On Sun, 8 Jun 2008 09:45:15 -0300
promac@xxxxxxxxx ("Paulo Cavalcanti") wrote:
> Hi,
>
> the latest rkhunter is using the following tmp file
> (/etc/cron.dayly/rkhunter):
>
> # Get a secure tempfile
> TMPFILE1=`/bin/mktemp -p /var/rkhunter/tmp rkhcronlog.XXXXXXXXXX` ||
> exit 1
>
> However, /var/rkhunter/tmp is not create by the rpm, and of course,
> the script always stops.
>
> Previously, it was being used /var/run/rkhunter.
>
> My question is: what the new version is supposed to do?
It should be using /var/run/rkhunter.
What version is this? Output of:
rpm -q rkhunter
rpm -V rkhunter
?
>
> Maybe it wanted to use /var/tmp/rkhunter (not /var/rkhunter/tmp)
> instead of writing in /var/run/rkhunter.
> In this case, I also think the permission of this directory should
> 700.
No, it should be using /var/run/rkhunter
> Another point, is that rkhunter always send messages even when there
> is no warning,
Correct. This is due to the idea that an email sent at run time is
harder for an intruder to be able to later modify when they compromise
the machine. Changing /var/log/rkhunter.log files is easy...
> and sometimes it complains that there is no copy of /etc/group and
> /etc/passwd.
> How can I fix that?
As the cron email says, confirm your machine is clean and do:
rkhunter --propupd
>
> Thanks.
>
kevin
Attachment:
signature.asc
Description: PGP signature
-- fedora-devel-list mailing list fedora-devel-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-devel-list
