LinuxQuestions.org
Page 1 of 2 1 2
Show 50 post(s) from this thread on one page

LinuxQuestions.org (/questions/)
-   Linux - Newbie (https://www.linuxquestions.org/questions/linux-newbie-8/)
-   -   rkhunter.conf doesn't exists? (https://www.linuxquestions.org/questions/linux-newbie-8/rkhunter-conf-doesnt-exists-862176/)

qwertyjjj 02-12-2011 01:39 AM
rkhunter.conf doesn't exists?
 
I get this warning when running rkhunter:
The file rkhunter.cond foes not exist on the system, but it is present in the rkhunter.dat file.

However, the conf file does exist as I just edited it.
Any ideas on why this error occurs?

[root#] locate rkhunter.conf
/etc/rkhunter.conf

Web31337 02-12-2011 03:14 AM
can you provide more details, like pasting a list of commands like stat /etc/rkhunter.conf, ls -lai /etc, and cat /var/lib/rkhunter/db/rkhunter.dat | grep '/etc/rkhunter.conf'?
what is a version of your rkhunter, where did you get it from?
--upd:
when was the last time you did --propupd (you don't need to do so now, since this issue may be caused by security threat and doing --propupd can mark modified files as being trusted)?

qwertyjjj 02-12-2011 04:33 AM
Quote:
Originally Posted by Web31337 (Post 4255894)
can you provide more details, like pasting a list of commands like stat /etc/rkhunter.conf, ls -lai /etc, and cat /var/lib/rkhunter/db/rkhunter.dat | grep '/etc/rkhunter.conf'?
what is a version of your rkhunter, where did you get it from?
--upd:
when was the last time you did --propupd (you don't need to do so now, since this issue may be caused by security threat and doing --propupd can mark modified files as being trusted)?
here are those details:

