RKHunter on Redhat
 

My colleague has run RKHunter on Redhat (I'm not sure which version his system is - the file /etc/redhat-release is missing. How else could I check?)

The output seems mainly fine, but there are warnings about /usr/bin/ldd, /sbin/chkconfig and /sbin/ifup. What might RKHunter think is wrong with these files? I have inspected the latter two using less and at first glance they look OK, although possibly out of date. Is there any more detailed output from RKHunter?

Any help is gratefully appreciated.

Luke

Your colleague should have read the documentation Rootkit Hunter comes with first as it explains how to configure it, run it, common errors and messages and where to check for help first.


If it's installed try 'lsb_release -a' else 'uname -a' output, absence of /etc/yum.repos.d (or the reverse: its contents), /var/log/messages, /var/log/rpmpkgs may hold clues.


My ESP is particularly low today so I'm not able to mind-read remote file systems. Posting output would have been better.


/var/log(/rkhunter?)/rkhunter.log or whatever rkhunter.conf was configured with.

these are not compiled programs but shell scripts that run the program

rkhunter is known to "see" them as "not right"
( now this dose NOT mean that they are fine ( if it is a new clean install then they ARE FINE) , just that they are scripts and not binary programs
-- so READ the shell scripts to check them --

this is normal for rkhunter

but you really do need to configure rkhunter

please read the instructions on the web page
http://rkhunter.sourceforge.net/

Would be easier to just check it? Like

That should be http://rkhunter.cvs.sourceforge.net/...ME?view=markup and http://rkhunter.cvs.sourceforge.net/...AQ?view=markup and http://sourceforge.net/apps/trac/rkh...MPRKH#Contents or their local equivalents.