rkhunter (root kit hunter) warning
Dean S. Messing
deanm at sharplabs.com
Tue Aug 19 01:25:08 UTC 2008
Kevin Fenzi wrote:
> On Mon, 18 Aug 2008 11:54:05 -0700 (PDT)
> deanm at sharplabs.com ("Dean S. Messing") wrote:
>
> >
> > I just installed rkhunter on this F7 machine
>
> Sadly, F7 is no longer supported...
>
> > and am using the default config file (probably
> > a mistake.)
>
> Well, I maintain rkhunter, and some issues were found with the config,
> but only after F7 was end of lifed. I thus wasn't able to update it. ;(
>
> You could try rebuilding the F-9 src.rpm for F7.
>
> Also, make sure you run 'rkhunter -propupd' to update the properties.
Thanks a lot Kevin!
Were the changes you mention made during F8? If so I might have more
success rebuilding and installing the latest F8 rpm (1.3.2-4.fc8, I
think). In the past I've had problems trying to build new packages on
older systems due to changes in "rpm" and new package requirements
(dependency hell).
Do you know if not having the Properties DB would cause the
warning message I got:
Please inspect this machine, because it may be infected.
I had not run "-propupd" because the F7 machine is several
months old and I could not guarantee what was required in the warning
on the man page:
WARNING: It is the users responsibility to ensure that the files on
the system are genuine and from a reliable source. rkhunter can
only report if a file has changed, but not on what has caused the
change. Hence, if a file has changed, and the --propupd command
option is used, then rkhunter will assume that the file is genuine.
Dean
More information about the users
mailing list