Hello, I'm fairly new to rkhunter. I started a new job and took over all the servers. They all run rkhunter on a daily basis and produced alot of emails saying that more or less everything is alright. So I started reducing those emails. When it came to rkhunter I was able to stop all emails accept for one server running gentoo. The email I get is the following:
Running updater... Mirrorfile /usr/lib/rkhunter/db/mirrors.dat rotated Using mirror http://rkhunter.sourceforge.net [DB] Mirror file : Up to date [DB] MD5 hashes system binaries : Up to date [DB] Operating System information : Up to date [DB] MD5 blacklisted tools/binaries : Up to date [DB] Known good program versions : Up to date [DB] Known bad program versions : Up to date Ready. Line: [ Warning! ] Some errors has been found while checking. Please perform a manual check on this machine So I ran a manual check producing a logfile where the only warning is the following: [08:14:55] ------------------------------- Backdoors ---------------------------- [08:14:56] Checking network interfaces (promiscuous mode)... [ WARNING ] [08:14:56] Possible promisc interfaces: [08:14:56] Output test 1: [08:15:45] Checking passwordless user accounts... [08:15:45] Found /etc/conf.d/local.start file (Gentoo) Using Google I came to think that snort is cause of the warning and snort does run on that server. So my questions are: Is snort the cause? How do I customize rkhunter.conf so I don't get the warning anymore? Thanks for your help in advance. Ulrich -- ------------------------------------------------------------------------------------------------- Ulrich Althaus TriaGnoSys GmbH Argelsrieder Feld 22 D-82234 Wessling-Oberpfaffenhofen Germany Tel: +49 8153 88678-218 Fax:+49 8153 88678-1 email: [EMAIL PROTECTED] www: http://www.triagnosys.com ------------------------------------ TriaGnoSys GmbH, Registergericht: München HRB 141647, Vat. :DE 813396184 Geschäftsführer: Matthias Holzbock, Dr. Axel Jahn, Dr. Markus Werner This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you are not the addressee or authorized to receive this for the addressee, you must not use, copy, disclose or take any action based on this message or any information herein. If you have received this message in error, please advise the sender immediately by replying to this e-mail and delete the material from any computer. Thank you for your cooperation. ------------------------------------------------------------------------------------------------- ------------------------------------------------------------------------- This SF.net email is sponsored by the 2008 JavaOne(SM) Conference Don't miss this year's exciting event. There's still time to save $100. Use priority code J8TL2D2. http://ad.doubleclick.net/clk;198757673;13503038;p?http://java.sun.com/javaone _______________________________________________ Rkhunter-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/rkhunter-users
