LinuxQuestions.org
Latest LQ Deal: Latest LQ Deals
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Software
User Name
Password
Linux - Software This forum is for Software issues.
Having a problem installing a new program? Want to know which application is best for the job? Post your question in this forum.

Notices


Reply
  Search this Thread
Old 03-23-2013, 08:35 AM   #1
lukerobinson
LQ Newbie
 
Registered: Aug 2012
Posts: 12

Rep: Reputation: Disabled
RKHunter on Redhat


My colleague has run RKHunter on Redhat (I'm not sure which version his system is - the file /etc/redhat-release is missing. How else could I check?)

The output seems mainly fine, but there are warnings about /usr/bin/ldd, /sbin/chkconfig and /sbin/ifup. What might RKHunter think is wrong with these files? I have inspected the latter two using less and at first glance they look OK, although possibly out of date. Is there any more detailed output from RKHunter?

Any help is gratefully appreciated.

Luke
 
Old 03-23-2013, 09:40 AM   #2
unSpawn
Moderator
 
Registered: May 2001
Posts: 29,415
Blog Entries: 55

Rep: Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600
Quote:
Originally Posted by lukerobinson View Post
My colleague has run RKHunter on Redhat
Your colleague should have read the documentation Rootkit Hunter comes with first as it explains how to configure it, run it, common errors and messages and where to check for help first.


Quote:
Originally Posted by lukerobinson View Post
(I'm not sure which version his system is - the file /etc/redhat-release is missing. How else could I check?)
If it's installed try 'lsb_release -a' else 'uname -a' output, absence of /etc/yum.repos.d (or the reverse: its contents), /var/log/messages, /var/log/rpmpkgs may hold clues.


Quote:
Originally Posted by lukerobinson View Post
What might RKHunter think is wrong with these files?
My ESP is particularly low today so I'm not able to mind-read remote file systems. Posting output would have been better.


Quote:
Originally Posted by lukerobinson View Post
Is there any more detailed output from RKHunter?
/var/log(/rkhunter?)/rkhunter.log or whatever rkhunter.conf was configured with.
 
Old 03-23-2013, 01:33 PM   #3
John VV
LQ Muse
 
Registered: Aug 2005
Location: A2 area Mi.
Posts: 17,622

Rep: Reputation: 2651Reputation: 2651Reputation: 2651Reputation: 2651Reputation: 2651Reputation: 2651Reputation: 2651Reputation: 2651Reputation: 2651Reputation: 2651Reputation: 2651
Quote:
/usr/bin/ldd, /sbin/chkconfig and /sbin/ifup
these are not compiled programs but shell scripts that run the program

rkhunter is known to "see" them as "not right"
( now this dose NOT mean that they are fine ( if it is a new clean install then they ARE FINE) , just that they are scripts and not binary programs
-- so READ the shell scripts to check them --

this is normal for rkhunter

but you really do need to configure rkhunter

please read the instructions on the web page
http://rkhunter.sourceforge.net/

Last edited by John VV; 03-23-2013 at 01:36 PM.
 
Old 03-23-2013, 02:20 PM   #4
unSpawn
Moderator
 
Registered: May 2001
Posts: 29,415
Blog Entries: 55

Rep: Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600
Quote:
Originally Posted by John VV View Post
-- so READ the shell scripts to check them --
Would be easier to just check it? Like
Code:
checkit() { rpm -Vv $(rpm -qf "$1")|grep "$1"; }

Quote:
Originally Posted by John VV View Post
please read the instructions on the web page http://rkhunter.sourceforge.net/
That should be http://rkhunter.cvs.sourceforge.net/...ME?view=markup and http://rkhunter.cvs.sourceforge.net/...AQ?view=markup and http://sourceforge.net/apps/trac/rkh...MPRKH#Contents or their local equivalents.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
rkhunter scan: 1 Rootkit & 6 Possible Suspect Files /var/log/rkhunter.log included Mollusc Linux - Security 10 09-29-2011 08:43 AM
/var/log/rkhunter.log - rkhunter's (rootkit detection) logfile ahartman Linux - Security 1 07-04-2009 05:28 PM
RKhunter Help please Golgo13 Linux - Software 3 01-16-2008 04:27 PM
rkhunter atlaika Linux - Security 7 11-29-2005 10:47 AM

LinuxQuestions.org > Forums > Linux Forums > Linux - Software

All times are GMT -5. The time now is 02:14 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration