Many thanks to John, Helmut, Mike and others who have helped me so much. I've progressed somewhat after days of reading, trial & error and blind guess. I've got it installed, working and almost all of the 16 zillion (probably about 30) "warnings" eliminated.
Here are the last couple that have me sort of stumped. For some reason I can't eliminated the warnings on "autoinstaller3.log" and "monitrc.chk". The snippet out of the log is: Performing check of files with suspicious contents [12:32:44] Info: Starting test name 'suspscan' [12:32:44] Directories to check are: /tmp /var/tmp [12:32:44] Temporary directory to use: /dev/shm [12:32:45] Maximum file size to check (in bytes): 10240000 [12:32:45] Score threshold is set to: 242 [12:32:58] Checking directory: '/tmp' [12:32:58] File ignored: empty: '/tmp/.state/server/application.dir' [12:32:58] File ignored: empty: '/tmp/.state/server/application.lock' [12:32:59] File ignored: empty: '/tmp/.state/server/application.pag' [12:32:59] File ignored: empty: '/tmp/.state/server/internal.dir' [12:32:59] File ignored: empty: '/tmp/.state/server/internal.lock' [12:32:59] File checked: Name: '/tmp/.state/server/internal.pag' Score: 20 [12:32:59] File checked: Name: '/tmp/autoinstaller3.log' Score: 250 [12:32:59] Warning: File '/tmp/autoinstaller3.log' (score: 250) contains some suspicious content and should be checked. [12:32:59] File ignored: wrong type: '/tmp/psa/logrotate.tar.gz': 'gzip compressed data, from Unix, last modified: Tue Nov 18 12:30:47 2008' [12:32:59] File checked: Name: '/tmp/monitrc.chk' Score: 351 [12:32:59] Warning: File '/tmp/monitrc.chk' (score: 351) contains some suspicious content and should be checked. [12:32:59] File ignored: empty: '/tmp/psa-installer.lock' [12:32:59] File checked: Name: '/tmp/.s.PGSQL.5432.lock' Score: 0 [12:32:59] Checking directory: '/var/tmp' [12:32:59] Warning: Checking for files with suspicious contents [ Warning ] The other issue is the /dev/shm directory as shown: Performing filesystem checks [12:33:12] Info: Starting test name 'filesystem' [12:33:12] Info: SCAN_MODE_DEV set to 'THOROUGH' [12:33:13] Checking /dev for suspicious file types [ Warning ] [12:33:13] Warning: Suspicious file types found in /dev: [12:33:13] /dev/shm/suspscan.32223.strings: ASCII English text [12:33:13] /dev/shm/suspscan.28538.strings: ASCII text [12:33:13] /dev/shm/suspscan.1424.strings: ASCII text [12:33:13] /dev/shm/suspscan.30609.strings: ASCII text [12:33:13] /dev/shm/suspscan.27920.strings: ASCII text [12:33:13] /dev/shm/suspscan.9363.strings: ASCII text [12:33:13] /dev/shm/suspscan.29703.strings: ASCII text [12:33:13] /dev/shm/suspscan.11334.strings: ASCII text [12:33:13] /dev/shm/suspscan.11631.strings: ASCII text [12:33:13] /dev/shm/suspscan.7669.strings: ASCII text [12:33:13] /dev/shm/suspscan.7971.strings: ASCII text [12:33:13] /dev/shm/suspscan.25976.strings: ASCII text [12:33:13] /dev/shm/suspscan.29807.strings: ASCII text [12:33:13] /dev/shm/suspscan.19662.strings: ASCII text [12:33:13] /dev/shm/suspscan.9339.strings: ASCII text [12:33:13] /dev/shm/suspscan.21843.strings: ASCII text Lastly, it seems that I have an inordinate amount of "Not Found" and "Skipped". This is a result of either not have installed some of the helper apps yet (like skdet) or of having whitelisted so much. At some point, is anyone willing to take a look at my log and conf.local files to see if I am going in the right direction ... or not. cheers, Duane ------------------------------------------------------------------------------ _______________________________________________ Rkhunter-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/rkhunter-users
