ConfigServer Blog
Please note that support is not provided through this blog - any support related comments will be removed
22 Sep 07 : Rootkit Hunter announces final release 1.3.0 The Rootkit Hunter project is pleased to announce all the hard work and testing culminated in the final release of version 1.3.0 The changelog for this release is packed listing over 30 new features, 47 changes and 16 bugfixes. More information: http://sourceforge.net/forum/forum.php?forum_id=738132 Installation instructions: cd /root/rpms wget http://prdownloads.sourceforge.net/rkhunter/rkhunter-1.3.0.tar.gz tar -xzf rkhunter* cd rkhunter-* ./installer.sh --layout default --install cd .. /bin/rm -Rf rkhunter* echo '#!/bin/sh /usr/local/bin/rkhunter --update --nocolors /usr/local/bin/rkhunter --propupd --nocolors /usr/local/bin/rkhunter -c --sk --disable apps,suspscan --rwo' > /root/rkhunter.sh chmod +x /root/rkhunter.sh Then run the following command: /root/rkhunter.sh Then modify any cron job you have setup, e.g: 0 8,20 * * * /root/rkhunter.sh
CommentsChirpy wrote on 22 Sep 07 at 23:23:34:
After a little testing I've modified the commands I'd recommend in the initial post.
Ed wrote on 23 Sep 07 at 03:27:22:
The way I read the docs indicates that the --disable switch can be superseded by adding those directives to /etc/rkhunter.conf.
Erik wrote on 23 Sep 07 at 11:50:46:
hi,
rkhunter warns me "Warning: The command '/usr/bin/groups' has been replaced by a script' should i take this serious ? i have my doubts as other similair scanning tools say there's nothing wrong
Chirpy wrote on 23 Sep 07 at 11:57:01:
Those appear to be false-positives as I seem them too for 4 or 5 files on all my servers.
eric wrote on 23 Sep 07 at 12:48:35:
in config file I see this section
# Allow the specified commands to be scripts.
# One command per line (use multiple SCRIPTWHITELIST lines).
#
#SCRIPTWHITELIST=/sbin/ifup
#SCRIPTWHITELIST=/sbin/ifdown
#SCRIPTWHITELIST=/usr/bin/groups
I got errors on those three on my server, Centos-whm driven
as I'm not an expert on this, a good idea to cemmnt out these three lines to avoid the warnings that are according me false ??
thanks
Mickalo wrote on 23 Sep 07 at 13:35:57:
I noticed when running a versioncheck or update, rkhunter just hangs or times out. Is there a problem with their mirrors??
Mickalo
Matt wrote on 23 Sep 07 at 21:56:11:
I'm confused as to what to change in the cron file. I have a line in there that says:
0 8,20 * * * /usr/local/bin/rkhunter --update ; /usr/local/bin/rkhunter -c --cronjob --skip-application-check
What exactly do I need to change? Is it just changing "/usr/local/bin/rkunter" to "/root/rkhunter.sh"?
Thanks!
Chirpy wrote on 23 Sep 07 at 21:58:07:
No, change the whole line to what I suggested in the first post in the root crontab.
Nathan wrote on 24 Sep 07 at 11:07:12:
I've also found the same problem when trying to run an update... just times out.
Mickalo wrote on 25 Sep 07 at 16:41:11:
If anyone is having problems with RKH timing out or just hanging while being executed, besure the IP: 66.35.250.209 is not being blocked. This was the problem we found, causing RKH to not update properly.
Mickalo
Matt C wrote on 25 Sep 07 at 20:50:40:
I don't have a directory called /root/rpms
I'm running CentOs 4 on virtuozzo. Do I need to create this directory or should I find it elsewhere?
Thanks Matt
George wrote on 25 Sep 07 at 21:17:09:
I just installed the update but am confused as I thought there was a different cron line before. Today it is only 0 8,20 * * * /root/rkhunter.sh and I could have sworn it had assorted options last time I looked
Matt Whelan wrote on 01 Oct 07 at 10:28:04:
Chirpy, hasn't the new cron line disappeared from your first post? You give an example of what to change, but there used to be a line showing what to change it to?
Add CommentThis item is closed, it's not possible to add new comments to it or to vote on it
|
Sidebar
|
Ed wrote on 22 Sep 07 at 23:17:13: