-   Linux - Security (
-   -   rkhunter: whitelisting inetd services - talk, ntalk, ident (

tsuchan1 09-25-2009 04:24 AM

rkhunter: whitelisting inetd services - talk, ntalk, ident

I've been trying to make exceptions to suppress these rkhunter warnings, so far without success:


Warning: Found enabled inetd service: talk
Warning: Found enabled inetd service: ntalk
Warning: Found enabled inetd service: ident
My best research was that these files may need to be excepted:


so I added to /etc/rkhunter.conf:



and ran rkhunter again. But it still gives the same warnings.

If the information helps, the program I believe is using these services is 'utalk', and I'm running it under Debian Linux.

Can anybody tell me the exceptions I need to add to suppress the warnings?


- tsu'

unSpawn 09-26-2009 05:10 AM

I think you better report this on the rkhunter-users mailing list or else add a ticket in our bug tracker at Sourceforge.

tsuchan1 09-26-2009 11:55 AM

Ok, I'll do that. (^_^)
Thanks for your advice.

unSpawn 09-30-2009 09:57 AM


Originally Posted by tsuchan1 (Post 3697827)
Ok, I'll do that.

It's been four days now and I haven't seen a useradd request for the rkhunter users mailing list or a new ticket in our bug tracker. Are you one of those that say they will but then don't do anything?

tsuchan1 09-30-2009 11:23 AM

Umm, no... it's just that my post to was looking for advice on what I might have been doing wrong, after I had made my best efforts and failed. You suggested raising a bug request, which I take as a serious matter, and wanted to run it past the sys admin who gives me occasional help on the box before passing the chance of raising a bug that might still be my user error.

But I'm sorry - I really hadn't guessed that you would waiting in anticipation of my bug report... I thought my process deliberations would be "too much information". Anyway, I can give an update...

The process I followed immediately before raising this ticket was:
  • Made the changes described above (and others)
  • Re-ran the daily cron, and received exactly the output pasted above
But the next morning, the cron ran automatically and returned only:

Warning: Found enabled inetd service: ident
so I was a bit confused by that... other changes I'd made (eg. changing PermitRootLogin setting) had taken effect in the e-mail I triggered manually, so [rhetorical:] had something happened overnight to flush the rest of the settings, or had I made some mistake?

If I raised a bug at this moment, it would be:
  • rkhunter appears not to change all settings immediately the .conf file is updated
  • rkhunter appears not to exclude the inet service "ident" at all.

But as someone who is unaccomplished in Linux, I reasoned that I needed to take advice locally before potentially embarrassing myself and inconveniencing others.

I will raise a bug after I've had my actions reviewed, if they're confirmed; or write another update to this thread if it turns out to have been a fault of my own. But in may be a couple of weeks - the sys admin who can review my steps can only spare me occasional time.

All the best
- tsu'

unSpawn 09-30-2009 03:02 PM

Ah, OK, I see. Thanks for the update. The reason I asked is because we're in the process of finalizing RKH 1.3.6 for release so I'd like to fix all bugs we can Real Soon Now. If it indeed is a bug but I don't have any machines running identd to check on, nor have I seen any related errors on the list. I'd appreciate it if you let us know what you findings are. Thanks in advance!

All times are GMT -5. The time now is 09:15 PM.