Re: [Rkhunter-users] RKH Ignoring .conf.local?

On Tue, 2011-08-02 at 10:51 +0100, John Horne wrote: > > > Yeah, I noticed that yesterday, I'm not convinced that wildcarding works > with that option. It is something that I need to look at. For the moment > all I can suggest is either remove the wildcarding so that you just > whitelist bash and

Re: [Rkhunter-users] RKH Ignoring .conf.local?

On Tue, 2011-08-02 at 00:46 +0100, Arthur Dent wrote: > OK - Thanks John, that works. Ooops. Spoke too soon From this morning's run: -- Start Rootkit Hunter Scan -- Warning: The following processes are using deleted files: Process: /

Re: [Rkhunter-users] RKH Ignoring .conf.local?

On Mon, 2011-08-01 at 20:53 +0100, John Horne wrote: > On Sat, 2011-07-30 at 14:12 +0100, Arthur Dent wrote: > > I know you are probably going to (gently) remind me that this is > > probably an issue for the Fedora list, but following Kevin Fenzi's reply > > to my previou

Re: [Rkhunter-users] RKH Ignoring .conf.local?

On Mon, 2011-08-01 at 12:23 +0100, Arthur Dent wrote: > On Mon, 2011-08-01 at 11:46 +0100, John Horne wrote: > > On Sat, 2011-07-30 at 14:12 +0100, Arthur Dent wrote: > > > I know you are probably going to (gently) remind me that this is > > > probably an issue for th

Re: [Rkhunter-users] RKH Ignoring .conf.local?

On Mon, 2011-08-01 at 11:46 +0100, John Horne wrote: > On Sat, 2011-07-30 at 14:12 +0100, Arthur Dent wrote: > > I know you are probably going to (gently) remind me that this is > > probably an issue for the Fedora list, > > > No, it's on topic for this list :-) >

[Rkhunter-users] RKH Ignoring .conf.local?

I know you are probably going to (gently) remind me that this is probably an issue for the Fedora list, but following Kevin Fenzi's reply to my previous thread, in which he said that the the latest updates were shortly about to go into the Fedora stable repository, I decided to to a yum update. Whi

[Rkhunter-users] Fedora Package

Hello All - and especially John, Yesterday I did a "yum update" on my Fedora 15 system (I normally only update and reboot at the end of the month - but I was bored yesterday) and it brought down an updated version of RKH. I allowed it to install, assuming this was the latest version, but found th

Re: [Rkhunter-users] hsperfdata

On Wed, 2011-07-20 at 11:51 +0100, John Horne wrote: > On Wed, 2011-07-20 at 11:37 +0100, Arthur Dent wrote: > > Hello All, > > > > I have a couple of Java applications running on this machine. A bit of > > googling has shown me that when they run they create a file

[Rkhunter-users] hsperfdata

Hello All, I have a couple of Java applications running on this machine. A bit of googling has shown me that when they run they create a file called hsperfdata_{USER}/{NUMBER} which apparently helps with performance somehow. The location of this file is (again, apparently) hard-coded as /tmp/. RK

Re: [Rkhunter-users] rkhunter has been replaced and is not a script...

On Wed, 2011-06-01 at 15:26 -0600, Kevin Fenzi wrote: > On Wed, 01 Jun 2011 22:16:03 +0100 > John Horne wrote: > > > On Wed, 2011-06-01 at 21:37 +0100, Arthur Dent wrote: > > > Hello All, > > > > > > I have just upgraded from Fedora 13 to F15 and have

[Rkhunter-users] rkhunter has been replaced and is not a script...

Hello All, I have just upgraded from Fedora 13 to F15 and have implemented the same version of RKH as I was running on the old F13 machine a few days ago. On running RKH I get: Warning: The command '/usr/local/bin/rkhunter' has been replaced and is not a script: /usr/local/bin/rkhunter: POSIX sh

Re: [Rkhunter-users] Can't whitelist deleted files + Package manager verification

On Thu, 2010-12-02 at 14:36 +, John Horne wrote: > On Thu, 2010-12-02 at 14:05 +0000, Arthur Dent wrote: > > Hello all, > > > > I just upgraded from 1.3.6 to 1.3.8 on my Fedora 13 system, and on each > > RKH run I get a the following warning: > > > &g

[Rkhunter-users] Can't whitelist deleted files

Hello all, I just upgraded from 1.3.6 to 1.3.8 on my Fedora 13 system, and on each RKH run I get a the following warning: Warning: The following processes are using deleted files: Process: /usr/libexec/mysqldPID: 1499File: /tmp/ib5ks4lI Process: /bin/mailxPID: 9802

[Rkhunter-users] Hidden files in Fedora 11

Hello all, I have just upgraded from F9 to F11 and using the same RKH version as I had on F9 (1.3.4) I now get the following warnings. Warning: The following processes are using deleted files: Process: /usr/libexec/mysqldPID: 1651 File: /tmp/ib7hmLbP Process: /bin/mailxP

Re: [Rkhunter-users] Update Failed

On Sun, Mar 30, 2008 at 05:35:35PM +0200, [EMAIL PROTECTED] wrote: > On Sun, 30 Mar 2008 11:38:47 +0200 Arthur Dent > <[EMAIL PROTECTED]> wrote: > >/var/log/rkhunter.log make no reference whatsoever to download > >attempts successful or otherwise. How can I find out why

[Rkhunter-users] Update Failed

Hello All, I got this message this morning after my daily RKH run: Checking rkhunter data files... Checking file mirrors.dat [ No update] Checking file programs_bad.dat[ No update] Checking file backdoorports.dat

Re: [Rkhunter-users] F8 and syslog.conf

On Sat, Jan 05, 2008 at 06:09:33PM -0600, David Gibbs wrote: > Arthur Dent wrote: > > Will RKH reflect this change? > > There's statement in the rkh config file where you can specify the > syslog.conf file. It's an easy change to make it 'rsyslog.conf'.

Re: [Rkhunter-users] F8 and syslog.conf

On Sat, Jan 05, 2008 at 01:05:57PM +0100, Nils Breunese (Lemonbit) wrote: > Arthur Dent wrote: > > Any idea why Red Hat / Fedora have made this change? > > Rsyslog is based on sysklogd and sysklogd is dead upstream. So they > switched to rsyslog. > > http://lwn.net/Ar

[Rkhunter-users] F8 and syslog.conf

Hello all, I have recently upgraded my Fedora box from FC6 to F8. I did not simply copy across my rkhunter.conf file, but gradually re-introduced the configurations step-by-step to see what would need to be changed. I have now eliminated all the errors and warnings except one: "Warning: The sysl

Re: [Rkhunter-users] Some questions after upgrade

On Wed, Oct 24, 2007 at 11:31:50PM +0100, John Horne wrote: > On Wed, 2007-10-24 at 10:35 +0100, Arthur Dent wrote: > > > 'ls -l /dev/pts/0' does indeed report no such file even after a > > reboot. Should I be concerned about this? > > > It is difficult to s

Re: [Rkhunter-users] Some questions after upgrade

Well I'm beginning to make real progress here. My aim is to have a completely clean sheet with RKH running as many tests as possible. So far, point no. 1 (strange characters in cron output) has been cleared up nicely with the use of the --nocolors option. Thanks. Point no. 2 (deleted files). Wel

Re: [Rkhunter-users] Some questions after upgrade

On Tue, Oct 23, 2007 at 10:30:59PM +0100, John Horne wrote: > > I presume I need to add the argument "--nocolors" to the versioncheck line? > > > Yes, but add it to the '--update' line as well. Alternatively, you can > combine it all in one: > > rkhunter --versioncheck --update --cronjob --repor

Re: [Rkhunter-users] Some questions after upgrade

On Tue, Oct 23, 2007 at 05:16:08PM +0100, John Horne wrote: Hmmm... Funny - got your reply but my original mail never showed up at my end... > On Tue, 2007-10-23 at 15:57 +0100, Arthur Dent wrote: > > > I'm assuming you are running something like 'rkhunter --versioncheck

[Rkhunter-users] Some questions after upgrade

Hello folks, I have a small home network which I am fairly sure (thanks largely to RKHunter) is not actually compromised in any way. I recently upgraded to 1.3.0 and, having done so, decided to give it a good run by turning all pretty much all of the tests to see what would happen. This has produc