On Sat, 2010-07-10 at 19:42 -0500, Chris wrote: > > /usr/sbin/rkhunter [ Warning ] > Warning: The command '/usr/sbin/rkhunter' has been replaced and is not a > script: /usr/sbin/rkhunter: a /bin/sh script text executable > This is a known bug. It's already fixed in the CVS version.
> I'm also seeing this but I believe there was already an earlier thread > on it: > > Warning: SHV4 Rootkit > [ Warning ] File '/usr/include/file.h' found > > Warning: SHV5 Rootkit > [ Warning ] File '/usr/include/file.h' found > You can whitelist these. > > Checking for string 'hdparm' [ Warning ] > > Warning: Checking for possible rootkit strings [ Warning ] > Found string 'hdparm' in file '/etc/rc.d/init.d/bootlogd'. Possible > rootkit: Xzibit Rootkit > Found string 'hdparm' in file '/etc/rc.d/rc.sysinit'. Possible rootkit: > Xzibit Rootkit > Fixed in the CVS version, where it is possible to whitelist specific strings in specific files. (In your case it would be the 'hdparm' string in the /etc/rc.d/rc.sysinit and bootlogd files. This means you don't have to whitelist the files from all rootkit checks.) At the moment you will have to whitelist the files from all rootkit checks (see RTKT_FILE_WHITELIST in the config file). John. -- John Horne, University of Plymouth, UK Tel: +44 (0)1752 587287 Fax: +44 (0)1752 587001 ------------------------------------------------------------------------------ This SF.net email is sponsored by Sprint What will you do first with EVO, the first 4G phone? Visit sprint.com/first -- http://p.sf.net/sfu/sprint-com-first _______________________________________________ Rkhunter-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/rkhunter-users
