.pl
> missing /usr/lib/rkhunter/scripts/check_port.pl
> missing /usr/lib/rkhunter/scripts/check_update.sh
> missing /usr/lib/rkhunter/scripts/filehashmd5.pl
> missing /usr/lib/rkhunter/scripts/filehashsha1.pl
> missing /usr/lib/rkhunter/scripts/showfiles.pl
> missing /var/rkhunter/db/backdoorports.dat
> missing /var/rkhunter/db/defaulthashes.dat
> missing /var/rkhunter/db/md5blacklist.dat
> missing /var/rkhunter/db/mirrors.dat
> missing /var/rkhunter/db/os.dat
> missing /var/rkhunter/db/programs_bad.dat
> missing /var/rkhunter/db/programs_good.dat
> Is this a updating problem of rkhunter itself? Or some rootkits kill it?
I've never install rkhunter from a RPM, I always use it from a tarball.
By the way, I've not found out that problems in normal situation. So, maybe
you should check your logs in order to see if someone broke into your box.
When I use rkhunter or other rootkit-detector I'm used to install it on a no
default path, maybe this way rootkits won't be able to delete any file either
trojanized one.
Greetings.
--
Manuel Arostegui Ramirez.
Electronic Mail is not secure, may not be read every day, and should not
be used for urgent or sensitive issues.
More information about the users
mailing list