Linux - Newbie This Linux forum is for members that are new to Linux.
Just starting out and have a question?
If it is not in the man pages or the how-to's this is the place! |
Notices |
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
Are you new to LinuxQuestions.org? Visit the following links:
Site Howto |
Site FAQ |
Sitemap |
Register Now
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
|
|
|
02-12-2011, 02:39 AM
|
#1
|
Senior Member
Registered: Jul 2009
Location: UK
Distribution: Cent OS5 with Plesk
Posts: 1,013
Rep:
|
rkhunter.conf doesn't exists?
I get this warning when running rkhunter:
The file rkhunter.cond foes not exist on the system, but it is present in the rkhunter.dat file.
However, the conf file does exist as I just edited it.
Any ideas on why this error occurs?
[root#] locate rkhunter.conf
/etc/rkhunter.conf
|
|
|
02-12-2011, 04:14 AM
|
#2
|
Member
Registered: Sep 2009
Location: Russia
Distribution: Gentoo, LFS
Posts: 399
Rep:
|
can you provide more details, like pasting a list of commands like stat /etc/rkhunter.conf, ls -lai /etc, and cat /var/lib/rkhunter/db/rkhunter.dat | grep '/etc/rkhunter.conf'?
what is a version of your rkhunter, where did you get it from?
--upd:
when was the last time you did --propupd (you don't need to do so now, since this issue may be caused by security threat and doing --propupd can mark modified files as being trusted)?
Last edited by Web31337; 02-12-2011 at 04:18 AM.
Reason: propupd notice
|
|
|
02-12-2011, 05:33 AM
|
#3
|
Senior Member
Registered: Jul 2009
Location: UK
Distribution: Cent OS5 with Plesk
Posts: 1,013
Original Poster
Rep:
|
Quote:
Originally Posted by Web31337
can you provide more details, like pasting a list of commands like stat /etc/rkhunter.conf, ls -lai /etc, and cat /var/lib/rkhunter/db/rkhunter.dat | grep '/etc/rkhunter.conf'?
what is a version of your rkhunter, where did you get it from?
--upd:
when was the last time you did --propupd (you don't need to do so now, since this issue may be caused by security threat and doing --propupd can mark modified files as being trusted)?
|
here are those details:
Code:
[root ~]# stat /etc/rkhunter.conf
File: `/etc/rkhunter.conf'
Size: 38359 Blocks: 80 IO Block: 4096 regular file
Device: 805h/2053d Inode: 418145 Links: 1
Access: (0640/-rw-r-----) Uid: ( 0/ root) Gid: ( 0/ root)
Access: 2011-02-12 07:39:34.000000000 +0000
Modify: 2011-02-12 07:33:15.000000000 +0000
Change: 2011-02-12 07:33:15.000000000 +0000
[root ~]# ls -lai /etc
total 3328
416001 drwxr-xr-x 91 root root 12288 Feb 12 08:19 .
2 drwxr-xr-x 23 root root 4096 Dec 26 14:48 ..
417202 drwxr-xr-x 4 root root 4096 Jan 8 2010 acpi
416700 -rw-r--r-- 1 root root 48 Nov 9 20:04 adjtime
417887 -rw-r--r-- 1 root root 1512 Apr 25 2005 aliases
416847 drwxr-xr-x 4 root root 4096 Aug 20 2009 alsa
416058 drwxr-xr-x 2 root root 4096 Dec 26 14:49 alternatives
416166 -rw-r--r-- 1 root root 298 Mar 28 2007 anacrontab
417756 drwxr-xr-x 3 root root 4096 Nov 13 03:55 apt
416944 -rw------- 1 root root 1 Jan 26 2010 at.deny
416922 drwxr-x--- 3 root root 4096 May 16 2010 audisp
416942 drwxr-x--- 2 root root 4096 May 16 2010 audit
416334 drwxr-xr-x 2 daemon daemon 4096 Aug 20 2009 authlib
416751 -rw------- 1 root root 3578 Nov 8 13:42 autofs_ldap_auth.conf
416080 -rw-r--r-- 1 root root 717 Nov 8 13:42 auto.master
417518 -rw-r--r-- 1 root root 581 Nov 8 13:42 auto.misc
417519 -rwxr-xr-x 1 root root 1292 Nov 8 13:42 auto.net
417368 -rwxr-xr-x 1 root root 715 Nov 8 13:42 auto.smb
416488 drwxr-xr-x 4 root root 4096 Jul 16 2010 avahi
416156 -rw-r--r-- 1 root root 1673 Jun 30 2010 bashrc
416431 drwxr-xr-x 2 root root 4096 Jan 7 00:05 blkid
416108 drwxr-xr-x 2 root root 4096 Oct 23 00:07 bonobo-activation
419799 -rw-r--r-- 1 root root 977 Feb 26 2009 cdrecord.conf
417238 -rw-r--r-- 1 root root 6308 Nov 11 2007 conman.conf
416358 drwxr-xr-x 12 daemon daemon 4096 Aug 20 2009 courier
416672 drwx------ 2 root root 4096 Jul 28 2010 cron.d
416110 drwxr-xr-x 3 root root 4096 Dec 26 00:03 cron.daily
416683 -rw-r--r-- 1 root root 0 Aug 20 2009 cron.deny
416111 drwxr-xr-x 2 root root 4096 Jan 6 2007 cron.hourly
416112 drwxr-xr-x 2 root root 4096 Nov 11 14:33 cron.monthly
195682 -rw-r--r-- 1 root root 956 Feb 12 07:41 crontab
416113 drwxr-xr-x 2 root root 4096 Nov 11 14:33 cron.weekly
416016 -rw-r--r-- 1 root root 1044 Sep 22 2009 csh.cshrc
416017 -rw-r--r-- 1 root root 1218 Sep 22 2009 csh.login
416023 drwxr-xr-x 4 root root 4096 May 16 2010 dbus-1
416049 drwxr-xr-x 2 root root 4096 Oct 27 00:06 default
416327 drwxr-xr-x 2 root root 4096 Nov 22 00:04 depmod.d
417003 drwxr-xr-x 3 root root 4096 Aug 5 2010 dev.d
417287 -rw-r--r-- 1 root root 178 Mar 31 2010 dhcp6c.conf
418030 -rw-r--r-- 1 root root 2518 Feb 28 2010 DIR_COLORS
417713 -rw-r--r-- 1 root root 2420 Feb 28 2010 DIR_COLORS.xterm
417923 -rw-r--r-- 1 root root 21966 Jun 6 2010 dnsmasq.conf
416154 -rw-rw-r-- 1 root disk 0 Sep 21 2009 dumpdates
416018 -rw-r--r-- 1 root root 0 Sep 22 2009 environment
416821 -rw-r--r-- 1 root root 153 Jan 7 2007 esd.conf
416019 -rw-r--r-- 1 root root 0 Jan 12 2000 exports
416213 -rw-r--r-- 1 root root 22060 Jan 7 2007 fb.modes
416020 -rw-r--r-- 1 root root 59 Jan 31 2006 filesystems
417192 drwxr-xr-x 2 root root 4096 May 16 2010 firmware
416266 drwxr-xr-x 4 root root 4096 Aug 20 2009 fonts
418172 drwxr-xr-x 2 root root 4096 Jul 17 2010 foomatic
417799 -rw-r--r-- 1 root root 672 Nov 11 14:32 fstab
416469 drwxr-xr-x 4 root root 4096 Feb 12 08:19 gconf
449032 drwxr-xr-x 2 root root 4096 Sep 3 2009 gcrypt
482811 drwxr-xr-x 2 root root 4096 Oct 28 11:54 gdm
416117 -rw-r--r-- 1 root root 588 Sep 1 2009 GeoIP.conf
416082 -rw-r--r-- 1 root root 588 Sep 1 2009 GeoIP.conf.default
416046 -rw-r--r-- 1 root root 10793 Jan 6 2007 gnome-vfs-mime-magic
416181 -rw-r--r-- 1 root root 1756 Jan 6 2007 gpm-root.conf
417583 -rw-r--r-- 1 root root 894 Nov 9 20:24 group
416029 -rw------- 1 root root 880 Nov 9 20:22 group-
417797 lrwxrwxrwx 1 root root 22 Aug 20 2009 grub.conf -> ../boot/grub/grub.conf
417548 -r-------- 1 root root 739 Nov 9 20:24 gshadow
417150 -rw------- 1 root root 729 Nov 9 20:22 gshadow-
416464 -rw-r--r-- 1 root root 833 Mar 22 2007 gssapi_mech.conf
417514 drwxr-xr-x 4 root root 4096 Nov 9 20:09 ha.d
417408 drwxr-xr-x 3 root root 4096 Mar 31 2010 hal
416021 -rw-r--r-- 1 root root 17 Jul 23 2000 host.conf
416012 -rw-r--r-- 1 root root 187 Aug 20 2009 hosts
416022 -rw-r--r-- 1 root root 161 Jan 12 2000 hosts.allow
416024 -rw-r--r-- 1 root root 347 Jan 12 2000 hosts.deny
416641 drwxr-xr-x 4 root root 4096 Aug 20 2009 httpd
416597 drwxr-xr-x 3 root root 4096 Aug 20 2009 httpd-matrixsa
417010 -rw-r--r-- 1 root root 177 Aug 6 2010 idmapd.conf
418157 lrwxrwxrwx 1 root root 11 May 16 2010 init.d -> rc.d/init.d
417775 -rw-r--r-- 1 root root 658 Nov 16 17:23 initlog.conf
416490 -rw-r--r-- 1 root root 1667 Jul 19 2010 inittab
416025 -rw-r--r-- 1 root root 758 Sep 23 2004 inputrc
416086 drwxr-xr-x 2 root root 4096 May 16 2010 iproute2
418161 drwx------ 2 root root 4096 Jan 6 2010 ipsec.d
418168 -rw------- 1 root root 63 Jan 5 2010 ipsec.secrets.rpmsave
418154 -rw-r--r-- 1 root root 47 Apr 26 2010 issue
416047 -rw-r--r-- 1 root root 46 Apr 26 2010 issue.net
416180 -rw-r--r-- 1 root root 31303 Mar 14 2007 jwhois.conf
416799 -rw-r--r-- 1 root root 608 Jun 25 2007 krb5.conf
416961 -rw-r--r-- 1 root root 9028 Apr 3 2010 ldap.conf
416155 -rw-r--r-- 1 root root 38778 Feb 12 08:19 ld.so.cache
417494 -rw-r--r-- 1 root root 28 Oct 8 2006 ld.so.conf
416052 drwxr-xr-x 2 root root 4096 Nov 5 00:05 ld.so.conf.d
417996 -rw-r--r-- 1 root root 3534 Sep 4 01:20 lftp.conf
416071 -rw-r----- 1 root root 191 Dec 7 2009 libaudit.conf
417580 -rw-r--r-- 1 root root 2506 Oct 27 2009 libuser.conf
416053 lrwxrwxrwx 1 root root 33 Nov 9 20:04 localtime -> /usr/share/zoneinfo/Europe/London
416205 -rw-r--r-- 1 root root 1503 Mar 31 2010 login.defs
416474 -rw-r--r-- 1 root root 520 Nov 5 14:31 logrotate.conf
416167 drwxr-xr-x 2 root root 4096 Dec 26 00:03 logrotate.d
417356 drwxr-xr-x 4 root root 4096 Jan 27 2010 logwatch
416938 drwxr-xr-x 5 root root 4096 Jul 30 2010 lvm
416044 -rw-r--r-- 1 root root 293 Jan 7 2007 mailcap
416140 -rw-r--r-- 1 root root 112 Jan 7 2007 mail.rc
416817 drwxr-xr-x 2 root root 4096 Aug 20 2009 makedev.d
417607 -rw-r--r-- 1 root root 4617 Jan 6 2007 man.config
417633 drwx--x--x 2 root root 4096 Aug 20 2009 matrixsa
416192 drwxr-xr-x 2 root root 4096 Aug 20 2009 mgetty+sendfax
416045 -rw-r--r-- 1 root root 14100 Jan 7 2007 mime.types
417486 -rw-r--r-- 1 root root 330 Nov 11 18:39 mke2fs.conf
416958 -rw-r--r-- 1 root root 803 Aug 13 2009 mke4fs.conf
417022 -rw-r--r-- 1 root root 261 Aug 20 2009 modprobe.conf
416009 -rw-r--r-- 1 root root 50 Aug 20 2009 modprobe.conf~
416336 drwxr-xr-x 2 root root 4096 Jan 7 00:05 modprobe.d
416026 -rw-r--r-- 1 root root 0 Jan 12 2000 motd
416465 -rw-r--r-- 1 root root 306 Dec 26 14:48 mtab
416963 -rw-r--r-- 1 root root 1983 Jan 7 2007 mtools.conf
417520 -rw-r--r-- 1 root root 2711 Oct 4 20:45 multipath.conf
417927 -rw-r--r-- 1 root root 92794 Jun 4 2007 Muttrc
417928 -rw-r--r-- 1 root root 0 Jun 4 2007 Muttrc.local
416471 -rw-r--r-- 1 root root 441 Nov 3 23:53 my.cnf
418245 -rw-r--r-- 1 root root 1906 Sep 11 2008 nail.rc
417111 -rw-r----- 1 root named 1230 Dec 13 18:10 named.caching-nameserver.conf
417699 -rw-r--r-- 1 root named 259 Feb 7 2010 named.conf
417016 -rw-r----- 1 root named 955 Dec 13 18:10 named.rfc1912.zones
416467 drwxr-xr-x 2 root root 4096 May 16 2010 netplug
416476 drwxr-xr-x 2 root root 4096 May 16 2010 netplug.d
417742 drwxr-xr-x 4 root root 4096 Dec 15 00:03 NetworkManager
416116 -rw-r--r-- 1 root root 1895 Oct 25 21:15 nscd.conf
417261 -rw-r--r-- 1 root root 1696 Sep 23 2004 nsswitch.conf
417444 drwxr-xr-x 2 root root 4096 Nov 9 20:21 ntop
416323 drwxr-xr-x 2 root root 4096 Oct 28 11:53 ntp
416324 -rw-r--r-- 1 root root 118 Dec 12 2007 ntp.conf
417695 drwxr-xr-x 2 102 root 4096 Oct 28 11:52 nxserver
416164 -rw-r--r-- 1 root root 0 Jan 7 2007 odbc.ini
416165 -rw-r--r-- 1 root root 389 Jan 7 2007 odbcinst.ini
417609 drwxr-xr-x 2 root root 4096 May 24 2008 oddjob
417610 -rw-r--r-- 1 root root 4453 May 24 2008 oddjobd.conf
417611 drwxr-xr-x 2 root root 4096 Aug 20 2009 oddjobd.conf.d
416250 drwxr-xr-x 3 root root 4096 Dec 1 00:03 openldap
449031 drwxr-xr-x 4 root root 4096 Dec 2 17:24 openvpn
416040 drwxr-xr-x 2 root root 4096 Jan 26 2010 opt
416190 drwxr-xr-x 2 root root 4096 Dec 2 00:04 pam.d
417251 drwxr-xr-x 2 root root 4096 Aug 20 2009 pam_pkcs11
416219 -rw-r--r-- 1 root root 12 Jan 6 2007 pam_smb.conf
417584 -rw-r--r-- 1 root root 2094 Nov 9 20:27 passwd
416322 -rw-r--r-- 1 root root 2053 Nov 9 20:22 passwd-
417102 drwxr-xr-x 2 root root 4096 Aug 20 2009 pcmcia
416078 drwxr-xr-x 2 root root 4096 Dec 1 00:03 php.d
416222 -rw-r--r-- 1 root root 45079 Nov 29 21:53 php.ini
417048 -rw-r--r-- 1 root root 2875 Jan 7 2007 pinforc
416041 drwxr-xr-x 6 root root 4096 Jan 26 2010 pki
417563 drwxr-xr-x 5 root root 4096 Aug 20 2009 pm
416639 drwxr-xr-x 3 root root 4096 Aug 20 2009 postfix
416493 drwxr-xr-x 3 root root 4096 Nov 18 00:05 ppp
418183 -rw-r--r-- 1 root root 3085 Jan 6 2010 pptpd.conf
418150 -rw-r--r-- 1 root root 413153 Feb 9 00:00 prelink.cache
417118 -rw-r--r-- 1 root root 973 Sep 18 2008 prelink.conf
417119 drwxr-xr-x 2 root root 4096 Jan 21 2009 prelink.conf.d
416030 -rw-r--r-- 1 root root 135 Aug 13 2010 printcap
416027 -rw-r--r-- 1 root root 1029 Sep 22 2009 profile
416032 drwxr-xr-x 2 root root 4096 Dec 2 00:04 profile.d
416028 -rw-r--r-- 1 root root 6108 Oct 11 2006 protocols
416115 -rw-r--r-- 1 root root 10650 Dec 12 2007 pure-ftpd.conf
416141 -rw-r--r-- 1 root root 920 Dec 18 2001 pureftpd-ldap.conf
416142 -rw-r--r-- 1 root root 3171 Dec 18 2001 pureftpd-mysql.conf
449803 drwxr-xr-x 2 root root 4096 Oct 23 00:07 purple
416269 -rw------- 1 root root 0 Aug 20 2009 .pwd.lock
417215 -rw-r--r-- 1 root root 220 Feb 26 2009 quotagrpadmins
417189 -rw-r--r-- 1 root root 290 Feb 26 2009 quotatab
417216 drwxr-xr-x 3 root root 4096 Aug 28 00:08 racoon
416499 lrwxrwxrwx 1 root root 7 Nov 18 00:05 rc -> rc.d/rc
416522 lrwxrwxrwx 1 root root 10 Nov 18 00:05 rc0.d -> rc.d/rc0.d
416059 lrwxrwxrwx 1 root root 10 Nov 18 00:05 rc1.d -> rc.d/rc1.d
416523 lrwxrwxrwx 1 root root 10 Nov 18 00:05 rc2.d -> rc.d/rc2.d
416524 lrwxrwxrwx 1 root root 10 Nov 18 00:05 rc3.d -> rc.d/rc3.d
416525 lrwxrwxrwx 1 root root 10 Nov 18 00:05 rc4.d -> rc.d/rc4.d
416068 lrwxrwxrwx 1 root root 10 Nov 18 00:05 rc5.d -> rc.d/rc5.d
416069 lrwxrwxrwx 1 root root 10 Nov 18 00:05 rc6.d -> rc.d/rc6.d
416056 drwxr-xr-x 10 root root 4096 Nov 18 00:05 rc.d
416520 lrwxrwxrwx 1 root root 13 Nov 18 00:05 rc.local -> rc.d/rc.local
416521 lrwxrwxrwx 1 root root 15 Nov 18 00:05 rc.sysinit -> rc.d/rc.sysinit
417364 drwxr-xr-x 2 root root 4096 May 16 2010 readahead.d
417807 -rw-r--r-- 1 root root 435 Jul 16 2010 reader.conf
417536 drwxr-xr-x 2 root root 4096 Jul 16 2010 reader.conf.d
416146 -rw-r--r-- 1 root root 27 Apr 26 2010 redhat-release
417893 -rw-r--r-- 1 root root 1484 Jan 6 2007 request-key.conf
416414 -rw-r--r-- 1 root root 149 Feb 7 2010 resolv.conf
416413 -rw-r--r-- 1 root root 110 Aug 20 2009 resolv.conf.bak
418145 -rw-r----- 1 root root 38359 Feb 12 07:33 rkhunter.conf
416416 lrwxrwxrwx 1 root root 11 Oct 22 2009 rmt -> ../sbin/rmt
417558 -rw-r----- 1 root named 113 Aug 20 2009 rndc.key
417263 -rw-r--r-- 1 root root 1615 Aug 30 2001 rpc
416005 drwxr-xr-x 2 root root 4096 Sep 8 16:11 rpm
416070 -rw-r--r-- 1 root root 734 Nov 16 17:23 rwtab
416526 drwxr-xr-x 2 root root 4096 Nov 16 17:23 rwtab.d
417884 drwxr-xr-x 2 root root 4096 Nov 11 14:33 sarg
416085 drwxr-xr-x 2 root root 4096 Mar 17 2010 sasl2
416937 -rw-r--r-- 1 root root 103 Mar 14 2007 scrollkeeper.conf
417019 -rw-r--r-- 1 root root 666 Aug 5 2010 scsi_id.config
416031 -rw------- 1 root root 122 Feb 17 2003 securetty
416215 drwxr-xr-x 5 root root 4096 Nov 3 00:05 security
416449 drwxr-xr-x 3 root root 4096 Nov 8 13:44 selinux
417711 -rw-r--r-- 1 root root 85306 Jul 12 2009 sensors.conf
417876 -rw-r--r-- 1 root root 362037 Aug 1 2010 services
417397 -rw-r--r-- 1 root root 216 Apr 3 2010 sestatus.conf
417222 drwxr-xr-x 2 root root 4096 Aug 20 2009 setuptool.d
416436 drwxr-xr-x 2 root root 4096 Aug 20 2009 sgml
417525 -r-------- 1 root root 1287 Nov 9 20:27 shadow
417640 -r-------- 1 root root 1227 Nov 9 20:22 shadow-
416036 -rw-r--r-- 1 root root 60 Aug 20 2009 shells
