> On 3 Oct 2017, at 18:55, Dick Gevers wrote:
>
>
>> On 3 Oct 2017, at 18:42, Patrick Gouin wrote:
>>
>> Le 01/10/2017 à 16:11, Dick Gevers a écrit :
>>>> On 1 Oct 2017, at 15:13, Patrick Gouin wrote:
>>>>
>>>> Hi,
>>
> On 3 Oct 2017, at 18:42, Patrick Gouin wrote:
>
> Le 01/10/2017 à 16:11, Dick Gevers a écrit :
>>> On 1 Oct 2017, at 15:13, Patrick Gouin wrote:
>>>
>>> Hi,
>>>
>>> Note; I'm not sure if email address of dvgevers is still the good
o need to apply the two patch files.
I only made it available here as there didnt seem to be a better place, but i
did not make it.
Happened to install the rpm as is on a Mageia Cauldron machine this week w/o
any pro
On Mon, 10 Jul 2017 14:27:37 +0300, Nerijus Baliunas via Rkhunter-users
wrote about Re: [Rkhunter-users] 'suspicious shared memory segments have
been found':
>On Mon, 10 Jul 2017 14:19:41 +0300 ellanios82 wrote:
>
>> - rkhunter cron job today shows warning:
>>
>> "suspicious shared memory segmen
esult to logs, as well as any changes to the md5sum of
each file on the list.
Ciao,
=Dick Gevers=
--
All the data continuously generated in your IT infrastructure contains a
definitive record of customers, application pe
On Wed, 15 Dec 2010 09:22:37 +, John Horne wrote about Re:
[Rkhunter-users] compair rkhunter.log with rkhunter.log.old:
> cat rkhunter.log | cut -d' ' -f2- >/tmp/rkh1
or ... cut -b 12- ...
Ci
, and could
>see none.
Thanks v.m. The fix is good.
Unfortunately I didn't have chance to test the new version when asked,
because my 32 bit version was breaking up and had to wait for new parts (64
bit) and do a reinstall and fix everything before I was able to get
sist.
Probably I am doing stg stupid somewhere, but I can't find what it might be.
Any ideas please?
Thanks & kind regards,
=Dick Gevers=
--
Beautiful is writing same markup. Internet Explorer 9 supports
standards
verifying diff was okay with original tarball), I worked
around it for the moment with this cron job which gets mailed 9 minutes
after the rkh logs:
#!/bin/bash
# check integrity of rhunter executable despite rkh warning
grep \/bin\/rkhu /var/lib/rkhunter/db/rkhunter.dat
sha1su
On Tue, 29 Dec 2009 22:14:35 +, Dick Gevers wrote about Re:
[Rkhunter-users] A few small remarks using rkh 1.3.6:
>Does remain that '--propupd [ file ] ' is not doing what it says it should.
I am wrong there: after the ROOTDIR is disabled, it says ' 1 of 137' .
S
[ file ] ' is not doing what it says it should.
So I hope this was of some help.
Best regards,
=Dick Gevers=
--
This SF.Net email is sponsored by the Verizon Developer Community
Take advantage of Verizon's best-
On Tue, 29 Dec 2009 21:22:20 +, Dick Gevers wrote about
[Rkhunter-users] A few small remarks using rkh 1.3.6:
>File:usr/local/etc/rkhunter.conf:0db1e4bf8bc5847335d72b09b1482fdaa0d05cab:345126:0600:0:0:33811:1259527434::
>
>Note the missing slash before 'usr', while all oth
cluding the data for
rkhunter.conf.
But: according to 'rkhunter --help', the option '--propud [ file ]' should
only have updated only the specified entry in the db, not all entries.
HTH
Kind regards & happy new year,
=Dick Gevers=
---
On Sun, 29 Nov 2009 19:04:12 +, John Horne wrote about Re:
[Rkhunter-users] [Rkhunter-announce] Rootkit Hunter release 1.3.6:
>Look at the RTKT_FILE_WHITELIST option and put it into your
>rkhunter.conf.local file.
