Re: rkhunter (root kit hunter) warning

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

On Mon, 18 Aug 2008 18:25:08 -0700 (PDT)
"Dean S. Messing" <deanm@xxxxxxxxxxxxx> wrote:

> Kevin Fenzi wrote:
> > On Mon, 18 Aug 2008 11:54:05 -0700 (PDT)
> > deanm@xxxxxxxxxxxxx ("Dean S. Messing") wrote:
> > 
> > > 
> > > I just installed rkhunter on this F7 machine
> > 
> > Sadly, F7 is no longer supported... 
> > 
> > > and am using the default config file (probably
> > > a mistake.)
> > 
> > Well, I maintain rkhunter, and some issues were found with the
> > config, but only after F7 was end of lifed. I thus wasn't able to
> > update it. ;( 
> > 
> > You could try rebuilding the F-9 src.rpm for F7. 
> > 
> > Also, make sure you run 'rkhunter -propupd' to update the
> > properties. 
> 
> Thanks a lot Kevin!
> 
> Were the changes you mention made during F8? If so I might have more
> success rebuilding and installing the latest F8 rpm (1.3.2-4.fc8, I
> think).  In the past I've had problems trying to build new packages on
> older systems due to changes in "rpm" and new package requirements
> (dependency hell).

Yeah, the changes should be in F8 as well. 
It's a very simple build/setup anyhow, so any of them should work... 

> Do you know if not having the Properties DB would cause the
> warning message I got:
> 
>    Please inspect this machine, because it may be infected.

Yes. It will do that until you run propery update. 

> I had not run  "-propupd" because the F7 machine is several
> months old and I could not guarantee what was required in the warning
> on the man page:
> 
>       WARNING: It is the users responsibility to ensure that the
> files on the system are genuine and from a  reliable  source.
> rkhunter  can only  report  if a file has changed, but not on what
> has caused the change. Hence, if a file has changed,  and  the
> --propupd  command option is used, then rkhunter will assume that the
> file is genuine.

Right. So, you might either not run it from cron, or filter those
emails, or just run the propupd anyhow. 

> Dean

kevin

Attachment: signature.asc
Description: PGP signature

-- 
fedora-list mailing list
fedora-list@xxxxxxxxxx
To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list
[Index of Archives]     [Older Fedora Users]     [Fedora Announce]     [Fedora Package Announce]     [EPEL Announce]     [Fedora Magazine]     [Fedora News]     [Fedora Summer Coding]     [Fedora Laptop]     [Fedora Cloud]     [Fedora Advisory Board]     [Fedora Education]     [Fedora Security]     [Fedora Scitech]     [Fedora Robotics]     [Fedora Maintainers]     [Fedora Infrastructure]     [Fedora Websites]     [Anaconda Devel]     [Fedora Devel Java]     [Fedora Legacy]     [Fedora Desktop]     [Fedora Fonts]     [ATA RAID]     [Fedora Marketing]     [Fedora Management Tools]     [Fedora Mentors]     [SSH]     [Fedora Package Review]     [Fedora R Devel]     [Fedora PHP Devel]     [Kickstart]     [Fedora Music]     [Fedora Packaging]     [Centos]     [Fedora SELinux]     [Fedora Legal]     [Fedora Kernel]     [Fedora OCaml]     [Coolkey]     [Virtualization Tools]     [ET Management Tools]     [Yum Users]     [Tux]     [Yosemite News]     [Gnome Users]     [KDE Users]     [Fedora Art]     [Fedora Docs]     [Asterisk PBX]     [Fedora Sparc]     [Fedora Universal Network Connector]     [Libvirt Users]     [Fedora ARM]

  Powered by Linux