Re: [Rkhunter-users] rkhunter.dat file ?
Brought to you by:
dogsbody
Menu
▾
▴
Re: [Rkhunter-users] rkhunter.dat file ?
|
From: <un...@hu...> - 2010-06-08 15:24:11
|
On Tue, 08 Jun 2010 03:11:51 +0200 Duane Loftus
<bu...@lo...> wrote:
>1. How do I fix the skdet / rkhunter.dat issue?
Should be added running 'rkhunter --propupd' *after* moving the
binary to /usr/local/(s)bin/, which is where local system additions
should live FSSTND/LFS-wise. The config warning ditto, if it
doesn't add a line "USER_FILEPROP_FILES_DIRS=/etc/rkhunter.conf" to
your rkhunter.conf(.local).
>2. What should I do about the Suckit Rootkit warning (or is it
related to # 1 above?
Not related. The Suckit Rookit additional checks comprise of:
0) checking hard link count on '/sbin/init',
1) checking for hidden file extensions and
2) running 'skdet'.
>3. What the heck are all the [invisible] statements?
That depends:
0) if the PIDs exist and belong to valid, regular processes ('lsof -
Pwnp $PID') then that may be a problem with 'skdet',
1) if the PIDs no longer exist (short-lived processes) then you
might not be able to trace them back (to conclude they are a
problem with 'skdet'),
2) if the PIDs belong to unknown processes then please list
details: see 'lsof'. Also maybe check with 'unhide'
(http://www.security-projects.com/?Unhide).
* I don't remember your host details so please post your full
distribution, release version, kernel version, (para-
)virtualization used (if any) in your reply. And if you want to
list process details then please *attach* as plain text file.
Best regards,
unSpawn
--
|