FAQ Search Today's Posts Mark Forums Read
» Video Reviews

» Linux Archive

Linux-archive is a website aiming to archive linux email lists and to make them easily accessible for linux users/developers.


» Sponsor

» Partners

» Sponsor

Go Back   Linux Archive > Debian > Debian User

 
 
LinkBack Thread Tools
 
Old 01-04-2009, 01:07 PM
Paul Cartwright
 
Default rkhunter --propupd option-SOLVED

On Sun January 4 2009, Paul Cartwright wrote:
> I run rkhunter, and I am getting this message in an email:
> Warning: The O/S name or version has changed since the last run:
> * * * * *Old O/S value: Debian lenny/sid * *New value: Debian 5.0
> * * * * *Because of the change(s) the file properties checks may give some
> false-positive results.
> * * * * *You may need to re-run rkhunter with the '--propupd' option.
>
> yet, when I try that, it says invalid option:
> rkhunter --propupd
> Fatal: Invalid option --propupd
> paulandcilla:/etc# man rkhunter
> paulandcilla:/etc# rkhunter -c --propupd
> Fatal: Invalid option --propupd

hmm,
#/usr/bin/rkhunter worked

# /usr/bin/rkhunter --propupd
[ Rootkit Hunter version 1.3.2 ]
File updated: searched for 153 files, found 132
#rkhunter -c -sk
<SNIP>
System checks summary
=====================

File properties checks...
Files checked: 132
Suspect files: 0

Rootkit checks...
Rootkits checked : 114
Possible rootkits: 0

Applications checks...
Applications checked: 5
Suspect applications: 0

The system checks took: 1 minute and 50 seconds




--
Paul Cartwright
Registered Linux user # 367800
Registered Ubuntu User #12459


--
To UNSUBSCRIBE, email to debian-user-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
 
Old 01-04-2009, 02:06 PM
Ron Johnson
 
Default rkhunter --propupd option-SOLVED

On 01/04/09 08:07, Paul Cartwright wrote:

On Sun January 4 2009, Paul Cartwright wrote:

I run rkhunter, and I am getting this message in an email:


If you're behind a firewall, I don't think that a rk detector is
necessary,



Warning: The O/S name or version has changed since the last run:
Old O/S value: Debian lenny/sid New value: Debian 5.0
Because of the change(s) the file properties checks may give some
false-positive results.
You may need to re-run rkhunter with the '--propupd' option.

yet, when I try that, it says invalid option:
rkhunter --propupd


Was that from root or unpriv user?

$ which rkhunter


Fatal: Invalid option --propupd
paulandcilla:/etc# man rkhunter
paulandcilla:/etc# rkhunter -c --propupd
Fatal: Invalid option --propupd


hmm,
#/usr/bin/rkhunter worked


# which rkhunter

--
Ron Johnson, Jr.
Jefferson LA USA

I like my women like I like my coffee - purchased at above-market
rates from eco-friendly organic farming cooperatives in Latin America.


--
To UNSUBSCRIBE, email to debian-user-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
 
Old 01-04-2009, 03:15 PM
Paul Cartwright
 
Default rkhunter --propupd option-SOLVED

On Sun January 4 2009, Ron Johnson wrote:
> >> yet, when I try that, it says invalid option:
> >> rkhunter --propupd
>
> Was that from root or unpriv user?
as root

>
> $ which rkhunter
>
> >> Fatal: Invalid option --propupd
> >> paulandcilla:/etc# man rkhunter
> >> paulandcilla:/etc# rkhunter -c --propupd
> >> Fatal: Invalid option --propupd
> >
> > hmm,
> > #/usr/bin/rkhunter worked
>
> # which rkhunter

# which rkhunter
/usr/local/bin/rkhunter
paulandcilla:/etc# ls -l /usr/local/bin/rkhunter
-rwx------ 1 root staff 151427 2007-09-17 14:26 /usr/local/bin/rkhunter
paulandcilla:/etc# ls -l /usr/bin/rkhunter
-rwxr-xr-x 1 root root 339189 2008-08-25 13:03 /usr/bin/rkhunter
hmm...
# /usr/local/bin/rkhunter --version
Rootkit Hunter 1.2.9
paulandcilla:/etc# /usr/bin/rkhunter --version
Rootkit Hunter 1.3.2

crontab -l shows:
05 11 * * * /usr/local/bin/rkhunter -c -sk --cronjob



--
Paul Cartwright
Registered Linux user # 367800
Registered Ubuntu User #12459


--
To UNSUBSCRIBE, email to debian-user-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
 
Old 01-05-2009, 10:26 AM
Henrique de Moraes Holschuh
 
Default rkhunter --propupd option-SOLVED

On Sun, 04 Jan 2009, Paul Cartwright wrote:
> # which rkhunter
> /usr/local/bin/rkhunter

You have a local installation of rkhunter that has nothing to do with
Debian, or the Debian package... If you also have the Debian package
installed, it might be the reason for your porblems.

