Re: [Rkhunter-users] rkhunter 1.3.6 / Red Hat Fedora
Brought to you by:
dogsbody
From: John H. <joh...@pl...> - 2010-05-28 10:47:44
|
On Thu, 2010-05-27 at 23:21 -0700, Duane wrote: > > It was apparent that the problem with the /bin/sh: preface had to be within > Plesk, yet there was no provision for putting in or taking out a preface. > So I deleted the CRON job "rkhunter". I re-entered it with the correct path > and added the "-c -sk" - it now works. I have it set up to run every day > at noon. > For cron jobs I would include the '--cronjob' option too. > However, snipping part of the rkhunter.log I have some questions. > > [22:55:56] Warning:Found enabled xinetd service:/etc/xinetd.d/submission_psa > > [22:55:56] Checking for Apache backdoor [ Not found ] > [22:55:56] > [22:55:56] Performing Linux specific checks > [22:55:56] Info: Starting test name 'os_specific' > [22:55:56] Checking loaded kernel modules [ Warning ] > [22:55:56] Warning: No output found from the lsmod command or the > /proc/modules file: > [22:55:56] /proc/modules output: > [22:55:57] lsmod output: > [22:55:57] Info: Using modules pathname of '/lib/modules' > > Are "submission_psa" "lsmod command" (see warning above) safe to whitelist? > You can't whitelist 'lsmod'. The warning is saying that it was expecting output from the 'lsmod' command, or from looking in the file /proc/modules. It got no output from lsmod, and found nothing in /proc/modules. For Fedora I would expect some modules to be loaded. However, if that is how your system runs (possibly due to plesk?), then you can disable the test. Copy the DISABLED_TESTS line from /etc/rkhunter.conf, and paste it into /etc/rkhunter.conf.local. Then add onto the end of the line the 'loaded_modules' test name. RKH will then skip that particular test. John. -- John Horne Tel: +44 (0)1752 587287 University of Plymouth, UK Fax: +44 (0)1752 587001 |