LinuxQuestions.org
LinuxAnswers - the LQ Linux tutorial section.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Distributions > Slackware
User Name
Password
Slackware This Forum is for the discussion of Slackware Linux.

Notices



Reply
 
Search this Thread
Old 12-07-2012, 10:40 AM   #1
g4ry
LQ Newbie
 
Registered: Dec 2012
Posts: 20

Rep: Reputation: Disabled
Rkhhunter warnings


Hi all, I've been getting these warnings from rkhunter and wondered if anyone else gets these on Slackware 14. I never had these on 13.37 and I didn't bother to try rkhunter out on a fresh install only till now, a week later.



Thanks.

http://pastebin.com/T5Qep1WF
 
Old 12-07-2012, 10:54 AM   #2
Habitual
Senior Member
 
Registered: Jan 2011
Distribution: Undecided
Posts: 3,624
Blog Entries: 1

Rep: Reputation: Disabled
I've seen "Warning: The command '/path/to/some/file/here' has been replaced by a script" messages on Fresh systems before running rkhunter.

Those systems weren't Slackware14 or my current Slack14_64, but I have seen similar, if not exact messages of that nature.

Scarier is the 15 hours it took to run.
Summary seems ok.
Code:
[09:25:15] System checks summary
[09:25:15] =====================
[09:25:15]
[09:25:15] File properties checks...
[09:25:16] Required commands check failed
[09:25:16] Files checked: 183
[09:25:16] Suspect files: 3
[09:25:16]
[09:25:16] Rootkit checks...
[09:25:16] Rootkits checked : 317
[09:25:17] Possible rootkits: 0
[09:25:17]
[09:25:17] Applications checks...
[09:25:17] Applications checked: 8
[09:25:17] Suspect applications: 0
[09:25:18]
[09:25:18] The system checks took: 908 minutes and 47 seconds
 
Old 12-07-2012, 11:04 AM   #3
g4ry
LQ Newbie
 
Registered: Dec 2012
Posts: 20

Original Poster
Rep: Reputation: Disabled
Thanks Habitual, I started it the previous night and forgot to use --skip-keypress, so I had to continue it in the morning that's why it took so long.
 
Old 12-07-2012, 01:24 PM   #4
Habitual
Senior Member
 
Registered: Jan 2011
Distribution: Undecided
Posts: 3,624
Blog Entries: 1

Rep: Reputation: Disabled
Quote:
Originally Posted by g4ry View Post
Thanks Habitual, I started it the previous night and forgot to use --skip-keypress, so I had to continue it in the morning that's why it took so long.
No worries. I fall asleep in Terminal almost every day.
 
Old 12-07-2012, 02:53 PM   #5
TommyC7
Member
 
Registered: Mar 2012
Distribution: Slackware, CentOS, OpenBSD, FreeBSD
Posts: 439

Rep: Reputation: Disabled
That's because rkhunter checks against a database to see if files have been changed or not, and in Slackware's situation those 3 files, are different than on other operating systems. Generally adduser (one of the suspect files) is a program, but in Slackware it is just a script that calls useradd.

You can whitelist those 3 suspect files if you want. More details can be found in /var/log/rkhunter.log to get more detailed information. Also, unSpawn (a moderator on the forums) is one of the developers of rkhunter.

Might be able to uncomment OS_VERSION_FILE="" and set the appropriate line, but I haven't tested it (nor do I know which line is necessary, might be /etc/slackware-version but like I said, I don't know so don't quote me on that).
 
2 members found this post helpful.
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
rkhunter warnings qwertyjjj Linux - Security 1 04-28-2011 05:05 AM
Pointer warnings rubadub Programming 17 08-08-2007 02:26 PM
rkhunter warnings adityavpratap Slackware 15 02-24-2007 08:11 AM
c warnings kpachopoulos Programming 1 08-25-2006 07:45 AM
Synaptic warnings snowy MEPIS 6 07-08-2005 04:40 AM


All times are GMT -5. The time now is 03:24 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration