Re: [Rkhunter-users] thanks

Thanks all for the show of support. I, and I'm sure John too, really appreciate it. I'll be aiming for a pre-release in two weeks from now, time permitting. Cheers, unSpawn --- On Mon, 14 Nov 2016 17:31:32 +0100 "Sam Ashley" wrote: >I agree that to the commu

Re: [Rkhunter-users] project status?

ils of the past three years I missed, add relevant data, test the release on Linux and BSD and produce a release tar ball. It's -=[ that ]=- easy. Cheers, unSpawn --- -- Developer Access Program for Intel Xeon Phi

Re: [Rkhunter-users] Suspicious Shared Memory segments

ngtalk.com/showthread.php?t=1235797 https://isc.sans.edu/diary/SSHD+rootkit+in+the+wild/15229 http://www.welivesecurity.com/2014/02/21/an-in-depth-analysis-of- linuxebury/ Regards, unSpawn --- -- __

Re: [Rkhunter-users] Next Version of Rootkit Hunter (?)

devs and both are busy doing Other Stuff. OTOH we're not impervious to users helping, testing and asking, so... ;-p I'll see what we can do as it indeed has been too long. BTW in the meanwhile you can always use "http://rkhunter.cvs.sourceforge.net/viewvc/rkhunte

Re: [Rkhunter-users] OpenSUSE 13.2 Zues/Zbot rkhunter detect?

us-cert.gov/ncas/alerts/TA14-150A and check with http://cbl.abuseat.org/lookup.cgi?ip=%{INSERT_IPV4_ADDRESS_HERE}&.pu bmit=Lookup Regards, unSpawn --- -- ___ Rkhunter-users m

Re: [Rkhunter-users] SourceForge

any >> plans to migrate away from SourceForge? >> >None that I am aware of. > > > >John. I agree as the issue does not affect us. We'll obvious

Re: [Rkhunter-users] troubleshooting deleted files

On Wed, 25 Feb 2015 21:05:12 +0100 absolutely_f...@libero.it wrote: >I think this is perfectly normal (file is no more existent)... No, that's not an actual file you're trying to copy but pseudo terminal output: see 'man pts' for mo

Re: [Rkhunter-users] Quesions

27;ve ever had AIX testers so if you're up for it please fill in the blanks. Regards, unSpawn --- -- Meet PCI DSS 3.0 Compliance Requirements with EventLog Analyzer Achieve PCI DSS 3.0 Compliant Status with Out-of-

Re: [Rkhunter-users] Application Version Check

if this portion of the database is being >maintained in a timely manner. No, it isn't. And it will never be until somebody else actively maintains it. It would be better to retire the functionality from RKH altogeth

Re: [Rkhunter-users] Not detecting unhide.rb

Sorry Gordon, overlooked that one. On Mon, 21 Jul 2014 01:36:52 +0200 "Gordon" wrote: >Hi guys > >The config file says RKH can use unhide C and Ruby versions. By now we're not supporting the Ruby version anymore due to the 'unhide' a

Re: [Rkhunter-users] How to specify ROOT directory

list, because nobody was actively using it. >From the FTimes author there is a tool that allows you to securely download and execute remote "packages" locally by using a single binary: http://webjob.sour

Re: [Rkhunter-users] FW: new rootkit

acing root-owned binaries requiring root privileges. >Seems the hacker recompiled a new ssh version to capture all the >passwords from a ssh session Yes, I thought the script looked familiar. It's been around for a while. Regards, unSpawn ---

Re: [Rkhunter-users] error on backdoorports.dat when using rkhunter --update

On Mon, 28 Apr 2014 22:40:52 +0200 "Julie Davenport" wrote: >So it does not appear to be anything wrong with my installation of rkhunter 1.4.2. Indeed it didn't. I just fixed things in CVS.

