[Rkhunter-users] Checking running processes for suspicious files' has no exclude?
Brought to you by:
dogsbody
Menu
▾
▴
[Rkhunter-users] Checking running processes for suspicious files' has no exclude?
|
From: Marc M. <mar...@me...> - 2010-02-06 14:41:20
|
Hi,
This is with 1.3.6.
My system gets:
Performing malware checks
Checking running processes for suspicious files [ Warning ]
because I run misterhouse, and the lsof scan picks it up:
gargamel:~# lsof -F n -w -n |grep /mh$
n/var/local/src/misterhouse/mh-svn/bin/mh
I didn't find an exclude in the code, so I had to patch in a grep -v
for now.
Also, the reporting is not very helpful. All I got in my mail was:
Warning: Checking running processes for suspicious files [ Warning ]
Warning: One or more of these files were found: backdoor, adore.o, mod_rootme.so, phide_mod.o, lbk.ko,
vlogger.o, cleaner.o, cleaner, ava, tzava, mod_klgr.o, hydra, hydra.restore, ras2xm, vobiscum, sshd3,
system, t0rnsb, t0rns, t0rnp, rx4u, rx2me, crontab, sshdu, glotzer, holber, xhide, xh, emech, psybnc,
mech, httpd.bin, mh, xl, write, Phantasmagoria.o, lkt.o, nlkt.o
Check the output of the lsof command 'lsof -F n -w -n'
It would be nice to know which one was actually found :)
Thanks,
Marc
--
"A mouse is a device used to point at the xterm you want to type in" - A.S.R.
Microsoft is to operating systems & security ....
.... what McDonalds is to gourmet cooking
Home page: http://marc.merlins.org/
|