Knowledgebase

Portal Home > Knowledgebase > Articles Database > RKhunter


RKhunter




Posted by HostingFields, 03-19-2011, 08:41 PM
Hello, I just installed rkhunter. I received this output: Anything to worry about? Thanks, s-f-r-j
Posted by Squidix - SamBarrow, 03-19-2011, 08:43 PM
Could be. Did you look at the scripts themselves?
Posted by HostingFields, 03-19-2011, 08:45 PM
No sir, i did not. What\how - should i do? Thanks, s-f-r-j
Posted by Squidix - SamBarrow, 03-19-2011, 08:48 PM
Well you could take a look at the script and see if there's anything obvious, although sometimes it's disguised pretty well.
Posted by Patrick, 03-20-2011, 08:57 AM
I've seen those before, they were false positives at least for myself. Make sure rkhunter is up to date: rkhunter --update
Posted by HostingFields, 03-20-2011, 08:58 AM
I compared them with other OS, nothing unusual for me. It is up2date. How can i whitelist those listed above? Thanks, s-f-r-j
Posted by Squidix - SamBarrow, 03-20-2011, 09:05 AM
Probably fine then. I get those warnings all the time, but usually for the same files, never gotten them for the ifup and ifdown scripts. There is a SCRIPTWHITELIST variable in rkhunter.conf
Posted by HostingFields, 03-20-2011, 09:08 AM
Thanks for update sir. I just google and found more ppl were getting those as well. http://www.webhostingtalk.com/showthread.php?t=639921 s-f-r-j
Posted by HostingFields, 03-20-2011, 09:14 AM
Is this where i do that? # # Allow the specified commands to be scripts. # # This is a space-separated list of filenames. The option may # be specified more than once. The option may use wildcard # characters. # #SCRIPTWHITELIST="/sbin/ifup /sbin/ifdown" #SCRIPTWHITELIST="/usr/bin/groups" # # Allow the specified commands to have the immutable attribute set. # # This is a space-separated list of filenames. The option may # be specified more than once. The option may use wildcard # characters. # #IMMUTWHITELIST="/sbin/ifup /sbin/ifdown" Remove # ? Thanks, s-f-r-j
Posted by Squidix - SamBarrow, 03-20-2011, 09:16 AM
Sounds about right.


Was this answer helpful?

Add to Favourites Add to Favourites    Print this Article Print this Article

Also Read
Server sending out DoS attacks? (Views: 616)
VPS for Local Business Sites - Do Nearby Datacenters Matter? (Views: 627)
reset bandwidth "log" (Views: 581)
Security for web hosting (Views: 575)
Windows 2003, Blocking network ports ? (Views: 637)