Re: [Rkhunter-users] rkhunter.dat file ?
Brought to you by:
dogsbody
From: <un...@hu...> - 2010-06-08 15:24:11
|
On Tue, 08 Jun 2010 03:11:51 +0200 Duane Loftus <bu...@lo...> wrote: >1. How do I fix the skdet / rkhunter.dat issue? Should be added running 'rkhunter --propupd' *after* moving the binary to /usr/local/(s)bin/, which is where local system additions should live FSSTND/LFS-wise. The config warning ditto, if it doesn't add a line "USER_FILEPROP_FILES_DIRS=/etc/rkhunter.conf" to your rkhunter.conf(.local). >2. What should I do about the Suckit Rootkit warning (or is it related to # 1 above? Not related. The Suckit Rookit additional checks comprise of: 0) checking hard link count on '/sbin/init', 1) checking for hidden file extensions and 2) running 'skdet'. >3. What the heck are all the [invisible] statements? That depends: 0) if the PIDs exist and belong to valid, regular processes ('lsof - Pwnp $PID') then that may be a problem with 'skdet', 1) if the PIDs no longer exist (short-lived processes) then you might not be able to trace them back (to conclude they are a problem with 'skdet'), 2) if the PIDs belong to unknown processes then please list details: see 'lsof'. Also maybe check with 'unhide' (http://www.security-projects.com/?Unhide). * I don't remember your host details so please post your full distribution, release version, kernel version, (para- )virtualization used (if any) in your reply. And if you want to list process details then please *attach* as plain text file. Best regards, unSpawn -- |