* Randall R Schulz [05-11-05 09:15]:

My daily RKHunter reports include this at the top:

-==--==--==--==--==--==--==--==--==--==--==--==--==--==--==--==- Rootkit Hunter 1.2.6 is running

Determining OS... Unknown Warning: This operating system is not fully supported! Warning: Cannot find md5_not_known All MD5 checks will be skipped! -==--==--==--==--==--==--==--==--==--==--==--==--==--==--==--==-

Is this an indication of something missing or misconfigured in my system?

I would say that rkhunter is not properly identifying your system. The author includes at the bottom of the report you cite: Do you have some problems, undetected rootkits, false positives, ideas or suggestions? Please e-mail me by filling in the contact form (@http://www.rootkit.nl) -- Patrick Shanahan Registered Linux User #207535 http://wahoo.no-ip.org @ http://counter.li.org HOG # US1244711 Photo Album: http://wahoo.no-ip.org/gallery

* Sunny [05-11-05 09:24]:

I have SuSE 9.2, and Java 1.5 installed from sun. rkhunter reports this:

Scanning for hidden files... [ Warning! ] --------------- /dev/.udev.tdb /etc/.java /etc/.pwd.lock --------------- Please inspect: /etc/.java (directory)

Now, I know that this file is OK, but how to make rkhunter not report it, as I do want mailed only when a problem is found. Now I have to rerun it every day manually just to see if it is only this, or something else goes on.

At the bottom of the report you cite, the author has included: Do you have some problems, undetected rootkits, false positives, ideas or suggestions? Please e-mail me by filling in the contact form (@http://www.rootkit.nl) -- Patrick Shanahan Registered Linux User #207535 http://wahoo.no-ip.org @ http://counter.li.org HOG # US1244711 Photo Album: http://wahoo.no-ip.org/gallery

Sunny wrote:

On 5/12/05, Patrick Shanahan wrote:

...

* Sunny [05-11-05 09:24]:

...

I have SuSE 9.2, and Java 1.5 installed from sun. rkhunter reports this:

Scanning for hidden files... [ Warning! ] --------------- /dev/.udev.tdb /etc/.java /etc/.pwd.lock --------------- Please inspect: /etc/.java (directory)

Now, I know that this file is OK, but how to make rkhunter not report it, as I do want mailed only when a problem is found. Now I have to rerun it every day manually just to see if it is only this, or something else goes on.

I expected more people using SuSE to have this problem and maybe a solution. It looks strange that I'm the only one using java 1.5 on SuSE and rkhunter. Just edit the /etc/rkhunter.conf file, i.e. # Allow hidden directory # One directory per line (use multiple ALLOWHIDDENDIR lines) # ALLOWHIDDENDIR=/etc/.java ALLOWHIDDENDIR=/dev/.udevdb

-- Joe Morris New Tribes Mission Email Address: Joe_Morris@ntm.org Registered Linux user 231871

Joe Morris (NTM) wrote:

Just edit the /etc/rkhunter.conf file, i.e. # Allow hidden directory # One directory per line (use multiple ALLOWHIDDENDIR lines) # ALLOWHIDDENDIR=/etc/.java ALLOWHIDDENDIR=/dev/.udevdb

Thank you Joe, it stopped picking up that file. - James W.

On May 13, 2005 11:43 am, James Wright wrote:

Sunny wrote:

...

On 5/12/05, Patrick Shanahan wrote:

...

* Sunny [05-11-05 09:24]:

...

I have SuSE 9.2, and Java 1.5 installed from sun. rkhunter reports this:

Scanning for hidden files... [ Warning! ] --------------- /dev/.udev.tdb /etc/.java /etc/.pwd.lock --------------- Please inspect: /etc/.java (directory)

I get it too as well as these 3. * Application version scan    - GnuPG 1.2.2   [ Vulnerable ]    - OpenSSL 0.9.7b   [ Vulnerable ]    - Procmail MTA 3.15.1   [ Vulnerable ] -- Collector of vintage computers http://www.ncf.ca/~ba600 Machines to trade http://www.ncf.ca/~ba600/trade.html Open Source Weekend http://www.osw.ca