rkhunter-1.2.6-1.noarch.rpm available
rkhunter -1.2.6-1.noarch.rpm is available for download:
http://wahoo.no-ip.org/~pat/rkhunter-1.2.6-1.noarch.rpm
http://wahoo.no-ip.org/~pat/rkhunter-1.2.6-1.src.rpm
http://wahoo.no-ip.org/~pat/rkhunter-1.2.6.tar.gz
Project description:
Rootkit Hunter scans files and systems for known and unknown rootkits,
backdoors, and sniffers. The package contains one shell script, a few
text-based databases, and optional Perl modules. It should run on
almost every Unix clone.
The changes in this release are as follows:
This release fixes the updater bug and adds support for Tao Linux and
Trustix 2.2 (Sunchild).
Release focus:
6 - Minor bugfixes
Changelog
Below is the changelog of Rootkit Hunter. It will contain changes of
early released versions and the active development version.
Current public version: 1.2.6
Current development version: 1.2.7 (not available yet)
-----------------------------------------------
* 1.2.6 (10/05/2005)
New:
- Added support for Tao Linux
- Added support for Trustix 2.2 (Sunchild)
Bugfixes:
- Fixed problem with updater
author: Michael Boelen
Patrick, On Tuesday 10 May 2005 14:09, Patrick Shanahan wrote:
rkhunter -1.2.6-1.noarch.rpm is available for download: http://wahoo.no-ip.org/~pat/rkhunter-1.2.6-1.noarch.rpm http://wahoo.no-ip.org/~pat/rkhunter-1.2.6-1.src.rpm http://wahoo.no-ip.org/~pat/rkhunter-1.2.6.tar.gz
My daily RKHunter reports include this at the top: -==--==--==--==--==--==--==--==--==--==--==--==--==--==--==--==- Rootkit Hunter 1.2.6 is running Determining OS... Unknown Warning: This operating system is not fully supported! Warning: Cannot find md5_not_known All MD5 checks will be skipped! -==--==--==--==--==--==--==--==--==--==--==--==--==--==--==--==- Is this an indication of something missing or misconfigured in my system? Randall Schulz
* Randall R Schulz
My daily RKHunter reports include this at the top:
-==--==--==--==--==--==--==--==--==--==--==--==--==--==--==--==- Rootkit Hunter 1.2.6 is running
Determining OS... Unknown Warning: This operating system is not fully supported! Warning: Cannot find md5_not_known All MD5 checks will be skipped! -==--==--==--==--==--==--==--==--==--==--==--==--==--==--==--==-
Is this an indication of something missing or misconfigured in my system?
I would say that rkhunter is not properly identifying your system. The author includes at the bottom of the report you cite: Do you have some problems, undetected rootkits, false positives, ideas or suggestions? Please e-mail me by filling in the contact form (@http://www.rootkit.nl) -- Patrick Shanahan Registered Linux User #207535 http://wahoo.no-ip.org @ http://counter.li.org HOG # US1244711 Photo Album: http://wahoo.no-ip.org/gallery
On 5/10/05, Patrick Shanahan
rkhunter -1.2.6-1.noarch.rpm is available for download: http://wahoo.no-ip.org/~pat/rkhunter-1.2.6-1.noarch.rpm http://wahoo.no-ip.org/~pat/rkhunter-1.2.6-1.src.rpm http://wahoo.no-ip.org/~pat/rkhunter-1.2.6.tar.gz
Hi, I have SuSE 9.2, and Java 1.5 installed from sun. rkhunter reports this: Scanning for hidden files... [ Warning! ] --------------- /dev/.udev.tdb /etc/.java /etc/.pwd.lock --------------- Please inspect: /etc/.java (directory) Now, I know that this file is OK, but how to make rkhunter not report it, as I do want mailed only when a problem is found. Now I have to rerun it every day manually just to see if it is only this, or something else goes on. Cheers Sunny
* Sunny
I have SuSE 9.2, and Java 1.5 installed from sun. rkhunter reports this:
Scanning for hidden files... [ Warning! ] --------------- /dev/.udev.tdb /etc/.java /etc/.pwd.lock --------------- Please inspect: /etc/.java (directory)
Now, I know that this file is OK, but how to make rkhunter not report it, as I do want mailed only when a problem is found. Now I have to rerun it every day manually just to see if it is only this, or something else goes on.
At the bottom of the report you cite, the author has included: Do you have some problems, undetected rootkits, false positives, ideas or suggestions? Please e-mail me by filling in the contact form (@http://www.rootkit.nl) -- Patrick Shanahan Registered Linux User #207535 http://wahoo.no-ip.org @ http://counter.li.org HOG # US1244711 Photo Album: http://wahoo.no-ip.org/gallery
On 5/12/05, Patrick Shanahan
* Sunny
[05-11-05 09:24]: I have SuSE 9.2, and Java 1.5 installed from sun. rkhunter reports this:
Scanning for hidden files... [ Warning! ] --------------- /dev/.udev.tdb /etc/.java /etc/.pwd.lock --------------- Please inspect: /etc/.java (directory)
Now, I know that this file is OK, but how to make rkhunter not report it, as I do want mailed only when a problem is found. Now I have to rerun it every day manually just to see if it is only this, or something else goes on.
