Page 2 of 2 FirstFirst 12
Results 11 to 12 of 12

Thread: Log file from rkhunter has warnings

  1. #11
    Join Date
    Dec 2005
    Beans
    1,151
    Distro
    Kubuntu 16.04 Xenial Xerus

    Re: Log file from rkhunter has warnings

    Quote Originally Posted by Habitual View Post
    I wouldn't dismiss rkhunter just yet.
    "To avoid these warnings"

    I run rk w\propupd every time I change something on the systems.
    Example:
    Code:
    apt-get update && apt-get upgrade -y && rkhunter --propupd
    /dev/shm/pulse-shm-2530832173: data appears to pulse audio.
    Any time you update (by adding software/users, software that adds users
    run propupd
    Great, thanks for your help. Handy to know how to address false positives

  2. #12

    Re: Log file from rkhunter has warnings

    Quote Originally Posted by oygle View Post
    Installed rkhunter today and ran a check ..

    Code:
    sudo rkhunter -c
    then viewed the log file. As the size of the logfile is large, will post the warnings
    An un-configured piece of software spitting out "Warnings" is not a false-positive
    Good news: Lots of help.

    First thing I do is address the exclusions (for what is "allowed", or "what I know about")
    Once those are vetted, then it is required to run
    Code:
    rkhunter --propupd
    Once the baseline configuration is dealt with in /etc/rkhunter.conf, then run
    Code:
    rkhunter -C
    to check your edits for errors. If hunter does not complain on the -C (check config) switch,
    then run
    Code:
    rkhunter -c -sk --rwo
    -c is check
    -sk is skip keypress and
    --rwo is Report Warnings Only

    if you don't want an email, after (assuming) you install one... use this
    Code:
    rkhunter -c -sk --rwo --nomow

    I set this for my nightly cron job to update the
    Code:
    0 0 * * * /usr/local/bin/rkhunter --update --nocolrs > /dev/null 2>&1
    https://ubuntuforums.org/showthread.php?t=2330034 has some of this same advice/info for this exact issue

    See also https://www.digitalocean.com/communi...your-linux-vps for some good guidelines.

    and https://help.ubuntu.com/community/St...SSH_Root_Login
    discusses what you should do to prohibit root login via openssh-server.

    I go over this in https://ubuntuforums.org/showthread.php?t=2330034and it discusses the
    APP_WHITELIST= directive in /etc/rkhunter.conf and how to acquire specific settings for your environment.

    this
    Quote Originally Posted by oygle View Post
    Code:
    [16:00:45] Info: No mail-on-warning address configured
    [16:00:45] Info: X will be automatically detected
    is corrected by installing am MTA (mail transport agent), such as postfix or exim

    Postfix is dead simple.
    After you have installed an MTA, edit /etc/rkhunter and use
    Code:
    MAIL-ON-WARNING="you@domain.com" 
    MAIL_CMD=mail -s "[rkhunter] Warnings found for ${HOST_NAME}"
    assumes postfix.

    All of /etc/rkhunter.conf is liberally documented with #commented #examples

    man rkhunter will co-sign what I've said.

    program documentation is in /usr/local/share/doc/rkhunter-1.4.3
    or there abouts.

    Let us know.
    Last edited by Habitual; January 17th, 2018 at 08:21 AM.
    Windows assumes the user is an idiot.
    Linux demands proof.

Page 2 of 2 FirstFirst 12

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •