Rkhhunter warnings
Hi all, I've been getting these warnings from rkhunter and wondered if anyone else gets these on Slackware 14. I never had these on 13.37 and I didn't bother to try rkhunter out on a fresh install only till now, a week later.
Thanks. http://pastebin.com/T5Qep1WF |
I've seen "Warning: The command '/path/to/some/file/here' has been replaced by a script" messages on Fresh systems before running rkhunter.
Those systems weren't Slackware14 or my current Slack14_64, but I have seen similar, if not exact messages of that nature. Scarier is the 15 hours it took to run. Summary seems ok. Code:
[09:25:15] System checks summary |
Thanks Habitual, I started it the previous night and forgot to use --skip-keypress, so I had to continue it in the morning that's why it took so long.
|
Quote:
|
That's because rkhunter checks against a database to see if files have been changed or not, and in Slackware's situation those 3 files, are different than on other operating systems. Generally adduser (one of the suspect files) is a program, but in Slackware it is just a script that calls useradd.
You can whitelist those 3 suspect files if you want. More details can be found in /var/log/rkhunter.log to get more detailed information. Also, unSpawn (a moderator on the forums) is one of the developers of rkhunter. Might be able to uncomment OS_VERSION_FILE="" and set the appropriate line, but I haven't tested it (nor do I know which line is necessary, might be /etc/slackware-version but like I said, I don't know so don't quote me on that). |
All times are GMT -5. The time now is 08:12 PM. |