rkhunter Question.

John Horne john.horne at plymouth.ac.uk
Fri Jan 16 14:58:02 UTC 2009

On Fri, 2009-01-16 at 12:18 -0200, Paulo Cavalcanti wrote:
> I have run rkhunter --propupd many times, I do have  a copy of group
> and passwd in /var/run/rkhunter, but I always receive an email saying
> that there is no copy of group and passwd. Upgrading to 1.3.4 did not
> change anything. This happens on every computer I have rkhunter
> installed.
Copying of the files does not happen when '--propupd' is used. It occurs
when the system is checked - using '--check' or more specifically when
the 'passwd_changes' and/or 'group_changes' tests are enabled.

Try running 'rkhunter --enable "passwd_changes,group_changes" --sk', and
then run it again. If the second one still produces a warning about the
files, then email me off list with a copy of your log file
(usually /var/log/rkhunter.log).


John Horne, University of Plymouth, UK  Tel: +44 (0)1752 587287
E-mail: John.Horne at plymouth.ac.uk       Fax: +44 (0)1752 587001

More information about the users mailing list