Code:
[root ~]# stat /etc/rkhunter.conf
  File: `/etc/rkhunter.conf'
  Size: 38359            Blocks: 80        IO Block: 4096  regular file
Device: 805h/2053d        Inode: 418145      Links: 1
Access: (0640/-rw-r-----)  Uid: (    0/    root)  Gid: (    0/    root)
Access: 2011-02-12 07:39:34.000000000 +0000
Modify: 2011-02-12 07:33:15.000000000 +0000
Change: 2011-02-12 07:33:15.000000000 +0000
[root ~]# ls -lai /etc
total 3328
416001 drwxr-xr-x  91 root  root    12288 Feb 12 08:19 .
    2 drwxr-xr-x  23 root  root    4096 Dec 26 14:48 ..
417202 drwxr-xr-x  4 root  root    4096 Jan  8  2010 acpi
416700 -rw-r--r--  1 root  root      48 Nov  9 20:04 adjtime
417887 -rw-r--r--  1 root  root    1512 Apr 25  2005 aliases
416847 drwxr-xr-x  4 root  root    4096 Aug 20  2009 alsa
416058 drwxr-xr-x  2 root  root    4096 Dec 26 14:49 alternatives
416166 -rw-r--r--  1 root  root      298 Mar 28  2007 anacrontab
417756 drwxr-xr-x  3 root  root    4096 Nov 13 03:55 apt
416944 -rw-------  1 root  root        1 Jan 26  2010 at.deny
416922 drwxr-x---  3 root  root    4096 May 16  2010 audisp
416942 drwxr-x---  2 root  root    4096 May 16  2010 audit
416334 drwxr-xr-x  2 daemon daemon  4096 Aug 20  2009 authlib
416751 -rw-------  1 root  root    3578 Nov  8 13:42 autofs_ldap_auth.conf
416080 -rw-r--r--  1 root  root      717 Nov  8 13:42 auto.master
417518 -rw-r--r--  1 root  root      581 Nov  8 13:42 auto.misc
417519 -rwxr-xr-x  1 root  root    1292 Nov  8 13:42 auto.net
417368 -rwxr-xr-x  1 root  root      715 Nov  8 13:42 auto.smb
416488 drwxr-xr-x  4 root  root    4096 Jul 16  2010 avahi
416156 -rw-r--r--  1 root  root    1673 Jun 30  2010 bashrc
416431 drwxr-xr-x  2 root  root    4096 Jan  7 00:05 blkid
416108 drwxr-xr-x  2 root  root    4096 Oct 23 00:07 bonobo-activation
419799 -rw-r--r--  1 root  root      977 Feb 26  2009 cdrecord.conf
417238 -rw-r--r--  1 root  root    6308 Nov 11  2007 conman.conf
416358 drwxr-xr-x  12 daemon daemon  4096 Aug 20  2009 courier
416672 drwx------  2 root  root    4096 Jul 28  2010 cron.d
416110 drwxr-xr-x  3 root  root    4096 Dec 26 00:03 cron.daily
416683 -rw-r--r--  1 root  root        0 Aug 20  2009 cron.deny
416111 drwxr-xr-x  2 root  root    4096 Jan  6  2007 cron.hourly
416112 drwxr-xr-x  2 root  root    4096 Nov 11 14:33 cron.monthly
195682 -rw-r--r--  1 root  root      956 Feb 12 07:41 crontab
416113 drwxr-xr-x  2 root  root    4096 Nov 11 14:33 cron.weekly
416016 -rw-r--r--  1 root  root    1044 Sep 22  2009 csh.cshrc
416017 -rw-r--r--  1 root  root    1218 Sep 22  2009 csh.login
416023 drwxr-xr-x  4 root  root    4096 May 16  2010 dbus-1
416049 drwxr-xr-x  2 root  root    4096 Oct 27 00:06 default
416327 drwxr-xr-x  2 root  root    4096 Nov 22 00:04 depmod.d
417003 drwxr-xr-x  3 root  root    4096 Aug  5  2010 dev.d
417287 -rw-r--r--  1 root  root      178 Mar 31  2010 dhcp6c.conf
418030 -rw-r--r--  1 root  root    2518 Feb 28  2010 DIR_COLORS
417713 -rw-r--r--  1 root  root    2420 Feb 28  2010 DIR_COLORS.xterm
417923 -rw-r--r--  1 root  root    21966 Jun  6  2010 dnsmasq.conf
416154 -rw-rw-r--  1 root  disk        0 Sep 21  2009 dumpdates
416018 -rw-r--r--  1 root  root        0 Sep 22  2009 environment
416821 -rw-r--r--  1 root  root      153 Jan  7  2007 esd.conf
416019 -rw-r--r--  1 root  root        0 Jan 12  2000 exports
416213 -rw-r--r--  1 root  root    22060 Jan  7  2007 fb.modes
416020 -rw-r--r--  1 root  root      59 Jan 31  2006 filesystems
417192 drwxr-xr-x  2 root  root    4096 May 16  2010 firmware
416266 drwxr-xr-x  4 root  root    4096 Aug 20  2009 fonts
418172 drwxr-xr-x  2 root  root    4096 Jul 17  2010 foomatic
417799 -rw-r--r--  1 root  root      672 Nov 11 14:32 fstab
416469 drwxr-xr-x  4 root  root    4096 Feb 12 08:19 gconf
449032 drwxr-xr-x  2 root  root    4096 Sep  3  2009 gcrypt
482811 drwxr-xr-x  2 root  root    4096 Oct 28 11:54 gdm
416117 -rw-r--r--  1 root  root      588 Sep  1  2009 GeoIP.conf
416082 -rw-r--r--  1 root  root      588 Sep  1  2009 GeoIP.conf.default
416046 -rw-r--r--  1 root  root    10793 Jan  6  2007 gnome-vfs-mime-magic
416181 -rw-r--r--  1 root  root    1756 Jan  6  2007 gpm-root.conf
417583 -rw-r--r--  1 root  root      894 Nov  9 20:24 group
416029 -rw-------  1 root  root      880 Nov  9 20:22 group-
417797 lrwxrwxrwx  1 root  root      22 Aug 20  2009 grub.conf -> ../boot/grub/grub.conf
417548 -r--------  1 root  root      739 Nov  9 20:24 gshadow
417150 -rw-------  1 root  root      729 Nov  9 20:22 gshadow-
416464 -rw-r--r--  1 root  root      833 Mar 22  2007 gssapi_mech.conf
417514 drwxr-xr-x  4 root  root    4096 Nov  9 20:09 ha.d
417408 drwxr-xr-x  3 root  root    4096 Mar 31  2010 hal
416021 -rw-r--r--  1 root  root      17 Jul 23  2000 host.conf
416012 -rw-r--r--  1 root  root      187 Aug 20  2009 hosts
416022 -rw-r--r--  1 root  root      161 Jan 12  2000 hosts.allow
416024 -rw-r--r--  1 root  root      347 Jan 12  2000 hosts.deny
416641 drwxr-xr-x  4 root  root    4096 Aug 20  2009 httpd
416597 drwxr-xr-x  3 root  root    4096 Aug 20  2009 httpd-matrixsa
417010 -rw-r--r--  1 root  root      177 Aug  6  2010 idmapd.conf
418157 lrwxrwxrwx  1 root  root      11 May 16  2010 init.d -> rc.d/init.d
417775 -rw-r--r--  1 root  root      658 Nov 16 17:23 initlog.conf
416490 -rw-r--r--  1 root  root    1667 Jul 19  2010 inittab
