Does anyone know if/where there are updates to Rootkit Hunter. Running on both SuSE 9.3 and 10.0 (retail) gives a warning that the operating system is not fully supported. I would have thought an update for at lease 9.3 would be up by now. I'm running ver 1.2.7 from the rkhunter-1.2.7-1.noarch.rpm downloaded from the link on thier web page. Also, is there a way to change the time of day rkhunter runs? If so, where? Many thanks, Jim
Jim Flanagan: /usr/local/bin/rkhunter --update or www.rootkit.nl/
Does anyone know if/where there are updates to Rootkit Hunter. Running on both SuSE 9.3 and 10.0 (retail) gives a warning that the operating system is not fully supported. I would have thought an update for at lease 9.3 would be up by now.
I'm running ver 1.2.7 from the rkhunter-1.2.7-1.noarch.rpm downloaded from the link on thier web page.
Also, is there a way to change the time of day rkhunter runs? If so, where?
Many thanks,
Jim
Edward Krack wrote:
Jim Flanagan:
/usr/local/bin/rkhunter --update
or
www.rootkit.nl/
Does anyone know if/where there are updates to Rootkit Hunter. Running on both SuSE 9.3 and 10.0 (retail) gives a warning that the operating system is not fully supported. I would have thought an update for at lease 9.3 would be up by now.
I'm running ver 1.2.7 from the rkhunter-1.2.7-1.noarch.rpm downloaded from the link on thier web page.
Also, is there a way to change the time of day rkhunter runs? If so, where?
Many thanks,
Jim
Hi Edward, I already checked the website, and ran the --update option, but still this version says 9.3 and 10.0 are not fully supported. Tks, Jim
* Jim Flanagan
I already checked the website, and ran the --update option, but still this version says 9.3 and 10.0 are not fully supported.
Have you notified the author? -- Patrick Shanahan Registered Linux User #207535 http://wahoo.no-ip.org @ http://counter.li.org HOG # US1244711 Photo Album: http://wahoo.no-ip.org/gallery2
Patrick Shanahan wrote:
* Jim Flanagan
[01-25-06 21:09]: I already checked the website, and ran the --update option, but still this version says 9.3 and 10.0 are not fully supported.
Have you notified the author?
Not yet Patrick, but I assumed that someone would have done so by now, at least for 9.3. I'll be happy to do so however. Will keep the list posted. Many thanks, Jim
A good option to use is the excellent project chkrootkit, manteined by a brazilian (ok, i´m brazilian, but the chkrootkit rules a lot ;) ). You can have more information at http://www.chkrootkit.org Regards, Rangel Jim Flanagan wrote:
Patrick Shanahan wrote:
* Jim Flanagan
[01-25-06 21:09]: I already checked the website, and ran the --update option, but still this version says 9.3 and 10.0 are not fully supported.
Have you notified the author?
Not yet Patrick, but I assumed that someone would have done so by now, at least for 9.3. I'll be happy to do so however. Will keep the list posted.
Many thanks,
Jim
Rangel Perez Sardinha
On Thursday 26 January 2006 10:33, Rangel Perez Sardinha wrote:
A good option to use is the excellent project chkrootkit, manteined by a brazilian (ok, i´m brazilian, but the chkrootkit rules a lot ;) ). You can have more information at http://www.chkrootkit.org
Or, run both. chrootkit does have a history of throwing up some false positives which can freak people out a little. Here, for example, on SuSE 10 it is currently saying: "Checking `bindshell'... INFECTED (PORTS: 465)". It isn't, but I do have port 465 in play which is enough to set off chrootkit's alarms (according to its FAQ). Both this and rkhunter are boon, for sure though. :) Fish
On Wed, 25 Jan 2006, Patrick Shanahan wrote:
* Jim Flanagan
[01-25-06 21:09]: I already checked the website, and ran the --update option, but still this version says 9.3 and 10.0 are not fully supported.
Have you notified the author?
I use this script in cron.daily. It was on one of the suse/opensuse
lists.
#!/bin/sh
MY_VERSION="`grep -i ^suse /etc/SuSE-release`"
if [ -e /etc/rkhunter.conf ]; then
. /etc/rkhunter.conf
else
exit 1
fi
/usr/bin/rkhunter --update | /bin/mail -s 'rkhunter Daily update' root
if [ `grep -c "${MY_VERSION}" ${DBDIR}/os.dat` -eq 0 ]; then
echo "999:${MY_VERSION}:/usr/bin/md5sum:/bin:" >> ${DBDIR}/os.dat
fi
--
Boyd Gerber
I'm running 10.0 on an HP Media Center PC 873N containing an SB Audigy board. Sound has been fine from initial installation a few months ago until suddenly there was no sound a couple of days ago. Reboot, no change. Reboot into XP and the sound is fine. Reboot into Linux, no sound. I went into YaST->Hardware->Sound and the SB Audigy shows up as properly configured. I removed the SB Audigy configuration and then tried to set it up again. I got an error message saying that the module snd-emu10k1 cannot be loaded. Checking /lib/modules shows snd-emu10k1.ko, snd-emu10k1-synth.ko and snd-emu10k1x.ko How do I procede from here to correct the problem? -- Marshall Lake -- mlake@mlake.net -- http://mlake.net
On Wed, 2006-01-25 at 20:08 -0600, Jim Flanagan wrote:
Edward Krack wrote:
Jim Flanagan:
/usr/local/bin/rkhunter --update
or
www.rootkit.nl/
Does anyone know if/where there are updates to Rootkit Hunter. Running on both SuSE 9.3 and 10.0 (retail) gives a warning that the operating system is not fully supported. I would have thought an update for at lease 9.3 would be up by now.
I'm running ver 1.2.7 from the rkhunter-1.2.7-1.noarch.rpm downloaded from the link on thier web page.
Also, is there a way to change the time of day rkhunter runs? If so, where?
I already checked the website, and ran the --update option, but still this version says 9.3 and 10.0 are not fully supported.
10.0 comes with one. chkrootkit which is run as root..
On Wed, 25 Jan 2006, Jim Flanagan
Hi Edward,
I already checked the website, and ran the --update option, but still this version says 9.3 and 10.0 are not fully supported.
As a workaround, until 9.3 and 10.0 are supported, I've a patched version that no longer complains about them being unsupported. If you're interested, it's presently available at: URL:http://www.davjam.org/~davjam/linux/rkhunter/index.htm The only changes to the original source archive are two lines added to the spec file, one to say there's a patch to apply, the other to apply the patch, along with the inclusion of the patch file. This patch file adds both SUSE 9.3 and 10.0, both as i586 and x86_64 versions, to the os.dat file. No other changes have been made. Note that this is not an official release and, once the package is updated with full support, it shall be replaced. Regards, David Bolt -- Member of Team Acorn checking nodes at 50 Mnodes/s: http://www.distributed.net/ AMD1800 1Gb WinXP/SUSE 9.3 | AMD2400 256Mb SuSE 9.0 | A3010 4Mb RISCOS 3.11 AMD2400(32) 768Mb SUSE 10.0 | RPC600 129Mb RISCOS 3.6 | Falcon 14Mb TOS 4.02 AMD2600(64) 512Mb SUSE 10.0 | A4000 4Mb RISCOS 3.11 | STE 4Mb TOS 1.62
participants (9)
-
Boyd Lynn Gerber
-
David Bolt
-
Edward Krack
-
Jim Flanagan
-
Mark Crean
-
Marshall Lake
-
Mike McMullin
-
Patrick Shanahan
-
Rangel Perez Sardinha