LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Linux - Software (https://www.linuxquestions.org/questions/linux-software-2/)
-   -   1 billion emails about rootkit hunter (https://www.linuxquestions.org/questions/linux-software-2/1-billion-emails-about-rootkit-hunter-606432/)

fakie_flip 12-12-2007 10:26 PM
1 billion emails about rootkit hunter
 
How can I stop getting emails about rootkit hunter without stopping it from running automatically? These are the emails I get constantly.

Code:
-N  - 486/493: root                  [rkhunter] Daily run            -- (all)
Date: Mon,  3 Dec 2007 22:51:37 -0600 (CST)
From: root <root@ubuntu>
To: undisclosed-recipients: ;
Subject: [rkhunter] Daily run

Warning: Found enabled xinetd service: /etc/xinetd.d/vmware-authd
Warning: Hidden directory found: /etc/.java
Warning: Hidden directory found: /dev/.static
Warning: Hidden directory found: /dev/.udev
Warning: Hidden directory found: /dev/.initramfs
Warning: Hidden file found: /etc/.bash.bashrc.swp: Vim swap file, version 7.0

One or more warnings have been found while checking the system.
Please check the log file (/var/log/rkhunter.log)







i:Exit  -:PrevPg  <Space>:NextPg v:View Attachm.  d:Del  r:Reply  j:Next ?:Help

gilead 12-12-2007 11:00 PM
I'm using rkhunter 1.3. In /etc/rkhunter.conf, you can whitelist files, directories and services that you know are OK (check them first). Have a look for settings in there under ALLOWHIDDENDIR, ALLOWHIDDENFILE and INETD_ALLOWED_SVC.

Then run rkhunter and tell it to only report warnings.

fakie_flip 12-13-2007 02:31 AM
Quote:
Originally Posted by gilead (Post 2989014)
I'm using rkhunter 1.3. In /etc/rkhunter.conf, you can whitelist files, directories and services that you know are OK (check them first). Have a look for settings in there under ALLOWHIDDENDIR, ALLOWHIDDENFILE and INETD_ALLOWED_SVC.

Then run rkhunter and tell it to only report warnings.
Thank you for that good response. Do you know if any of these things that rkhunter is reporting is anything I should be concerned about?

fakie_flip 12-13-2007 02:46 AM
Quote:
Originally Posted by gilead (Post 2989014)
Have a look for settings in there under ALLOWHIDDENDIR, ALLOWHIDDENFILE and INETD_ALLOWED_SVC.
Where is some documentation on this? INETD_ALLOWED_SVC I looked for it in my config file. It's not there. I searched google and the man page. This is the result.

Pattern not found (press RETURN)

I did however find ALLOWHIDDENDIR and am using it now. Thanks.

EDIT:nevermind, I figured it out. I appended this.

INETD_ALLOWED_SVC=/etc/xinetd.d/vmware-authd

gilead 12-14-2007 01:02 PM
If you're using version 1.3, the installed rkhunter.conf file should have had options like that supplied but commented out. If you're using an older version I'd suggest upgrading. Or, if your distro supplied a package, I'd download the sources from http://sourceforge.net/projects/rkhunter/ and have a look through the default rkhunter.conf and the FAQ it contains.

I subscribed to the rkhunter mailing list at https://lists.sourceforge.net/lists/...rkhunter-users as well - it's a low volume list and it's quite helpful.


All times are GMT -5. The time now is 03:43 AM.