[SOLVED] rkhunter throws warnings for no system startup files

netpumber · 11-13-2014, 04:43 PM

Hi.

I am using arch linux and systemd. I installed rkhunter and run

Code:

rkhunter -c --enable all --disable none --rwo

which returned me

Quote:

Warning: Checking for possible rootkit strings [ Warning ]
No system startup files found.
Warning: The following processes are using deleted files:
Process: /usr/bin/Xorg.bin PID: 465 File: /usr/bin/Xorg.bin
Process: /usr/bin/vim PID: 1053 File: /home/n3t/dev/http/SOLgene/.excelParse.php.swp
Process: /usr/lib/chromium/chromium PID: 4155 File: /dev/shm/.org.chromium.Chromium.XQLb9g
Process: /usr/lib/chromium/chromium PID: 4191 File: /dev/shm/.org.chromium.Chromium.XQLb9g
Process: /usr/lib/chromium/chromium PID: 5846 File: /dev/shm/.org.chromium.Chromium.THadNo
Process: /usr/lib/chromium/chromium PID: 5885 File: /dev/shm/.org.chromium.Chromium.bzVssl
Process: /usr/lib/chromium/chromium PID: 5900 File: /dev/shm/.org.chromium.Chromium.THadNo
Process: /usr/lib/chromium/chromium PID: 5928 File: /dev/shm/.org.chromium.Chromium.THadNo
Process: /usr/lib/chromium/chromium PID: 5935 File: /dev/shm/.org.chromium.Chromium.THadNo
Process: /usr/lib/chromium/chromium PID: 5947 File: /dev/shm/.org.chromium.Chromium.THadNo
Process: /usr/lib/chromium/chromium PID: 5967 File: /dev/shm/.org.chromium.Chromium.THadNo
Process: /usr/lib/chromium/chromium PID: 5970 File: /dev/shm/.org.chromium.Chromium.THadNo
Process: /usr/lib/chromium/chromium PID: 6022 File: /dev/shm/.org.chromium.Chromium.XQLb9g
Process: /usr/lib/chromium/chromium PID: 12689 File: /dev/shm/.org.chromium.Chromium.XQLb9g
Process: /usr/lib/chromium/chromium PID: 16505 File: /dev/shm/.org.chromium.Chromium.XQLb9g
Process: /usr/lib/chromium/chromium PID: 19049 File: /dev/shm/.org.chromium.Chromium.XQLb9g
Process: /usr/bin/mysqld PID: 25925 File: /tmp/ibjwpbsf
Process: /usr/lib/chromium/chromium PID: 26087 File: /dev/shm/.org.chromium.Chromium.THadNo
Process: /usr/lib/chromium/chromium PID: 28571 File: /dev/shm/.org.chromium.Chromium.XQLb9g
Warning: No system startup files found.

Why returns me these warnings ? Does it look for an init.d or rc.d directory? How can i fix them ? Any idea?

Thank you.

netpumber · 11-14-2014, 01:59 AM

Fixed by changing the values of START UP FILES in /etc/rkhunter.conf

abefroman · 11-16-2014, 06:34 PM

Use, Lynis instead of RKhunter.

Nix_Enthusiast · 11-17-2014, 03:39 PM

Quote:

Originally Posted by abefroman

Use, Lynis instead of RKhunter.

That seems to be the consensus these days i'm noticing. RKHunter seems great, but it's giving me alot of warnings that are unnecessary as the OP experienced.

unSpawn · 11-17-2014, 04:36 PM

Quote:

Originally Posted by Nix_Enthusiast

RKHunter seems great, but it's giving me alot of warnings that are unnecessary as the OP experienced.

That's a misconception a lot of users seem to suffer from unfortunately. Rootkit Hunter does not "know" your system nor does it make any assumptions. So after the first run you, a human, has to analyse the output, determine what's worth checking for and customize the configuration accordingly. It's a simple as that. If that's not to your liking you're invited, just like anybody else, to improve it.