On Tue, 08 Jun 2010 03:11:51 +0200 Duane Loftus
<[email protected]> wrote:
>1. How do I fix the skdet / rkhunter.dat issue?
Should be added running 'rkhunter --propupd' *after* moving the
binary to /usr/local/(s)bin/, which is where local system additions
should live FSSTND/LFS-wise. The config warning ditto, if it
doesn't add a line "USER_FILEPROP_FILES_DIRS=/etc/rkhunter.conf" to
your rkhunter.conf(.local).
>2. What should I do about the Suckit Rootkit warning (or is it
related to # 1 above?
Not related. The Suckit Rookit additional checks comprise of:
0) checking hard link count on '/sbin/init',
1) checking for hidden file extensions and
2) running 'skdet'.
>3. What the heck are all the [invisible] statements?
That depends:
0) if the PIDs exist and belong to valid, regular processes ('lsof -
Pwnp $PID') then that may be a problem with 'skdet',
1) if the PIDs no longer exist (short-lived processes) then you
might not be able to trace them back (to conclude they are a
problem with 'skdet'),
2) if the PIDs belong to unknown processes then please list
details: see 'lsof'. Also maybe check with 'unhide'
(http://www.security-projects.com/?Unhide).
* I don't remember your host details so please post your full
distribution, release version, kernel version, (para-
)virtualization used (if any) in your reply. And if you want to
list process details then please *attach* as plain text file.
Best regards,
unSpawn
--
------------------------------------------------------------------------------
ThinkGeek and WIRED's GeekDad team up for the Ultimate
GeekDad Father's Day Giveaway. ONE MASSIVE PRIZE to the
lucky parental unit. See the prize list and enter to win:
http://p.sf.net/sfu/thinkgeek-promo
_______________________________________________
Rkhunter-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/rkhunter-users
