Starting test name 'running_procs' [19:02:43] Checking running processes for suspicious files [ Warning ] [19:02:43] Warning: The following processes are using suspicious files: [19:02:44] Command: cron [19:02:44] UID: 0 PID: 3191 [19:02:44] Pathname: /etc/crontab [19:02:44] Possible Rootkit: Unknown rootkit [...] what prudent steps should one take to see if rootkit exists ?
ellanios82 wrote: this behavior can be seen as a bug in rkhunter. Recently I wrote an upstream bug report. The rkhunter developers already fixed the bug, but did not release an updated version. http://sourceforge.net/tracker/?func=detail&atid=794187&aid=3591302&group_id=155034 I have patched rkhunter on openSUSE build service. You can try the rkhunter package from my repository: http://download.opensuse.org/repositories/home:/bjoernv:/branches:/security/... /etc/crontab should not be reported as an "Unknown rootkit" with the updated package. Greetings, Björn -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org