On Tue, 2011-08-02 at 10:51 +0100, John Horne wrote:
> >
> Yeah, I noticed that yesterday, I'm not convinced that wildcarding works
> with that option. It is something that I need to look at. For the moment
> all I can suggest is either remove the wildcarding so that you just
> whitelist bash and
On Tue, 2011-08-02 at 00:46 +0100, Arthur Dent wrote:
> OK - Thanks John, that works.
Ooops. Spoke too soon
From this morning's run:
-- Start Rootkit Hunter Scan --
Warning: The following processes are using deleted files:
Process: /
On Mon, 2011-08-01 at 20:53 +0100, John Horne wrote:
> On Sat, 2011-07-30 at 14:12 +0100, Arthur Dent wrote:
> > I know you are probably going to (gently) remind me that this is
> > probably an issue for the Fedora list, but following Kevin Fenzi's reply
> > to my previou
On Mon, 2011-08-01 at 12:23 +0100, Arthur Dent wrote:
> On Mon, 2011-08-01 at 11:46 +0100, John Horne wrote:
> > On Sat, 2011-07-30 at 14:12 +0100, Arthur Dent wrote:
> > > I know you are probably going to (gently) remind me that this is
> > > probably an issue for th
On Mon, 2011-08-01 at 11:46 +0100, John Horne wrote:
> On Sat, 2011-07-30 at 14:12 +0100, Arthur Dent wrote:
> > I know you are probably going to (gently) remind me that this is
> > probably an issue for the Fedora list,
> >
> No, it's on topic for this list :-)
>
I know you are probably going to (gently) remind me that this is
probably an issue for the Fedora list, but following Kevin Fenzi's reply
to my previous thread, in which he said that the the latest updates were
shortly about to go into the Fedora stable repository, I decided to to a
yum update. Whi
Hello All - and especially John,
Yesterday I did a "yum update" on my Fedora 15 system (I normally only
update and reboot at the end of the month - but I was bored yesterday)
and it brought down an updated version of RKH.
I allowed it to install, assuming this was the latest version, but found
th
On Wed, 2011-07-20 at 11:51 +0100, John Horne wrote:
> On Wed, 2011-07-20 at 11:37 +0100, Arthur Dent wrote:
> > Hello All,
> >
> > I have a couple of Java applications running on this machine. A bit of
> > googling has shown me that when they run they create a file
Hello All,
I have a couple of Java applications running on this machine. A bit of
googling has shown me that when they run they create a file called
hsperfdata_{USER}/{NUMBER} which apparently helps with performance
somehow. The location of this file is (again, apparently) hard-coded
as /tmp/.
RK
On Wed, 2011-06-01 at 15:26 -0600, Kevin Fenzi wrote:
> On Wed, 01 Jun 2011 22:16:03 +0100
> John Horne wrote:
>
> > On Wed, 2011-06-01 at 21:37 +0100, Arthur Dent wrote:
> > > Hello All,
> > >
> > > I have just upgraded from Fedora 13 to F15 and have
Hello All,
I have just upgraded from Fedora 13 to F15 and have implemented the same
version of RKH as I was running on the old F13 machine a few days ago.
On running RKH I get:
Warning: The command '/usr/local/bin/rkhunter' has been replaced and is not a
script: /usr/local/bin/rkhunter: POSIX sh
On Thu, 2010-12-02 at 14:36 +, John Horne wrote:
> On Thu, 2010-12-02 at 14:05 +0000, Arthur Dent wrote:
> > Hello all,
> >
> > I just upgraded from 1.3.6 to 1.3.8 on my Fedora 13 system, and on each
> > RKH run I get a the following warning:
> >
> &g
Hello all,
I just upgraded from 1.3.6 to 1.3.8 on my Fedora 13 system, and on each
RKH run I get a the following warning:
Warning: The following processes are using deleted files:
Process: /usr/libexec/mysqldPID: 1499File: /tmp/ib5ks4lI
Process: /bin/mailxPID: 9802
Hello all,
I have just upgraded from F9 to F11 and using the same RKH version as I
had on F9 (1.3.4) I now get the following warnings.
Warning: The following processes are using deleted files:
Process: /usr/libexec/mysqldPID: 1651
File: /tmp/ib7hmLbP
Process: /bin/mailxP
On Sun, Mar 30, 2008 at 05:35:35PM +0200, [EMAIL PROTECTED] wrote:
> On Sun, 30 Mar 2008 11:38:47 +0200 Arthur Dent
> <[EMAIL PROTECTED]> wrote:
> >/var/log/rkhunter.log make no reference whatsoever to download
> >attempts successful or otherwise. How can I find out why
Hello All,
I got this message this morning after my daily RKH run:
Checking rkhunter data files...
Checking file mirrors.dat [ No update]
Checking file programs_bad.dat[ No update]
Checking file backdoorports.dat
On Sat, Jan 05, 2008 at 06:09:33PM -0600, David Gibbs wrote:
> Arthur Dent wrote:
> > Will RKH reflect this change?
>
> There's statement in the rkh config file where you can specify the
> syslog.conf file. It's an easy change to make it 'rsyslog.conf'.
On Sat, Jan 05, 2008 at 01:05:57PM +0100, Nils Breunese (Lemonbit) wrote:
> Arthur Dent wrote:
> > Any idea why Red Hat / Fedora have made this change?
>
> Rsyslog is based on sysklogd and sysklogd is dead upstream. So they
> switched to rsyslog.
>
> http://lwn.net/Ar
Hello all,
I have recently upgraded my Fedora box from FC6 to F8. I did not simply copy
across my rkhunter.conf file, but gradually re-introduced the configurations
step-by-step to see what would need to be changed.
I have now eliminated all the errors and warnings except one:
"Warning: The sysl
On Wed, Oct 24, 2007 at 11:31:50PM +0100, John Horne wrote:
> On Wed, 2007-10-24 at 10:35 +0100, Arthur Dent wrote:
>
> > 'ls -l /dev/pts/0' does indeed report no such file even after a
> > reboot. Should I be concerned about this?
> >
> It is difficult to s
Well I'm beginning to make real progress here. My aim is to have a completely
clean sheet with RKH running as many tests as possible.
So far, point no. 1 (strange characters in cron output) has been cleared up
nicely with the use of the --nocolors option. Thanks.
Point no. 2 (deleted files). Wel
On Tue, Oct 23, 2007 at 10:30:59PM +0100, John Horne wrote:
> > I presume I need to add the argument "--nocolors" to the versioncheck line?
> >
> Yes, but add it to the '--update' line as well. Alternatively, you can
> combine it all in one:
>
> rkhunter --versioncheck --update --cronjob --repor
On Tue, Oct 23, 2007 at 05:16:08PM +0100, John Horne wrote:
Hmmm... Funny - got your reply but my original mail never showed up at my
end...
> On Tue, 2007-10-23 at 15:57 +0100, Arthur Dent wrote:
> >
> I'm assuming you are running something like 'rkhunter --versioncheck
Hello folks,
I have a small home network which I am fairly sure (thanks largely to
RKHunter) is not actually compromised in any way. I recently upgraded to 1.3.0
and, having done so, decided to give it a good run by turning all pretty much
all of the tests to see what would happen. This has produc
24 matches
Mail list logo