John Horne <john.horne@xxxxxxxxxxxxxx> writes: > On Sun, 2014-03-16 at 12:59 -0700, Wolfgang S. Rupprecht wrote: >> ---------------------- Start Rootkit Hunter Scan >> ---------------------- >> Warning: The file '/usr/sbin/sshd' exists on the system, but it is >> not present in the 'rkhunter.dat' file. >> Warning: The file '/usr/bin/ssh' exists on the system, but it is >> not present in the 'rkhunter.dat' file. >> Warning: The file '/usr/bin/telnet' exists on the system, but it >> is not present in the 'rkhunter.dat' file. >> > You should have run 'rkhunter --propupd' after installing the new > release of RKH. > > From the RKH CHANGELOG file for release 1.4.2: > > - The 'ssh', 'sshd' and 'telnet' commands are now checked as part of > the file properties test. > > > So these commands are now being checked automatically. > Run 'rkhunter --propupd'. Thanks! I'm beginning to wonder if rkhunter is ever going to find any real intrusions for me if I keep on having to run 'rkhunter --propupd'. A clever intruder is just going to wait until a batch of changes goe out and then add their trojan. The --propupd is going to approve it in the sweep and it will have succeeded in coming in under the wire. To be useful rkhunter really needs to know how to identify changed files by knowing the hashes, sizes etc without grabbing them from the local system. -wolfgang -- users mailing list users@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines Have a question? Ask away: http://ask.fedoraproject.org
