rkhunter.conf doesn't exists?
I get this warning when running rkhunter:
The file rkhunter.cond foes not exist on the system, but it is present in the rkhunter.dat file. However, the conf file does exist as I just edited it. Any ideas on why this error occurs? [root#] locate rkhunter.conf /etc/rkhunter.conf |
can you provide more details, like pasting a list of commands like stat /etc/rkhunter.conf, ls -lai /etc, and cat /var/lib/rkhunter/db/rkhunter.dat | grep '/etc/rkhunter.conf'?
what is a version of your rkhunter, where did you get it from? --upd: when was the last time you did --propupd (you don't need to do so now, since this issue may be caused by security threat and doing --propupd can mark modified files as being trusted)? |
Quote:
Code:
[root ~]# stat /etc/rkhunter.conf |
Quote:
|
Quote:
[00:03:45] Warning: The file '/etc/rkhunter.conf' does not exist on the system, but it is present in the rkhunter.dat file. [00:03:45] |
OK. What's the RKH version? Where did you install it from? Also CYP run rkhunter with the usual arguments and switches and add the "--debug" switch, locate the /tmp/rkhunter-debug* file and then pastebin its contents?
|
Quote:
[root ~]# rkhunter --version Rootkit Hunter 1.3.8 tmp file: what's pastebin? I only have command line access. I could upload the file but the text is quite long. |
If it's not on your file system (which, whereis, (s)locate, 'man -f', type, 'deflare -F', etc, etc) then there's other methods of finding out: searching LQ, Wikipedia or the 'net. From Wikipedia: "A pastebin is a type of web application which allows its users to upload snippets of text(..) A vast number of pastebins exist on the Internet, (..)".
|
Quote:
It's installed on ym system but google doesn;t show any command line usage of how to use it. I am not sure how to paste the contents of the file from the command line to a website. I can't copy the text of the file as I only have command line access and both nano and vi do not allow scrolling through the file to copy it. |
you still didn't answer the main question(you were asked twice): where does your rkhunter come from?
there is "wgetpaste" utility to upload data to pastebin sites, browse your repository for it. I'm wondering how did you copy that long ls outputs before... what's the problem to do the same trick again, pasting results to any pastebin site, say codepad.org? |
Quote:
I've never had to copy a file before, I just copy and pasted short lines from the command line. When you use nano or vi it doesn't let you copy the whole file as you have to scroll through screens. |
If you're running CLI-only then 'screen' enables you to post text selections somewhat like vi markers: "CTRL+A+[" to start the selection and "CTRL+A+]" to finalize it. Alternatively you could 'grep "does not exist on the system, but it is present in the rkhunter.dat file" -C 100' the debug file and post output here in BB code tags.
|
Quote:
Code:
[root tmp]# grep "does not exist on the system, but it is present in the rkhunter.dat file" rkhunter-debug.mLcNM12396 -C 100 |
Thanks but unfortunately it doesn't show RKH performing the actual test leading to this. CYP repeat but with 'grep "does not exist on the system, but it is present in the rkhunter.dat file" rkhunter-debug.mLcNM12396 -A 100 -B 200 > /tmp/rkhdebug.txt' and attach "/tmp/rkhdebug.txt"? TIA.
|
Quote:
Code:
[root tmp]# grep "does not exist on the system, but it is present in the rkhunter.dat file" rkhunter-debug.mLcNM12396 -A 100 -B 200 |
Thanks, please check your email account you use for LQ.
|
Quote:
|
As root please run 'echo /etc/rkhunter.conf >> /var/lib/rkhunter/db/rkhunter_prop_list.dat' (that's >> as in "append" not > as in "replace"!), then run "rkhunter --propupd" then see if the error occurs again on your regular check.
|
Quote:
What exactly was the problem? |
Quote:
Quote:
|
All times are GMT -5. The time now is 05:14 PM. |