Re: [Rkhunter-users] "You do not have permission to open this file."

system. Please do not do that again. (Should you wish to discuss this then you're invited to do that in private.) Thanks in advance for keeping this list on topic. Regards, unSpawn --- -- Start Your Social Network

Re: [Rkhunter-users] kit info

rity incidents for some time now) I certainly hope I never gave anyone the impression one should continue to use a (suspected) compromised host or allow others to use it nor allow anyone to trample evidence by insta

Re: [Rkhunter-users] kit info

Recovering from a UNIX or NT System Compromise (https://www.cert.org/historical/tech_tips/win-UNIX- system_compromise.cfm) if you're not familiar with this kind of incident. Good luck, unSpawn --- -- Start Your

Re: [Rkhunter-users] error: invalid display

gt; I thought the *c* argument would do that - no! (Notice no output 1st try.) "--update" only updates certain files, not the application. Regards, unSpawn --- --

Re: [Rkhunter-users] False Positive

han that it's good to remain vigilant but I haven't encountered a "libkeyutils.so" situation with Mac OS X yet. Finally: thanks, as I haven't had the chance to run those sigs against Mac OS X. Regards, unSpawn --- -

Re: [Rkhunter-users] Problem with version 1.4.2 on Fedora 20

=C ${IPCS_CMD}" > Thanks for posting your problem *and* the solution. Regards, unSpawn --- -- Learn Graph Databases - Download FREE O'Reilly Book "Graph Databases" is the definitive new guide to graph d

[Rkhunter-users] Rootkit Hunter release 1.4.2

. Best regards, unSpawn --- -- Learn Graph Databases - Download FREE O'Reilly Book "Graph Databases" is the definitive new guide to graph databases and their applications. Written by three acclaimed leaders in

Re: [Rkhunter-users] Error reported since two days

On Thu, 06 Mar 2014 01:00:26 +0100 "Nerijus Baliunas" wrote: >Why the release was not announced in this list? > >Regards, >Nerijus Because I completely forgot about that? I Will correct that today

Re: [Rkhunter-users] new release schedue?

lots of Fedora users. > >Is there any idea when a 1.4.1 (or 1.5) might be released? Should have been done long time ago. I'll give it one week else we'll release next weekend. Cheers, unSpawn --- -- And

[Rkhunter-users] CVS test please

'lo all, If you can spare us five minutes of your time please get RKH from CVS and test it as we will be releasing the next version the coming weekend. *You're not required to reply it's working OK but it sure would be appreciated.

Re: [Rkhunter-users] root kit not found when run with uninitialised db

r at Sourceforge. Cheers, unSpawn --- -- Android apps run on BlackBerry 10 Introducing the new BlackBerry 10.2.1 Runtime for Android apps. Now with support for Jelly Bean, Bluetooth, Mapview and more. Get your Android app in fro

Re: [Rkhunter-users] R: R: Re: R: Re: Warning on http listening on network

On Wed, 27 Nov 2013 12:56:35 +0100 absolutely_f...@libero.it wrote: >It seems that it's definitely a false positive, by comparing >binary's timestamp with last cPanel update log. Nice, then you can white list it and be done with it.

Re: [Rkhunter-users] R: Re: Warning on http listening on network

On Tue, 26 Nov 2013 16:23:45 +0100 absolutely_f...@libero.it wrote: >Onestly, I don't know if binary is legit. I've no previous md5sum. It's CentOS so you could run 'rpm -Vv httpd' or run 'stat' on the file and compare with a

Re: [Rkhunter-users] [Feature] Check if process file exists

s like preventive maintenance and proper system hardening. One tool already covering process watching is Samhain and also the audit service is able to log execves. HTH, unSpawn --- -- Android is increasing in popularity,

Re: [Rkhunter-users] OSX Togroot Rootkit

quot;rootkits", >but I'm unclear as to which one should be. An additional problem is simply a lack of samples. Some people sent stuff our way (thanks) but IIRC I got most of the OSX-related stuff myself. Regards, unSpawn --- -

Re: [Rkhunter-users] Hand of Thief malware

On Mon, 02 Sep 2013 15:50:49 +0200 "John Horne" wrote: >On Sun, 2013-09-01 at 16:02 -0700, Buz Davis wrote: >> Does the current version of rkhunter recognize "Hand of Thief"? >> >No. Although whether unSpawn is working on something to do with >this

Re: [Rkhunter-users] rkhunter seems to say there's no problem but chkrootkit says "INFECTED"

(it's not our handiwork plus Chkrootkit 0.49 was released in 2009 and never modified afterwards) but here's a way to make it use white listing (preferably only after verifying integrity): https://www.linuxquestions.org/question

Re: [Rkhunter-users] [PATCH] spaces in files handling

Hello Kevin, On Tue, 23 Jul 2013 00:24:40 +0200 "Kevin Fenzi" wrote: >Any thoughts on this approach? I haven't checked the patch yet but since July 11th John has uploaded revisions that address issues with spaces. Maybe check those first?

Re: [Rkhunter-users] Fwd: Active Development

On Wed, 03 Jul 2013 04:16:27 +0200 "Michael Smith" wrote: >Is rkhunter still in active development? If so I have a possible >modification I'd like to propose. Well, let's hear it... unSpawn --- --

Re: [Rkhunter-users] SSH backdoor non detected by RKH

tcp:6108' or 'fuser -nuv tcp 6108'. Did you verify all packages with 'rpm -Vva 2>&1 | grep -v "^\.\{8\}";'? >Other means of detect do not show the backdoor. What *other* means exactly? unSpawn --- ---

Re: [Rkhunter-users] Fwd: @RISK: The Consensus Security Vulnerability Alert: Vol. 13, Num. 18

it uses Inotify) and regular log parsing (Logwatch or equivalent) could be added to the mix. Wrt detection also see the http://www.welivesecurity.com/wp- content/uploads/2013/04/dump_cdorked_config.c tool. HTH, unSpawn --- -

Re: [Rkhunter-users] Rkhunter warnings on Ubuntu 12.04

is to whitelist all of the below: >/usr/sbin/adduser >/usr/bin/ldd >/usr/bin/unhide.rb >/usr/bin/lwp-request >/bin/which >/dev/.blkid.tab >/dev/.initramfs If you have verified these items are as your distribution provides them you can white list them. BTW you should be using the sepa

Re: [Rkhunter-users] R: Re: Question about "deleted file"

On Mon, 22 Apr 2013 10:00:50 +0200 absolutely_f...@libero.it wrote: >Hi, >so this will be the correct config? >ALLOWPROCDELFILE="/usr/libexec/hald-addon- >keyboard:/usr/libexec/hald-addon- >keyboard*" Looks OK to

Re: [Rkhunter-users] Rkhunter warnings on Ubuntu 12.04

onf and maybe even search the rkhunter- users mailing list archive. TIA, uNSpawn --- -- Precog is a next-generation analytics platform capable of advanced analytics on semi-structured data. The platform includes APIs for

Re: [Rkhunter-users] Question about "deleted file"

On Thu, 18 Apr 2013 09:24:18 +0200 absolutely_f...@libero.it wrote: >Why I still get error? With ALLOWPROCDELFILE you may use wildcards -=but in file names only =- Regards, unSpawn --- -- Precog is a next-generat

Re: [Rkhunter-users] Rkhunter catches cron jobs occasionally

e another >option in the conf I missed? Instead of blithely white listing things I'd rather check what trips 'running_procs' first. Could you please *attach* the log file (see /tmp) from running RKH with --debug to an email to me? Regards, unSpawn --- ---

Re: [Rkhunter-users] New version of RKHunter ?

ssue: http://www.linuxquestions.org/questions/blog/unspawn-2450/simple- clamav-sig-for-lib64-libkeyutils-so-1-9-contents-35316/. Also see https://isc.sans.edu/diary.html. Note this doesn't include the CalmAV sig as we haven't discussed offering it / using ClamAV as part of RKH. You can

Re: [Rkhunter-users] Curiousity...

t since you mentioned it here I'll go have a look. Cheers, unSpawn --- -- Master Visual Studio, SharePoint, SQL, ASP.NET, C# 2012, HTML5, CSS, MVC, Windows 8 Apps, JavaScript and much more. Keep your skills curren

Re: [Rkhunter-users] New release of Unhide (20121229)

On Tue, 22 Jan 2013 17:48:41 +0100 "Yago Jesus" wrote: >We are pleased to announce the new release of Unhide. Thanks for the update and the heads up Yago! Cheers, unSpawn --- -- Master Visual Studio, Sh

