package rkhunter tags 445449 + pending thanks Hi,
Le vendredi 05 octobre 2007 à 17:24 -0400, [EMAIL PROTECTED] a écrit : > Package: rkhunter > Version: 1.3.0-1 > > * A normal install of sash will, if sash/create_sashroot is true, produce the > warning > [17:03:50] Checking for root equivalent (UID 0) accounts [ Warning ] > [17:03:50] Warning: Account 'sashroot' is root equivalent (UID = 0) This is the normal behavior, as the sashroot account does have the same UID as the root account (0). You can bypass the warning in rkhunter.conf thanks to the UID0_ACCOUNTS variable. I will add a note in README.Debian for sash. > * udev produces some warnings > [17:04:26] Checking for hidden files and directories [ Warning ] > [17:04:27] Warning: Hidden directory found: /dev/.udev > [17:04:27] Warning: Hidden directory found: /dev/.static > > (I'm not really fond of those hidden directories, so I won't object very > much if you decide to WONTFIX this.) Again, this is the normal behavior. You can avoid these warning by editing rkhunter.conf, as described in README.Debian. > * A non-modular (monolithic) kernel produces warnings > [17:02:27] Checking kernel module commands [ Warning ] > [17:02:27] Warning: The modules file '/proc/modules' is missing. > [17:02:28] Info: Using modules pathname of '/lib/modules/2.6.23-rc9' > [17:02:28] Checking kernel module names [ Warning ] > [17:02:28] Warning: The kernel module directory '/lib/modules/2.6.23-rc9' is > missing. > > Wouldn't "Skipped" be appropriate? This can be avoided by disabling the os_specific test (either in /etc/rkhunter.conf or in /etc/default/rkhunter) linux_specific_checks() only consists in testing kernel modules for now. I will however check that future releases do not add additional tests. I will also add a note in README.Debian for this, as this test should also be disables when running rkhunter on a vserver instance. Cheers, Julien
