LinuxQuestions.org
Share your knowledge at the LQ Wiki.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie
User Name
Password
Linux - Newbie This Linux forum is for members that are new to Linux.
Just starting out and have a question? If it is not in the man pages or the how-to's this is the place!

Notices


Reply
  Search this Thread
Old 02-12-2011, 02:39 AM   #1
qwertyjjj
Senior Member
 
Registered: Jul 2009
Location: UK
Distribution: Cent OS5 with Plesk
Posts: 1,013

Rep: Reputation: 30
rkhunter.conf doesn't exists?


I get this warning when running rkhunter:
The file rkhunter.cond foes not exist on the system, but it is present in the rkhunter.dat file.

However, the conf file does exist as I just edited it.
Any ideas on why this error occurs?

[root#] locate rkhunter.conf
/etc/rkhunter.conf
 
Old 02-12-2011, 04:14 AM   #2
Web31337
Member
 
Registered: Sep 2009
Location: Russia
Distribution: Gentoo, LFS
Posts: 399
Blog Entries: 71

Rep: Reputation: 65
can you provide more details, like pasting a list of commands like stat /etc/rkhunter.conf, ls -lai /etc, and cat /var/lib/rkhunter/db/rkhunter.dat | grep '/etc/rkhunter.conf'?
what is a version of your rkhunter, where did you get it from?
--upd:
when was the last time you did --propupd (you don't need to do so now, since this issue may be caused by security threat and doing --propupd can mark modified files as being trusted)?

Last edited by Web31337; 02-12-2011 at 04:18 AM. Reason: propupd notice
 
Old 02-12-2011, 05:33 AM   #3
qwertyjjj
Senior Member
 
Registered: Jul 2009
Location: UK
Distribution: Cent OS5 with Plesk
Posts: 1,013

Original Poster
Rep: Reputation: 30
Quote:
Originally Posted by Web31337 View Post
can you provide more details, like pasting a list of commands like stat /etc/rkhunter.conf, ls -lai /etc, and cat /var/lib/rkhunter/db/rkhunter.dat | grep '/etc/rkhunter.conf'?
what is a version of your rkhunter, where did you get it from?
--upd:
when was the last time you did --propupd (you don't need to do so now, since this issue may be caused by security threat and doing --propupd can mark modified files as being trusted)?
here are those details:

Code:
[root ~]# stat /etc/rkhunter.conf
  File: `/etc/rkhunter.conf'
  Size: 38359     	Blocks: 80         IO Block: 4096   regular file
Device: 805h/2053d	Inode: 418145      Links: 1
Access: (0640/-rw-r-----)  Uid: (    0/    root)   Gid: (    0/    root)
Access: 2011-02-12 07:39:34.000000000 +0000
Modify: 2011-02-12 07:33:15.000000000 +0000
Change: 2011-02-12 07:33:15.000000000 +0000
[root ~]# ls -lai /etc
total 3328
416001 drwxr-xr-x  91 root   root    12288 Feb 12 08:19 .
     2 drwxr-xr-x  23 root   root     4096 Dec 26 14:48 ..
417202 drwxr-xr-x   4 root   root     4096 Jan  8  2010 acpi
416700 -rw-r--r--   1 root   root       48 Nov  9 20:04 adjtime
417887 -rw-r--r--   1 root   root     1512 Apr 25  2005 aliases
416847 drwxr-xr-x   4 root   root     4096 Aug 20  2009 alsa
416058 drwxr-xr-x   2 root   root     4096 Dec 26 14:49 alternatives
416166 -rw-r--r--   1 root   root      298 Mar 28  2007 anacrontab
417756 drwxr-xr-x   3 root   root     4096 Nov 13 03:55 apt
416944 -rw-------   1 root   root        1 Jan 26  2010 at.deny
416922 drwxr-x---   3 root   root     4096 May 16  2010 audisp
416942 drwxr-x---   2 root   root     4096 May 16  2010 audit
416334 drwxr-xr-x   2 daemon daemon   4096 Aug 20  2009 authlib
416751 -rw-------   1 root   root     3578 Nov  8 13:42 autofs_ldap_auth.conf
416080 -rw-r--r--   1 root   root      717 Nov  8 13:42 auto.master
417518 -rw-r--r--   1 root   root      581 Nov  8 13:42 auto.misc
417519 -rwxr-xr-x   1 root   root     1292 Nov  8 13:42 auto.net
417368 -rwxr-xr-x   1 root   root      715 Nov  8 13:42 auto.smb
416488 drwxr-xr-x   4 root   root     4096 Jul 16  2010 avahi
416156 -rw-r--r--   1 root   root     1673 Jun 30  2010 bashrc
416431 drwxr-xr-x   2 root   root     4096 Jan  7 00:05 blkid
416108 drwxr-xr-x   2 root   root     4096 Oct 23 00:07 bonobo-activation
419799 -rw-r--r--   1 root   root      977 Feb 26  2009 cdrecord.conf
417238 -rw-r--r--   1 root   root     6308 Nov 11  2007 conman.conf
416358 drwxr-xr-x  12 daemon daemon   4096 Aug 20  2009 courier
416672 drwx------   2 root   root     4096 Jul 28  2010 cron.d
416110 drwxr-xr-x   3 root   root     4096 Dec 26 00:03 cron.daily
416683 -rw-r--r--   1 root   root        0 Aug 20  2009 cron.deny
416111 drwxr-xr-x   2 root   root     4096 Jan  6  2007 cron.hourly
416112 drwxr-xr-x   2 root   root     4096 Nov 11 14:33 cron.monthly
195682 -rw-r--r--   1 root   root      956 Feb 12 07:41 crontab
416113 drwxr-xr-x   2 root   root     4096 Nov 11 14:33 cron.weekly
416016 -rw-r--r--   1 root   root     1044 Sep 22  2009 csh.cshrc
416017 -rw-r--r--   1 root   root     1218 Sep 22  2009 csh.login
416023 drwxr-xr-x   4 root   root     4096 May 16  2010 dbus-1
416049 drwxr-xr-x   2 root   root     4096 Oct 27 00:06 default
416327 drwxr-xr-x   2 root   root     4096 Nov 22 00:04 depmod.d
417003 drwxr-xr-x   3 root   root     4096 Aug  5  2010 dev.d
417287 -rw-r--r--   1 root   root      178 Mar 31  2010 dhcp6c.conf
418030 -rw-r--r--   1 root   root     2518 Feb 28  2010 DIR_COLORS
417713 -rw-r--r--   1 root   root     2420 Feb 28  2010 DIR_COLORS.xterm
417923 -rw-r--r--   1 root   root    21966 Jun  6  2010 dnsmasq.conf
416154 -rw-rw-r--   1 root   disk        0 Sep 21  2009 dumpdates
416018 -rw-r--r--   1 root   root        0 Sep 22  2009 environment
416821 -rw-r--r--   1 root   root      153 Jan  7  2007 esd.conf
416019 -rw-r--r--   1 root   root        0 Jan 12  2000 exports
416213 -rw-r--r--   1 root   root    22060 Jan  7  2007 fb.modes
416020 -rw-r--r--   1 root   root       59 Jan 31  2006 filesystems
417192 drwxr-xr-x   2 root   root     4096 May 16  2010 firmware
416266 drwxr-xr-x   4 root   root     4096 Aug 20  2009 fonts
418172 drwxr-xr-x   2 root   root     4096 Jul 17  2010 foomatic
417799 -rw-r--r--   1 root   root      672 Nov 11 14:32 fstab
416469 drwxr-xr-x   4 root   root     4096 Feb 12 08:19 gconf
449032 drwxr-xr-x   2 root   root     4096 Sep  3  2009 gcrypt
482811 drwxr-xr-x   2 root   root     4096 Oct 28 11:54 gdm
416117 -rw-r--r--   1 root   root      588 Sep  1  2009 GeoIP.conf
416082 -rw-r--r--   1 root   root      588 Sep  1  2009 GeoIP.conf.default
416046 -rw-r--r--   1 root   root    10793 Jan  6  2007 gnome-vfs-mime-magic
416181 -rw-r--r--   1 root   root     1756 Jan  6  2007 gpm-root.conf
417583 -rw-r--r--   1 root   root      894 Nov  9 20:24 group
416029 -rw-------   1 root   root      880 Nov  9 20:22 group-
417797 lrwxrwxrwx   1 root   root       22 Aug 20  2009 grub.conf -> ../boot/grub/grub.conf
417548 -r--------   1 root   root      739 Nov  9 20:24 gshadow
417150 -rw-------   1 root   root      729 Nov  9 20:22 gshadow-
416464 -rw-r--r--   1 root   root      833 Mar 22  2007 gssapi_mech.conf
417514 drwxr-xr-x   4 root   root     4096 Nov  9 20:09 ha.d
417408 drwxr-xr-x   3 root   root     4096 Mar 31  2010 hal
416021 -rw-r--r--   1 root   root       17 Jul 23  2000 host.conf
416012 -rw-r--r--   1 root   root      187 Aug 20  2009 hosts
416022 -rw-r--r--   1 root   root      161 Jan 12  2000 hosts.allow
416024 -rw-r--r--   1 root   root      347 Jan 12  2000 hosts.deny
416641 drwxr-xr-x   4 root   root     4096 Aug 20  2009 httpd
416597 drwxr-xr-x   3 root   root     4096 Aug 20  2009 httpd-matrixsa
417010 -rw-r--r--   1 root   root      177 Aug  6  2010 idmapd.conf
418157 lrwxrwxrwx   1 root   root       11 May 16  2010 init.d -> rc.d/init.d
417775 -rw-r--r--   1 root   root      658 Nov 16 17:23 initlog.conf
416490 -rw-r--r--   1 root   root     1667 Jul 19  2010 inittab
416025 -rw-r--r--   1 root   root      758 Sep 23  2004 inputrc
416086 drwxr-xr-x   2 root   root     4096 May 16  2010 iproute2
418161 drwx------   2 root   root     4096 Jan  6  2010 ipsec.d
418168 -rw-------   1 root   root       63 Jan  5  2010 ipsec.secrets.rpmsave
418154 -rw-r--r--   1 root   root       47 Apr 26  2010 issue
416047 -rw-r--r--   1 root   root       46 Apr 26  2010 issue.net
416180 -rw-r--r--   1 root   root    31303 Mar 14  2007 jwhois.conf
416799 -rw-r--r--   1 root   root      608 Jun 25  2007 krb5.conf
416961 -rw-r--r--   1 root   root     9028 Apr  3  2010 ldap.conf
416155 -rw-r--r--   1 root   root    38778 Feb 12 08:19 ld.so.cache
417494 -rw-r--r--   1 root   root       28 Oct  8  2006 ld.so.conf
416052 drwxr-xr-x   2 root   root     4096 Nov  5 00:05 ld.so.conf.d
417996 -rw-r--r--   1 root   root     3534 Sep  4 01:20 lftp.conf
416071 -rw-r-----   1 root   root      191 Dec  7  2009 libaudit.conf
417580 -rw-r--r--   1 root   root     2506 Oct 27  2009 libuser.conf
416053 lrwxrwxrwx   1 root   root       33 Nov  9 20:04 localtime -> /usr/share/zoneinfo/Europe/London
416205 -rw-r--r--   1 root   root     1503 Mar 31  2010 login.defs
416474 -rw-r--r--   1 root   root      520 Nov  5 14:31 logrotate.conf
416167 drwxr-xr-x   2 root   root     4096 Dec 26 00:03 logrotate.d
417356 drwxr-xr-x   4 root   root     4096 Jan 27  2010 logwatch
416938 drwxr-xr-x   5 root   root     4096 Jul 30  2010 lvm
416044 -rw-r--r--   1 root   root      293 Jan  7  2007 mailcap
416140 -rw-r--r--   1 root   root      112 Jan  7  2007 mail.rc
416817 drwxr-xr-x   2 root   root     4096 Aug 20  2009 makedev.d
417607 -rw-r--r--   1 root   root     4617 Jan  6  2007 man.config
417633 drwx--x--x   2 root   root     4096 Aug 20  2009 matrixsa
416192 drwxr-xr-x   2 root   root     4096 Aug 20  2009 mgetty+sendfax
416045 -rw-r--r--   1 root   root    14100 Jan  7  2007 mime.types
417486 -rw-r--r--   1 root   root      330 Nov 11 18:39 mke2fs.conf
416958 -rw-r--r--   1 root   root      803 Aug 13  2009 mke4fs.conf
417022 -rw-r--r--   1 root   root      261 Aug 20  2009 modprobe.conf
416009 -rw-r--r--   1 root   root       50 Aug 20  2009 modprobe.conf~
416336 drwxr-xr-x   2 root   root     4096 Jan  7 00:05 modprobe.d
416026 -rw-r--r--   1 root   root        0 Jan 12  2000 motd
416465 -rw-r--r--   1 root   root      306 Dec 26 14:48 mtab
416963 -rw-r--r--   1 root   root     1983 Jan  7  2007 mtools.conf
417520 -rw-r--r--   1 root   root     2711 Oct  4 20:45 multipath.conf
417927 -rw-r--r--   1 root   root    92794 Jun  4  2007 Muttrc
417928 -rw-r--r--   1 root   root        0 Jun  4  2007 Muttrc.local
416471 -rw-r--r--   1 root   root      441 Nov  3 23:53 my.cnf
418245 -rw-r--r--   1 root   root     1906 Sep 11  2008 nail.rc
417111 -rw-r-----   1 root   named    1230 Dec 13 18:10 named.caching-nameserver.conf
417699 -rw-r--r--   1 root   named     259 Feb  7  2010 named.conf
417016 -rw-r-----   1 root   named     955 Dec 13 18:10 named.rfc1912.zones
416467 drwxr-xr-x   2 root   root     4096 May 16  2010 netplug
416476 drwxr-xr-x   2 root   root     4096 May 16  2010 netplug.d
417742 drwxr-xr-x   4 root   root     4096 Dec 15 00:03 NetworkManager
416116 -rw-r--r--   1 root   root     1895 Oct 25 21:15 nscd.conf
417261 -rw-r--r--   1 root   root     1696 Sep 23  2004 nsswitch.conf
417444 drwxr-xr-x   2 root   root     4096 Nov  9 20:21 ntop
416323 drwxr-xr-x   2 root   root     4096 Oct 28 11:53 ntp
416324 -rw-r--r--   1 root   root      118 Dec 12  2007 ntp.conf
417695 drwxr-xr-x   2    102 root     4096 Oct 28 11:52 nxserver
416164 -rw-r--r--   1 root   root        0 Jan  7  2007 odbc.ini
416165 -rw-r--r--   1 root   root      389 Jan  7  2007 odbcinst.ini
417609 drwxr-xr-x   2 root   root     4096 May 24  2008 oddjob
417610 -rw-r--r--   1 root   root     4453 May 24  2008 oddjobd.conf
417611 drwxr-xr-x   2 root   root     4096 Aug 20  2009 oddjobd.conf.d
416250 drwxr-xr-x   3 root   root     4096 Dec  1 00:03 openldap
449031 drwxr-xr-x   4 root   root     4096 Dec  2 17:24 openvpn
416040 drwxr-xr-x   2 root   root     4096 Jan 26  2010 opt
416190 drwxr-xr-x   2 root   root     4096 Dec  2 00:04 pam.d
417251 drwxr-xr-x   2 root   root     4096 Aug 20  2009 pam_pkcs11
416219 -rw-r--r--   1 root   root       12 Jan  6  2007 pam_smb.conf
417584 -rw-r--r--   1 root   root     2094 Nov  9 20:27 passwd
416322 -rw-r--r--   1 root   root     2053 Nov  9 20:22 passwd-
417102 drwxr-xr-x   2 root   root     4096 Aug 20  2009 pcmcia
416078 drwxr-xr-x   2 root   root     4096 Dec  1 00:03 php.d
416222 -rw-r--r--   1 root   root    45079 Nov 29 21:53 php.ini
417048 -rw-r--r--   1 root   root     2875 Jan  7  2007 pinforc
416041 drwxr-xr-x   6 root   root     4096 Jan 26  2010 pki
417563 drwxr-xr-x   5 root   root     4096 Aug 20  2009 pm
416639 drwxr-xr-x   3 root   root     4096 Aug 20  2009 postfix
416493 drwxr-xr-x   3 root   root     4096 Nov 18 00:05 ppp
418183 -rw-r--r--   1 root   root     3085 Jan  6  2010 pptpd.conf
418150 -rw-r--r--   1 root   root   413153 Feb  9 00:00 prelink.cache
417118 -rw-r--r--   1 root   root      973 Sep 18  2008 prelink.conf
417119 drwxr-xr-x   2 root   root     4096 Jan 21  2009 prelink.conf.d
416030 -rw-r--r--   1 root   root      135 Aug 13  2010 printcap
416027 -rw-r--r--   1 root   root     1029 Sep 22  2009 profile
416032 drwxr-xr-x   2 root   root     4096 Dec  2 00:04 profile.d
416028 -rw-r--r--   1 root   root     6108 Oct 11  2006 protocols
416115 -rw-r--r--   1 root   root    10650 Dec 12  2007 pure-ftpd.conf
416141 -rw-r--r--   1 root   root      920 Dec 18  2001 pureftpd-ldap.conf
416142 -rw-r--r--   1 root   root     3171 Dec 18  2001 pureftpd-mysql.conf
449803 drwxr-xr-x   2 root   root     4096 Oct 23 00:07 purple
416269 -rw-------   1 root   root        0 Aug 20  2009 .pwd.lock
417215 -rw-r--r--   1 root   root      220 Feb 26  2009 quotagrpadmins
417189 -rw-r--r--   1 root   root      290 Feb 26  2009 quotatab
417216 drwxr-xr-x   3 root   root     4096 Aug 28 00:08 racoon
416499 lrwxrwxrwx   1 root   root        7 Nov 18 00:05 rc -> rc.d/rc
416522 lrwxrwxrwx   1 root   root       10 Nov 18 00:05 rc0.d -> rc.d/rc0.d
416059 lrwxrwxrwx   1 root   root       10 Nov 18 00:05 rc1.d -> rc.d/rc1.d
416523 lrwxrwxrwx   1 root   root       10 Nov 18 00:05 rc2.d -> rc.d/rc2.d
416524 lrwxrwxrwx   1 root   root       10 Nov 18 00:05 rc3.d -> rc.d/rc3.d
416525 lrwxrwxrwx   1 root   root       10 Nov 18 00:05 rc4.d -> rc.d/rc4.d
416068 lrwxrwxrwx   1 root   root       10 Nov 18 00:05 rc5.d -> rc.d/rc5.d
416069 lrwxrwxrwx   1 root   root       10 Nov 18 00:05 rc6.d -> rc.d/rc6.d
416056 drwxr-xr-x  10 root   root     4096 Nov 18 00:05 rc.d
416520 lrwxrwxrwx   1 root   root       13 Nov 18 00:05 rc.local -> rc.d/rc.local
416521 lrwxrwxrwx   1 root   root       15 Nov 18 00:05 rc.sysinit -> rc.d/rc.sysinit
417364 drwxr-xr-x   2 root   root     4096 May 16  2010 readahead.d
417807 -rw-r--r--   1 root   root      435 Jul 16  2010 reader.conf
417536 drwxr-xr-x   2 root   root     4096 Jul 16  2010 reader.conf.d
416146 -rw-r--r--   1 root   root       27 Apr 26  2010 redhat-release
417893 -rw-r--r--   1 root   root     1484 Jan  6  2007 request-key.conf
416414 -rw-r--r--   1 root   root      149 Feb  7  2010 resolv.conf
416413 -rw-r--r--   1 root   root      110 Aug 20  2009 resolv.conf.bak
418145 -rw-r-----   1 root   root    38359 Feb 12 07:33 rkhunter.conf
416416 lrwxrwxrwx   1 root   root       11 Oct 22  2009 rmt -> ../sbin/rmt
417558 -rw-r-----   1 root   named     113 Aug 20  2009 rndc.key
417263 -rw-r--r--   1 root   root     1615 Aug 30  2001 rpc
416005 drwxr-xr-x   2 root   root     4096 Sep  8 16:11 rpm
416070 -rw-r--r--   1 root   root      734 Nov 16 17:23 rwtab
416526 drwxr-xr-x   2 root   root     4096 Nov 16 17:23 rwtab.d
417884 drwxr-xr-x   2 root   root     4096 Nov 11 14:33 sarg
416085 drwxr-xr-x   2 root   root     4096 Mar 17  2010 sasl2
416937 -rw-r--r--   1 root   root      103 Mar 14  2007 scrollkeeper.conf
417019 -rw-r--r--   1 root   root      666 Aug  5  2010 scsi_id.config
416031 -rw-------   1 root   root      122 Feb 17  2003 securetty
416215 drwxr-xr-x   5 root   root     4096 Nov  3 00:05 security
416449 drwxr-xr-x   3 root   root     4096 Nov  8 13:44 selinux
417711 -rw-r--r--   1 root   root    85306 Jul 12  2009 sensors.conf
417876 -rw-r--r--   1 root   root   362037 Aug  1  2010 services
417397 -rw-r--r--   1 root   root      216 Apr  3  2010 sestatus.conf
417222 drwxr-xr-x   2 root   root     4096 Aug 20  2009 setuptool.d
416436 drwxr-xr-x   2 root   root     4096 Aug 20  2009 sgml
417525 -r--------   1 root   root     1287 Nov  9 20:27 shadow
417640 -r--------   1 root   root     1227 Nov  9 20:22 shadow-
416036 -rw-r--r--   1 root   root       60 Aug 20  2009 shells
416042 drwxr-xr-x   3 root   root     4096 Oct 28 11:54 skel
417792 drwxr-xr-x   3 root   root     4096 Nov 13 03:55 smart
417733 -rw-r--r--   1 root   root     6463 Jan 21  2009 smartd.conf
418098 -rw-r--r--   1 root   root     1272 Jan  4  2008 smi.conf
417253 drwxr-xr-x   2 squid  squid    4096 Dec 25 22:39 squid
417024 drwxr-xr-x   2 root   root     4096 Sep 12 17:00 ssh
417295 drwxr-xr-x   2 root   root     4096 Feb 26  2009 stunnel
416684 -r--r-----   1 root   root     3193 Oct 19 14:10 sudoers
416002 drwxr-xr-x  11 root   root     4096 Jan  7 00:05 sysconfig
416566 -rw-r--r--   1 root   root     1548 Feb  7  2010 sysctl.conf
416663 -rw-r--r--   1 root   root      694 Apr  3  2010 syslog.conf
416048 -rw-r--r--   1 root   root   807103 Jan  6  2007 termcap
417347 -rw-r--r--   1 root   root     2643 Jan  7  2007 tux.mime.types
416452 drwxr-xr-x   5 root   root     4096 Aug  7  2010 udev
417384 -rw-r--r--   1 root   root      136 Sep  3  2009 updatedb.conf
416976 -rw-r--r--   1 root   root     1533 Sep 19  2009 virc
417190 -rw-r--r--   1 root   root     2657 Feb 26  2009 warnquota.conf
416816 -rw-r--r--   1 root   root    23735 Jan  9  2007 webalizer.conf
449040 drwxr-xr-x 111 root   root     4096 Nov 11 18:38 webmin
416920 -rw-r--r--   1 root   root     4204 Nov  3  2009 wgetrc
416828 drwxr-xr-x   2 root   root     4096 May 16  2010 wpa_supplicant
416004 drwxr-xr-x   7 root   root     4096 Nov 18 00:05 X11
416126 drwxr-xr-x   4 root   root     4096 Mar  8  2009 xdg
417434 -rw-r--r--   1 root   root     1001 Mar 15  2007 xinetd.conf
416043 drwxr-xr-x   2 root   root     4096 Dec  2 00:04 xinetd.d
416921 drwxr-xr-x   2 root   root     4096 Aug 20  2009 xml
416137 -rw-r--r--   1 root   root      585 Sep 21  2009 yp.conf
417573 drwxr-xr-x   3 root   root     4096 Apr  4  2010 yum
417574 -rw-r--r--   1 root   root      277 Dec 12  2007 yum.conf
417194 -rw-r--r--   1 root   root      346 Apr  4  2010 yum.conf.rpmnew
416153 drwxr-xr-x   2 root   root     4096 Jan 23 00:06 yum.repos.d
[root ~]# cat /var/lib/rkhunter/db/rkhunter.dat | grep '/etc/rkhunter.conf'
File:/etc/rkhunter.conf:c6fba639c22bce442e9f52217632d76178036b5b:417710:0640:0:0:36991:1290047663::
[root ~]# rkhunter --version
Rootkit Hunter 1.3.8
 
Old 02-12-2011, 06:13 AM   #4
unSpawn
Moderator
 
Registered: May 2001
Posts: 29,361
Blog Entries: 55

Rep: Reputation: 3547Reputation: 3547Reputation: 3547Reputation: 3547Reputation: 3547Reputation: 3547Reputation: 3547Reputation: 3547Reputation: 3547Reputation: 3547Reputation: 3547
Quote:
Originally Posted by qwertyjjj View Post
The file rkhunter.cond foes not exist on the system, but it is present in the rkhunter.dat file.
Might you be getting the message wrong? Doesn't it actually read "The file rkhunter.conf exist on the system, but it is not present in the rkhunter.dat file."?
 
Old 02-12-2011, 06:37 AM   #5
qwertyjjj
Senior Member
 
Registered: Jul 2009
Location: UK
Distribution: Cent OS5 with Plesk
Posts: 1,013

Original Poster
Rep: Reputation: 30
Quote:
Originally Posted by unSpawn View Post
Might you be getting the message wrong? Doesn't it actually read "The file rkhunter.conf exist on the system, but it is not present in the rkhunter.dat file."?
[00:03:45] /etc/rkhunter.conf [ Warning ]
[00:03:45] Warning: The file '/etc/rkhunter.conf' does not exist on the system, but it is present in the rkhunter.dat file.
[00:03:45]
 
Old 02-12-2011, 07:01 AM   #6
unSpawn
Moderator
 
Registered: May 2001
Posts: 29,361
Blog Entries: 55

Rep: Reputation: 3547Reputation: 3547Reputation: 3547Reputation: 3547Reputation: 3547Reputation: 3547Reputation: 3547Reputation: 3547Reputation: 3547Reputation: 3547Reputation: 3547
OK. What's the RKH version? Where did you install it from? Also CYP run rkhunter with the usual arguments and switches and add the "--debug" switch, locate the /tmp/rkhunter-debug* file and then pastebin its contents?
 
Old 02-12-2011, 10:42 AM   #7
qwertyjjj
Senior Member
 
Registered: Jul 2009
Location: UK
Distribution: Cent OS5 with Plesk
Posts: 1,013

Original Poster
Rep: Reputation: 30
Quote:
Originally Posted by unSpawn View Post
OK. What's the RKH version? Where did you install it from? Also CYP run rkhunter with the usual arguments and switches and add the "--debug" switch, locate the /tmp/rkhunter-debug* file and then pastebin its contents?
version is:
[root ~]# rkhunter --version
Rootkit Hunter 1.3.8

tmp file:
what's pastebin? I only have command line access. I could upload the file but the text is quite long.
 
Old 02-12-2011, 11:59 AM   #8
unSpawn
Moderator
 
Registered: May 2001
Posts: 29,361
Blog Entries: 55

Rep: Reputation: 3547Reputation: 3547Reputation: 3547Reputation: 3547Reputation: 3547Reputation: 3547Reputation: 3547Reputation: 3547Reputation: 3547Reputation: 3547Reputation: 3547
If it's not on your file system (which, whereis, (s)locate, 'man -f', type, 'deflare -F', etc, etc) then there's other methods of finding out: searching LQ, Wikipedia or the 'net. From Wikipedia: "A pastebin is a type of web application which allows its users to upload snippets of text(..) A vast number of pastebins exist on the Internet, (..)".
 
Old 02-12-2011, 12:17 PM   #9
qwertyjjj
Senior Member
 
Registered: Jul 2009
Location: UK
Distribution: Cent OS5 with Plesk
Posts: 1,013

Original Poster
Rep: Reputation: 30
Quote:
Originally Posted by unSpawn View Post
If it's not on your file system (which, whereis, (s)locate, 'man -f', type, 'deflare -F', etc, etc) then there's other methods of finding out: searching LQ, Wikipedia or the 'net. From Wikipedia: "A pastebin is a type of web application which allows its users to upload snippets of text(..) A vast number of pastebins exist on the Internet, (..)".
But do I upload the file from my server to a bin on an internet server somewhere?
It's installed on ym system but google doesn;t show any command line usage of how to use it.

I am not sure how to paste the contents of the file from the command line to a website.
I can't copy the text of the file as I only have command line access and both nano and vi do not allow scrolling through the file to copy it.

Last edited by qwertyjjj; 02-12-2011 at 12:25 PM.
 
Old 02-12-2011, 12:55 PM   #10
Web31337
Member
 
Registered: Sep 2009
Location: Russia
Distribution: Gentoo, LFS
Posts: 399
Blog Entries: 71

Rep: Reputation: 65
you still didn't answer the main question(you were asked twice): where does your rkhunter come from?

there is "wgetpaste" utility to upload data to pastebin sites, browse your repository for it. I'm wondering how did you copy that long ls outputs before... what's the problem to do the same trick again, pasting results to any pastebin site, say codepad.org?
 
Old 02-12-2011, 01:01 PM   #11
qwertyjjj
Senior Member
 
Registered: Jul 2009
Location: UK
Distribution: Cent OS5 with Plesk
Posts: 1,013

Original Poster
Rep: Reputation: 30
Quote:
Originally Posted by Web31337 View Post
you still didn't answer the main question(you were asked twice): where does your rkhunter come from?

there is "wgetpaste" utility to upload data to pastebin sites, browse your repository for it. I'm wondering how did you copy that long ls outputs before... what's the problem to do the same trick again, pasting results to any pastebin site, say codepad.org?
from the centos repository I think - I just did yum install rkhunter.
I've never had to copy a file before, I just copy and pasted short lines from the command line.
When you use nano or vi it doesn't let you copy the whole file as you have to scroll through screens.

Last edited by qwertyjjj; 02-12-2011 at 01:08 PM.
 
Old 02-12-2011, 01:34 PM   #12
unSpawn
Moderator
 
Registered: May 2001
Posts: 29,361
Blog Entries: 55

Rep: Reputation: 3547Reputation: 3547Reputation: 3547Reputation: 3547Reputation: 3547Reputation: 3547Reputation: 3547Reputation: 3547Reputation: 3547Reputation: 3547Reputation: 3547
If you're running CLI-only then 'screen' enables you to post text selections somewhat like vi markers: "CTRL+A+[" to start the selection and "CTRL+A+]" to finalize it. Alternatively you could 'grep "does not exist on the system, but it is present in the rkhunter.dat file" -C 100' the debug file and post output here in BB code tags.
 
Old 02-13-2011, 04:16 AM   #13
qwertyjjj
Senior Member
 
Registered: Jul 2009
Location: UK
Distribution: Cent OS5 with Plesk
Posts: 1,013

Original Poster
Rep: Reputation: 30
Quote:
Originally Posted by unSpawn View Post
If you're running CLI-only then 'screen' enables you to post text selections somewhat like vi markers: "CTRL+A+[" to start the selection and "CTRL+A+]" to finalize it. Alternatively you could 'grep "does not exist on the system, but it is present in the rkhunter.dat file" -C 100' the debug file and post output here in BB code tags.
Thanks, got that:

Code:
[root tmp]# grep "does not exist on the system, but it is present in the rkhunter.dat file" rkhunter-debug.mLcNM12396 -C 100
++ cut -c1-4
+ SPACES='    '
+ LINE1='    /etc/rkhunter.conf'
+ '[' -n Warning ']'
+ '[' 1 -eq 1 ']'
++ echo '    /etc/rkhunter.conf'
++ wc -c
++ tr -d ' '
+ LINE1_NUM=23
++ expr 62 - 23
+ NUM_SPACES=39
+ test 39 -lt 1
+ '[' 1 -eq 0 ']'
+ LINE1='    /etc/rkhunter.conf\033[39C[ Warning ]'
+ '[' 1 -eq 1 ']'
++ echo '[15:32:33]   /etc/rkhunter.conf'
++ wc -c
++ tr -d ' '
+ LOGLINE1_NUM=32
++ expr 62 - 32
+ NUM_SPACES=30
+ test 30 -lt 1
++ echo '                                                              '
++ cut -c1-30
+ SPACES='                              '
+ LOGLINE1='[15:32:33]   /etc/rkhunter.conf                              [ Warning ]'
+ '[' 0 -eq 1 ']'
+ '[' 1 -eq 1 ']'
+ NLLOOP=0
+ test 0 -gt 0
+ '[' '' = c ']'
+ echo -e '    /etc/rkhunter.conf\033[39C[ Warning ]'
    /etc/rkhunter.conf                                       [ Warning ]
+ '[' 1 -eq 1 ']'
+ echo -e '[15:32:33]   /etc/rkhunter.conf                              [ Warning ]'
+ '[' 0 -eq 1 ']'
++ echo '[15:32:33]   /etc/rkhunter.conf                              [ Warning ]'
++ grep '^\[[0-9][0-9]:[0-9][0-9]:[0-9][0-9]\]         '
+ '[' 0 -eq 1 -a -n '' ']'
+ test 1 -eq 1 -a 0 -eq 1
+ return
+ display --to LOG --type WARNING FILE_PROP_FILE_NOT_EXIST /etc/rkhunter.conf
+ WARN_MSG=0
+ NL=0
+ NLAFTER=0
+ LOGINDENT=0
+ SCREENINDENT=0
+ LOGNL=0
+ SCREENNL=0
+ WRITETO=
+ TYPE=
+ RESULT=
+ COLOR=
+ MSG=
+ LINE1=
+ LOGLINE1=
+ SPACES=
+ NONL=
+ DISPLAY_LINE='display --to LOG --type WARNING FILE_PROP_FILE_NOT_EXIST /etc/rkhunter.conf'
+ '[' 6 -le 0 ']'
+ '[' 6 -ge 1 ']'
+ case "$1" in
+ case "$2" in
+ WRITETO=LOG
+ shift
+ shift
+ '[' 4 -ge 1 ']'
+ case "$1" in
++ eval echo '$MSG_TYPE_WARNING'
+++ echo Warning
+ TYPE=Warning
+ '[' -z Warning -a WARNING '!=' PLAIN ']'
+ test WARNING = WARNING
+ WARN_MSG=1
+ shift
+ shift
+ '[' 2 -ge 1 ']'
+ case "$1" in
+ MSG=FILE_PROP_FILE_NOT_EXIST
+ shift
+ break
+ test 1 -eq 1
++ expr 0 + 1
+ WARNING_COUNT=1
+ '[' 0 -eq 1 ']'
+ '[' 0 -eq 1 ']'
+ test LOG = SCREEN -o LOG = SCREEN+LOG
+ WRITETOTTY=0
+ test LOG = LOG -o LOG = SCREEN+LOG
+ WRITETOLOG=1
+ '[' 0 -eq 0 -a 1 -eq 0 ']'
+ '[' 0 -eq 1 -a 1 -eq 1 -a -n '' -a -z '' ']'
+ test -n Warning
+ NONL=
+ '[' 0 -eq 1 -a 0 -eq 1 -a 1 -eq 1 -a '' = Whitelisted ']'
+ LANG_FILE=/var/lib/rkhunter/db/i18n/en
+ '[' -n FILE_PROP_FILE_NOT_EXIST ']'
++ grep '^FILE_PROP_FILE_NOT_EXIST:' /var/lib/rkhunter/db/i18n/en
++ head -n 1
++ cut -d: -f2-
+ LINE1='The file '\''$1'\'' does not exist on the system, but it is present in the rkhunter.dat file.'
+ '[' 0 -eq 1 ']'
+ '[' -z 'The file '\''$1'\'' does not exist on the system, but it is present in the rkhunter.dat file.' ']'
++ echo 'The file '\''$1'\'' does not exist on the system, but it is present in the rkhunter.dat file.'
++ sed -e 's/`/\\`/g'
+ LINE1='The file '\''$1'\'' does not exist on the system, but it is present in the rkhunter.dat file.'
+ test -n 'The file '\''$1'\'' does not exist on the system, but it is present in the rkhunter.dat file.'
++ eval 'echo "The file '\''$1'\'' does not exist on the system, but it is present in the rkhunter.dat file." | sed -e '\''s/;/\;/g'\'''
+++ echo 'The file '\''/etc/rkhunter.conf'\'' does not exist on the system, but it is present in the rkhunter.dat file.'
+++ sed -e 's/;/\;/g'
+ LINE1='The file '\''/etc/rkhunter.conf'\'' does not exist on the system, but it is present in the rkhunter.dat file.'
+ '[' 1 -eq 1 ']'
++ date '+[%H:%M:%S]'
+ LOGLINE1='[15:32:33]'
+ test 0 -gt 0 -o 0 -eq 1
+ '[' -n Warning ']'
+ LOGLINE1='[15:32:33] Warning: The file '\''/etc/rkhunter.conf'\'' does not exist on the system, but it is present in the rkhunter.dat file.'
+ '[' 0 -eq 1 -a 0 -gt 0 ']'
+ '[' -n '' ']'
+ '[' 0 -eq 1 -a -n '' ']'
+ '[' 0 -eq 1 ']'
+ '[' 0 -eq 1 ']'
+ '[' 1 -eq 1 ']'
+ echo -e '[15:32:33] Warning: The file '\''/etc/rkhunter.conf'\'' does not exist on the system, but it is present in the rkhunter.dat file.'
+ '[' 1 -eq 1 ']'
+ test 0 -eq 1
+ LINE1=1
+ OLDIFS=' 	
'
+ IFS='
'
++ grep '^FILE_PROP_FILE_NOT_EXIST:' /var/lib/rkhunter/db/i18n/en
++ cut -d: -f2-
+ for LOGLINE1 in '`grep "^${MSG}:" ${LANG_FILE} 2>/dev/null | cut -d: -f2-`'
+ '[' 1 -eq 1 ']'
+ LINE1=0
+ continue
+ IFS=' 	
'
+ test 0 -eq 1 -a 0 -eq 1
+ return
+ test -n '' -o -n ''
+ return
+ keypresspause
+ '[' 1 -eq 0 -a 0 -eq 0 ']'
+ return
+ return
+ do_rootkit_checks
++ check_test rootkits
+++ echo ' all '
+++ grep ' rootkits '
++ '[' all = all -o -n '' ']'
+++ echo ' suspscan hidden_procs deleted_files packet_cap_apps apps '
+++ grep ' rootkits '
++ '[' 'suspscan hidden_procs deleted_files packet_cap_apps apps' = none -o -z '' ']'
++ return 0
+ display --to LOG --type INFO --screen-nl --nl STARTING_TEST rootkits
+ WARN_MSG=0
+ NL=0
+ NLAFTER=0
+ LOGINDENT=0
+ SCREENINDENT=0
+ LOGNL=0
+ SCREENNL=0
+ WRITETO=
+ TYPE=
+ RESULT=
+ COLOR=
+ MSG=
+ LINE1=
+ LOGLINE1=
+ SPACES=
+ NONL=
+ DISPLAY_LINE='display --to LOG --type INFO --screen-nl --nl STARTING_TEST rootkits'
+ '[' 8 -le 0 ']'
+ '[' 8 -ge 1 ']'
+ case "$1" in
+ case "$2" in
+ WRITETO=LOG
+ shift
+ shift
+ '[' 6 -ge 1 ']'
+ case "$1" in
++ eval echo '$MSG_TYPE_INFO'
+++ echo Info
+ TYPE=Info
+ '[' -z Info -a INFO '!=' PLAIN ']'
+ test INFO = WARNING
+ shift
+ shift
+ '[' 4 -ge 1 ']'
+ case "$1" in
+ SCREENNL=1
+ shift
+ '[' 3 -ge 1 ']'
+ case "$1" in
+ NL=1
+ case "$2" in
+ shift
+ '[' 2 -ge 1 ']'
+ case "$1" in
+ MSG=STARTING_TEST
+ shift
+ break
+ test 0 -eq 1
+ '[' 0 -eq 1 ']'
+ '[' 0 -eq 1 ']'
+ test LOG = SCREEN -o LOG = SCREEN+LOG
+ WRITETOTTY=0
+ test LOG = LOG -o LOG = SCREEN+LOG
+ WRITETOLOG=1
+ '[' 0 -eq 0 -a 1 -eq 0 ']'
+ '[' 0 -eq 1 -a 1 -eq 1 -a -n '' -a -z '' ']'
+ test -n Info
+ NONL=
+ '[' 0 -eq 1 -a 0 -eq 1 -a 1 -eq 1 -a '' = Whitelisted ']'
+ LANG_FILE=/var/lib/rkhunter/db/i18n/en
+ '[' -n STARTING_TEST ']'
++ grep '^STARTING_TEST:' /var/lib/rkhunter/db/i18n/en
++ head -n 1
++ cut -d: -f2-
+ LINE1='Starting test name '\''$1'\'''
+ '[' 0 -eq 1 ']'
+ '[' -z 'Starting test name '\''$1'\''' ']'
 
Old 02-13-2011, 05:24 AM   #14
unSpawn
Moderator
 
Registered: May 2001
Posts: 29,361
Blog Entries: 55

Rep: Reputation: 3547Reputation: 3547Reputation: 3547Reputation: 3547Reputation: 3547Reputation: 3547Reputation: 3547Reputation: 3547Reputation: 3547Reputation: 3547Reputation: 3547
Thanks but unfortunately it doesn't show RKH performing the actual test leading to this. CYP repeat but with 'grep "does not exist on the system, but it is present in the rkhunter.dat file" rkhunter-debug.mLcNM12396 -A 100 -B 200 > /tmp/rkhdebug.txt' and attach "/tmp/rkhdebug.txt"? TIA.
 
Old 02-13-2011, 07:31 AM   #15
qwertyjjj
Senior Member
 
Registered: Jul 2009
Location: UK
Distribution: Cent OS5 with Plesk
Posts: 1,013

Original Poster
Rep: Reputation: 30
Quote:
Originally Posted by unSpawn View Post
Thanks but unfortunately it doesn't show RKH performing the actual test leading to this. CYP repeat but with 'grep "does not exist on the system, but it is present in the rkhunter.dat file" rkhunter-debug.mLcNM12396 -A 100 -B 200 > /tmp/rkhdebug.txt' and attach "/tmp/rkhdebug.txt"? TIA.
Code:
[root tmp]# grep "does not exist on the system, but it is present in the rkhunter.dat file" rkhunter-debug.mLcNM12396 -A 100 -B 200                    
+ LOGLINE1=
+ SPACES=
+ NONL=
+ DISPLAY_LINE='display --to SCREEN+LOG --type PLAIN --screen-indent 4 --log-indent 2 --result WARNING --color RED NAME /etc/rkhunter.conf'
+ '[' 14 -le 0 ']'
+ '[' 14 -ge 1 ']'
+ case "$1" in
+ case "$2" in
+ WRITETO=SCREEN+LOG
+ shift
+ shift
+ '[' 12 -ge 1 ']'
+ case "$1" in
++ eval echo '$MSG_TYPE_PLAIN'
+++ echo
+ TYPE=
+ '[' -z '' -a PLAIN '!=' PLAIN ']'
+ test PLAIN = WARNING
+ shift
+ shift
+ '[' 10 -ge 1 ']'
+ case "$1" in
+ SCREENINDENT=4
+ '[' -z 4 ']'
++ echo 4
++ grep '^[0-9]*$'
+ '[' -z 4 ']'
+ shift
+ shift
+ '[' 8 -ge 1 ']'
+ case "$1" in
+ LOGINDENT=2
+ '[' -z 2 ']'
++ echo 2
++ grep '^[0-9]*$'
+ '[' -z 2 ']'
+ shift
+ shift
+ '[' 6 -ge 1 ']'
+ case "$1" in
++ eval echo '$MSG_RESULT_WARNING'
+++ echo Warning
+ RESULT=Warning
+ '[' -z Warning ']'
+ shift
+ shift
+ '[' 4 -ge 1 ']'
+ case "$1" in
+ '[' 1 -eq 1 ']'
+ test -n RED
++ eval 'echo ${RED}'
+++ echo ''
+ COLOR=''
+ '[' -z '' ']'
+ shift
+ shift
+ '[' 2 -ge 1 ']'
+ case "$1" in
+ MSG=NAME
+ shift
+ break
+ test 0 -eq 1
+ '[' 0 -eq 1 ']'
+ '[' 0 -eq 1 ']'
+ test SCREEN+LOG = SCREEN -o SCREEN+LOG = SCREEN+LOG
+ WRITETOTTY=1
+ test SCREEN+LOG = LOG -o SCREEN+LOG = SCREEN+LOG
+ WRITETOLOG=1
+ '[' 1 -eq 0 -a 1 -eq 0 ']'
+ '[' 1 -eq 1 -a 1 -eq 1 -a -n Warning -a -z '' ']'
+ test -n ''
+ '[' 0 -eq 1 -a 1 -eq 1 -a 1 -eq 1 -a Warning = Whitelisted ']'
+ LANG_FILE=/var/lib/rkhunter/db/i18n/en
+ '[' -n NAME ']'
++ grep '^NAME:' /var/lib/rkhunter/db/i18n/en
++ head -n 1
++ cut -d: -f2-
+ LINE1='$1'
+ '[' 0 -eq 1 ']'
+ '[' -z '$1' ']'
++ echo '$1'
++ sed -e 's/`/\\`/g'
+ LINE1='$1'
+ test -n '$1'
++ eval 'echo "$1" | sed -e '\''s/;/\;/g'\'''
+++ echo /etc/rkhunter.conf
+++ sed -e 's/;/\;/g'
+ LINE1=/etc/rkhunter.conf
+ '[' 1 -eq 1 ']'
++ date '+[%H:%M:%S]'
+ LOGLINE1='[15:32:33]'
+ test 0 -gt 0 -o 0 -eq 1
+ '[' -n '' ']'
+ test 2 -gt 0
++ echo '                                                              '
++ cut -c1-2
+ SPACES='  '
+ LOGLINE1='[15:32:33]   /etc/rkhunter.conf'
+ '[' 1 -eq 1 -a 4 -gt 0 ']'
++ echo '                                                              '
++ cut -c1-4
+ SPACES='    '
+ LINE1='    /etc/rkhunter.conf'
+ '[' -n Warning ']'
+ '[' 1 -eq 1 ']'
++ echo '    /etc/rkhunter.conf'
++ wc -c
++ tr -d ' '
+ LINE1_NUM=23
++ expr 62 - 23
+ NUM_SPACES=39
+ test 39 -lt 1
+ '[' 1 -eq 0 ']'
+ LINE1='    /etc/rkhunter.conf\033[39C[ Warning ]'
+ '[' 1 -eq 1 ']'
++ echo '[15:32:33]   /etc/rkhunter.conf'
++ wc -c
++ tr -d ' '
+ LOGLINE1_NUM=32
++ expr 62 - 32
+ NUM_SPACES=30
+ test 30 -lt 1
++ echo '                                                              '
++ cut -c1-30
+ SPACES='                              '
+ LOGLINE1='[15:32:33]   /etc/rkhunter.conf                              [ Warning ]'
+ '[' 0 -eq 1 ']'
+ '[' 1 -eq 1 ']'
+ NLLOOP=0
+ test 0 -gt 0
+ '[' '' = c ']'
+ echo -e '    /etc/rkhunter.conf\033[39C[ Warning ]'
    /etc/rkhunter.conf                                       [ Warning ]
+ '[' 1 -eq 1 ']'
+ echo -e '[15:32:33]   /etc/rkhunter.conf                              [ Warning ]'
+ '[' 0 -eq 1 ']'
++ echo '[15:32:33]   /etc/rkhunter.conf                              [ Warning ]'
++ grep '^\[[0-9][0-9]:[0-9][0-9]:[0-9][0-9]\]         '
+ '[' 0 -eq 1 -a -n '' ']'
+ test 1 -eq 1 -a 0 -eq 1
+ return
+ display --to LOG --type WARNING FILE_PROP_FILE_NOT_EXIST /etc/rkhunter.conf
+ WARN_MSG=0
+ NL=0
+ NLAFTER=0
+ LOGINDENT=0
+ SCREENINDENT=0
+ LOGNL=0
+ SCREENNL=0
+ WRITETO=
+ TYPE=
+ RESULT=
+ COLOR=
+ MSG=
+ LINE1=
+ LOGLINE1=
+ SPACES=
+ NONL=
+ DISPLAY_LINE='display --to LOG --type WARNING FILE_PROP_FILE_NOT_EXIST /etc/rkhunter.conf'
+ '[' 6 -le 0 ']'
+ '[' 6 -ge 1 ']'
+ case "$1" in
+ case "$2" in
+ WRITETO=LOG
+ shift
+ shift
+ '[' 4 -ge 1 ']'
+ case "$1" in
++ eval echo '$MSG_TYPE_WARNING'
+++ echo Warning
+ TYPE=Warning
+ '[' -z Warning -a WARNING '!=' PLAIN ']'
+ test WARNING = WARNING
+ WARN_MSG=1
+ shift
+ shift
+ '[' 2 -ge 1 ']'
+ case "$1" in
+ MSG=FILE_PROP_FILE_NOT_EXIST
+ shift
+ break
+ test 1 -eq 1
++ expr 0 + 1
+ WARNING_COUNT=1
+ '[' 0 -eq 1 ']'
+ '[' 0 -eq 1 ']'
+ test LOG = SCREEN -o LOG = SCREEN+LOG
+ WRITETOTTY=0
+ test LOG = LOG -o LOG = SCREEN+LOG
+ WRITETOLOG=1
+ '[' 0 -eq 0 -a 1 -eq 0 ']'
+ '[' 0 -eq 1 -a 1 -eq 1 -a -n '' -a -z '' ']'
+ test -n Warning
+ NONL=
+ '[' 0 -eq 1 -a 0 -eq 1 -a 1 -eq 1 -a '' = Whitelisted ']'
+ LANG_FILE=/var/lib/rkhunter/db/i18n/en
+ '[' -n FILE_PROP_FILE_NOT_EXIST ']'
++ grep '^FILE_PROP_FILE_NOT_EXIST:' /var/lib/rkhunter/db/i18n/en
++ head -n 1
++ cut -d: -f2-
+ LINE1='The file '\''$1'\'' does not exist on the system, but it is present in the rkhunter.dat file.'
+ '[' 0 -eq 1 ']'
+ '[' -z 'The file '\''$1'\'' does not exist on the system, but it is present in the rkhunter.dat file.' ']'
++ echo 'The file '\''$1'\'' does not exist on the system, but it is present in the rkhunter.dat file.'
++ sed -e 's/`/\\`/g'
+ LINE1='The file '\''$1'\'' does not exist on the system, but it is present in the rkhunter.dat file.'
+ test -n 'The file '\''$1'\'' does not exist on the system, but it is present in the rkhunter.dat file.'
++ eval 'echo "The file '\''$1'\'' does not exist on the system, but it is present in the rkhunter.dat file." | sed -e '\''s/;/\;/g'\'''
+++ echo 'The file '\''/etc/rkhunter.conf'\'' does not exist on the system, but it is present in the rkhunter.dat file.'
+++ sed -e 's/;/\;/g'
+ LINE1='The file '\''/etc/rkhunter.conf'\'' does not exist on the system, but it is present in the rkhunter.dat file.'
+ '[' 1 -eq 1 ']'
++ date '+[%H:%M:%S]'
+ LOGLINE1='[15:32:33]'
+ test 0 -gt 0 -o 0 -eq 1
+ '[' -n Warning ']'
+ LOGLINE1='[15:32:33] Warning: The file '\''/etc/rkhunter.conf'\'' does not exist on the system, but it is present in the rkhunter.dat file.'
+ '[' 0 -eq 1 -a 0 -gt 0 ']'
+ '[' -n '' ']'
+ '[' 0 -eq 1 -a -n '' ']'
+ '[' 0 -eq 1 ']'
+ '[' 0 -eq 1 ']'
+ '[' 1 -eq 1 ']'
+ echo -e '[15:32:33] Warning: The file '\''/etc/rkhunter.conf'\'' does not exist on the system, but it is present in the rkhunter.dat file.'
+ '[' 1 -eq 1 ']'
+ test 0 -eq 1
+ LINE1=1
+ OLDIFS=' 	
'
+ IFS='
'
++ grep '^FILE_PROP_FILE_NOT_EXIST:' /var/lib/rkhunter/db/i18n/en
++ cut -d: -f2-
+ for LOGLINE1 in '`grep "^${MSG}:" ${LANG_FILE} 2>/dev/null | cut -d: -f2-`'
+ '[' 1 -eq 1 ']'
+ LINE1=0
+ continue
+ IFS=' 	
'
+ test 0 -eq 1 -a 0 -eq 1
+ return
+ test -n '' -o -n ''
+ return
+ keypresspause
+ '[' 1 -eq 0 -a 0 -eq 0 ']'
+ return
+ return
+ do_rootkit_checks
++ check_test rootkits
+++ echo ' all '
+++ grep ' rootkits '
++ '[' all = all -o -n '' ']'
+++ echo ' suspscan hidden_procs deleted_files packet_cap_apps apps '
+++ grep ' rootkits '
++ '[' 'suspscan hidden_procs deleted_files packet_cap_apps apps' = none -o -z '' ']'
++ return 0
+ display --to LOG --type INFO --screen-nl --nl STARTING_TEST rootkits
+ WARN_MSG=0
+ NL=0
+ NLAFTER=0
+ LOGINDENT=0
+ SCREENINDENT=0
+ LOGNL=0
+ SCREENNL=0
+ WRITETO=
+ TYPE=
+ RESULT=
+ COLOR=
+ MSG=
+ LINE1=
+ LOGLINE1=
+ SPACES=
+ NONL=
+ DISPLAY_LINE='display --to LOG --type INFO --screen-nl --nl STARTING_TEST rootkits'
+ '[' 8 -le 0 ']'
+ '[' 8 -ge 1 ']'
+ case "$1" in
+ case "$2" in
+ WRITETO=LOG
+ shift
+ shift
+ '[' 6 -ge 1 ']'
+ case "$1" in
++ eval echo '$MSG_TYPE_INFO'
+++ echo Info
+ TYPE=Info
+ '[' -z Info -a INFO '!=' PLAIN ']'
+ test INFO = WARNING
+ shift
+ shift
+ '[' 4 -ge 1 ']'
+ case "$1" in
+ SCREENNL=1
+ shift
+ '[' 3 -ge 1 ']'
+ case "$1" in
+ NL=1
+ case "$2" in
+ shift
+ '[' 2 -ge 1 ']'
+ case "$1" in
+ MSG=STARTING_TEST
+ shift
+ break
+ test 0 -eq 1
+ '[' 0 -eq 1 ']'
+ '[' 0 -eq 1 ']'
+ test LOG = SCREEN -o LOG = SCREEN+LOG
+ WRITETOTTY=0
+ test LOG = LOG -o LOG = SCREEN+LOG
+ WRITETOLOG=1
+ '[' 0 -eq 0 -a 1 -eq 0 ']'
+ '[' 0 -eq 1 -a 1 -eq 1 -a -n '' -a -z '' ']'
+ test -n Info
+ NONL=
+ '[' 0 -eq 1 -a 0 -eq 1 -a 1 -eq 1 -a '' = Whitelisted ']'
+ LANG_FILE=/var/lib/rkhunter/db/i18n/en
+ '[' -n STARTING_TEST ']'
++ grep '^STARTING_TEST:' /var/lib/rkhunter/db/i18n/en
++ head -n 1
++ cut -d: -f2-
+ LINE1='Starting test name '\''$1'\'''
+ '[' 0 -eq 1 ']'
+ '[' -z 'Starting test name '\''$1'\''' ']'
[root tmp]#
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
lilo.conf file does not exists... imprise Linux - Newbie 2 05-23-2009 01:41 PM
RKhunter Help please Golgo13 Linux - Software 3 01-16-2008 05:27 PM
rkhunter lumiwa Linux - Newbie 1 09-17-2007 09:51 PM
SIOCADDRT: File exists SIOCCADDRT: File Exists Failed to bring up eth0. opsraja Linux - Networking 0 01-10-2005 09:29 AM
rkhunter phatbastard Linux - Security 3 12-08-2004 10:44 PM

LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie

All times are GMT -5. The time now is 11:54 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration