Greetings,
I've been testing Rootkit Hunter 1.3.8 on a handful of Solaris 10
(x86) servers, and I have an interesting problem. While running the
script manually (rkhunter --check --rwo --sk), everything works as
expected. However, when running a check via crontab, I get errors about
files that don't exist on the system though they are in the rkhunter.dat
files. Here are a couple examples :
Warning: The file '/etc/init' does not exist on the system, but it is
present in the rkhunter.dat file.
Warning: The file '/etc/killall' does not exist on the system, but it
is present in the rkhunter.dat file.
Warning: The file '/etc/mount' does not exist on the system, but it is
present in the rkhunter.dat file.
Warning: The file '/etc/passwd' does not exist on the system, but it is
present in the rkhunter.dat file.
Of course, all of these files really exist on the filesystem. Some of
them are links which might arguably annoy the script when run in a cron
job, and which could probably be safely whitelisted :
# ls -l /etc/init
lrwxrwxrwx 1 root root 12 Oct 23 2008 /etc/init ->
../sbin/init
Others are simple files, like /etc/passwd or some binaries installed in
/usr/local/bin :
# ls -l /etc/passwd
-rw-r--r-- 1 root sys 4567 Jun 13 17:35 /etc/passwd
All servers are displaying the exact same behaviour regarding those
files.
Any pointers would be greatly appreciated.
Regards,
Daniel
------------------------------------------------------------------------------
BlackBerry® DevCon Americas, Oct. 18-20, San Francisco, CA
Learn about the latest advances in developing for the
BlackBerry® mobile platform with sessions, labs & more.
See new tools and technologies. Register for BlackBerry® DevCon today!
http://p.sf.net/sfu/rim-devcon-copy1
_______________________________________________
Rkhunter-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/rkhunter-users