Thanks v.m. ! I overlooked that one.
Cheers,
=Dick
quot;Setting hard drive parameters for %s:
" ${disk[$device]} /sbin/hdparm ${HDFLAGS[$device]} /dev/${disk[$device]}
Is there a way I can exclude this file?: I searched, but didn't see an
option for this check.
Thanks & BFN,
=Dick Gevers=
---
On Tue, 16 Jun 2009 13:46:53 -0500, Mike McCarty wrote about Re:
[Rkhunter-users] aptitude updates file properties automatically on one
system but not another:
>Dick Gevers wrote:
>> On Tue, 16 Jun 2009 10:59:17 -0400, Brian McKee wrote about
>> [Rkhunter-users] aptitude updates
n updated, it will
also not warn for hash changes that are not due to a regular package manager
update.
I'd rather be warned of all hash changes and determine by myself whether
they are a result of such updates or if they are potentially unwarranted
change
is package provides the libraries that use the standard p4 device.
The package PREIN script reads:
/usr/sbin/groupadd -g 12384 -r -f mpi > /dev/null 2>&1 ||:
/usr/sbin/useradd -u 12384 -g mpi -d /var/lib/mpi -r \
> -s /bin/bash mpi -p "" -m > /dev/null 2>&1
a trusted signature!
In your case that would be odd if it is not yourself (and normal in our
case), because if it is your own key you should have ultimate trust in it.
But you can 'hush' the answer on this point
Can't check signature: general error
Additionally there's a little oddity that the key owner's name is between
quotes inside the name.
But anyway I like to thank unspawn and John et
package manager (and/or prelinking) sorts itself out.
If you feel that maybe rpm (my version is from rpm-4.4.2.3-22mnb2.i586.rpm)
is not stable, shouldn't we take this upstream with rpm?
>As
>said, I'll s
On Tue, 04 Nov 2008 22:28:09 +, John Horne wrote about Re:
[Rkhunter-users] False warning about /usr/sbin/vipw:
>On Tue, 2008-11-04 at 22:03 +0000, Dick Gevers wrote:
>> On Tue, 04 Nov 2008 12:33:05 +, John Horne wrote about Re:
>> [Rkhunter-users] False warning about
then
'su -' to root and it'll be fixed once you have run 'rkhunter --propupd'.
But (again if I'm right) you'll keep the problem with sudo if skdet is
not in the path of the user running rkh. A cron job of root should not have
that problem, though.
Cheers,
=Dick Ge
On Tue, 04 Nov 2008 12:33:05 +, John Horne wrote about Re:
[Rkhunter-users] False warning about /usr/sbin/vipw:
>On Fri, 2008-10-31 at 18:14 +0000, Dick Gevers wrote:
>> Using rkhunter 1.3.3. cvs of 6th October 2008 I have to report that once
>> only I get a warning for this
On Fri, 31 Oct 2008 23:22:46 +, John Horne wrote about Re:
[Rkhunter-users] False warning about /usr/sbin/vipw:
>Are you using a package manager?
Sure: rpm on Mandriva Linux Cooker.
Cheers,
=Dick Gevers=
-
This SF.
don't know how to look further into this freak occurrence (which it is, I
suppose), but I thought you might want to know of it anyway.
HTH
Kind regards,
=Dick Gevers=
-
This SF.Net email is sponsored by the Moblin Your Move
ble today tested on Mandriva Linux Cooker (2009.0) and working
quite well.
Cheers,
=Dick Gevers=
-
This SF.Net email is sponsored by the Moblin Your Move Developer's challenge
Build the coolest Linux based applications with Mo
t is for users to "bless" the release
>by testing the CVS tarball RSN, so please do.
Tried today's cvs of rkh 1.3.3. and works very well on Mandriva Linux
Cooker.
