Re: [Rkhunter-users] rkhunter 1.3.6 / Red Hat Fedora
Brought to you by:
dogsbody
From: Duane L. <bu...@lo...> - 2010-05-27 17:33:38
|
*SNIP* > > I suspect you ran RKH with '--propupd', then changed the config to use > the package manager ('PKGMGR=RPM'). This would then make your current > file properties report many warnings. If you change the config to use, > or not use, the package manager for checks, then you must run 'rkhunter > --propupd' afterwards. > > Run 'rkhunter --propupd' again, RKH should then run okay. > > John. You must have a camera over my shoulder. Yes. That is exactly what I did (PKGMGR=RPM). I changed the entry back to "NONE" and re-ran propupd. Now when I scan the file properties are mostly all "OK". Exceptions in the File Property area are: (Warning) [10:15:09] /usr/bin/GET [ Warning ] [10:15:09] Warning: The command '/usr/bin/GET' has been replaced by a script: /usr/bin/GET: perl script text executable [10:15:09] /usr/bin/groups [ Warning ] [10:15:09] Warning: The command '/usr/bin/groups' has been replaced by a script: /usr/bin/groups: Bourne shel l script text executable [10:15:11] /usr/bin/ldd [ Warning ] [10:15:11] Warning: The command '/usr/bin/ldd' has been replaced by a script: /usr/bin/ldd: Bourne shell scri pt text executable and a few more. But most of them are ok. How do I go about checking the warnings in File Properties? If I'm being too "questioning" please just tell me to go pound sand. I really appreciate your help (all of you). |