LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Linux - Security (http://www.linuxquestions.org/questions/linux-security-4/)
-   -   Getting Warning during rkhunter? (http://www.linuxquestions.org/questions/linux-security-4/getting-warning-during-rkhunter-228451/)

BajaNick 09-09-2004 01:00 AM

Getting Warning during rkhunter?
 
I am getting this while running rkhunter. Is this anything to be worried about?

Check: Events and Logging
Search for syslog configuration... found
Checking for running syslog slave... [ Warning! ]
Info: Cannot find syslog/syslog-ng daemon
Checking for logging to remote system... [ OK (no remote logging) ]

win32sux 09-09-2004 02:57 AM

Quote:

Cannot find syslog/syslog-ng daemon
are you sure you have logging enabled??

=)

BajaNick 09-09-2004 09:49 PM

I have no idea. I may have disabled logging when i was screwing around with pkgtool. I will check it out, Thanks.

win32sux 09-09-2004 11:18 PM

you can check if syslogd is running with:

ps aux | grep syslogd

BajaNick 09-10-2004 11:20 PM

Thanks for that, Heres the output. I dont know what all this means.

319 0.0 0.0 1452 464 pts/0 S+ 09:19 0:00 grep syslogd

win32sux 09-10-2004 11:26 PM

Quote:

Originally posted by BajaNick
Thanks for that, Heres the output. I dont know what all this means.

319 0.0 0.0 1452 464 pts/0 S+ 09:19 0:00 grep syslogd

it means you aren't running syslogd...

the output you got is actually the grep itself.. you can eliminate grep itself from the output of the command like this:

ps aux | grep syslogd | grep -v grep

like that you shouldn't get any output until you have syslogd running...

go into pkgtool, setup, services, and enable "rc.syslog", then reboot... now run the above command again and you should see something like:

root 68 0.0 0.2 1404 592 ? Ss Sep09 0:00 /usr/sbin/syslogd

then run rkhunter again...

=)

BajaNick 09-11-2004 01:18 AM

Curiously, I do not have an option for syslog at all in the pkgtool menu after choosing which ones to run again.
Mabye this has something to do with having cups enabled but it not working, I have to start ./rc.cups manually when I want to print even though It is activated.

win32sux 09-11-2004 02:10 AM

hmmm... it sounds like the sysklogd package is not installed... check with:

ls /var/log/packages/ | grep sysklogd

if it's not, you can find it on your cd, or here:

ftp://ftp.slackware.com/pub/slackwar...4.1-i486-9.tgz

BajaNick 09-12-2004 08:34 PM

Thanks. When I get time I will install and play around with it.


All times are GMT -5. The time now is 02:35 AM.