Portal Home > Knowledgebase > Articles Database > RKhunter
RKhunter
Posted by HostingFields, 03-19-2011, 08:41 PM |
Hello,
I just installed rkhunter.
I received this output:
Anything to worry about?
Thanks,
s-f-r-j
|
Posted by Squidix - SamBarrow, 03-19-2011, 08:43 PM |
Could be. Did you look at the scripts themselves?
|
Posted by HostingFields, 03-19-2011, 08:45 PM |
No sir, i did not.
What\how - should i do?
Thanks,
s-f-r-j
|
Posted by Squidix - SamBarrow, 03-19-2011, 08:48 PM |
Well you could take a look at the script and see if there's anything obvious, although sometimes it's disguised pretty well.
|
Posted by Patrick, 03-20-2011, 08:57 AM |
I've seen those before, they were false positives at least for myself. Make sure rkhunter is up to date:
rkhunter --update
|
Posted by HostingFields, 03-20-2011, 08:58 AM |
I compared them with other OS, nothing unusual for me.
It is up2date.
How can i whitelist those listed above?
Thanks,
s-f-r-j
|
Posted by Squidix - SamBarrow, 03-20-2011, 09:05 AM |
Probably fine then. I get those warnings all the time, but usually for the same files, never gotten them for the ifup and ifdown scripts.
There is a SCRIPTWHITELIST variable in rkhunter.conf
|
Posted by HostingFields, 03-20-2011, 09:08 AM |
Thanks for update sir.
I just google and found more ppl were getting those as well.
http://www.webhostingtalk.com/showthread.php?t=639921
s-f-r-j
|
Posted by HostingFields, 03-20-2011, 09:14 AM |
Is this where i do that?
#
# Allow the specified commands to be scripts.
#
# This is a space-separated list of filenames. The option may
# be specified more than once. The option may use wildcard
# characters.
#
#SCRIPTWHITELIST="/sbin/ifup /sbin/ifdown"
#SCRIPTWHITELIST="/usr/bin/groups"
#
# Allow the specified commands to have the immutable attribute set.
#
# This is a space-separated list of filenames. The option may
# be specified more than once. The option may use wildcard
# characters.
#
#IMMUTWHITELIST="/sbin/ifup /sbin/ifdown"
Remove # ?
Thanks,
s-f-r-j
|
Posted by Squidix - SamBarrow, 03-20-2011, 09:16 AM |
Sounds about right.
|
Add to Favourites Print this Article
Also Read