I have rkhunter installed on some servers, which I updated on all of them from version 1.3.6 to 1.3.8 yesterday.
After this, something I can't explain started to happen. Specifically, only one of the servers forcedly runs the hidden_procs test even if it's disable. It evens shows this: [09:24:36] Info: Test 'ports' disabled at users request. [09:24:36] [09:24:36] Info: Starting test name 'hidden_ports' [09:24:36] Checking for hidden ports which is clearly conflicting. Specifically, in this test case, the cmdline was: rkhunter --check --skip-keypress --nocolors --display-logfile --disable hidden_procs and the rkhunter.conf.local related setting was: DISABLE_TESTS="ports running_procs suspscan hidden_procs deleted_files packet_cap_apps" Now, assuming that the rkhunter configuration on the servers is exactly the same, why does rkhunter behaves this way only on one? How can I prevent it from running that specific check? Thanks, Dersu K.U. ------------------------------------------------------------------------------ Lotusphere 2011 Register now for Lotusphere 2011 and learn how to connect the dots, take your collaborative environment to the next level, and enter the era of Social Business. http://p.sf.net/sfu/lotusphere-d2d _______________________________________________ Rkhunter-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/rkhunter-users