--
"One disk to rule them all, One disk to find them. One disk to bring
them all and in the darkness grind them. In the Land of Redmond
where the shadows lie." -- The Silicon Valley Tarot
Henrique Holschuh


--
To UNSUBSCRIBE, email to debian-user-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
 
Old 01-05-2009, 03:13 PM
Paul Cartwright
 
Default rkhunter --propupd option-SOLVED

On Mon January 5 2009, Henrique de Moraes Holschuh wrote:
> > # which rkhunter
> > /usr/local/bin/rkhunter
>
> You have a local installation of rkhunter that has nothing to do with
> Debian, or the Debian package... * If you also have the Debian package
> installed, it might be the reason for your porblems.

dpkg --list rkhunter shows:
ii rkhunter 1.3.2-6 rootkit, backdoor, sniffer and exploit scann



--
Paul Cartwright
Registered Linux user # 367800
Registered Ubuntu User #12459


--
To UNSUBSCRIBE, email to debian-user-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
 
Old 01-06-2009, 11:01 AM
Firebeam
 
Default rkhunter --propupd option-SOLVED

Paul Cartwright wrote:


dpkg --list rkhunter shows:
ii rkhunter 1.3.2-6 rootkit, backdoor, sniffer and exploit scann


This is the one in /usr/bin, but it's the one in /usr/local/bin that
seems configured as "the one to use", as shown by the output of "which"
and the crontab's content. Maybe some (mis|old ) configuration of
alternatives? Try this check:


update-alternatives --list rkunter

--
FORZA VECCHIO CUORE BIANCOROSSO!
1905 -> 2005 (+3)... la storia continua
---=== Powered by Debian GNU/Linux ===---
(registered Linux user #297134)


--
To UNSUBSCRIBE, email to debian-user-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
 
Old 01-06-2009, 11:21 AM
Paul Cartwright
 
Default rkhunter --propupd option-SOLVED

On Tue January 6 2009, Firebeam wrote:
> > dpkg --list rkhunter shows:
> > ii *rkhunter * * * 1.3.2-6 * * * *rootkit, backdoor, sniffer and exploit
> > scann
>
> This is the one in /usr/bin, but it's the one in /usr/local/bin that
> seems configured as "the one to use", as shown by the output of "which"
> and the crontab's content. Maybe some (mis|old ) configuration of
> alternatives? Try this check:
>
> update-alternatives --list rkunter

# update-alternatives --list rkunter
No alternatives for rkunter.


--
Paul Cartwright


--
To UNSUBSCRIBE, email to debian-user-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
 
Old 01-06-2009, 12:45 PM
Firebeam
 
Default rkhunter --propupd option-SOLVED

Paul Cartwright wrote:


update-alternatives --list rkunter


# update-alternatives --list rkunter
No alternatives for rkunter.


Uh, sorry, it's a typo...

update-alternatives --list rkhunter

I forgot an "h" :-)

--
FORZA VECCHIO CUORE BIANCOROSSO!
1905 -> 2005 (+3)... la storia continua
---=== Powered by Debian GNU/Linux ===---
(registered Linux user #297134)


--
To UNSUBSCRIBE, email to debian-user-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
 
Old 01-06-2009, 01:09 PM
Paul Cartwright
 
Default rkhunter --propupd option-SOLVED

On Tue January 6 2009, Firebeam wrote:
> > # update-alternatives --list rkunter
> > No alternatives for rkunter.
>
> Uh, sorry, it's a typo...
>
> update-alternatives --list rkhunter
>
> I forgot an "h" :-)

and I didn't notice..
# update-alternatives --list rkhunter
No alternatives for rkhunter.

but same results
what I did was copy the newer rkhunter whre the older one was.

--
Paul Cartwright
Registered Linux user # 367800
Registered Ubuntu User #12459


--
To UNSUBSCRIBE, email to debian-user-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
 

Thread Tools




All times are GMT. The time now is 03:41 AM.

VBulletin, Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO ©2007, Crawlability, Inc.
Copyright 2007 - 2008, www.linux-archive.org