At the bottom of the report you cite, the author has included:
Do you have some problems, undetected rootkits, false positives, ideas or suggestions? Please e-mail me by filling in the contact form (@http://www.rootkit.nl)
-- Patrick Shanahan Registered Linux User #207535 http://wahoo.no-ip.org @ http://counter.li.org HOG # US1244711 Photo Album: http://wahoo.no-ip.org/gallery
Thanks Patrick. I know this. I just didn't want to bother the developer. I expected more people using SuSE to have this problem and maybe a solution. It looks strange that I'm the only one using java 1.5 on SuSE and rkhunter. Anyway, as far as no one has this problem, I'll try to contact the developer. Cheers Sunny
Sunny wrote:
On 5/12/05, Patrick Shanahan
wrote: * Sunny
[05-11-05 09:24]: I have SuSE 9.2, and Java 1.5 installed from sun. rkhunter reports this:
Scanning for hidden files... [ Warning! ] --------------- /dev/.udev.tdb /etc/.java /etc/.pwd.lock --------------- Please inspect: /etc/.java (directory)
Now, I know that this file is OK, but how to make rkhunter not report it, as I do want mailed only when a problem is found. Now I have to rerun it every day manually just to see if it is only this, or something else goes on.
I expected more people using SuSE to have this problem and maybe a solution. It looks strange that I'm the only one using java 1.5 on SuSE and rkhunter. Just edit the /etc/rkhunter.conf file, i.e. # Allow hidden directory # One directory per line (use multiple ALLOWHIDDENDIR lines) # ALLOWHIDDENDIR=/etc/.java ALLOWHIDDENDIR=/dev/.udevdb
-- Joe Morris New Tribes Mission Email Address: Joe_Morris@ntm.org Registered Linux user 231871
On 5/13/05, Joe Morris (NTM)
Just edit the /etc/rkhunter.conf file, i.e. # Allow hidden directory # One directory per line (use multiple ALLOWHIDDENDIR lines) # ALLOWHIDDENDIR=/etc/.java ALLOWHIDDENDIR=/dev/.udevdb
-- Joe Morris New Tribes Mission Email Address: Joe_Morris@ntm.org Registered Linux user 231871
Thanks Joe, that is what I was after. Cheers Sunny
Joe Morris (NTM) wrote:
Just edit the /etc/rkhunter.conf file, i.e. # Allow hidden directory # One directory per line (use multiple ALLOWHIDDENDIR lines) # ALLOWHIDDENDIR=/etc/.java ALLOWHIDDENDIR=/dev/.udevdb
Thank you Joe, it stopped picking up that file. - James W.
Sunny wrote:
On 5/12/05, Patrick Shanahan
wrote: * Sunny
[05-11-05 09:24]: I have SuSE 9.2, and Java 1.5 installed from sun. rkhunter reports this:
Scanning for hidden files... [ Warning! ] --------------- /dev/.udev.tdb /etc/.java /etc/.pwd.lock --------------- Please inspect: /etc/.java (directory)
Now, I know that this file is OK, but how to make rkhunter not report it, as I do want mailed only when a problem is found. Now I have to rerun it every day manually just to see if it is only this, or something else goes on.
At the bottom of the report you cite, the author has included:
Do you have some problems, undetected rootkits, false positives, ideas or suggestions? Please e-mail me by filling in the contact form (@http://www.rootkit.nl)
-- Patrick Shanahan Registered Linux User #207535 http://wahoo.no-ip.org @ http://counter.li.org HOG # US1244711 Photo Album: http://wahoo.no-ip.org/gallery
Thanks Patrick. I know this. I just didn't want to bother the developer. I expected more people using SuSE to have this problem and maybe a solution. It looks strange that I'm the only one using java 1.5 on SuSE and rkhunter.
Anyway, as far as no one has this problem, I'll try to contact the developer.
Cheers Sunny
Sunny, I get this file picked up too. - James W.
On May 13, 2005 11:43 am, James Wright wrote:
Sunny wrote:
On 5/12/05, Patrick Shanahan
wrote: * Sunny
[05-11-05 09:24]: I have SuSE 9.2, and Java 1.5 installed from sun. rkhunter reports this:
Scanning for hidden files... [ Warning! ] --------------- /dev/.udev.tdb /etc/.java /etc/.pwd.lock --------------- Please inspect: /etc/.java (directory)
I get it too as well as these 3. * Application version scan - GnuPG 1.2.2 [ Vulnerable ] - OpenSSL 0.9.7b [ Vulnerable ] - Procmail MTA 3.15.1 [ Vulnerable ] -- Collector of vintage computers http://www.ncf.ca/~ba600 Machines to trade http://www.ncf.ca/~ba600/trade.html Open Source Weekend http://www.osw.ca
Patrick Shanahan wrote:
rkhunter -1.2.6-1.noarch.rpm is available for download: [snip]
Great to have this, so thanks very much and best wishes for your health. One thing, though: running rkhunter on SuSE 9.2 typically bumps up my memory usage by 200-300 megs. I know when rkhunter has been running, because my cached memory usage will suddenly be sitting at 450-500 megs. Seems like multiple instances of Find are the cause, though I'm not sure. :) Fish
participants (7)
-
James Wright
-
Joe Morris (NTM)
-
Mark Crean
-
Mike
-
Patrick Shanahan
-
Randall R Schulz
-
Sunny