Hi, thank you, Helmut, for your fast reply. I must have been blind when i was looking over the default config. I found the settings you described and they worked well.
Also thank you, John, for the other details, but i have some more questions regarding these warnings: > Helmut Hullen has already pointed out that several of these can be > whitelisted in the rkhunter.conf file. > >> Info: Starting test name 'possible_rkt_strings' >> Warning: Checking for possible rootkit strings [ Warning ] >> No system startup files found. >> >> -> Why is this resulting in a warning if no startup file was found? >> > The test is looking for the files which start up various system > services. Typically the directory is something like /etc/init.d > or /etc/rc.d. In your case it could not find either, and a system > without such a directory seems suspicious. Hence the warning. My FreeBSD has of course a directory /etc/rc.d so any idea why RKH gives me a warning? >> Info: Starting test name 'startup_malware' >> Checking for local startup files [ Warning ] >> Warning: No local startup files found. >> Checking local startup files for malware [ Skipped ] >> Warning: No local startup files found. >> >> -> Why is this resulting in a warning if no local startup file was found? >> > In this case the check is for the file used for local startup > modifications. Typically something like /etc/rc.d/rc.local or > rc.sysinit. Again, having no such file is suspicious. As far as i know FreeBSD does not have those files and i have no idea which files are the equivalent to these linux-files. So i do not know what directory to set the SYSTEM_RC_DIR and LOCAL_RC_PATH to - my first guess would be SYSTEM_RC_DIR=/etc/rc.d and LOCAL_RC_PATH=/usr/local/etc/rc.d ? > I would be grateful if you could let me know what values you use for > these entries, so that we can include them in RKH by default. > Different systems will install SSH using different default configuration > values. However, the software itself defaults to allowing root logins, > and allowing the less secure SSH protocol version 1. Hence RKH will test > that these have been disabled in the sshd_config file. This seems to be different under FreeBSD too. Both settings "PermitRootLogin no" and "Protocol 2" are commented out in my sshd_config, which is the default on FreeBSD. Root-Login is definitely not permitted under FreeBSD out-of-the-box - until now i was quite sure about that ;-) Do i have to add those settings anyway so that RKH recognizes them or can i skip these specific tests? Or can RKH somehow "know" the different default values under FreeBSD? Thank you, Thomas ------------------------------------------------------------------------- This SF.net email is sponsored by: Splunk Inc. Still grepping through log files to find problems? Stop. Now Search log events and configuration files using AJAX and a browser. Download your FREE copy of Splunk now >> http://get.splunk.com/ _______________________________________________ Rkhunter-users mailing list Rkhunter-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/rkhunter-users