Cheers,
=Dick Gevers=
-
This SF.Net email
EADME
/usr/local/share/skdet/SucKIT.test
/usr/local/share/skdet/adore-ng.test
/usr/local/share/skdet/adore.test
/usr/local/share/skdet/frontkey.test
If anyone makes improvements on the 'skdet' tool please let me know so I
can update the posted files or link to your URL. Thanks in advance.
u
5&group_id=155034&atid=794190
Ciao,
=Dick Gevers=
-
This SF.net email is sponsored by: Microsoft
Defy all challenges. Microsoft(R) Visual Studio 2008.
http://clk.atdmt.com/MRT/go/vse01200
. for your time. I shall gladly post a bugreport for this if you
prefer.
Ciao,
=Dick Gevers=
-
This SF.net email is sponsored by: Microsoft
Defy all challenges. Microsoft(R) Visual Studio 2008.
http://clk.atdmt.com/MRT/go
On Sun, 30 Mar 2008 21:20:31 +, Dick Gevers wrote about Re:
[Rkhunter-users] One ALLOWPROCDELFILE entry is ignored:
>On Sun, 30 Mar 2008 22:03:35 +0100, John Horne wrote about Re:
>[Rkhunter-users] One ALLOWPROCDELFILE entry is ignored:
>
>>RKH does not impose any limit of it
appears only about once per 1 or 2 weeks.
Thanks & BFN
=Dick Gevers=
-
Check out the new SourceForge.net Marketplace.
It's the best place to buy or sell services for
just about anything Open Source.
http://ad.d
is ignored:
Warning: The following processes are using deleted files:
Process: setiathom PID: 15935
File: /home/dvg/.boinc/BOINC/slots/1/stderr.txt
Maybe the line ALLOWPROCDELFILE is too long for rkhunter?
Thanks and best regards,
=D
On Sat, 01 Mar 2008 13:00:27 +0100, [EMAIL PROTECTED] wrote about Re:
[Rkhunter-users] rkhunter 1.3.2 - sed error:
>On Sat, 01 Mar 2008 07:46:44 +0100 Dick Gevers <[EMAIL PROTECTED]>
>wrote:
>>One small thing: it seems to use sed in a way that is not
>>recognized
>
None found ]
Cheers,
=Dick Gevers=
-
This SF.net email is sponsored by: Microsoft
Defy all challenges. Microsoft(R) Visual Studio 2008.
http://clk.atdmt.com/MRT/go/vse012070mrt/direct/01/
original version and rkhunter will notify
>you of this.
Thanks very much for your explanations.
Best regards,
=Dick Gevers=
-
SF.Net email is sponsored by:
Check out the new SourceForge.net Marketplace.
It's the bes
ership have changed from what the RPM
>database expects.
Ah; thanks for that: I was not aware of that; sorry.
Best regards,
=Dick Gevers=
-
SF.Net email is sponsored by:
Check out the new SourceForge.net Marketplace.
It
ously, you know more than
I do. Is there a suggested way to deal with this?
Thanks v.m.
=Dick Gevers=
-
SF.Net email is sponsored by:
Check out the new SourceForge.net Marketplace.
It's the best place to buy or sell se
am.d/su
.MG./usr/bin/who
Looks okay to me. But I'll appreciate any ideas.
Thank and BFN
=Dick Gevers=
-
SF.Net email is sponsored by:
Check out the new SourceForge.net Marketplace.
It's the best place to buy or
documentation, but I wouldn't know what.
I run Mandriva Cooker (development version) which is updated daily, so I
often have to run '--propupd', but these 3 keep haunting me.
Thanks i.a. for any ideas
Cheers,
=Dick Gevers=
On Mon, 26 Nov 2007 18:50:33 +, Dick Gevers wrote about Re:
[Rkhunter-users] feedback for Dick - unhide stops box:
>It's now reported to the author of unhide (haven't heard from him yet) and
>in Mandriva Bugzilla as http://qa.mandriva.com/show_bug.cgi?id=35822
For anyone in
oblem occurs only with the latest Cooker kernel (maybe it's
flawed, it is a 'rc' after all.
I appreciate your trying to help.
