After upgrading to Mandriva 2010.1 yesterday I ran rkhunter --propupd since I'm sure a lot of files were changed. I still got the usual "please check your system as it may be infected" this morning after the rkhunter cronjob was ran. I got to looking at the log this evening and noticed:
/usr/sbin/rkhunter [ Warning ] Warning: The command '/usr/sbin/rkhunter' has been replaced and is not a script: /usr/sbin/rkhunter: a /bin/sh script text executable I'm also seeing this but I believe there was already an earlier thread on it: Warning: SHV4 Rootkit [ Warning ] File '/usr/include/file.h' found Warning: SHV5 Rootkit [ Warning ] File '/usr/include/file.h' found Checking for string 'hdparm' [ Warning ] Warning: Checking for possible rootkit strings [ Warning ] Found string 'hdparm' in file '/etc/rc.d/init.d/bootlogd'. Possible rootkit: Xzibit Rootkit Found string 'hdparm' in file '/etc/rc.d/rc.sysinit'. Possible rootkit: Xzibit Rootkit I'm curious though about the first warning. My command line for running rkhunter is: /usr/sbin/rkhunter --cronjob --update --syslog --createlogfile -c -- Chris KeyID 0xE372A7DA98E6705C
signature.asc
Description: This is a digitally signed message part
------------------------------------------------------------------------------ This SF.net email is sponsored by Sprint What will you do first with EVO, the first 4G phone? Visit sprint.com/first -- http://p.sf.net/sfu/sprint-com-first
_______________________________________________ Rkhunter-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/rkhunter-users
