Quote:
Originally Posted by vinnie_vinodh
Recently i ran rkhunter after an update on my F10
|
I hope you run 1.3.4 because that's the current version?
Quote:
Originally Posted by vinnie_vinodh
got couple of warnings of file properties checks and primarily " promiscuous interface warning"..After googling for a while i came to know that the update has caused the warnings on file properties checks .
|
Verifying changes are legitimate then running 'rkhunter --propupd' should make RKH update its database.
Quote:
Originally Posted by vinnie_vinodh
But I cant find anything relevant to promiscuous interface warnings..
|
Running RKH it clearly says if you've got questions that can't be solved by reading the docs or the FAQ you should check the rkhunter-users mailing list and archive at Sourceforge.
Quote:
Originally Posted by vinnie_vinodh
[17:25:24] 'ifconfig' command output: UP BROADCAST RUNNING PROMISC MULTICAST
>>>>>What does this warning indicate ?Are these warning serious? How To rectify them? Any help would be appreciated...
|
It indicates a network device has entered promiscuous mode. Promiscuous mode means the network device will be able to see traffic that's not destined for it. Applications may use packet capturing for finding "bad" traffic or traffic statistics.
Running Chkrootkit's 'ifpromisc' (caveat emptor) or these commands from root's Bash shell might give more insight:
Code:
INODES=($(grep /proc/net/packet -ve ^sk|awk '{print $9}'));
INODES=${INODES[*]}; INODES=${INODES// /|}; INODES="(${INODES})";
/usr/sbin/lsof -P -w -n -d 1-20 | egrep "${INODES}.c" | awk '{print $2}' | xargs -iX /usr/bin/readlink -f /proc/'X'/exe
rkhunter warnings on "possible promiscuous interface" and file properties checks
