I typically use directives like these in /etc/rkhunter.conf (and a Good Read, so PLEASE DO)
Code:
ALLOWDEVFILE=/dev/.udev/rules.d/root.rules
ALLOWHIDDENDIR=/etc/.java
ALLOWHIDDENDIR=/etc/.udev
ALLOWHIDDENFILE=/dev/.initramfs
SCRIPTWHITELIST=/usr/sbin/adduser
SCRIPTWHITELIST=/usr/bin/ldd
SCRIPTWHITELIST=/usr/bin/lwp-request
SCRIPTWHITELIST=/bin/which
APP_WHITELIST="openssl:1.0.1f gpg:1.4.11 sshd:5.9p1"
You can test the config
Code:
rkhunter --config-check
You can write a log anywhere using
Code:
rkhunter -c -sk -l /path/to/file.log
chrootkit? meh, don't use it. Not updated enough. </opinion>
chkrootkit 0.49 is now available! (Release Date: Thu Jul 30 2009)
chkrootkit 0.50 is now available! (Release Date: Wed Jun 4 2014)
unhide warnings from rkhunter are a non-issue. Happens on brand spanking new systems with rkhunter's default.conf
Once you are certain as can be your system (I wouldn't include chkrootkit results in this decision) is ok as it is, run
then re-run
Code:
rkhunter -c -sk -l /path/to/file.log
check the output for "Warning:" messages.
Let us know.
Bookmarks