416042 drwxr-xr-x 3 root root 4096 Oct 28 11:54 skel
417792 drwxr-xr-x 3 root root 4096 Nov 13 03:55 smart
417733 -rw-r--r-- 1 root root 6463 Jan 21 2009 smartd.conf
418098 -rw-r--r-- 1 root root 1272 Jan 4 2008 smi.conf
417253 drwxr-xr-x 2 squid squid 4096 Dec 25 22:39 squid
417024 drwxr-xr-x 2 root root 4096 Sep 12 17:00 ssh
417295 drwxr-xr-x 2 root root 4096 Feb 26 2009 stunnel
416684 -r--r----- 1 root root 3193 Oct 19 14:10 sudoers
416002 drwxr-xr-x 11 root root 4096 Jan 7 00:05 sysconfig
416566 -rw-r--r-- 1 root root 1548 Feb 7 2010 sysctl.conf
416663 -rw-r--r-- 1 root root 694 Apr 3 2010 syslog.conf
416048 -rw-r--r-- 1 root root 807103 Jan 6 2007 termcap
417347 -rw-r--r-- 1 root root 2643 Jan 7 2007 tux.mime.types
416452 drwxr-xr-x 5 root root 4096 Aug 7 2010 udev
417384 -rw-r--r-- 1 root root 136 Sep 3 2009 updatedb.conf
416976 -rw-r--r-- 1 root root 1533 Sep 19 2009 virc
417190 -rw-r--r-- 1 root root 2657 Feb 26 2009 warnquota.conf
416816 -rw-r--r-- 1 root root 23735 Jan 9 2007 webalizer.conf
449040 drwxr-xr-x 111 root root 4096 Nov 11 18:38 webmin
416920 -rw-r--r-- 1 root root 4204 Nov 3 2009 wgetrc
416828 drwxr-xr-x 2 root root 4096 May 16 2010 wpa_supplicant
416004 drwxr-xr-x 7 root root 4096 Nov 18 00:05 X11
416126 drwxr-xr-x 4 root root 4096 Mar 8 2009 xdg
417434 -rw-r--r-- 1 root root 1001 Mar 15 2007 xinetd.conf
416043 drwxr-xr-x 2 root root 4096 Dec 2 00:04 xinetd.d
416921 drwxr-xr-x 2 root root 4096 Aug 20 2009 xml
416137 -rw-r--r-- 1 root root 585 Sep 21 2009 yp.conf
417573 drwxr-xr-x 3 root root 4096 Apr 4 2010 yum
417574 -rw-r--r-- 1 root root 277 Dec 12 2007 yum.conf
417194 -rw-r--r-- 1 root root 346 Apr 4 2010 yum.conf.rpmnew
416153 drwxr-xr-x 2 root root 4096 Jan 23 00:06 yum.repos.d
[root ~]# cat /var/lib/rkhunter/db/rkhunter.dat | grep '/etc/rkhunter.conf'
File:/etc/rkhunter.conf:c6fba639c22bce442e9f52217632d76178036b5b:417710:0640:0:0:36991:1290047663::
[root ~]# rkhunter --version
Rootkit Hunter 1.3.8
|
|
|
02-12-2011, 06:13 AM
|
#4
|
Moderator
Registered: May 2001
Posts: 29,415
|
Quote:
Originally Posted by qwertyjjj
The file rkhunter.cond foes not exist on the system, but it is present in the rkhunter.dat file.
|
Might you be getting the message wrong? Doesn't it actually read "The file rkhunter.conf exist on the system, but it is not present in the rkhunter.dat file."?
|
|
|
02-12-2011, 06:37 AM
|
#5
|
Senior Member
Registered: Jul 2009
Location: UK
Distribution: Cent OS5 with Plesk
Posts: 1,013
Original Poster
Rep:
|
Quote:
Originally Posted by unSpawn
Might you be getting the message wrong? Doesn't it actually read "The file rkhunter.conf exist on the system, but it is not present in the rkhunter.dat file."?
|
[00:03:45] /etc/rkhunter.conf [ Warning ]
[00:03:45] Warning: The file '/etc/rkhunter.conf' does not exist on the system, but it is present in the rkhunter.dat file.
[00:03:45]
|
|
|
02-12-2011, 07:01 AM
|
#6
|
Moderator
Registered: May 2001
Posts: 29,415
|
OK. What's the RKH version? Where did you install it from? Also CYP run rkhunter with the usual arguments and switches and add the "--debug" switch, locate the /tmp/rkhunter-debug* file and then pastebin its contents?
|
|
|
02-12-2011, 10:42 AM
|
#7
|
Senior Member
Registered: Jul 2009
Location: UK
Distribution: Cent OS5 with Plesk
Posts: 1,013
Original Poster
Rep:
|
Quote:
Originally Posted by unSpawn
OK. What's the RKH version? Where did you install it from? Also CYP run rkhunter with the usual arguments and switches and add the "--debug" switch, locate the /tmp/rkhunter-debug* file and then pastebin its contents?
|
version is:
[root ~]# rkhunter --version
Rootkit Hunter 1.3.8
tmp file:
what's pastebin? I only have command line access. I could upload the file but the text is quite long.
|
|
|
02-12-2011, 11:59 AM
|
#8
|
Moderator
Registered: May 2001
Posts: 29,415
|
If it's not on your file system (which, whereis, (s)locate, 'man -f', type, 'deflare -F', etc, etc) then there's other methods of finding out: searching LQ, Wikipedia or the 'net. From Wikipedia: "A pastebin is a type of web application which allows its users to upload snippets of text(..) A vast number of pastebins exist on the Internet, (..)".
|
|
|
02-12-2011, 12:17 PM
|
#9
|
Senior Member
Registered: Jul 2009
Location: UK
Distribution: Cent OS5 with Plesk
Posts: 1,013
Original Poster
Rep:
|
Quote:
Originally Posted by unSpawn
If it's not on your file system (which, whereis, (s)locate, 'man -f', type, 'deflare -F', etc, etc) then there's other methods of finding out: searching LQ, Wikipedia or the 'net. From Wikipedia: "A pastebin is a type of web application which allows its users to upload snippets of text(..) A vast number of pastebins exist on the Internet, (..)".
|
But do I upload the file from my server to a bin on an internet server somewhere?
It's installed on ym system but google doesn;t show any command line usage of how to use it.
I am not sure how to paste the contents of the file from the command line to a website.
I can't copy the text of the file as I only have command line access and both nano and vi do not allow scrolling through the file to copy it.
Last edited by qwertyjjj; 02-12-2011 at 12:25 PM.
|
|
|
02-12-2011, 12:55 PM
|
#10
|
Member
Registered: Sep 2009
Location: Russia
Distribution: Gentoo, LFS
Posts: 399
Rep:
|
you still didn't answer the main question(you were asked twice): where does your rkhunter come from?
there is "wgetpaste" utility to upload data to pastebin sites, browse your repository for it. I'm wondering how did you copy that long ls outputs before... what's the problem to do the same trick again, pasting results to any pastebin site, say codepad.org?
|
|
|
02-12-2011, 01:01 PM
|
#11
|
Senior Member
Registered: Jul 2009
Location: UK
Distribution: Cent OS5 with Plesk
Posts: 1,013
Original Poster
Rep:
|
Quote:
Originally Posted by Web31337
you still didn't answer the main question(you were asked twice): where does your rkhunter come from?
there is "wgetpaste" utility to upload data to pastebin sites, browse your repository for it. I'm wondering how did you copy that long ls outputs before... what's the problem to do the same trick again, pasting results to any pastebin site, say codepad.org?
|
from the centos repository I think - I just did yum install rkhunter.
I've never had to copy a file before, I just copy and pasted short lines from the command line.
When you use nano or vi it doesn't let you copy the whole file as you have to scroll through screens.
Last edited by qwertyjjj; 02-12-2011 at 01:08 PM.
|
|
|
02-12-2011, 01:34 PM
|
#12
|
Moderator
Registered: May 2001
Posts: 29,415
|
If you're running CLI-only then 'screen' enables you to post text selections somewhat like vi markers: "CTRL+A+[" to start the selection and "CTRL+A+]" to finalize it. Alternatively you could 'grep "does not exist on the system, but it is present in the rkhunter.dat file" -C 100' the debug file and post output here in BB code tags.
|
|
|
02-13-2011, 04:16 AM
|
#13
|
Senior Member
Registered: Jul 2009
Location: UK
Distribution: Cent OS5 with Plesk
Posts: 1,013
Original Poster
Rep:
|
Quote:
Originally Posted by unSpawn
If you're running CLI-only then 'screen' enables you to post text selections somewhat like vi markers: "CTRL+A+[" to start the selection and "CTRL+A+]" to finalize it. Alternatively you could 'grep "does not exist on the system, but it is present in the rkhunter.dat file" -C 100' the debug file and post output here in BB code tags.
|
Thanks, got that:
Code:
[root tmp]# grep "does not exist on the system, but it is present in the rkhunter.dat file" rkhunter-debug.mLcNM12396 -C 100
++ cut -c1-4
+ SPACES=' '
+ LINE1=' /etc/rkhunter.conf'
+ '[' -n Warning ']'
+ '[' 1 -eq 1 ']'
++ echo ' /etc/rkhunter.conf'
++ wc -c
++ tr -d ' '
+ LINE1_NUM=23
++ expr 62 - 23
+ NUM_SPACES=39
+ test 39 -lt 1
+ '[' 1 -eq 0 ']'
+ LINE1=' /etc/rkhunter.conf\033[39C[ Warning ]'
+ '[' 1 -eq 1 ']'
++ echo '[15:32:33] /etc/rkhunter.conf'
++ wc -c
++ tr -d ' '
+ LOGLINE1_NUM=32
++ expr 62 - 32
+ NUM_SPACES=30
+ test 30 -lt 1
++ echo ' '
++ cut -c1-30
+ SPACES=' '
+ LOGLINE1='[15:32:33] /etc/rkhunter.conf [ Warning ]'
+ '[' 0 -eq 1 ']'
+ '[' 1 -eq 1 ']'
+ NLLOOP=0
+ test 0 -gt 0
+ '[' '' = c ']'
+ echo -e ' /etc/rkhunter.conf\033[39C[ Warning ]'
/etc/rkhunter.conf [ Warning ]
+ '[' 1 -eq 1 ']'
+ echo -e '[15:32:33] /etc/rkhunter.conf [ Warning ]'
+ '[' 0 -eq 1 ']'
++ echo '[15:32:33] /etc/rkhunter.conf [ Warning ]'
++ grep '^\[[0-9][0-9]:[0-9][0-9]:[0-9][0-9]\] '
+ '[' 0 -eq 1 -a -n '' ']'
+ test 1 -eq 1 -a 0 -eq 1
+ return
+ display --to LOG --type WARNING FILE_PROP_FILE_NOT_EXIST /etc/rkhunter.conf
+ WARN_MSG=0
+ NL=0
+ NLAFTER=0
+ LOGINDENT=0
+ SCREENINDENT=0
+ LOGNL=0
+ SCREENNL=0
+ WRITETO=
+ TYPE=
+ RESULT=
+ COLOR=
+ MSG=
+ LINE1=
+ LOGLINE1=
+ SPACES=
+ NONL=
+ DISPLAY_LINE='display --to LOG --type WARNING FILE_PROP_FILE_NOT_EXIST /etc/rkhunter.conf'
+ '[' 6 -le 0 ']'
+ '[' 6 -ge 1 ']'
+ case "$1" in
+ case "$2" in
+ WRITETO=LOG
+ shift
+ shift
+ '[' 4 -ge 1 ']'
+ case "$1" in
++ eval echo '$MSG_TYPE_WARNING'
+++ echo Warning
+ TYPE=Warning
+ '[' -z Warning -a WARNING '!=' PLAIN ']'
+ test WARNING = WARNING
+ WARN_MSG=1
+ shift
+ shift
+ '[' 2 -ge 1 ']'
+ case "$1" in
+ MSG=FILE_PROP_FILE_NOT_EXIST
+ shift
+ break
+ test 1 -eq 1
++ expr 0 + 1
+ WARNING_COUNT=1
+ '[' 0 -eq 1 ']'
+ '[' 0 -eq 1 ']'
+ test LOG = SCREEN -o LOG = SCREEN+LOG
+ WRITETOTTY=0
+ test LOG = LOG -o LOG = SCREEN+LOG
+ WRITETOLOG=1
+ '[' 0 -eq 0 -a 1 -eq 0 ']'
+ '[' 0 -eq 1 -a 1 -eq 1 -a -n '' -a -z '' ']'
+ test -n Warning
+ NONL=
+ '[' 0 -eq 1 -a 0 -eq 1 -a 1 -eq 1 -a '' = Whitelisted ']'
+ LANG_FILE=/var/lib/rkhunter/db/i18n/en
+ '[' -n FILE_PROP_FILE_NOT_EXIST ']'
++ grep '^FILE_PROP_FILE_NOT_EXIST:' /var/lib/rkhunter/db/i18n/en
++ head -n 1
++ cut -d: -f2-
+ LINE1='The file '\''$1'\'' does not exist on the system, but it is present in the rkhunter.dat file.'
