[Rkhunter-users] Checking running processes for suspicious files' has no exclude?
Brought to you by:
dogsbody
From: Marc M. <mar...@me...> - 2010-02-06 14:41:20
|
Hi, This is with 1.3.6. My system gets: Performing malware checks Checking running processes for suspicious files [ Warning ] because I run misterhouse, and the lsof scan picks it up: gargamel:~# lsof -F n -w -n |grep /mh$ n/var/local/src/misterhouse/mh-svn/bin/mh I didn't find an exclude in the code, so I had to patch in a grep -v for now. Also, the reporting is not very helpful. All I got in my mail was: Warning: Checking running processes for suspicious files [ Warning ] Warning: One or more of these files were found: backdoor, adore.o, mod_rootme.so, phide_mod.o, lbk.ko, vlogger.o, cleaner.o, cleaner, ava, tzava, mod_klgr.o, hydra, hydra.restore, ras2xm, vobiscum, sshd3, system, t0rnsb, t0rns, t0rnp, rx4u, rx2me, crontab, sshdu, glotzer, holber, xhide, xh, emech, psybnc, mech, httpd.bin, mh, xl, write, Phantasmagoria.o, lkt.o, nlkt.o Check the output of the lsof command 'lsof -F n -w -n' It would be nice to know which one was actually found :) Thanks, Marc -- "A mouse is a device used to point at the xterm you want to type in" - A.S.R. Microsoft is to operating systems & security .... .... what McDonalds is to gourmet cooking Home page: http://marc.merlins.org/ |