Package: rkhunter Version: 1.4.6-10 Severity: normal X-Debbugs-Cc: tmcconnell...@gmail.com
Dear Maintainer, I'm getting these emails Daily: Warning: The 'syslog' daemon is running, but no configuration file can be found. This has been going on for about the last 3 upgrade releases of Debian Testing. Now I'm unsure if any of the scans are working like they are supposed to. This is done by a daily Cron job. so these emails and the ones stating: "Please inspect this machine, because it may be infected." shouldn't be happening? How do I fix both? -- System Information: Debian Release: bookworm/sid APT prefers testing APT policy: (500, 'testing') Architecture: amd64 (x86_64) Foreign Architectures: i386 Kernel: Linux 5.18.0-2-rt-amd64 (SMP w/1 CPU thread; PREEMPT) Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8), LANGUAGE not set Shell: /bin/sh linked to /usr/bin/dash Init: systemd (via /run/systemd/system) LSM: AppArmor: enabled Versions of packages rkhunter depends on: ii binutils 2.38-4 ii debconf [debconf-2.0] 1.5.79 ii file 1:5.41-4 ii lsof 4.95.0-1 ii net-tools 1.60+git20181103.0eebece-1 ii perl 5.34.0-4 ii ucf 3.0043 Versions of packages rkhunter recommends: ii bsd-mailx [mailx] 8.1.2-0.20220412cvs-1 ii curl 7.83.1-2 ii e2fsprogs 1.46.5-2 ii exim4-daemon-light [mail-transport-agent] 4.95-6 ii iproute2 5.18.0-1 ii mailutils [mailx] 1:3.15-2+b1 ii unhide 20210124-2 ii unhide.rb 22-6 ii wget 1.21.3-1+b2 Versions of packages rkhunter suggests: ii liburi-perl 5.10-1 ii libwww-perl 6.67-1 ii powermgmt-base 1.36 -- Configuration Files: /etc/logcheck/ignore.d.server/rkhunter [Errno 13] Permission denied: '/etc/logcheck/ignore.d.server/rkhunter' /etc/rkhunter.conf changed: UPDATE_MIRRORS=1 MIRRORS_MODE=0 MAIL-ON-WARNING='root' MAIL_CMD=mail -s "[rkhunter] Warnings found for ${HOST_NAME}" TMPDIR=/var/lib/rkhunter/tmp DBDIR=/var/lib/rkhunter/db SCRIPTDIR=/usr/share/rkhunter/scripts UPDATE_LANG="en" LOGFILE=/var/log/rkhunter.log COPY_LOG_ON_ERROR=1 USE_SYSLOG=authpriv.warning AUTO_X_DETECT=1 ALLOW_SSH_PROT_V1=2 ENABLE_TESTS=ALL DISABLE_TESTS=suspscan hidden_ports hidden_procs deleted_files packet_cap_apps apps PKGMGR=DPKG SCRIPTWHITELIST=/usr/bin/egrep SCRIPTWHITELIST=/usr/bin/fgrep SCRIPTWHITELIST=/usr/bin/which SCRIPTWHITELIST=/usr/bin/ldd SCRIPTWHITELIST=/usr/bin/which.debianutils SCRIPTWHITELIST=/usr/sbin/adduser ALLOWHIDDENDIR=/etc/.java ALLOWPROCLISTEN=/usr/sbin/tcpdump ALLOWPROCLISTEN=/usr/sbin/snort-plain ALLOWDEVFILE=/dev/shm/pulse-shm-* ALLOWDEVFILE=/dev/shm/sem.ADBE_* ALLOWDEVFILE=/dev/shm/u1000-Shm_* ALLOWDEVFILE=/dev/shm/u1000-ValveIPCSharedObj-Steam* ALLOWDEVFILE=/dev/shm/jack_db-1000/* ALLOWIPCPROC=/usr/bin/firefox ALLOWIPCPROC=/usr/lib/firefox-esr/firefox-esr WEB_CMD=wget INSTALLDIR=/usr ALLOWPROCDELFILE=/usr/sbin/cron ALLOWPROCDELFILE=/usr/bin/dash ALLOWPROCDELFILE=/usr/bin/run-parts SCRIPTWHITELIST=/usr/bin/egrep SCRIPTWHITELIST=/usr/bin/fgrep SCRIPTWHITELIST=/usr/bin/which PORT_PATH_WHITELIST=/usr/sbin/portsentry ALLOW_SSH_ROOT_USER=prohibit-password -- debconf information: rkhunter/cron_daily_run: true rkhunter/cron_db_update: true rkhunter/apt_autogen: true -- debsums errors found: debsums: changed file /var/lib/rkhunter/db/mirrors.dat (from rkhunter package)