Re: [Rkhunter-users] Using busybox as bindir

itches they provide. So even if the binary you compiled has all required tools included usage would cause b0rkage. Doesn't mean you shouldn't try though. Cheers, unSpawn --- -- Master Visual Studio, SharePoin

Re: [Rkhunter-users] Change rkhunter default search paths

On Thu, 17 Jan 2013 06:55:27 +0100 "Eric Wingate" wrote: >Is it possible to change the default paths RKhunter searches in? Must be a mistake, yes? John already answered you on the 5th... unSpawn ---

Re: [Rkhunter-users] Removal of '-r' and ROOTDIR options

now nobody has any time to spend on it which makes one wonder what use discussing it any further could have. Regards, unSpawn --- -- Keep yourself connected to Go Parallel: VERIFY Test and improve your parallel project w

Re: [Rkhunter-users] Removal of '-r' and ROOTDIR options

On Tue, 20 Nov 2012 14:43:23 +0100 "Jon Bendtsen" wrote: >When are the options coming back? Would you be willing to maintain that piece of code? Cheers, unSpawn --- -- Monitor your physical, virt

Re: [Rkhunter-users] Changed files after ImageMagick install

On Mon, 12 Nov 2012 23:20:41 +0100 "Angus McIntyre" wrote: >unsp...@hushmail.com wrote: >I think this may relate to one of your FAQs You mean the one saying run "rkhunter --propupd" after installing

Re: [Rkhunter-users] Changed files after ImageMagick install

ep -v "^\.\{8\}", - the relevant rkhunter.log entries. Cheers, unSpawn --- -- Monitor your physical, virtual and cloud infrastructure from a single web console. Get in-depth insight into apps, servers, databases,

Re: [Rkhunter-users] Problem with rkhunter.dat file with Centos 5.8 and certain binaries

0:1329932395:: > >Some have hashes others don't. >Though you can see above in the .dat file it has no hash. /usr/sbin/adduser is a symlink to useradd but the others are binaries. To see what happens could you attach (off list) the output of running 'rk

Re: [Rkhunter-users] FreeIPA false positive (unknown rootkit)

itives. So, yes, white listing is OK for those running FreeIPA. Cheers, unSpawn --- -- Live Security Virtual Conference Exclusive live event will cover all the ways today's security and threat landscape has changed

Re: [Rkhunter-users] Live-CD

hat you can't get it as SourceForge mirrors and other software repositories may cache older versions and with the CVS source tarball you probably could recreate any old branch. Regards, unSpawn --- -- Live Sec

Re: [Rkhunter-users] Live-CD

say size or time or other constraints work against the investigator. This because it may hold clues that could aid further investigation. Any ops on a Live file system ranging from running tools to installing SW alters it and potentially destroys what could potential

Re: [Rkhunter-users] Live-CD

r findings. Do let me know if you find something interesting that isn't covered in the FAQ or false positives you find by the solution for by searching the rkhunter-users mailing list archives. Regards, unSpawn ---

Re: [Rkhunter-users] Can't whitelist /dev files with backslash

On Tue, 19 Jun 2012 10:12:16 +0200 Saverio wrote: Please do not post HTML-only email to this list. Try to escape the backslash adding another backslash? Regards, unSpawn --- -- Live Security Virtual Conference

Re: [Rkhunter-users] Warning: Hidden file found: /sbin/.cryptsetup.hmac: ASCII text

On Sat, 07 Apr 2012 17:50:08 +0200 Doug Parsons wrote: There's a few white listing examples for HMAC in your /etc/rkhunter.conf in the "ALLOWHIDDENFILE" section. Regards, unSpawn --- -- For Develo

Re: [Rkhunter-users] /usrmove and /lib/java false positive

gets a >warning :-) The current code lists it as a 'rootkit component', so there >should be others parts of the rootkit tested too. Hence we could remove >just this test, but I'll leave that to unSpawn to decide. Sorry, bit slow here. Indeed it's a decidedly weak check on

Re: [Rkhunter-users] The SCRIPTDIR configuration option has not been set by the installer.

n(), the function that processes configuration file options uses 'tail'. Since tail fails to properly fill the variable it errors out with the message you see. You could 'cp /path/to/rkhunter /path/to/rkhunter.bak && sed -i "s|tail -1|tail -n

Re: [Rkhunter-users] making sense of rootkits and rkhunter

See http://en.wikipedia.org/wiki/Inode ? >I'm reading the CERT Intruder Detection list and...is there a For Dummies version of this? No, not really. Just work your way through it and then ask questions about it (it's not really a topic for this list) in the LQ Linux Security for

Re: [Rkhunter-users] Hidden process continuously modifying files

a bit off-topic for this mailing list. Feel free to open a thread in a Linux forum or on a general purpose mailing list you frequent (if any). I can usually be found at www.linuxquestions.org/questions/linux-secu

Re: [Rkhunter-users] help

;(..)', is out of date, and possibly a security risk. The application check is of no use where distro's backport fixes and can be disabled if you (auto)update your OS timely. Regards, unSpawn --- -- All o

Re: [Rkhunter-users] Which theory best explains why files were moved to new inodes?

distro logs update information and 1) compare package signature or hash and then package contents with those from a known good repo. Best regards, unSpawn --- -- Using storage to extend the benefits of virtualization an

Re: [Rkhunter-users] How to get rid of Dica Kit?

t;[01:46:38] Checking for file '/etc/ssh_host_key' [ Not found ] If you read /etc/sshd_config and it contains what sshd_config usually contains then, no, not a problem. Regards, unSpawn ---

Re: [Rkhunter-users] How to get rid of Dica Kit?

's a linux-only rootkit so you should probably white-list certain items. To know what triggers it please tell us what details /var/log/rkhunter.log shows. Best regards, unSpawn --- -- Using storage to ex

Re: [Rkhunter-users] How to report new rootkit ?

me or John. I'll send you a reply off list. Best regards, unSpawn --- -- Special Offer -- Download ArcSight Logger for FREE! Finally, a world-class log management solution at an even better price-free! And you

Re: [Rkhunter-users] rkhunter has been replaced and is not a script...

: http://rkhunter.cvs.sourceforge.net/viewvc/rkhunter/rkhunter/files/r khunter?r1=1.396&r2=1.397&view=patch. >What were you changing here? Output from file? >From the looks of it chiefly the grep regex. Regards, unSpawn --- -

Re: [Rkhunter-users] Hidden ports found

On Tue, 10 May 2011 09:51:14 +0200 Andy Clyde - OMN Hosting wrote: >Any other ideas? Run 'tcp-unhide 2>&1>/path/to/output.log' (at the same time you run RKH?), review the log and attach out

Re: [Rkhunter-users] suspscan string in /dev

>Using 1.3.6 from the stable Debian under Ubuntu 8.04 Version 1.3.8. is current BTW. Best regards, unSpawn --- -- WhatsUp Gold - Download Free Network Management Software The most intuitive, comprehensive, and cos

Re: [Rkhunter-users] Hidden ports found

d syscall (bind?), local firewall, network connection table (or parent routing device?) logging enabled. Best regards, unSpawn --- -- WhatsUp Gold - Download Free Network Management Software The most intuitive, compreh

Re: [Rkhunter-users] Propupd on Rootkit Hunter v. 1.3.8

>rebooted and ran rkhunter --propupd > >When I run rkhunter -c --sk I get many warnings. What kind of warnings (one or two unique examples only please) and what does your 'grep -v ^# rkhunter.conf|gr

Re: [Rkhunter-users] sshd Rootkit not detected by rkhunter

us I'm sure but I also would like to remind all anyway that no tool should be responsible for assessing system integrity alone IMHO: check out Samhain, Aide or even tripwire. Best regards, unSpawn --- -- Benefit

Re: [Rkhunter-users] Testing running processes... hangs indefinitely

/tmp) and /tmp/process.log and attach them in your reply to me. Regards, unSpawn --- -- Create and publish websites with WebMatrix Use the most popular FREE web apps or write code yourself; WebMatrix provides all

Re: [Rkhunter-users] Fwd: rkhunter warning message!!!

ou have any questions that can not be answered by reading the README and FAQ RKH comes with, the comments in rkhunter.conf and searching the rkhunter users mailing list archive as they generally will answer about ninetynine percent of your ques

Re: [Rkhunter-users] Ncom Libcall Hijacking Rootkit analysis

does check preloading running a separate file integrity checker (Samhain, Aide or even tripwire) is always good IMO (second opinion). Regards, unSpawn --- -- Create and publish websites with WebMatrix Use the most po

Re: [Rkhunter-users] Directories modified

On Wed, 30 Mar 2011 12:15:09 +0200 David Lawn wrote: >Ahhh so I assume in that case rkhunter is unlinking, running it's checks and then prelinking again? RKH doesn't on its own: RPM uses prelinking by default. Reg

Re: [Rkhunter-users] Directories modified

On Mon, 28 Mar 2011 17:55:11 +0200 David Lawn wrote: >Is this expected behaviour If your system uses prelink then, yes. Regards, unSpawn --- -- Enable your software for Intel(R) Active Management Technology to m

Re: [Rkhunter-users] Files in rkhunter scan

lists archives should answer your "replaced by a script" and "Hidden {directory,file} found" questions. Do let me know if you can't find *anything*. Regards, unSpawn --- -- Enable your software

Re: [Rkhunter-users] ALLOWDEVFILE (and others) with spaces in filenames?

ectory names containing a space (use percent character instead). I have to check if that goes for ALLOWDEVFILE as well. Best regards, unSpawn --- -- The modern datacenter depends on network connectivity to access resourc

Re: [Rkhunter-users] installed RKH on mac os x 10.6.6 possible RK?

] Hmm. Check your rkhunter.log and see if there's any clues? If unclear please *attach* the log, not include it in the message body, TIA. unSpawn --- -- Special Offer-- Download ArcSight Logger for FREE (a $4

Re: [Rkhunter-users] new rootkit/trojan discovered

uture versions of rkhunter? That'll be me. TIA, unSpawn --- -- Protect Your Site and Customers from Malware Attacks Learn about various malware tactics and how to avoid them. Understand malware threats, the impact

Re: [Rkhunter-users] rpmbuild fails

ine _libdir /usr/local/lib" ath the top of the .spec file and recompile? Regards, unSpawn --- -- Protect Your Site and Customers from Malware Attacks Learn about various malware tactics and how to avoid them. Unde

Re: [Rkhunter-users] rpmbuild fails

ction with "%files -f %{_tmppath}/%{name}_contents.txt". See http://docs.fedoraproject.org/drafts/rpm-guide-en/ch09s05.html for more about this kind of auto-fill. Let me know if that works for you. Best regards, unSpawn --- ---

Re: [Rkhunter-users] proposal for inclusion of supplied scan (+code) into rkhunter

ct items in directories you configure. Best regards, unSpawn --- -- Increase Visibility of Your 3D Game App & Earn a Chance To Win $500! Tap into the largest installed PC base & get more eyes on your game by optimiz

Re: [Rkhunter-users] Please test rkhunter-CVS.tar.gz

>[19:03:29] Checking for hidden ports [ Skipped ] >[19:03:29] Info: Unable to find the 'unhide-tcp' command No version of 'unhide' is available for Motorola (yet). Best regards, unSpawn --- -- The

[Rkhunter-users] Please test rkhunter-CVS.tar.gz

doesn't complete without errors (please first check if they have been dealt with previously on this mailing list) please indicate which tests went OK and which failed and if necessary *attach* your rkhunter.conf and rkhunter.log. The most up to date tarball is a

Re: [Rkhunter-users] Unhide testers wanted for Ruby version

On Sun, 19 Sep 2010 19:41:48 +0200 Yago Jesus wrote: >Im going to open a space in Sourceforge where we can coordinate all tasks / patchs, etc. Stay tuned Good move. This way all issues related to unhide(-.*) can be handled on your SF project mailing list. Cheers, unSp

Re: [Rkhunter-users] Unhide testers wanted for Ruby version

e emails, yes. If you didn't change any Mail Alias Behavior in your account settings or use MUA filtering I'd file an issue with SF. Regards, unSpawn --- -- Start uncovering the many advantages of virtual appliances

