Darryl

Whitelist being ignored

Warning Verification Method

Gotcha.. dumb-dumb rookie mistake.. gotta crawl before you run.. :-) thanks for the help.

This is the error $ rkhunter -c --rwo Warning: Package manager verification has failed: File: /etc/rkhunter.conf The file hash value has changed The file size has changed The file modification time has changed And Yes... USER_FILEPROP_FILES_DIRS=/etc/rkhunter.conf does exist...

OK got it... got delayed by a false positive security alert. Thanks for the help. i have one last issue. rkhunter is configured exactly .. how I want. But how do I get the current config to stop setting off a false warning on on every scan. I have tried $ rkhunter --propupd $rkhunter --propupd /etc/rkhunter.conf But each time I run: $ rkhunter --sk --check I get: /etc/rkhunter.conf {warning}

So I ran ls -l /usr/bin/newgrp /usr/bin/su /usr/bin/mount -rwxr-xr-x 1 root root 44264 Feb 3 00:31 /usr/bin/mount -rwxr-xr-x 1 root root 41936 Aug 9 2019 /usr/bin/newgrp -rwsr-x--- 1 root wheel 32128 Feb 3 00:31 /usr/bin/su Note: /usr/bin/newgrp does not match yours Also /usr/bin/su has "wheel instead of root... I get the concept that rkhunter basically verifies the package manager checksums, and compares them with what is locally installed, new software or updates that influence the packages will...

I ran # rkhunter -c --rwo got the following warnings; Warning: Package manager verification has failed: File: /usr/bin/mount The file permissions have changed Warning: Package manager verification has failed: File: /usr/bin/newgrp The file permissions have changed Warning: Package manager verification has failed: File: /usr/bin/su The file permissions have changed The file group has changed Warning: The following processes are using deleted files: Process: /usr/local/cpanel/libexec/tailwatch/tailwatchd...

Remove Warning Without Whitelisting?