+ '[' 0 -eq 1 ']'
+ '[' -z 'The file '\''$1'\'' does not exist on the system, but it is present in the rkhunter.dat file.' ']'
++ echo 'The file '\''$1'\'' does not exist on the system, but it is present in the rkhunter.dat file.'
++ sed -e 's/`/\\`/g'
+ LINE1='The file '\''$1'\'' does not exist on the system, but it is present in the rkhunter.dat file.'
+ test -n 'The file '\''$1'\'' does not exist on the system, but it is present in the rkhunter.dat file.'
++ eval 'echo "The file '\''$1'\'' does not exist on the system, but it is present in the rkhunter.dat file." | sed -e '\''s/;/\;/g'\'''
+++ echo 'The file '\''/etc/rkhunter.conf'\'' does not exist on the system, but it is present in the rkhunter.dat file.'
+++ sed -e 's/;/\;/g'
+ LINE1='The file '\''/etc/rkhunter.conf'\'' does not exist on the system, but it is present in the rkhunter.dat file.'
+ '[' 1 -eq 1 ']'
++ date '+[%H:%M:%S]'
+ LOGLINE1='[15:32:33]'
+ test 0 -gt 0 -o 0 -eq 1
+ '[' -n Warning ']'
+ LOGLINE1='[15:32:33] Warning: The file '\''/etc/rkhunter.conf'\'' does not exist on the system, but it is present in the rkhunter.dat file.'
+ '[' 0 -eq 1 -a 0 -gt 0 ']'
+ '[' -n '' ']'
+ '[' 0 -eq 1 -a -n '' ']'
+ '[' 0 -eq 1 ']'
+ '[' 0 -eq 1 ']'
+ '[' 1 -eq 1 ']'
+ echo -e '[15:32:33] Warning: The file '\''/etc/rkhunter.conf'\'' does not exist on the system, but it is present in the rkhunter.dat file.'
+ '[' 1 -eq 1 ']'
+ test 0 -eq 1
+ LINE1=1
+ OLDIFS='
'
+ IFS='
'
++ grep '^FILE_PROP_FILE_NOT_EXIST:' /var/lib/rkhunter/db/i18n/en
++ cut -d: -f2-
+ for LOGLINE1 in '`grep "^${MSG}:" ${LANG_FILE} 2>/dev/null | cut -d: -f2-`'
+ '[' 1 -eq 1 ']'
+ LINE1=0
+ continue
+ IFS='
'
+ test 0 -eq 1 -a 0 -eq 1
+ return
+ test -n '' -o -n ''
+ return
+ keypresspause
+ '[' 1 -eq 0 -a 0 -eq 0 ']'
+ return
+ return
+ do_rootkit_checks
++ check_test rootkits
+++ echo ' all '
+++ grep ' rootkits '
++ '[' all = all -o -n '' ']'
+++ echo ' suspscan hidden_procs deleted_files packet_cap_apps apps '
+++ grep ' rootkits '
++ '[' 'suspscan hidden_procs deleted_files packet_cap_apps apps' = none -o -z '' ']'
++ return 0
+ display --to LOG --type INFO --screen-nl --nl STARTING_TEST rootkits
+ WARN_MSG=0
+ NL=0
+ NLAFTER=0
+ LOGINDENT=0
+ SCREENINDENT=0
+ LOGNL=0
+ SCREENNL=0
+ WRITETO=
+ TYPE=
+ RESULT=
+ COLOR=
+ MSG=
+ LINE1=
+ LOGLINE1=
+ SPACES=
+ NONL=
+ DISPLAY_LINE='display --to LOG --type INFO --screen-nl --nl STARTING_TEST rootkits'
+ '[' 8 -le 0 ']'
+ '[' 8 -ge 1 ']'
+ case "$1" in
+ case "$2" in
+ WRITETO=LOG
+ shift
+ shift
+ '[' 6 -ge 1 ']'
+ case "$1" in
++ eval echo '$MSG_TYPE_INFO'
+++ echo Info
+ TYPE=Info
+ '[' -z Info -a INFO '!=' PLAIN ']'
+ test INFO = WARNING
+ shift
+ shift
+ '[' 4 -ge 1 ']'
+ case "$1" in
+ SCREENNL=1
+ shift
+ '[' 3 -ge 1 ']'
+ case "$1" in
+ NL=1
+ case "$2" in
+ shift
+ '[' 2 -ge 1 ']'
+ case "$1" in
+ MSG=STARTING_TEST
+ shift
+ break
+ test 0 -eq 1
+ '[' 0 -eq 1 ']'
+ '[' 0 -eq 1 ']'
+ test LOG = SCREEN -o LOG = SCREEN+LOG
+ WRITETOTTY=0
+ test LOG = LOG -o LOG = SCREEN+LOG
+ WRITETOLOG=1
+ '[' 0 -eq 0 -a 1 -eq 0 ']'
+ '[' 0 -eq 1 -a 1 -eq 1 -a -n '' -a -z '' ']'
+ test -n Info
+ NONL=
+ '[' 0 -eq 1 -a 0 -eq 1 -a 1 -eq 1 -a '' = Whitelisted ']'
+ LANG_FILE=/var/lib/rkhunter/db/i18n/en
+ '[' -n STARTING_TEST ']'
++ grep '^STARTING_TEST:' /var/lib/rkhunter/db/i18n/en
++ head -n 1
++ cut -d: -f2-
+ LINE1='Starting test name '\''$1'\'''
+ '[' 0 -eq 1 ']'
+ '[' -z 'Starting test name '\''$1'\''' ']'
|
|
|
02-13-2011, 05:24 AM
|
#14
|
Moderator
Registered: May 2001
Posts: 29,415
|
Thanks but unfortunately it doesn't show RKH performing the actual test leading to this. CYP repeat but with 'grep "does not exist on the system, but it is present in the rkhunter.dat file" rkhunter-debug.mLcNM12396 -A 100 -B 200 > /tmp/rkhdebug.txt' and attach "/tmp/rkhdebug.txt"? TIA.
|
|
|
02-13-2011, 07:31 AM
|
#15
|
Senior Member
Registered: Jul 2009
Location: UK
Distribution: Cent OS5 with Plesk
Posts: 1,013
Original Poster
Rep:
|
Quote:
Originally Posted by unSpawn
Thanks but unfortunately it doesn't show RKH performing the actual test leading to this. CYP repeat but with 'grep "does not exist on the system, but it is present in the rkhunter.dat file" rkhunter-debug.mLcNM12396 -A 100 -B 200 > /tmp/rkhdebug.txt' and attach "/tmp/rkhdebug.txt"? TIA.
|
Code:
[root tmp]# grep "does not exist on the system, but it is present in the rkhunter.dat file" rkhunter-debug.mLcNM12396 -A 100 -B 200
+ LOGLINE1=
+ SPACES=
+ NONL=
+ DISPLAY_LINE='display --to SCREEN+LOG --type PLAIN --screen-indent 4 --log-indent 2 --result WARNING --color RED NAME /etc/rkhunter.conf'
+ '[' 14 -le 0 ']'
+ '[' 14 -ge 1 ']'
+ case "$1" in
+ case "$2" in
+ WRITETO=SCREEN+LOG
+ shift
+ shift
+ '[' 12 -ge 1 ']'
+ case "$1" in
++ eval echo '$MSG_TYPE_PLAIN'
+++ echo
+ TYPE=
+ '[' -z '' -a PLAIN '!=' PLAIN ']'
+ test PLAIN = WARNING
+ shift
+ shift
+ '[' 10 -ge 1 ']'
+ case "$1" in
+ SCREENINDENT=4
+ '[' -z 4 ']'
++ echo 4
++ grep '^[0-9]*$'
+ '[' -z 4 ']'
+ shift
+ shift
+ '[' 8 -ge 1 ']'
+ case "$1" in
+ LOGINDENT=2
+ '[' -z 2 ']'
++ echo 2
++ grep '^[0-9]*$'
+ '[' -z 2 ']'
+ shift
+ shift
+ '[' 6 -ge 1 ']'
+ case "$1" in
++ eval echo '$MSG_RESULT_WARNING'
+++ echo Warning
+ RESULT=Warning
+ '[' -z Warning ']'
+ shift
+ shift
+ '[' 4 -ge 1 ']'
+ case "$1" in
+ '[' 1 -eq 1 ']'
+ test -n RED
++ eval 'echo ${RED}'
+++ echo ''
+ COLOR=''
+ '[' -z '' ']'
+ shift
+ shift
+ '[' 2 -ge 1 ']'
+ case "$1" in
+ MSG=NAME
+ shift
+ break
+ test 0 -eq 1
+ '[' 0 -eq 1 ']'
+ '[' 0 -eq 1 ']'
+ test SCREEN+LOG = SCREEN -o SCREEN+LOG = SCREEN+LOG
+ WRITETOTTY=1
+ test SCREEN+LOG = LOG -o SCREEN+LOG = SCREEN+LOG
+ WRITETOLOG=1
+ '[' 1 -eq 0 -a 1 -eq 0 ']'
+ '[' 1 -eq 1 -a 1 -eq 1 -a -n Warning -a -z '' ']'
+ test -n ''
+ '[' 0 -eq 1 -a 1 -eq 1 -a 1 -eq 1 -a Warning = Whitelisted ']'
+ LANG_FILE=/var/lib/rkhunter/db/i18n/en
+ '[' -n NAME ']'
++ grep '^NAME:' /var/lib/rkhunter/db/i18n/en
++ head -n 1
++ cut -d: -f2-
+ LINE1='$1'
+ '[' 0 -eq 1 ']'
+ '[' -z '$1' ']'
++ echo '$1'
++ sed -e 's/`/\\`/g'
+ LINE1='$1'
+ test -n '$1'
++ eval 'echo "$1" | sed -e '\''s/;/\;/g'\'''
+++ echo /etc/rkhunter.conf
+++ sed -e 's/;/\;/g'
+ LINE1=/etc/rkhunter.conf
+ '[' 1 -eq 1 ']'
++ date '+[%H:%M:%S]'
+ LOGLINE1='[15:32:33]'
+ test 0 -gt 0 -o 0 -eq 1
+ '[' -n '' ']'
+ test 2 -gt 0
++ echo ' '
++ cut -c1-2
+ SPACES=' '
+ LOGLINE1='[15:32:33] /etc/rkhunter.conf'
+ '[' 1 -eq 1 -a 4 -gt 0 ']'
++ echo ' '
++ cut -c1-4
+ SPACES=' '
+ LINE1=' /etc/rkhunter.conf'
+ '[' -n Warning ']'
+ '[' 1 -eq 1 ']'
++ echo ' /etc/rkhunter.conf'
++ wc -c
++ tr -d ' '
+ LINE1_NUM=23
++ expr 62 - 23
+ NUM_SPACES=39
+ test 39 -lt 1
+ '[' 1 -eq 0 ']'
+ LINE1=' /etc/rkhunter.conf\033[39C[ Warning ]'
+ '[' 1 -eq 1 ']'
++ echo '[15:32:33] /etc/rkhunter.conf'
++ wc -c
++ tr -d ' '
+ LOGLINE1_NUM=32
++ expr 62 - 32
+ NUM_SPACES=30
+ test 30 -lt 1
++ echo ' '
++ cut -c1-30
+ SPACES=' '
+ LOGLINE1='[15:32:33] /etc/rkhunter.conf [ Warning ]'
+ '[' 0 -eq 1 ']'
+ '[' 1 -eq 1 ']'
+ NLLOOP=0
+ test 0 -gt 0
+ '[' '' = c ']'
+ echo -e ' /etc/rkhunter.conf\033[39C[ Warning ]'
/etc/rkhunter.conf [ Warning ]
+ '[' 1 -eq 1 ']'
+ echo -e '[15:32:33] /etc/rkhunter.conf [ Warning ]'
+ '[' 0 -eq 1 ']'
++ echo '[15:32:33] /etc/rkhunter.conf [ Warning ]'
++ grep '^\[[0-9][0-9]:[0-9][0-9]:[0-9][0-9]\] '
+ '[' 0 -eq 1 -a -n '' ']'
+ test 1 -eq 1 -a 0 -eq 1
+ return
+ display --to LOG --type WARNING FILE_PROP_FILE_NOT_EXIST /etc/rkhunter.conf
+ WARN_MSG=0
+ NL=0
+ NLAFTER=0
+ LOGINDENT=0
+ SCREENINDENT=0
+ LOGNL=0
+ SCREENNL=0
+ WRITETO=
+ TYPE=
+ RESULT=
+ COLOR=
+ MSG=
+ LINE1=
+ LOGLINE1=
+ SPACES=
+ NONL=
+ DISPLAY_LINE='display --to LOG --type WARNING FILE_PROP_FILE_NOT_EXIST /etc/rkhunter.conf'
+ '[' 6 -le 0 ']'
+ '[' 6 -ge 1 ']'
+ case "$1" in
+ case "$2" in
+ WRITETO=LOG
+ shift
+ shift
+ '[' 4 -ge 1 ']'
+ case "$1" in
++ eval echo '$MSG_TYPE_WARNING'
+++ echo Warning
+ TYPE=Warning
+ '[' -z Warning -a WARNING '!=' PLAIN ']'
+ test WARNING = WARNING
+ WARN_MSG=1
+ shift
+ shift
+ '[' 2 -ge 1 ']'
+ case "$1" in
+ MSG=FILE_PROP_FILE_NOT_EXIST
+ shift
+ break
+ test 1 -eq 1
++ expr 0 + 1
+ WARNING_COUNT=1
+ '[' 0 -eq 1 ']'
+ '[' 0 -eq 1 ']'
+ test LOG = SCREEN -o LOG = SCREEN+LOG
+ WRITETOTTY=0
+ test LOG = LOG -o LOG = SCREEN+LOG
+ WRITETOLOG=1
+ '[' 0 -eq 0 -a 1 -eq 0 ']'
+ '[' 0 -eq 1 -a 1 -eq 1 -a -n '' -a -z '' ']'
+ test -n Warning
+ NONL=
+ '[' 0 -eq 1 -a 0 -eq 1 -a 1 -eq 1 -a '' = Whitelisted ']'
+ LANG_FILE=/var/lib/rkhunter/db/i18n/en
+ '[' -n FILE_PROP_FILE_NOT_EXIST ']'
++ grep '^FILE_PROP_FILE_NOT_EXIST:' /var/lib/rkhunter/db/i18n/en
++ head -n 1
++ cut -d: -f2-
+ LINE1='The file '\''$1'\'' does not exist on the system, but it is present in the rkhunter.dat file.'
+ '[' 0 -eq 1 ']'
+ '[' -z 'The file '\''$1'\'' does not exist on the system, but it is present in the rkhunter.dat file.' ']'
++ echo 'The file '\''$1'\'' does not exist on the system, but it is present in the rkhunter.dat file.'
++ sed -e 's/`/\\`/g'
+ LINE1='The file '\''$1'\'' does not exist on the system, but it is present in the rkhunter.dat file.'
+ test -n 'The file '\''$1'\'' does not exist on the system, but it is present in the rkhunter.dat file.'
++ eval 'echo "The file '\''$1'\'' does not exist on the system, but it is present in the rkhunter.dat file." | sed -e '\''s/;/\;/g'\'''
+++ echo 'The file '\''/etc/rkhunter.conf'\'' does not exist on the system, but it is present in the rkhunter.dat file.'
+++ sed -e 's/;/\;/g'
+ LINE1='The file '\''/etc/rkhunter.conf'\'' does not exist on the system, but it is present in the rkhunter.dat file.'
+ '[' 1 -eq 1 ']'
++ date '+[%H:%M:%S]'
+ LOGLINE1='[15:32:33]'
+ test 0 -gt 0 -o 0 -eq 1
+ '[' -n Warning ']'
+ LOGLINE1='[15:32:33] Warning: The file '\''/etc/rkhunter.conf'\'' does not exist on the system, but it is present in the rkhunter.dat file.'
+ '[' 0 -eq 1 -a 0 -gt 0 ']'
+ '[' -n '' ']'
+ '[' 0 -eq 1 -a -n '' ']'
+ '[' 0 -eq 1 ']'
+ '[' 0 -eq 1 ']'
+ '[' 1 -eq 1 ']'
+ echo -e '[15:32:33] Warning: The file '\''/etc/rkhunter.conf'\'' does not exist on the system, but it is present in the rkhunter.dat file.'
+ '[' 1 -eq 1 ']'
+ test 0 -eq 1
+ LINE1=1
+ OLDIFS='
'
+ IFS='
'
++ grep '^FILE_PROP_FILE_NOT_EXIST:' /var/lib/rkhunter/db/i18n/en
++ cut -d: -f2-
+ for LOGLINE1 in '`grep "^${MSG}:" ${LANG_FILE} 2>/dev/null | cut -d: -f2-`'
+ '[' 1 -eq 1 ']'
+ LINE1=0
+ continue
+ IFS='
'
+ test 0 -eq 1 -a 0 -eq 1
+ return
+ test -n '' -o -n ''
+ return
+ keypresspause
+ '[' 1 -eq 0 -a 0 -eq 0 ']'
+ return
+ return
+ do_rootkit_checks
++ check_test rootkits
+++ echo ' all '
+++ grep ' rootkits '
++ '[' all = all -o -n '' ']'
+++ echo ' suspscan hidden_procs deleted_files packet_cap_apps apps '
+++ grep ' rootkits '
++ '[' 'suspscan hidden_procs deleted_files packet_cap_apps apps' = none -o -z '' ']'
++ return 0
+ display --to LOG --type INFO --screen-nl --nl STARTING_TEST rootkits
+ WARN_MSG=0
+ NL=0
+ NLAFTER=0
+ LOGINDENT=0
+ SCREENINDENT=0
+ LOGNL=0
+ SCREENNL=0
+ WRITETO=
+ TYPE=
+ RESULT=
+ COLOR=
+ MSG=
+ LINE1=
+ LOGLINE1=
+ SPACES=
+ NONL=
+ DISPLAY_LINE='display --to LOG --type INFO --screen-nl --nl STARTING_TEST rootkits'
+ '[' 8 -le 0 ']'
+ '[' 8 -ge 1 ']'
+ case "$1" in
+ case "$2" in
+ WRITETO=LOG
+ shift
+ shift
+ '[' 6 -ge 1 ']'
+ case "$1" in
++ eval echo '$MSG_TYPE_INFO'
+++ echo Info
+ TYPE=Info
+ '[' -z Info -a INFO '!=' PLAIN ']'
+ test INFO = WARNING
+ shift
+ shift
+ '[' 4 -ge 1 ']'
+ case "$1" in
+ SCREENNL=1
+ shift
+ '[' 3 -ge 1 ']'
+ case "$1" in
+ NL=1
+ case "$2" in
+ shift
+ '[' 2 -ge 1 ']'
+ case "$1" in
+ MSG=STARTING_TEST
+ shift
+ break
+ test 0 -eq 1
+ '[' 0 -eq 1 ']'
+ '[' 0 -eq 1 ']'
+ test LOG = SCREEN -o LOG = SCREEN+LOG
+ WRITETOTTY=0
+ test LOG = LOG -o LOG = SCREEN+LOG
+ WRITETOLOG=1
+ '[' 0 -eq 0 -a 1 -eq 0 ']'
+ '[' 0 -eq 1 -a 1 -eq 1 -a -n '' -a -z '' ']'
+ test -n Info
+ NONL=
+ '[' 0 -eq 1 -a 0 -eq 1 -a 1 -eq 1 -a '' = Whitelisted ']'
+ LANG_FILE=/var/lib/rkhunter/db/i18n/en
+ '[' -n STARTING_TEST ']'
++ grep '^STARTING_TEST:' /var/lib/rkhunter/db/i18n/en
++ head -n 1
++ cut -d: -f2-
+ LINE1='Starting test name '\''$1'\'''
+ '[' 0 -eq 1 ']'
+ '[' -z 'Starting test name '\''$1'\''' ']'
[root tmp]#
|
|
|
All times are GMT -5. The time now is 08:50 AM.
|
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.
|
Latest Threads
LQ News
|
|