[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: rkhunter Question.



On Thu, 2009-01-08 at 09:38 -0500, Gene Heskett wrote:
> They say a little paranoia is a good thing, so I installed the rkhunter rpm, 
> which in turn apparently sets itself up as a cron job.
> 
> I got emails from it bitching about a couple of perfectly legit files, and I 
> found out where to whitelist them, so that warning is gone.  While I was at 
> it I enabled another set of tests that weren't by default, the 
> additional_rkts.
> 
> Now it is complaining about the lack of copies for passwd and group, but they 
> do exist as name- files.  Is this a foible of rkhunter, or a redhatism?
> 
> Recommended fix?
> 
Do nothing. When rkhunter is first run it has no copy of the
passwd/group files to check against for changes. Hence the warning. As
it runs, it will take a copy. When it runs again, it then has a copy, so
the warning goes away.



John.

-- 
---------------------------------------------------------------
John Horne, University of Plymouth, UK  Tel: +44 (0)1752 587287
E-mail: John Horne plymouth ac uk       Fax: +44 (0)1752 587001


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]