LinuxQuestions.org
LinuxAnswers - the LQ Linux tutorial section.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices

Reply
 
Search this Thread
Old 11-23-2008, 05:24 PM   #1
cedricd
LQ Newbie
 
Registered: Nov 2008
Posts: 9

Rep: Reputation: Disabled
RKHunter Output Question


Quote:
[23:14:17] Checking kernel module commands [ Warning ]
[23:14:17] Warning: No output found from the lsmod command or the /proc/modules file:
[23:14:17] /proc/modules output:
[23:14:18] lsmod output:
Is there anyway to fix/bypass this check?

Sysinfo:
Quote:
Kernel Version 2.6.16.29-11774_1 (SMP)
Distro Name Ubuntu 8.04.1
Uptime 55 days 21 hours 12 minutes
Current Users 1
Load Averages 0.01 0.15 0.11 0%
RAM: 256.16 MB
Disk: 18.98 GB

[This is a VPS machine]
 
Old 11-23-2008, 10:37 PM   #2
{BBI}Nexus{BBI}
Senior Member
 
Registered: Jan 2005
Location: Nottingham, UK
Distribution: Mageia 4
Posts: 4,297

Rep: Reputation: 205Reputation: 205Reputation: 205
Check the options available with
Code:
man rkhunter
 
Old 11-24-2008, 05:30 PM   #3
unSpawn
Moderator
 
Registered: May 2001
Posts: 27,305
Blog Entries: 54

Rep: Reputation: 2857Reputation: 2857Reputation: 2857Reputation: 2857Reputation: 2857Reputation: 2857Reputation: 2857Reputation: 2857Reputation: 2857Reputation: 2857Reputation: 2857
Quote:
Originally Posted by cedricd View Post
Is there anyway to fix/bypass this check?
RKH allows you to disable some tests from the CLI using --disable or in rkhunter.conf with DISABLE_TESTS. The one you're looking for is called "loaded_modules".
 
Old 11-25-2008, 12:43 AM   #4
cedricd
LQ Newbie
 
Registered: Nov 2008
Posts: 9

Original Poster
Rep: Reputation: Disabled
Quote:
Originally Posted by unSpawn View Post
RKH allows you to disable some tests from the CLI using --disable or in rkhunter.conf with DISABLE_TESTS. The one you're looking for is called "loaded_modules".
Unknown disable test name given: loaded_modules

Had a look over the main list, didn't see anything, or may just have missed it.

Quote:
Available test names:
additional_rkts all apps attributes deleted_files filesystem
group_accounts group_changes hashes hidden_procs immutable known_rkts
local_host malware network none os_specific other_malware
packet_cap_apps passwd_changes ports possible_rkt_files possible_rkt_strings possible_rkts
promisc properties rootkits running_procs scripts shared_libs
shared_libs_path startup_files startup_malware strings suspscan system_commands
system_configs trojans

Last edited by cedricd; 11-25-2008 at 12:46 AM.
 
Old 11-25-2008, 12:09 PM   #5
unSpawn
Moderator
 
Registered: May 2001
Posts: 27,305
Blog Entries: 54

Rep: Reputation: 2857Reputation: 2857Reputation: 2857Reputation: 2857Reputation: 2857Reputation: 2857Reputation: 2857Reputation: 2857Reputation: 2857Reputation: 2857Reputation: 2857
Heh, that's sposed to be the "os_specific" checks, sorry.
 
  


Reply

Tags
lsmod, modules, output, rkhunter


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
rkhunter output help chaz_bro1972 Slackware 4 07-11-2008 02:00 PM
RKhunter question, Getting warnings for some directories. M$ISBS Linux - Security 8 03-05-2008 01:38 AM
RkHunter Output - Opinion Please jim.thornton Linux - Security 15 01-15-2008 10:52 AM
C++ Output question vibrokatana Programming 9 10-15-2007 05:27 PM
C Output Question drigz Programming 13 09-10-2004 07:32 AM


All times are GMT -5. The time now is 01:54 AM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration