Re: [Rkhunter-users] Warnings after upgrading to Mandriva 2010.1 and rkhunter 1.3.6
Brought to you by:
dogsbody
From: Helmut H. <Hu...@t-...> - 2010-07-11 05:17:05
|
Hallo, Chris, Du meintest am 10.07.10: > After upgrading to Mandriva 2010.1 yesterday I ran rkhunter --propupd > since I'm sure a lot of files were changed. I still got the usual > "please check your system as it may be infected" this morning after > the rkhunter cronjob was ran. I got to looking at the log this > evening and noticed: > /usr/sbin/rkhunter [ Warning ] > Warning: The command '/usr/sbin/rkhunter' has been replaced and is > not a script: /usr/sbin/rkhunter: a /bin/sh script text executable Here (Slackware 13, rkhunter 1.3.6) which -a rkhunter only shows /usr/bin/rkhunter # ls -l $(which rkhunter) shows ... root root 425608 29. Nov 2009 /usr/bin/rkhunter # file $(which rkhunter) shows /usr/bin/rkhunter: POSIX shell script text executable Maybe the Mandriva packet uses another path for "rkhunter": that's no problem. > Checking for string 'hdparm' [ Warning ] > Warning: Checking for possible rootkit strings [ Warning ] > Found string 'hdparm' in file '/etc/rc.d/init.d/bootlogd'. Possible > rootkit: Xzibit Rootkit > Found string 'hdparm' in file '/etc/rc.d/rc.sysinit'. Possible > rootkit: Xzibit Rootkit That's perhaps a false alarm - using "hdparm" in these files is allowed. Viele Gruesse! Helmut |