rkhunter Question.
John Horne
john.horne at plymouth.ac.uk
Thu Jan 8 16:42:44 UTC 2009
On Thu, 2009-01-08 at 09:38 -0500, Gene Heskett wrote:
> They say a little paranoia is a good thing, so I installed the rkhunter rpm,
> which in turn apparently sets itself up as a cron job.
>
> I got emails from it bitching about a couple of perfectly legit files, and I
> found out where to whitelist them, so that warning is gone. While I was at
> it I enabled another set of tests that weren't by default, the
> additional_rkts.
>
> Now it is complaining about the lack of copies for passwd and group, but they
> do exist as name- files. Is this a foible of rkhunter, or a redhatism?
>
> Recommended fix?
>
Do nothing. When rkhunter is first run it has no copy of the
passwd/group files to check against for changes. Hence the warning. As
it runs, it will take a copy. When it runs again, it then has a copy, so
the warning goes away.
John.
--
---------------------------------------------------------------
John Horne, University of Plymouth, UK Tel: +44 (0)1752 587287
E-mail: John.Horne at plymouth.ac.uk Fax: +44 (0)1752 587001
More information about the fedora-list
mailing list