Rkhunter Assistance ..

Golgo13 · 01-16-2008, 01:13 PM

Hi, my name is Ben. Im new here. I have a server that we're using RKhunter on. It seems to work fine. I am just concerned with the Daily run...the run will say [BAD] for "Testing Running Processes" .. I know this means its not running the test. How can I fix this issue if anyone knows out there?
I am running Red Hat 4.1.1-1 with Rootkit Hunter 1.2.8.
Any ideas will be great!
Thanks
Ben

unSpawn · 01-16-2008, 05:13 PM

The oldest still supported RKH version is 1.2.9.
We've released 1.3.0 some time ago.
Please upgrade.

mahmoud · 01-17-2008, 10:21 AM

what happens with rkhunter is when there is an update on your system it recognizes it as a change
and notifies you that there has been a change with a file it doesnt know it was an update by you it just know there was a change
so what u can do is
rkhunter --propupd
then run it again to check of the warning still comes up then you know you have a problem
also check the log files and see what the error is

Golgo13 · 01-17-2008, 02:29 PM

Thanks for the replies, just to ensure the forum knows where Im coming from.. here's how it looks:
* Suspicious files and malware
Scanning for known rootkit strings [ OK ]
Scanning for known rootkit files [ OK ]
Testing running processes... [ BAD ]
Miscellaneous Login backdoors [ OK ]
Miscellaneous directories [ OK ]
Software related files [ OK ]
Sniffer logs [ OK ]

You'll notice the "Testing Running Processes..." says [BAD]
I will try these other tips. Any more tips out there?
Thanks!
Ben

unSpawn · 01-17-2008, 03:35 PM

I can't even *remember* what 1.2.8 output looked like. Detailed account (debug mode aka 'sh -x') output might help.