You are not logged in.

Pages: 1

#1 2007-10-08 20:37:11

sacarde
Member
Registered: 2006-07-14
Posts: 389

chkrootkit and rkhunter on PowerPC

hi,
   I installed chkrootkit (and rkhunter from aur) on my powerpc

I havent found rootkit running chkrootik
but I have found warning running rkhunter:

Checking for prerequisites                               [ Warning]
/bin/egrep                                               [ Warning ]
/bin/fgrep                                               [ Warning ]
/usr/bin/ldd                                             [ Warning ]
/usr/bin/whatis                                          [ Warning ]
/usr/sbin/adduser                                        [ Warning ]
Checking for enabled xinetd services                     [ Warning ]
Checking if SSH root access is allowed                   [ Warning ]
Checking if SSH protocol v1 is allowed                   [ Warning ]
Checking for syslog configuration file                   [ Warning ]
Checking for hidden files and directories                [ Warning ]


what I have to do ?



thankyou

Offline

#2 2007-10-09 07:56:31

pooflinger
Member
From: Sweden
Registered: 2007-10-05
Posts: 53

Re: chkrootkit and rkhunter on PowerPC

To see more detail for these warnings you can check /var/log/rkhunter.log. I run it as "rkhunter --check --rwo" for a cleaner output. The reason rkhunter gives warnings is that it isn't "tuned" to Arch "default" install. For example adduser is supposed to be a script in Arch, not an executable. When I ran rkhunter a few days after install I got a somewhat serious warning about modifications in /etc/passwd where the user "Pierre Schmitz" had mysteriously existed and disappeared. Turns out Pierre is an Arch developer and he probably had an accout on the system before it was packaged up for distribution smile

Offline

#3 2007-10-09 08:05:21

sacarde
Member
Registered: 2006-07-14
Posts: 389

Re: chkrootkit and rkhunter on PowerPC

I view that all warning are:

Warning: The command '/usr/bin/........ has been replaced by a script: /usr/bin/.......: Bourne shell script text executable

is it a archlinux feature ?

why ?

Offline

#4 2007-10-09 09:10:21

pooflinger
Member
From: Sweden
Registered: 2007-10-05
Posts: 53

Re: chkrootkit and rkhunter on PowerPC

I'm not the best person to answer this question and I hope someone with more kowledge of Arch joins this discussion. Anyhoo...

As far as I know the 'adduser' funtionality is only a comfortable way to add users. You could do it just as well by editing /etc/passwd, /etc/shadow, /etc/group and similar files plus add a homedir. Most distributions have gone the way of automating this in different ways, and rkhunter isn't aware of the way Arch does this. A point could be made that rkhunters repo maintainer should fix this, or maybe the rkhunter devs, but that's up to ones expectations. I woudn't consider the functionality broken though.

Last edited by pooflinger (2007-10-09 09:13:36)

Offline

Pages: 1

Board footer

Powered by FluxBB