On Tue, 08 Jun 2010 03:11:51 +0200 Duane Loftus
<[email protected]> wrote:
>1. How do I fix the skdet / rkhunter.dat issue?
Should be added running 'rkhunter --propupd' *after* moving the
binary to /usr/local/(s)bin/, which is where local system additions
should live FSSTND/LFS-wise. The config warning ditto, if it
doesn't add a line "USER_FILEPROP_FILES_DIRS=/etc/rkhunter.conf" to
your rkhunter.conf(.local).
>2. What should I do about the Suckit Rootkit warning (or is it
related to # 1 above?
Not related. The Suckit Rookit additional checks comprise of:
0) checking hard link count on '/sbin/init',
1) checking for hidden file extensions and
2) running 'skdet'.
>3. What the heck are all the [invisible] statements?
That depends:
0) if the PIDs exist and belong to valid, regular processes ('lsof -
Pwnp $PID') then that may be a problem with 'skdet',
1) if the PIDs no longer exist (short-lived processes) then you
might not be able to trace them back (to conclude they are a
problem with 'skdet'),
2) if the PIDs belong to unknown processes then please list
details: see 'lsof'. Also maybe check with 'unhide'
(http://www.security-projects.com/?Unhide).
* I don't remember your host details so please post your full
distribution, release version, kernel version, (para-
)virtualization used (if any) in your reply. And if you want to
list process details then please *attach* as plain text file.
---------------------------------------------------
Thanks for the response.
I'm the idiot running a GoDaddy (RedHat Fedora Core 6) server. I will
upgrade it once I am comfortable with the upgrade process (CentOS 5 is
available there). I have 5 domains and about 25 mailboxes on it. I'm
having a big problem with spam and spoofing. I don't know what/how to
find a list of "process details" to attach.
I did a "propupd" and the problem still exists. It all started after I
installed "SKDET". How do you uninstall it? I should try that.
Humble is a feeling I get more and more with each email to this list.
Duane
------------------------------------------------------------------------------
ThinkGeek and WIRED's GeekDad team up for the Ultimate
GeekDad Father's Day Giveaway. ONE MASSIVE PRIZE to the
lucky parental unit. See the prize list and enter to win:
http://p.sf.net/sfu/thinkgeek-promo
_______________________________________________
Rkhunter-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/rkhunter-users