416025 -rw-r--r--  1 root  root      758 Sep 23  2004 inputrc
416086 drwxr-xr-x  2 root  root    4096 May 16  2010 iproute2
418161 drwx------  2 root  root    4096 Jan  6  2010 ipsec.d
418168 -rw-------  1 root  root      63 Jan  5  2010 ipsec.secrets.rpmsave
418154 -rw-r--r--  1 root  root      47 Apr 26  2010 issue
416047 -rw-r--r--  1 root  root      46 Apr 26  2010 issue.net
416180 -rw-r--r--  1 root  root    31303 Mar 14  2007 jwhois.conf
416799 -rw-r--r--  1 root  root      608 Jun 25  2007 krb5.conf
416961 -rw-r--r--  1 root  root    9028 Apr  3  2010 ldap.conf
416155 -rw-r--r--  1 root  root    38778 Feb 12 08:19 ld.so.cache
417494 -rw-r--r--  1 root  root      28 Oct  8  2006 ld.so.conf
416052 drwxr-xr-x  2 root  root    4096 Nov  5 00:05 ld.so.conf.d
417996 -rw-r--r--  1 root  root    3534 Sep  4 01:20 lftp.conf
416071 -rw-r-----  1 root  root      191 Dec  7  2009 libaudit.conf
417580 -rw-r--r--  1 root  root    2506 Oct 27  2009 libuser.conf
416053 lrwxrwxrwx  1 root  root      33 Nov  9 20:04 localtime -> /usr/share/zoneinfo/Europe/London
416205 -rw-r--r--  1 root  root    1503 Mar 31  2010 login.defs
416474 -rw-r--r--  1 root  root      520 Nov  5 14:31 logrotate.conf
416167 drwxr-xr-x  2 root  root    4096 Dec 26 00:03 logrotate.d
417356 drwxr-xr-x  4 root  root    4096 Jan 27  2010 logwatch
416938 drwxr-xr-x  5 root  root    4096 Jul 30  2010 lvm
416044 -rw-r--r--  1 root  root      293 Jan  7  2007 mailcap
416140 -rw-r--r--  1 root  root      112 Jan  7  2007 mail.rc
416817 drwxr-xr-x  2 root  root    4096 Aug 20  2009 makedev.d
417607 -rw-r--r--  1 root  root    4617 Jan  6  2007 man.config
417633 drwx--x--x  2 root  root    4096 Aug 20  2009 matrixsa
416192 drwxr-xr-x  2 root  root    4096 Aug 20  2009 mgetty+sendfax
416045 -rw-r--r--  1 root  root    14100 Jan  7  2007 mime.types
417486 -rw-r--r--  1 root  root      330 Nov 11 18:39 mke2fs.conf
416958 -rw-r--r--  1 root  root      803 Aug 13  2009 mke4fs.conf
417022 -rw-r--r--  1 root  root      261 Aug 20  2009 modprobe.conf
416009 -rw-r--r--  1 root  root      50 Aug 20  2009 modprobe.conf~
416336 drwxr-xr-x  2 root  root    4096 Jan  7 00:05 modprobe.d
416026 -rw-r--r--  1 root  root        0 Jan 12  2000 motd
416465 -rw-r--r--  1 root  root      306 Dec 26 14:48 mtab
416963 -rw-r--r--  1 root  root    1983 Jan  7  2007 mtools.conf
417520 -rw-r--r--  1 root  root    2711 Oct  4 20:45 multipath.conf
417927 -rw-r--r--  1 root  root    92794 Jun  4  2007 Muttrc
417928 -rw-r--r--  1 root  root        0 Jun  4  2007 Muttrc.local
416471 -rw-r--r--  1 root  root      441 Nov  3 23:53 my.cnf
418245 -rw-r--r--  1 root  root    1906 Sep 11  2008 nail.rc
417111 -rw-r-----  1 root  named    1230 Dec 13 18:10 named.caching-nameserver.conf
417699 -rw-r--r--  1 root  named    259 Feb  7  2010 named.conf
417016 -rw-r-----  1 root  named    955 Dec 13 18:10 named.rfc1912.zones
416467 drwxr-xr-x  2 root  root    4096 May 16  2010 netplug
416476 drwxr-xr-x  2 root  root    4096 May 16  2010 netplug.d
417742 drwxr-xr-x  4 root  root    4096 Dec 15 00:03 NetworkManager
416116 -rw-r--r--  1 root  root    1895 Oct 25 21:15 nscd.conf
417261 -rw-r--r--  1 root  root    1696 Sep 23  2004 nsswitch.conf
417444 drwxr-xr-x  2 root  root    4096 Nov  9 20:21 ntop
416323 drwxr-xr-x  2 root  root    4096 Oct 28 11:53 ntp
416324 -rw-r--r--  1 root  root      118 Dec 12  2007 ntp.conf
417695 drwxr-xr-x  2    102 root    4096 Oct 28 11:52 nxserver
416164 -rw-r--r--  1 root  root        0 Jan  7  2007 odbc.ini
416165 -rw-r--r--  1 root  root      389 Jan  7  2007 odbcinst.ini
417609 drwxr-xr-x  2 root  root    4096 May 24  2008 oddjob
417610 -rw-r--r--  1 root  root    4453 May 24  2008 oddjobd.conf
417611 drwxr-xr-x  2 root  root    4096 Aug 20  2009 oddjobd.conf.d
416250 drwxr-xr-x  3 root  root    4096 Dec  1 00:03 openldap
449031 drwxr-xr-x  4 root  root    4096 Dec  2 17:24 openvpn
416040 drwxr-xr-x  2 root  root    4096 Jan 26  2010 opt
416190 drwxr-xr-x  2 root  root    4096 Dec  2 00:04 pam.d
417251 drwxr-xr-x  2 root  root    4096 Aug 20  2009 pam_pkcs11
416219 -rw-r--r--  1 root  root      12 Jan  6  2007 pam_smb.conf
417584 -rw-r--r--  1 root  root    2094 Nov  9 20:27 passwd
416322 -rw-r--r--  1 root  root    2053 Nov  9 20:22 passwd-
417102 drwxr-xr-x  2 root  root    4096 Aug 20  2009 pcmcia
416078 drwxr-xr-x  2 root  root    4096 Dec  1 00:03 php.d
416222 -rw-r--r--  1 root  root    45079 Nov 29 21:53 php.ini
417048 -rw-r--r--  1 root  root    2875 Jan  7  2007 pinforc
416041 drwxr-xr-x  6 root  root    4096 Jan 26  2010 pki
417563 drwxr-xr-x  5 root  root    4096 Aug 20  2009 pm
416639 drwxr-xr-x  3 root  root    4096 Aug 20  2009 postfix
416493 drwxr-xr-x  3 root  root    4096 Nov 18 00:05 ppp
418183 -rw-r--r--  1 root  root    3085 Jan  6  2010 pptpd.conf
418150 -rw-r--r--  1 root  root  413153 Feb  9 00:00 prelink.cache
417118 -rw-r--r--  1 root  root      973 Sep 18  2008 prelink.conf
417119 drwxr-xr-x  2 root  root    4096 Jan 21  2009 prelink.conf.d
416030 -rw-r--r--  1 root  root      135 Aug 13  2010 printcap
416027 -rw-r--r--  1 root  root    1029 Sep 22  2009 profile
416032 drwxr-xr-x  2 root  root    4096 Dec  2 00:04 profile.d
416028 -rw-r--r--  1 root  root    6108 Oct 11  2006 protocols
416115 -rw-r--r--  1 root  root    10650 Dec 12  2007 pure-ftpd.conf
416141 -rw-r--r--  1 root  root      920 Dec 18  2001 pureftpd-ldap.conf
416142 -rw-r--r--  1 root  root    3171 Dec 18  2001 pureftpd-mysql.conf
449803 drwxr-xr-x  2 root  root    4096 Oct 23 00:07 purple
416269 -rw-------  1 root  root        0 Aug 20  2009 .pwd.lock
417215 -rw-r--r--  1 root  root      220 Feb 26  2009 quotagrpadmins
417189 -rw-r--r--  1 root  root      290 Feb 26  2009 quotatab
417216 drwxr-xr-x  3 root  root    4096 Aug 28 00:08 racoon
416499 lrwxrwxrwx  1 root  root        7 Nov 18 00:05 rc -> rc.d/rc
416522 lrwxrwxrwx  1 root  root      10 Nov 18 00:05 rc0.d -> rc.d/rc0.d
416059 lrwxrwxrwx  1 root  root      10 Nov 18 00:05 rc1.d -> rc.d/rc1.d
416523 lrwxrwxrwx  1 root  root      10 Nov 18 00:05 rc2.d -> rc.d/rc2.d
416524 lrwxrwxrwx  1 root  root      10 Nov 18 00:05 rc3.d -> rc.d/rc3.d
416525 lrwxrwxrwx  1 root  root      10 Nov 18 00:05 rc4.d -> rc.d/rc4.d
416068 lrwxrwxrwx  1 root  root      10 Nov 18 00:05 rc5.d -> rc.d/rc5.d
416069 lrwxrwxrwx  1 root  root      10 Nov 18 00:05 rc6.d -> rc.d/rc6.d
416056 drwxr-xr-x  10 root  root    4096 Nov 18 00:05 rc.d
416520 lrwxrwxrwx  1 root  root      13 Nov 18 00:05 rc.local -> rc.d/rc.local
416521 lrwxrwxrwx  1 root  root      15 Nov 18 00:05 rc.sysinit -> rc.d/rc.sysinit
417364 drwxr-xr-x  2 root  root    4096 May 16  2010 readahead.d
417807 -rw-r--r--  1 root  root      435 Jul 16  2010 reader.conf
417536 drwxr-xr-x  2 root  root    4096 Jul 16  2010 reader.conf.d
416146 -rw-r--r--  1 root  root      27 Apr 26  2010 redhat-release
417893 -rw-r--r--  1 root  root    1484 Jan  6  2007 request-key.conf
416414 -rw-r--r--  1 root  root      149 Feb  7  2010 resolv.conf
416413 -rw-r--r--  1 root  root      110 Aug 20  2009 resolv.conf.bak
418145 -rw-r-----  1 root  root    38359 Feb 12 07:33 rkhunter.conf
416416 lrwxrwxrwx  1 root  root      11 Oct 22  2009 rmt -> ../sbin/rmt
417558 -rw-r-----  1 root  named    113 Aug 20  2009 rndc.key
417263 -rw-r--r--  1 root  root    1615 Aug 30  2001 rpc
416005 drwxr-xr-x  2 root  root    4096 Sep  8 16:11 rpm
416070 -rw-r--r--  1 root  root      734 Nov 16 17:23 rwtab
416526 drwxr-xr-x  2 root  root    4096 Nov 16 17:23 rwtab.d
417884 drwxr-xr-x  2 root  root    4096 Nov 11 14:33 sarg
416085 drwxr-xr-x  2 root  root    4096 Mar 17  2010 sasl2
416937 -rw-r--r--  1 root  root      103 Mar 14  2007 scrollkeeper.conf
417019 -rw-r--r--  1 root  root      666 Aug  5  2010 scsi_id.config
416031 -rw-------  1 root  root      122 Feb 17  2003 securetty
416215 drwxr-xr-x  5 root  root    4096 Nov  3 00:05 security
416449 drwxr-xr-x  3 root  root    4096 Nov  8 13:44 selinux
417711 -rw-r--r--  1 root  root    85306 Jul 12  2009 sensors.conf
417876 -rw-r--r--  1 root  root  362037 Aug  1  2010 services
417397 -rw-r--r--  1 root  root      216 Apr  3  2010 sestatus.conf
417222 drwxr-xr-x  2 root  root    4096 Aug 20  2009 setuptool.d
416436 drwxr-xr-x  2 root  root    4096 Aug 20  2009 sgml
417525 -r--------  1 root  root    1287 Nov  9 20:27 shadow
417640 -r--------  1 root  root    1227 Nov  9 20:22 shadow-
416036 -rw-r--r--  1 root  root      60 Aug 20  2009 shells
416042 drwxr-xr-x  3 root  root    4096 Oct 28 11:54 skel
417792 drwxr-xr-x  3 root  root    4096 Nov 13 03:55 smart
417733 -rw-r--r--  1 root  root    6463 Jan 21  2009 smartd.conf
418098 -rw-r--r--  1 root  root    1272 Jan  4  2008 smi.conf
417253 drwxr-xr-x  2 squid  squid    4096 Dec 25 22:39 squid
417024 drwxr-xr-x  2 root  root    4096 Sep 12 17:00 ssh
417295 drwxr-xr-x  2 root  root    4096 Feb 26  2009 stunnel
416684 -r--r-----  1 root  root    3193 Oct 19 14:10 sudoers
416002 drwxr-xr-x  11 root  root    4096 Jan  7 00:05 sysconfig
416566 -rw-r--r--  1 root  root    1548 Feb  7  2010 sysctl.conf
416663 -rw-r--r--  1 root  root      694 Apr  3  2010 syslog.conf
416048 -rw-r--r--  1 root  root  807103 Jan  6  2007 termcap
417347 -rw-r--r--  1 root  root    2643 Jan  7  2007 tux.mime.types
416452 drwxr-xr-x  5 root  root    4096 Aug  7  2010 udev
417384 -rw-r--r--  1 root  root      136 Sep  3  2009 updatedb.conf
416976 -rw-r--r--  1 root  root    1533 Sep 19  2009 virc
417190 -rw-r--r--  1 root  root    2657 Feb 26  2009 warnquota.conf
416816 -rw-r--r--  1 root  root    23735 Jan  9  2007 webalizer.conf
449040 drwxr-xr-x 111 root  root    4096 Nov 11 18:38 webmin
416920 -rw-r--r--  1 root  root    4204 Nov  3  2009 wgetrc
416828 drwxr-xr-x  2 root  root    4096 May 16  2010 wpa_supplicant
416004 drwxr-xr-x  7 root  root    4096 Nov 18 00:05 X11
416126 drwxr-xr-x  4 root  root    4096 Mar  8  2009 xdg
417434 -rw-r--r--  1 root  root    1001 Mar 15  2007 xinetd.conf
416043 drwxr-xr-x  2 root  root    4096 Dec  2 00:04 xinetd.d
416921 drwxr-xr-x  2 root  root    4096 Aug 20  2009 xml
416137 -rw-r--r--  1 root  root      585 Sep 21  2009 yp.conf
417573 drwxr-xr-x  3 root  root    4096 Apr  4  2010 yum
417574 -rw-r--r--  1 root  root      277 Dec 12  2007 yum.conf
417194 -rw-r--r--  1 root  root      346 Apr  4  2010 yum.conf.rpmnew
416153 drwxr-xr-x  2 root  root    4096 Jan 23 00:06 yum.repos.d
[root ~]# cat /var/lib/rkhunter/db/rkhunter.dat | grep '/etc/rkhunter.conf'
File:/etc/rkhunter.conf:c6fba639c22bce442e9f52217632d76178036b5b:417710:0640:0:0:36991:1290047663::
[root ~]# rkhunter --version
Rootkit Hunter 1.3.8

unSpawn 02-12-2011 05:13 AM
Quote:
Originally Posted by qwertyjjj (Post 4255858)
The file rkhunter.cond foes not exist on the system, but it is present in the rkhunter.dat file.
Might you be getting the message wrong? Doesn't it actually read "The file rkhunter.conf exist on the system, but it is not present in the rkhunter.dat file."?

qwertyjjj 02-12-2011 05:37 AM
Quote:
Originally Posted by unSpawn (Post 4255957)
Might you be getting the message wrong? Doesn't it actually read "The file rkhunter.conf exist on the system, but it is not present in the rkhunter.dat file."?
[00:03:45] /etc/rkhunter.conf [ Warning ]
[00:03:45] Warning: The file '/etc/rkhunter.conf' does not exist on the system, but it is present in the rkhunter.dat file.
[00:03:45]

unSpawn 02-12-2011 06:01 AM
OK. What's the RKH version? Where did you install it from? Also CYP run rkhunter with the usual arguments and switches and add the "--debug" switch, locate the /tmp/rkhunter-debug* file and then pastebin its contents?

qwertyjjj 02-12-2011 09:42 AM
Quote:
Originally Posted by unSpawn (Post 4255978)
OK. What's the RKH version? Where did you install it from? Also CYP run rkhunter with the usual arguments and switches and add the "--debug" switch, locate the /tmp/rkhunter-debug* file and then pastebin its contents?
version is:
[root ~]# rkhunter --version
Rootkit Hunter 1.3.8

tmp file:
what's pastebin? I only have command line access. I could upload the file but the text is quite long.

unSpawn 02-12-2011 10:59 AM
If it's not on your file system (which, whereis, (s)locate, 'man -f', type, 'deflare -F', etc, etc) then there's other methods of finding out: searching LQ, Wikipedia or the 'net. From Wikipedia: "A pastebin is a type of web application which allows its users to upload snippets of text(..) A vast number of pastebins exist on the Internet, (..)".

qwertyjjj 02-12-2011 11:17 AM
Quote:
Originally Posted by unSpawn (Post 4256192)
If it's not on your file system (which, whereis, (s)locate, 'man -f', type, 'deflare -F', etc, etc) then there's other methods of finding out: searching LQ, Wikipedia or the 'net. From Wikipedia: "A pastebin is a type of web application which allows its users to upload snippets of text(..) A vast number of pastebins exist on the Internet, (..)".
But do I upload the file from my server to a bin on an internet server somewhere?
It's installed on ym system but google doesn;t show any command line usage of how to use it.

I am not sure how to paste the contents of the file from the command line to a website.
I can't copy the text of the file as I only have command line access and both nano and vi do not allow scrolling through the file to copy it.

Web31337 02-12-2011 11:55 AM
you still didn't answer the main question(you were asked twice): where does your rkhunter come from?

there is "wgetpaste" utility to upload data to pastebin sites, browse your repository for it. I'm wondering how did you copy that long ls outputs before... what's the problem to do the same trick again, pasting results to any pastebin site, say codepad.org?

qwertyjjj 02-12-2011 12:01 PM
Quote:
Originally Posted by Web31337 (Post 4256239)
you still didn't answer the main question(you were asked twice): where does your rkhunter come from?

there is "wgetpaste" utility to upload data to pastebin sites, browse your repository for it. I'm wondering how did you copy that long ls outputs before... what's the problem to do the same trick again, pasting results to any pastebin site, say codepad.org?
from the centos repository I think - I just did yum install rkhunter.
I've never had to copy a file before, I just copy and pasted short lines from the command line.
When you use nano or vi it doesn't let you copy the whole file as you have to scroll through screens.

unSpawn 02-12-2011 12:34 PM
If you're running CLI-only then 'screen' enables you to post text selections somewhat like vi markers: "CTRL+A+[" to start the selection and "CTRL+A+]" to finalize it. Alternatively you could 'grep "does not exist on the system, but it is present in the rkhunter.dat file" -C 100' the debug file and post output here in BB code tags.

qwertyjjj 02-13-2011 03:16 AM
Quote:
Originally Posted by unSpawn (Post 4256284)
If you're running CLI-only then 'screen' enables you to post text selections somewhat like vi markers: "CTRL+A+[" to start the selection and "CTRL+A+]" to finalize it. Alternatively you could 'grep "does not exist on the system, but it is present in the rkhunter.dat file" -C 100' the debug file and post output here in BB code tags.
Thanks, got that:

Code:
[root tmp]# grep "does not exist on the system, but it is present in the rkhunter.dat file" rkhunter-debug.mLcNM12396 -C 100
++ cut -c1-4
+ SPACES='    '
+ LINE1='    /etc/rkhunter.conf'
+ '[' -n Warning ']'
+ '[' 1 -eq 1 ']'
++ echo '    /etc/rkhunter.conf'
++ wc -c
++ tr -d ' '
+ LINE1_NUM=23
++ expr 62 - 23
+ NUM_SPACES=39
+ test 39 -lt 1
+ '[' 1 -eq 0 ']'
+ LINE1='    /etc/rkhunter.conf\033[39C[ Warning ]'
+ '[' 1 -eq 1 ']'
++ echo '[15:32:33]  /etc/rkhunter.conf'
++ wc -c
++ tr -d ' '
+ LOGLINE1_NUM=32
++ expr 62 - 32
+ NUM_SPACES=30
+ test 30 -lt 1
++ echo '                                                              '
++ cut -c1-30
+ SPACES='                              '
+ LOGLINE1='[15:32:33]  /etc/rkhunter.conf                              [ Warning ]'
+ '[' 0 -eq 1 ']'
+ '[' 1 -eq 1 ']'
+ NLLOOP=0
+ test 0 -gt 0
+ '[' '' = c ']'
+ echo -e '    /etc/rkhunter.conf\033[39C[ Warning ]'
    /etc/rkhunter.conf                                      [ Warning ]
+ '[' 1 -eq 1 ']'
+ echo -e '[15:32:33]  /etc/rkhunter.conf                              [ Warning ]'
+ '[' 0 -eq 1 ']'
++ echo '[15:32:33]  /etc/rkhunter.conf                              [ Warning ]'
++ grep '^\[[0-9][0-9]:[0-9][0-9]:[0-9][0-9]\]        '
+ '[' 0 -eq 1 -a -n '' ']'
+ test 1 -eq 1 -a 0 -eq 1
+ return
+ display --to LOG --type WARNING FILE_PROP_FILE_NOT_EXIST /etc/rkhunter.conf
+ WARN_MSG=0
+ NL=0
+ NLAFTER=0
+ LOGINDENT=0
+ SCREENINDENT=0
+ LOGNL=0
+ SCREENNL=0
+ WRITETO=
+ TYPE=
+ RESULT=
+ COLOR=
+ MSG=
+ LINE1=
+ LOGLINE1=
+ SPACES=
+ NONL=
+ DISPLAY_LINE='display --to LOG --type WARNING FILE_PROP_FILE_NOT_EXIST /etc/rkhunter.conf'
+ '[' 6 -le 0 ']'
+ '[' 6 -ge 1 ']'
+ case "$1" in
+ case "$2" in
+ WRITETO=LOG
+ shift
+ shift
+ '[' 4 -ge 1 ']'
+ case "$1" in
++ eval echo '$MSG_TYPE_WARNING'
+++ echo Warning
+ TYPE=Warning
+ '[' -z Warning -a WARNING '!=' PLAIN ']'
+ test WARNING = WARNING
+ WARN_MSG=1
+ shift
+ shift
+ '[' 2 -ge 1 ']'
+ case "$1" in
+ MSG=FILE_PROP_FILE_NOT_EXIST
+ shift
+ break
+ test 1 -eq 1
++ expr 0 + 1
+ WARNING_COUNT=1
+ '[' 0 -eq 1 ']'
+ '[' 0 -eq 1 ']'
+ test LOG = SCREEN -o LOG = SCREEN+LOG
+ WRITETOTTY=0
+ test LOG = LOG -o LOG = SCREEN+LOG
+ WRITETOLOG=1
+ '[' 0 -eq 0 -a 1 -eq 0 ']'
+ '[' 0 -eq 1 -a 1 -eq 1 -a -n '' -a -z '' ']'
+ test -n Warning
+ NONL=
+ '[' 0 -eq 1 -a 0 -eq 1 -a 1 -eq 1 -a '' = Whitelisted ']'
+ LANG_FILE=/var/lib/rkhunter/db/i18n/en
+ '[' -n FILE_PROP_FILE_NOT_EXIST ']'
++ grep '^FILE_PROP_FILE_NOT_EXIST:' /var/lib/rkhunter/db/i18n/en
++ head -n 1
++ cut -d: -f2-
+ LINE1='The file '\''$1'\'' does not exist on the system, but it is present in the rkhunter.dat file.'
+ '[' 0 -eq 1 ']'
+ '[' -z 'The file '\''$1'\'' does not exist on the system, but it is present in the rkhunter.dat file.' ']'
++ echo 'The file '\''$1'\'' does not exist on the system, but it is present in the rkhunter.dat file.'
++ sed -e 's/`/\\`/g'
+ LINE1='The file '\''$1'\'' does not exist on the system, but it is present in the rkhunter.dat file.'
+ test -n 'The file '\''$1'\'' does not exist on the system, but it is present in the rkhunter.dat file.'
++ eval 'echo "The file '\''$1'\'' does not exist on the system, but it is present in the rkhunter.dat file." | sed -e '\''s/;/\;/g'\'''
+++ echo 'The file '\''/etc/rkhunter.conf'\'' does not exist on the system, but it is present in the rkhunter.dat file.'
+++ sed -e 's/;/\;/g'
+ LINE1='The file '\''/etc/rkhunter.conf'\'' does not exist on the system, but it is present in the rkhunter.dat file.'
+ '[' 1 -eq 1 ']'
++ date '+[%H:%M:%S]'
+ LOGLINE1='[15:32:33]'
+ test 0 -gt 0 -o 0 -eq 1
+ '[' -n Warning ']'
+ LOGLINE1='[15:32:33] Warning: The file '\''/etc/rkhunter.conf'\'' does not exist on the system, but it is present in the rkhunter.dat file.'
+ '[' 0 -eq 1 -a 0 -gt 0 ']'
+ '[' -n '' ']'
+ '[' 0 -eq 1 -a -n '' ']'
+ '[' 0 -eq 1 ']'
+ '[' 0 -eq 1 ']'
+ '[' 1 -eq 1 ']'
+ echo -e '[15:32:33] Warning: The file '\''/etc/rkhunter.conf'\'' does not exist on the system, but it is present in the rkhunter.dat file.'
+ '[' 1 -eq 1 ']'
+ test 0 -eq 1
+ LINE1=1
+ OLDIFS='       
'
+ IFS='
'
++ grep '^FILE_PROP_FILE_NOT_EXIST:' /var/lib/rkhunter/db/i18n/en
++ cut -d: -f2-
+ for LOGLINE1 in '`grep "^${MSG}:" ${LANG_FILE} 2>/dev/null | cut -d: -f2-`'
+ '[' 1 -eq 1 ']'
+ LINE1=0
+ continue
+ IFS='       
'
+ test 0 -eq 1 -a 0 -eq 1
+ return
+ test -n '' -o -n ''
+ return
+ keypresspause
+ '[' 1 -eq 0 -a 0 -eq 0 ']'
+ return
+ return
+ do_rootkit_checks
++ check_test rootkits
+++ echo ' all '
+++ grep ' rootkits '
++ '[' all = all -o -n '' ']'
+++ echo ' suspscan hidden_procs deleted_files packet_cap_apps apps '
+++ grep ' rootkits '
++ '[' 'suspscan hidden_procs deleted_files packet_cap_apps apps' = none -o -z '' ']'
++ return 0
+ display --to LOG --type INFO --screen-nl --nl STARTING_TEST rootkits
+ WARN_MSG=0
+ NL=0
+ NLAFTER=0
+ LOGINDENT=0
+ SCREENINDENT=0
+ LOGNL=0
+ SCREENNL=0
+ WRITETO=
+ TYPE=
+ RESULT=
+ COLOR=
+ MSG=
+ LINE1=
+ LOGLINE1=
+ SPACES=
+ NONL=
+ DISPLAY_LINE='display --to LOG --type INFO --screen-nl --nl STARTING_TEST rootkits'
+ '[' 8 -le 0 ']'
+ '[' 8 -ge 1 ']'
+ case "$1" in
+ case "$2" in
+ WRITETO=LOG
+ shift
+ shift
+ '[' 6 -ge 1 ']'
+ case "$1" in
++ eval echo '$MSG_TYPE_INFO'
+++ echo Info
+ TYPE=Info
+ '[' -z Info -a INFO '!=' PLAIN ']'
+ test INFO = WARNING
+ shift
+ shift
+ '[' 4 -ge 1 ']'
+ case "$1" in
+ SCREENNL=1
+ shift
+ '[' 3 -ge 1 ']'
+ case "$1" in
+ NL=1
+ case "$2" in
+ shift
+ '[' 2 -ge 1 ']'
+ case "$1" in
+ MSG=STARTING_TEST
+ shift
+ break
+ test 0 -eq 1
+ '[' 0 -eq 1 ']'
+ '[' 0 -eq 1 ']'
+ test LOG = SCREEN -o LOG = SCREEN+LOG
+ WRITETOTTY=0
+ test LOG = LOG -o LOG = SCREEN+LOG
+ WRITETOLOG=1
+ '[' 0 -eq 0 -a 1 -eq 0 ']'
+ '[' 0 -eq 1 -a 1 -eq 1 -a -n '' -a -z '' ']'
+ test -n Info
+ NONL=
+ '[' 0 -eq 1 -a 0 -eq 1 -a 1 -eq 1 -a '' = Whitelisted ']'
+ LANG_FILE=/var/lib/rkhunter/db/i18n/en
+ '[' -n STARTING_TEST ']'
++ grep '^STARTING_TEST:' /var/lib/rkhunter/db/i18n/en
++ head -n 1
++ cut -d: -f2-
+ LINE1='Starting test name '\''$1'\'''
+ '[' 0 -eq 1 ']'
+ '[' -z 'Starting test name '\''$1'\''' ']'

unSpawn 02-13-2011 04:24 AM
Thanks but unfortunately it doesn't show RKH performing the actual test leading to this. CYP repeat but with 'grep "does not exist on the system, but it is present in the rkhunter.dat file" rkhunter-debug.mLcNM12396 -A 100 -B 200 > /tmp/rkhdebug.txt' and attach "/tmp/rkhdebug.txt"? TIA.

qwertyjjj 02-13-2011 06:31 AM
Quote:
Originally Posted by unSpawn (Post 4256768)
Thanks but unfortunately it doesn't show RKH performing the actual test leading to this. CYP repeat but with 'grep "does not exist on the system, but it is present in the rkhunter.dat file" rkhunter-debug.mLcNM12396 -A 100 -B 200 > /tmp/rkhdebug.txt' and attach "/tmp/rkhdebug.txt"? TIA.
Code:
[root tmp]# grep "does not exist on the system, but it is present in the rkhunter.dat file" rkhunter-debug.mLcNM12396 -A 100 -B 200                   
+ LOGLINE1=
+ SPACES=
+ NONL=
+ DISPLAY_LINE='display --to SCREEN+LOG --type PLAIN --screen-indent 4 --log-indent 2 --result WARNING --color RED NAME /etc/rkhunter.conf'
+ '[' 14 -le 0 ']'
+ '[' 14 -ge 1 ']'
+ case "$1" in
+ case "$2" in
+ WRITETO=SCREEN+LOG
+ shift
+ shift
+ '[' 12 -ge 1 ']'
+ case "$1" in
++ eval echo '$MSG_TYPE_PLAIN'
+++ echo
+ TYPE=
+ '[' -z '' -a PLAIN '!=' PLAIN ']'
+ test PLAIN = WARNING
+ shift
+ shift
+ '[' 10 -ge 1 ']'
+ case "$1" in
+ SCREENINDENT=4
+ '[' -z 4 ']'
++ echo 4
++ grep '^[0-9]*$'
+ '[' -z 4 ']'
+ shift
+ shift
+ '[' 8 -ge 1 ']'
+ case "$1" in
+ LOGINDENT=2
+ '[' -z 2 ']'
++ echo 2
++ grep '^[0-9]*$'
+ '[' -z 2 ']'
+ shift
+ shift
+ '[' 6 -ge 1 ']'
+ case "$1" in
++ eval echo '$MSG_RESULT_WARNING'
+++ echo Warning
+ RESULT=Warning
+ '[' -z Warning ']'
+ shift
+ shift
+ '[' 4 -ge 1 ']'
+ case "$1" in
+ '[' 1 -eq 1 ']'
+ test -n RED
++ eval 'echo ${RED}'
+++ echo ''
+ COLOR=''
+ '[' -z '' ']'
+ shift
+ shift
+ '[' 2 -ge 1 ']'
+ case "$1" in
+ MSG=NAME
+ shift
+ break
+ test 0 -eq 1
+ '[' 0 -eq 1 ']'
+ '[' 0 -eq 1 ']'
+ test SCREEN+LOG = SCREEN -o SCREEN+LOG = SCREEN+LOG
+ WRITETOTTY=1
+ test SCREEN+LOG = LOG -o SCREEN+LOG = SCREEN+LOG
+ WRITETOLOG=1
+ '[' 1 -eq 0 -a 1 -eq 0 ']'
+ '[' 1 -eq 1 -a 1 -eq 1 -a -n Warning -a -z '' ']'
+ test -n ''
+ '[' 0 -eq 1 -a 1 -eq 1 -a 1 -eq 1 -a Warning = Whitelisted ']'
+ LANG_FILE=/var/lib/rkhunter/db/i18n/en
+ '[' -n NAME ']'
++ grep '^NAME:' /var/lib/rkhunter/db/i18n/en
++ head -n 1
++ cut -d: -f2-
+ LINE1='$1'
+ '[' 0 -eq 1 ']'
+ '[' -z '$1' ']'
++ echo '$1'
++ sed -e 's/`/\\`/g'
+ LINE1='$1'
+ test -n '$1'
++ eval 'echo "$1" | sed -e '\''s/;/\;/g'\'''
+++ echo /etc/rkhunter.conf
+++ sed -e 's/;/\;/g'
+ LINE1=/etc/rkhunter.conf
+ '[' 1 -eq 1 ']'
++ date '+[%H:%M:%S]'
+ LOGLINE1='[15:32:33]'
+ test 0 -gt 0 -o 0 -eq 1
+ '[' -n '' ']'
+ test 2 -gt 0
++ echo '                                                              '
++ cut -c1-2
+ SPACES='  '
+ LOGLINE1='[15:32:33]  /etc/rkhunter.conf'
+ '[' 1 -eq 1 -a 4 -gt 0 ']'
++ echo '                                                              '
++ cut -c1-4
+ SPACES='    '
+ LINE1='    /etc/rkhunter.conf'
+ '[' -n Warning ']'
+ '[' 1 -eq 1 ']'
++ echo '    /etc/rkhunter.conf'
++ wc -c
++ tr -d ' '
+ LINE1_NUM=23
++ expr 62 - 23
+ NUM_SPACES=39
+ test 39 -lt 1
+ '[' 1 -eq 0 ']'
+ LINE1='    /etc/rkhunter.conf\033[39C[ Warning ]'
+ '[' 1 -eq 1 ']'
++ echo '[15:32:33]  /etc/rkhunter.conf'
++ wc -c
++ tr -d ' '
+ LOGLINE1_NUM=32
++ expr 62 - 32
+ NUM_SPACES=30
+ test 30 -lt 1
++ echo '                                                              '
++ cut -c1-30
+ SPACES='                              '
+ LOGLINE1='[15:32:33]  /etc/rkhunter.conf                              [ Warning ]'
+ '[' 0 -eq 1 ']'
+ '[' 1 -eq 1 ']'
+ NLLOOP=0
+ test 0 -gt 0
+ '[' '' = c ']'
+ echo -e '    /etc/rkhunter.conf\033[39C[ Warning ]'
    /etc/rkhunter.conf                                      [ Warning ]
+ '[' 1 -eq 1 ']'
+ echo -e '[15:32:33]  /etc/rkhunter.conf                              [ Warning ]'
+ '[' 0 -eq 1 ']'
++ echo '[15:32:33]  /etc/rkhunter.conf                              [ Warning ]'
++ grep '^\[[0-9][0-9]:[0-9][0-9]:[0-9][0-9]\]        '
+ '[' 0 -eq 1 -a -n '' ']'
+ test 1 -eq 1 -a 0 -eq 1
+ return
+ display --to LOG --type WARNING FILE_PROP_FILE_NOT_EXIST /etc/rkhunter.conf
+ WARN_MSG=0
+ NL=0
+ NLAFTER=0
+ LOGINDENT=0
+ SCREENINDENT=0
+ LOGNL=0
+ SCREENNL=0
+ WRITETO=
+ TYPE=
+ RESULT=
+ COLOR=
+ MSG=
+ LINE1=
+ LOGLINE1=
+ SPACES=
+ NONL=
+ DISPLAY_LINE='display --to LOG --type WARNING FILE_PROP_FILE_NOT_EXIST /etc/rkhunter.conf'
+ '[' 6 -le 0 ']'
+ '[' 6 -ge 1 ']'
+ case "$1" in
+ case "$2" in
+ WRITETO=LOG
+ shift
+ shift
+ '[' 4 -ge 1 ']'
+ case "$1" in
++ eval echo '$MSG_TYPE_WARNING'
+++ echo Warning
+ TYPE=Warning
+ '[' -z Warning -a WARNING '!=' PLAIN ']'
+ test WARNING = WARNING
+ WARN_MSG=1
+ shift
+ shift
+ '[' 2 -ge 1 ']'
+ case "$1" in
+ MSG=FILE_PROP_FILE_NOT_EXIST
+ shift
+ break
+ test 1 -eq 1
++ expr 0 + 1
+ WARNING_COUNT=1
+ '[' 0 -eq 1 ']'
+ '[' 0 -eq 1 ']'
+ test LOG = SCREEN -o LOG = SCREEN+LOG
+ WRITETOTTY=0
+ test LOG = LOG -o LOG = SCREEN+LOG
+ WRITETOLOG=1
+ '[' 0 -eq 0 -a 1 -eq 0 ']'
+ '[' 0 -eq 1 -a 1 -eq 1 -a -n '' -a -z '' ']'
+ test -n Warning
+ NONL=
+ '[' 0 -eq 1 -a 0 -eq 1 -a 1 -eq 1 -a '' = Whitelisted ']'
+ LANG_FILE=/var/lib/rkhunter/db/i18n/en
+ '[' -n FILE_PROP_FILE_NOT_EXIST ']'
++ grep '^FILE_PROP_FILE_NOT_EXIST:' /var/lib/rkhunter/db/i18n/en
++ head -n 1
++ cut -d: -f2-
+ LINE1='The file '\''$1'\'' does not exist on the system, but it is present in the rkhunter.dat file.'
+ '[' 0 -eq 1 ']'
+ '[' -z 'The file '\''$1'\'' does not exist on the system, but it is present in the rkhunter.dat file.' ']'
++ echo 'The file '\''$1'\'' does not exist on the system, but it is present in the rkhunter.dat file.'
++ sed -e 's/`/\\`/g'
+ LINE1='The file '\''$1'\'' does not exist on the system, but it is present in the rkhunter.dat file.'
+ test -n 'The file '\''$1'\'' does not exist on the system, but it is present in the rkhunter.dat file.'
++ eval 'echo "The file '\''$1'\'' does not exist on the system, but it is present in the rkhunter.dat file." | sed -e '\''s/;/\;/g'\'''
+++ echo 'The file '\''/etc/rkhunter.conf'\'' does not exist on the system, but it is present in the rkhunter.dat file.'
+++ sed -e 's/;/\;/g'
+ LINE1='The file '\''/etc/rkhunter.conf'\'' does not exist on the system, but it is present in the rkhunter.dat file.'
+ '[' 1 -eq 1 ']'
++ date '+[%H:%M:%S]'
+ LOGLINE1='[15:32:33]'
+ test 0 -gt 0 -o 0 -eq 1
+ '[' -n Warning ']'
+ LOGLINE1='[15:32:33] Warning: The file '\''/etc/rkhunter.conf'\'' does not exist on the system, but it is present in the rkhunter.dat file.'
+ '[' 0 -eq 1 -a 0 -gt 0 ']'
+ '[' -n '' ']'
+ '[' 0 -eq 1 -a -n '' ']'
+ '[' 0 -eq 1 ']'
+ '[' 0 -eq 1 ']'
+ '[' 1 -eq 1 ']'
+ echo -e '[15:32:33] Warning: The file '\''/etc/rkhunter.conf'\'' does not exist on the system, but it is present in the rkhunter.dat file.'
+ '[' 1 -eq 1 ']'
+ test 0 -eq 1
+ LINE1=1
+ OLDIFS='       
'
+ IFS='
'
++ grep '^FILE_PROP_FILE_NOT_EXIST:' /var/lib/rkhunter/db/i18n/en
++ cut -d: -f2-
+ for LOGLINE1 in '`grep "^${MSG}:" ${LANG_FILE} 2>/dev/null | cut -d: -f2-`'
+ '[' 1 -eq 1 ']'
+ LINE1=0
+ continue
+ IFS='       
'
+ test 0 -eq 1 -a 0 -eq 1
+ return
+ test -n '' -o -n ''
+ return
+ keypresspause
+ '[' 1 -eq 0 -a 0 -eq 0 ']'
+ return
+ return
+ do_rootkit_checks
++ check_test rootkits
+++ echo ' all '
+++ grep ' rootkits '
++ '[' all = all -o -n '' ']'
+++ echo ' suspscan hidden_procs deleted_files packet_cap_apps apps '
+++ grep ' rootkits '
++ '[' 'suspscan hidden_procs deleted_files packet_cap_apps apps' = none -o -z '' ']'
++ return 0
+ display --to LOG --type INFO --screen-nl --nl STARTING_TEST rootkits
+ WARN_MSG=0
+ NL=0
+ NLAFTER=0
+ LOGINDENT=0
+ SCREENINDENT=0
+ LOGNL=0
+ SCREENNL=0
+ WRITETO=
+ TYPE=
+ RESULT=
+ COLOR=
+ MSG=
+ LINE1=
+ LOGLINE1=
+ SPACES=
+ NONL=
+ DISPLAY_LINE='display --to LOG --type INFO --screen-nl --nl STARTING_TEST rootkits'
+ '[' 8 -le 0 ']'
+ '[' 8 -ge 1 ']'
+ case "$1" in
+ case "$2" in
+ WRITETO=LOG
+ shift
+ shift
+ '[' 6 -ge 1 ']'
+ case "$1" in
++ eval echo '$MSG_TYPE_INFO'
+++ echo Info
+ TYPE=Info
+ '[' -z Info -a INFO '!=' PLAIN ']'
+ test INFO = WARNING
+ shift
+ shift
+ '[' 4 -ge 1 ']'
+ case "$1" in
+ SCREENNL=1
+ shift
+ '[' 3 -ge 1 ']'
+ case "$1" in
+ NL=1
+ case "$2" in
+ shift
+ '[' 2 -ge 1 ']'
+ case "$1" in
+ MSG=STARTING_TEST
+ shift
+ break
+ test 0 -eq 1
+ '[' 0 -eq 1 ']'
+ '[' 0 -eq 1 ']'
+ test LOG = SCREEN -o LOG = SCREEN+LOG
+ WRITETOTTY=0
+ test LOG = LOG -o LOG = SCREEN+LOG
+ WRITETOLOG=1
+ '[' 0 -eq 0 -a 1 -eq 0 ']'
+ '[' 0 -eq 1 -a 1 -eq 1 -a -n '' -a -z '' ']'
+ test -n Info
+ NONL=
+ '[' 0 -eq 1 -a 0 -eq 1 -a 1 -eq 1 -a '' = Whitelisted ']'
+ LANG_FILE=/var/lib/rkhunter/db/i18n/en
+ '[' -n STARTING_TEST ']'
++ grep '^STARTING_TEST:' /var/lib/rkhunter/db/i18n/en
++ head -n 1
++ cut -d: -f2-
+ LINE1='Starting test name '\''$1'\'''
+ '[' 0 -eq 1 ']'
+ '[' -z 'Starting test name '\''$1'\''' ']'
[root tmp]#


All times are GMT -5. The time now is 08:18 AM.
Page 1 of 2 1 2
Show 50 post(s) from this thread on one page