LinuxQuestions.org
Visit Jeremy's Blog.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Software
User Name
Password
Linux - Software This forum is for Software issues.
Having a problem installing a new program? Want to know which application is best for the job? Post your question in this forum.

Notices


Reply
  Search this Thread
Old 12-12-2007, 11:26 PM   #1
fakie_flip
Senior Member
 
Registered: Feb 2005
Location: San Antonio, Texas
Distribution: Gentoo Hardened using OpenRC not Systemd
Posts: 1,458

Rep: Reputation: 85
1 billion emails about rootkit hunter


How can I stop getting emails about rootkit hunter without stopping it from running automatically? These are the emails I get constantly.

Code:
-N  - 486/493: root                   [rkhunter] Daily run             -- (all)
Date: Mon,  3 Dec 2007 22:51:37 -0600 (CST)
From: root <root@ubuntu>
To: undisclosed-recipients: ;
Subject: [rkhunter] Daily run

Warning: Found enabled xinetd service: /etc/xinetd.d/vmware-authd
Warning: Hidden directory found: /etc/.java
Warning: Hidden directory found: /dev/.static
Warning: Hidden directory found: /dev/.udev
Warning: Hidden directory found: /dev/.initramfs
Warning: Hidden file found: /etc/.bash.bashrc.swp: Vim swap file, version 7.0

One or more warnings have been found while checking the system.
Please check the log file (/var/log/rkhunter.log)







i:Exit  -:PrevPg  <Space>:NextPg v:View Attachm.  d:Del  r:Reply  j:Next ?:Help
 
Old 12-13-2007, 12:00 AM   #2
gilead
Senior Member
 
Registered: Dec 2005
Location: Brisbane, Australia
Distribution: Slackware64 14.0
Posts: 4,138

Rep: Reputation: 168Reputation: 168
I'm using rkhunter 1.3. In /etc/rkhunter.conf, you can whitelist files, directories and services that you know are OK (check them first). Have a look for settings in there under ALLOWHIDDENDIR, ALLOWHIDDENFILE and INETD_ALLOWED_SVC.

Then run rkhunter and tell it to only report warnings.
 
Old 12-13-2007, 03:31 AM   #3
fakie_flip
Senior Member
 
Registered: Feb 2005
Location: San Antonio, Texas
Distribution: Gentoo Hardened using OpenRC not Systemd
Posts: 1,458

Original Poster
Rep: Reputation: 85
Quote:
Originally Posted by gilead View Post
I'm using rkhunter 1.3. In /etc/rkhunter.conf, you can whitelist files, directories and services that you know are OK (check them first). Have a look for settings in there under ALLOWHIDDENDIR, ALLOWHIDDENFILE and INETD_ALLOWED_SVC.

Then run rkhunter and tell it to only report warnings.
Thank you for that good response. Do you know if any of these things that rkhunter is reporting is anything I should be concerned about?
 
Old 12-13-2007, 03:46 AM   #4
fakie_flip
Senior Member
 
Registered: Feb 2005
Location: San Antonio, Texas
Distribution: Gentoo Hardened using OpenRC not Systemd
Posts: 1,458

Original Poster
Rep: Reputation: 85
Quote:
Originally Posted by gilead View Post
Have a look for settings in there under ALLOWHIDDENDIR, ALLOWHIDDENFILE and INETD_ALLOWED_SVC.
Where is some documentation on this? INETD_ALLOWED_SVC I looked for it in my config file. It's not there. I searched google and the man page. This is the result.

Pattern not found (press RETURN)

I did however find ALLOWHIDDENDIR and am using it now. Thanks.

EDIT:nevermind, I figured it out. I appended this.

INETD_ALLOWED_SVC=/etc/xinetd.d/vmware-authd

Last edited by fakie_flip; 12-13-2007 at 03:51 AM.
 
Old 12-14-2007, 02:02 PM   #5
gilead
Senior Member
 
Registered: Dec 2005
Location: Brisbane, Australia
Distribution: Slackware64 14.0
Posts: 4,138

Rep: Reputation: 168Reputation: 168
If you're using version 1.3, the installed rkhunter.conf file should have had options like that supplied but commented out. If you're using an older version I'd suggest upgrading. Or, if your distro supplied a package, I'd download the sources from http://sourceforge.net/projects/rkhunter/ and have a look through the default rkhunter.conf and the FAQ it contains.

I subscribed to the rkhunter mailing list at https://lists.sourceforge.net/lists/...rkhunter-users as well - it's a low volume list and it's quite helpful.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
rootkit hunter fakie_flip Linux - Software 1 10-20-2007 03:41 PM
Rootkit Hunter: looking for C++ developers unSpawn Linux - Security 0 07-26-2006 09:03 AM
Rootkit Hunter: looking for C/C++ developers unSpawn Programming 0 07-26-2006 09:03 AM
DISCUSSION: The Rootkit Hunter jeremy LinuxAnswers Discussion 0 10-10-2005 08:36 PM
Rootkit hunter question NNP Linux - Security 1 07-03-2005 07:48 AM

LinuxQuestions.org > Forums > Linux Forums > Linux - Software

All times are GMT -5. The time now is 10:20 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration