Edward Krack wrote:

Jim Flanagan:

/usr/local/bin/rkhunter --update

or

www.rootkit.nl/

...

Does anyone know if/where there are updates to Rootkit Hunter. Running on both SuSE 9.3 and 10.0 (retail) gives a warning that the operating system is not fully supported. I would have thought an update for at lease 9.3 would be up by now.

I'm running ver 1.2.7 from the rkhunter-1.2.7-1.noarch.rpm downloaded from the link on thier web page.

Also, is there a way to change the time of day rkhunter runs? If so, where?

Many thanks,

Jim

Hi Edward, I already checked the website, and ran the --update option, but still this version says 9.3 and 10.0 are not fully supported. Tks, Jim

Patrick Shanahan wrote:

* Jim Flanagan [01-25-06 21:09]:

...

I already checked the website, and ran the --update option, but still this version says 9.3 and 10.0 are not fully supported.

Have you notified the author?

Not yet Patrick, but I assumed that someone would have done so by now, at least for 9.3. I'll be happy to do so however. Will keep the list posted. Many thanks, Jim

On Thursday 26 January 2006 10:33, Rangel Perez Sardinha wrote:

A good option to use is the excellent project chkrootkit, manteined by a brazilian (ok, i´m brazilian, but the chkrootkit rules a lot ;) ). You can have more information at http://www.chkrootkit.org

Or, run both. chrootkit does have a history of throwing up some false positives which can freak people out a little. Here, for example, on SuSE 10 it is currently saying: "Checking `bindshell'... INFECTED (PORTS: 465)". It isn't, but I do have port 465 in play which is enough to set off chrootkit's alarms (according to its FAQ). Both this and rkhunter are boon, for sure though. :) Fish

I'm running 10.0 on an HP Media Center PC 873N containing an SB Audigy board. Sound has been fine from initial installation a few months ago until suddenly there was no sound a couple of days ago. Reboot, no change. Reboot into XP and the sound is fine. Reboot into Linux, no sound. I went into YaST->Hardware->Sound and the SB Audigy shows up as properly configured. I removed the SB Audigy configuration and then tried to set it up again. I got an error message saying that the module snd-emu10k1 cannot be loaded. Checking /lib/modules shows snd-emu10k1.ko, snd-emu10k1-synth.ko and snd-emu10k1x.ko How do I procede from here to correct the problem? -- Marshall Lake -- mlake@mlake.net -- http://mlake.net

On Wed, 25 Jan 2006, Jim Flanagan wrote:- <snip>

Hi Edward,

I already checked the website, and ran the --update option, but still this version says 9.3 and 10.0 are not fully supported.

As a workaround, until 9.3 and 10.0 are supported, I've a patched version that no longer complains about them being unsupported. If you're interested, it's presently available at: URL:http://www.davjam.org/~davjam/linux/rkhunter/index.htm The only changes to the original source archive are two lines added to the spec file, one to say there's a patch to apply, the other to apply the patch, along with the inclusion of the patch file. This patch file adds both SUSE 9.3 and 10.0, both as i586 and x86_64 versions, to the os.dat file. No other changes have been made. Note that this is not an official release and, once the package is updated with full support, it shall be replaced. Regards, David Bolt -- Member of Team Acorn checking nodes at 50 Mnodes/s: http://www.distributed.net/ AMD1800 1Gb WinXP/SUSE 9.3 | AMD2400 256Mb SuSE 9.0 | A3010 4Mb RISCOS 3.11 AMD2400(32) 768Mb SUSE 10.0 | RPC600 129Mb RISCOS 3.6 | Falcon 14Mb TOS 4.02 AMD2600(64) 512Mb SUSE 10.0 | A4000 4Mb RISCOS 3.11 | STE 4Mb TOS 1.62