On Friday, August 17, 2012 03:25:45 PM Stephen Gallagher wrote: > On Fri, 2012-08-17 at 13:42 -0500, Anthony Messina wrote: > > On Monday, July 23, 2012 04:08:25 AM Anthony Messina wrote: > > > I have installed freeipa-server-2.2.0-1.fc17.x86_64 and it's running > > > well. I have also installed rkhunter-1.4.0-1.fc17.noarch on the IPA > > > server and each morning I receive the following report from rkhunter. > > > > > > > > > > > > I imagine/hope that these are not actual rootkits and was wondering if > > > anyone knew of a way to inform rkhunter/rkhunter.conf to "never mind" > > > these as they seem like they would be a normal part of the IPA/CA > > > process. > > > > > > > > > > > > By the way, UID 995 is the pkiuser on my IPA system. > > > > > > > > > > > > Thanks for any input. -A > > > > > > > > > > > > > > > rkhunter warning output follows: > > > > > > > > > Warning: The following processes are using suspicious files: > > > Command: java > > > UID: 995 PID: 1513 > > > Pathname: /var/log/pki-ca/system > > > Possible Rootkit: Unknown rootkit > > > Command: java > > > UID: 1518 PID: 1513 > > > Pathname: 14287633 > > > Possible Rootkit: Unknown rootkit > > > > > > > > Is anyone able to offer some insight on this one? Perhaps there is some > > way to undate the rkhunter configuration to 'allow' this behavior, if > > it's intended. Thanks. -A > > This looks to me like it's a false positive. Please file a bug against > the rkhunter package at bugzilla.redhat.com
Thank you: https://bugzilla.redhat.com/show_bug.cgi?id=849251 -- Anthony - http://messinet.com - http://messinet.com/~amessina/gallery 8F89 5E72 8DF0 BCF0 10BE 9967 92DC 35DC B001 4A4E
signature.asc
Description: This is a digitally signed message part.
_______________________________________________ Freeipa-users mailing list [email protected] https://www.redhat.com/mailman/listinfo/freeipa-users
