Re: [Rkhunter-users] Cannot run rkhunter even when logged in as root
Brought to you by:
dogsbody
From: John H. <joh...@pl...> - 2012-11-28 21:00:40
|
On Wed, 2012-11-28 at 20:44 +0000, Stewart, Larry C Sr CTR DISA JITC (US) wrote: > I have several Solaris 10 servers that I can't run rkhunter on despite > the fact that I am logged in as root or have su'd to root from my > account. The OS is Solaris 10 8/11 on an x86 platform. I have hardened > the system using US DoD guidelines. I have one system that I can run > it on that has not received the same level of attention. In order for > me to find and change the setting that will allow me to run rkhunter I > was hoping you could explain what rkhunter is doing to determine that > the user is root. Thanks in advance for any assistance you can > provide. > Hello, By default it uses the 'id' command (wherever that is in your PATH), but for Solaris it will use '/usr/xpg4/bin/id' if it is executable. It then runs 'id -u' to get the userid and compares that to '0' or 'root'. If neither is true, then the program stops saying that you must be root to run RKH. John. -- John Horne, Plymouth University, UK Tel: +44 (0)1752 587287 Fax: +44 (0)1752 587001 |