Re: [Rkhunter-users] Warnings after upgrading to Mandriva 2010.1 and rkhunter 1.3.6
Brought to you by:
dogsbody
Menu
▾
▴
Re: [Rkhunter-users] Warnings after upgrading to Mandriva 2010.1 and rkhunter 1.3.6
|
From: Helmut H. <Hu...@t-...> - 2010-07-11 05:17:05
|
Hallo, Chris,
Du meintest am 10.07.10:
> After upgrading to Mandriva 2010.1 yesterday I ran rkhunter --propupd
> since I'm sure a lot of files were changed. I still got the usual
> "please check your system as it may be infected" this morning after
> the rkhunter cronjob was ran. I got to looking at the log this
> evening and noticed:
> /usr/sbin/rkhunter [ Warning ]
> Warning: The command '/usr/sbin/rkhunter' has been replaced and is
> not a script: /usr/sbin/rkhunter: a /bin/sh script text executable
Here (Slackware 13, rkhunter 1.3.6)
which -a rkhunter
only shows
/usr/bin/rkhunter
#
ls -l $(which rkhunter)
shows
... root root 425608 29. Nov 2009 /usr/bin/rkhunter
#
file $(which rkhunter)
shows
/usr/bin/rkhunter: POSIX shell script text executable
Maybe the Mandriva packet uses another path for "rkhunter": that's no
problem.
> Checking for string 'hdparm' [ Warning ]
> Warning: Checking for possible rootkit strings [ Warning ]
> Found string 'hdparm' in file '/etc/rc.d/init.d/bootlogd'. Possible
> rootkit: Xzibit Rootkit
> Found string 'hdparm' in file '/etc/rc.d/rc.sysinit'. Possible
> rootkit: Xzibit Rootkit
That's perhaps a false alarm - using "hdparm" in these files is allowed.
Viele Gruesse!
Helmut
|