Fw: [Rkhunter-users] RkHunter reports positives after patches
Brought to you by:
dogsbody
From: Carlito - Ps2Fantasy.c. <ca...@ps...> - 2006-01-29 14:54:19
|
Hello unSpawn, thanks for the feedback. Unfortunately, just before we run rkhunter and got those positives we also had installed r-fx network "les" tool, a tool that changes the attributes of the main executables to make them available only to root. So, tripwire reported positives, since it checks for files attributes, on all those executables affected by the tool, which included those I am getting positives for. Rpm -V returns ".M...... /usr/bin/write", file mode change... Thanks > > > ----- Original Message ----- > From: "unspawn" <un...@ro...> > To: "Carlito - Ps2Fantasy.com" <ca...@ps...> > Cc: <rkh...@li...> > Sent: Sunday, January 29, 2006 2:51 PM > Subject: Re: [Rkhunter-users] RkHunter reports positives after patches > > >> Hello Carlito, >> >> On Sun, 29 Jan 2006, Carlito - Ps2Fantasy.com wrote: >>> We have a report on one server of some positives; the machine has rh9 >>> patched every time a new fedora legacy update comes out. >>> >>> These are the positives we are getting: >>> >>> /bin/dmesg [ BAD ] >>> /bin/kill [ BAD ] >>> /bin/login [ BAD ] >>> /bin/mount [ BAD ] >> >> See if the util-linux rpm itself checks out fine (use "rpm -V util-linux" >> or with -p and RPM from mirror). >> >> * If you already run a filesystem integrity checker like Aide, Samhain or >> even tripwire (and you keep a copy of the database off-site) it would be >> good to check, just to be sure. >> >> >> Cheers, unSpawn >> >> >> -- >> Internal Virus Database is out-of-date. >> Checked by AVG Free Edition. >> Version: 7.1.371 / Virus Database: 267.14.17/227 - Release Date: >> 1/11/2006 >> >> > |