Rkhhunter warnings
 

Hi all, I've been getting these warnings from rkhunter and wondered if anyone else gets these on Slackware 14. I never had these on 13.37 and I didn't bother to try rkhunter out on a fresh install only till now, a week later.



Thanks.

http://pastebin.com/T5Qep1WF

I've seen "Warning: The command '/path/to/some/file/here' has been replaced by a script" messages on Fresh systems before running rkhunter.

Those systems weren't Slackware14 or my current Slack14_64, but I have seen similar, if not exact messages of that nature.

Scarier is the 15 hours it took to run.
Summary seems ok.

Thanks Habitual, I started it the previous night and forgot to use --skip-keypress, so I had to continue it in the morning that's why it took so long.

No worries. I fall asleep in Terminal almost every day. ;)

That's because rkhunter checks against a database to see if files have been changed or not, and in Slackware's situation those 3 files, are different than on other operating systems. Generally adduser (one of the suspect files) is a program, but in Slackware it is just a script that calls useradd.

You can whitelist those 3 suspect files if you want. More details can be found in /var/log/rkhunter.log to get more detailed information. Also, unSpawn (a moderator on the forums) is one of the developers of rkhunter.

Might be able to uncomment OS_VERSION_FILE="" and set the appropriate line, but I haven't tested it (nor do I know which line is necessary, might be /etc/slackware-version but like I said, I don't know so don't quote me on that).