I have been getting a warning from rkhunter which I am having trouble understanding. This is for rkhunter 1.4.0 (debian package 1.4.0-1).
The warning is: Warning: The file '/etc/passwd' does not exist on the system, but it is present in the rkhunter.dat file. Yet the file exists (doh), and the sha1sum matches # grep -F /etc/passwd /var/lib/rkhunter/db/rkhunter.dat File:/etc/passwd:90a1bea35300525a59c6397aa39d970f2649a690:32789:0644:0:0:2923:1424750578:: # sha1sum /etc/passwd 90a1bea35300525a59c6397aa39d970f2649a690 /etc/passwd Running # rkhunter --propupd /etc/passwd removes the entry shown above from the rkhunter.dat file. There's nothing funky configured # grep -c passwd /etc/rkhunter.conf /etc/rkhunter.conf.local /etc/rkhunter.conf:0 /etc/rkhunter.conf.local:0 # rkhunter -C # echo $? 0 Shouldn't /etc/passwd be watched, normally? What am I doing wrong here? Regards Vince ------------------------------------------------------------------------------ Monitor 25 network devices or servers for free with OpManager! OpManager is web-based network management software that monitors network devices and physical & virtual servers, alerts via email & sms for fault. Monitor 25 devices for free with no restriction. Download now http://ad.doubleclick.net/ddm/clk/292181274;119417398;o _______________________________________________ Rkhunter-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/rkhunter-users
