-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
John Horne wrote:
> Yes. Run the hashupd.sh script but do not run rkhunter with the --update
> option again. It will mess up your local hashes. This has all been
> sorted out in the next release, but for the moment using hashupd.sh is
> the only way to get good hashes working.
there is a cron job that runs --update before running rkhunter. I guess
I'll need to stop it from running the update?
> Change this to:
>
> PRELINKVERIFY=`runcon -t unconfined_t -- ${PRELINKBINARY} --verify
> ${file} > ${TMPDIR}/prelink.tst 2>/dev/null`
attempting this and getting better results.
> 2) You could disable selinux before running rkhunter. You can do this
> mostly easily using 'setenforce ' to disable it, and 'setenforce 1' to
> re-enable it.
did this too and got same results.
I now see that some files are marked as bad like the passwd and top
commands. I'm comparing the binaries to clean binaries from another
system . . .
This system may be compromised as the binaries are different.
thank you for your help.
- --
JT Moree
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.3 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
iD8DBQFFfd8EFI6sVJUR1B8RAjJ/AJ0b5ojvGACpHZo3T8ONq1f+FVFwXwCcCyLI
h5w3xpUOMpOuF7khTGCSmNs=
=cTnh
-----END PGP SIGNATURE-----
-------------------------------------------------------------------------
Take Surveys. Earn Cash. Influence the Future of IT
Join SourceForge.net's Techsay panel and you'll get the chance to share your
opinions on IT & business topics through brief surveys - and earn cash
http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV
_______________________________________________
Rkhunter-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/rkhunter-users