It's now reported to the author of unhide (haven't heard from him yet) and
in Mand
On Fri, 23 Nov 2007 17:38:11 +, John Horne wrote about Re:
[Rkhunter-users] unhide stops my box with new kernel:
>
>On Fri, 2007-11-23 at 16:08 +, Dick Gevers wrote:
>> Yesterday I installed kernel-server-2.6.24-0.rc3.1mdv-1-1mdv2008.1
>> on my Mandriva Cooker box.
>
appears on the halted screen, but I don't know if that will
do much good (to me at least it's klingon anyway): I tried capturing the
output to file, but nothing showed up.
I hope someone has any ideas how to overcome the problem.
Thanks beforehand.
regards,
=D
s for a stupid post.
Regards,
=Dick Gevers=
-
This SF.net email is sponsored by: Splunk Inc.
Still grepping through log files to find problems? Stop.
Now Search log events and configuration files using AJAX and a browser.
Downloa
er behaves when these options are
"used."
However, I didn't grep any relevant 'test' or 'able' in the readme. Perhaps
those details can be added in a future revision?
Thanks so much.
HTH
Regards,
=Dick Gevers=
-
gt;happened. (Default location is /var/log/rkhunter.log). Perhaps running
>rkhunter interactively will show want went wrong too (just use 'rkhunter
>-c -sk').
>
>
>
>John.
Or could it ph be generated by 'logcheck' package or similar?
HTH
Ciao,
=Dick Gevers=
-
On Tue, 12 Dec 2006 16:57:22 +, John Horne wrote about Re:
[Rkhunter-users] RKH CVS tarball available: testers wanted:
>On Tue, 2006-12-12 at 10:21 +0000, Dick Gevers wrote:
>>
>> "rkhunter -c" gives:
>> The language specified is not available: en
>> Use
files to be hashed are safe and have
been installed from a reliable source? Otherwise the whole exercise of
running rkh could become ambiguous?
>If you could find the time to run it once in a while and report
>back we would appreciate it very much.
So fa
guration ... [ OK ]
>> However, since I do not have apache(2) installed at all, wouldn't "Not
>> found" be a better displaystring?
>Would you submit this as a bug on the sourceforge web page please.
Done:
http://sourceforge.net/tracker/index.php?func=
's due to not finding /etc/apa*, I think.
However, since I do not have apache(2) installed at all, wouldn't "Not
found" be a better displaystring?
Just my nlg 0.02.
Keep up the good work. I am rooting for you ;)
=Dick Geve
On Sun, 12 Nov 2006 20:45:35 +, John Horne wrote about Re:
[Rkhunter-users] Unkown application versions..:
>On Sun, 2006-11-12 at 20:36 +0000, Dick Gevers wrote:
>> On Sun, 12 Nov 2006 20:02:12 +0100, Jacob Willig wrote about
>> [Rkhunter-users] Unkown appli
-q openssh
openssh-4.5p1-2mdv2007.1
although I grant that I don't have an sshd_config. But I think the
'application not found' is a wrong finding.
Cheers,
=Dick Gevers=
-
Using Tomcat but need to do more? Need to su
On Mon, 06 Nov 2006 12:10:48 +0100, [EMAIL PROTECTED] wrote about Re:
[Rkhunter-users] Hashes updated - but no hashes available.:
>On Mon, 06 Nov 2006 03:58:16 +0100 Dick Gevers <[EMAIL PROTECTED]>
>wrote:
>>On Sun, 05 Nov 2006 23:32:58 +0100, [EMAIL PROTECTED] wrote
>&g
On Sun, 05 Nov 2006 23:32:58 +0100, [EMAIL PROTECTED] wrote about Re:
[Rkhunter-users] Hashes updated - but no hashes available.:
>On Sat, 04 Nov 2006 08:41:21 +0100 Dick Gevers <[EMAIL PROTECTED]>
>wrote:
>>As always I then have to add my own system
>
>That what
he return from rkh is the
same every time. Perhaps a bug?
Thanks,
=Dick Gevers=
-
Using Tomcat but need to do more? Need to support web services, security?
Get stuff done quickly with pre-integrated technology to make your job
57 matches
Mail list logo