Re: [Rkhunter-users] Unhide testers wanted for Ruby version

alles, the quick test is about 20 time > >faster than sys + proc tests. Personally, but that's my opinion, I value accuracy over speed. Do I read correctly from your reply you say that after running tests you conclude both

Re: [Rkhunter-users] Unhide testers wanted for Ruby version

Hello John, On Tue, 14 Sep 2010 15:59:39 +0200 John Horne wrote: >I seem to get quite a few FP's from this: Do those still occur after using Walles' fix posted on SF? Cheers, unSpawn --- -- Start u

Re: [Rkhunter-users] Unhide testers wanted for Ruby version

ld not be interpreted as RKH moving away from unhide. I'm looking forward to the new version. Cheers, unSpawn --- -- Start uncovering the many advantages of virtual appliances and start using them to simpli

[Rkhunter-users] Unhide testers wanted for Ruby version

and I'd like to see if anybody on this list would be willing to test-drive it. You should be able to install Ruby and the tool yourself w/o requiring help and run johanwalles' 'ps' test from the above thread. Extra mana points for testing a common proces

Re: [Rkhunter-users] rkhunter SYSLOG

unning --check, not the whole log. You could pipe --check output (but not --cronjob because it represents a set of options) to say 'logger'. Best regards, unSpawn --- -- This SF.net email is sponsored by S

Re: [Rkhunter-users] an undetected rootkit

mon downloaders is quite easy: http://www.linuxquestions.org/questions/blog/unspawn-2450/logwatch- webserver-logs-php-malarky-2308/). HTH, unSpawn -- -- ThinkGeek and WIRED's GeekDad team up for the Ultimate GeekDa

Re: [Rkhunter-users] an undetected rootkit

et in RKH's bug tracker at Sourceforge: http://sourceforge.net/tracker/?atid=794187&group_id=155034&func=bro wse, TIA. Best regards, unSpawn -- -- ThinkGeek and WIRED's GeekDad team up for the Ultimat

Re: [Rkhunter-users] rkhunter.dat file ?

a package management system that you should only use *that* unless you're familiar with building your own packages or using 'checkinstall' or equivalent). BTW 'skdet' *is* provided as a package at http://www.xs4all.nl/~dvgevers/skdet/ or D/L the

Re: [Rkhunter-users] Request: please build me a RPM on a 64-bit machine

On Wed, 09 Jun 2010 12:30:44 +0200 John Horne wrote: >Tee file will on its way to you in a minute :-) Thanks John! Regards, unSpawn -- -- ThinkGeek and WIRED's GeekDad team up for the Ultimate GeekDad Fath

[Rkhunter-users] Request: please build me a RPM on a 64-bit machine

o /usr/lib64 (should be /usr/local anyway), so I'm looking for confirmation this is a RPMForge packager problem. Thanks in advance! Best regards, unSpawn --- -- ThinkGeek and WIRED's GeekDad team up for the

Re: [Rkhunter-users] rkhunter.dat file ?

check with 'unhide' (http://www.security-projects.com/?Unhide). * I don't remember your host details so please post your full distribution, release version, kernel version, (para- )virtualization used (if any) in your rep

Re: [Rkhunter-users] rkhunter 1.3.6 / Red Hat Fedora]

es then the Atomic Rocket Turtle aka "ART" repo (atomicorp.com) provides a package. One of our longtime rkhunter- users list members has provided the skdet tarball and package for a long time. See http://www.xs4all.nl/~dvgevers/skde

Re: [Rkhunter-users] Re RKH permissions

Wed, 28 Apr 2010 23:18:21 +0200 Call Me Shane wrote: My apologies to the list members for having to read the crap it wrote. Of course foul-mouthing isn't acceptable. The email address has been removed from the list. Regards, un

Re: [Rkhunter-users] Warning: The file properties have changed: File: /usr/bin/sudo

ity- announce/2010-April/001080.html, so that kind of fits the bill. Since the post provides D/L links if necessary verifying package contents against a pristine package from a known good source is possible. >Do I now need to run --propupd ? Try "--propupd sudo".

  1   2   3   4   >