[Rkhunter-users] help me understand errors

Discussion:

[Rkhunter-users] help me understand errors

kel kintz

2016-09-19 05:10:34 UTC

***@kali:~# grep Warning /var/log/rkhunter.log
[23:59:39] Warning: Checking for prerequisites [ Warning ]
[23:59:44] /usr/bin/diff [ Warning ]
[23:59:44] Warning: The file properties have changed:
[23:59:44] /usr/bin/dpkg [ Warning ]
[23:59:44] Warning: The file properties have changed:
[23:59:45] /usr/bin/dpkg-query [ Warning ]
[23:59:45] Warning: The file properties have changed:
[23:59:47] /usr/bin/perl [ Warning ]
[23:59:47] Warning: The file properties have changed:
[23:59:51] /usr/bin/lwp-request [ Warning ]
[23:59:51] Warning: The command '/usr/bin/lwp-request' has been replaced by
a script: /usr/bin/lwp-request: Perl script text executable
[23:59:59] /bin/sed [ Warning ]
[23:59:59] Warning: The file properties have changed:
[00:01:36] Checking if SSH root access is allowed [ Warning ]
[00:01:36] Warning: The SSH and rkhunter configuration options should be
the same:
[00:01:39] Checking for hidden files and directories [ Warning ]
[00:01:39] Warning: Hidden directory found: /etc/.java

***@kali:~# grep -i Warning /var/log/rkhunter.log
[23:59:34] Info: No mail-on-warning address configured
[23:59:35] Info: Using syslog for some logging - facility/priority level is
'authpriv.warning'.
[23:59:39] Warning: Checking for prerequisites [ Warning ]
[23:59:44] /usr/bin/diff [ Warning ]
[23:59:44] Warning: The file properties have changed:
[23:59:44] /usr/bin/dpkg [ Warning ]
[23:59:44] Warning: The file properties have changed:
[23:59:45] /usr/bin/dpkg-query [ Warning ]
[23:59:45] Warning: The file properties have changed:
[23:59:47] /usr/bin/perl [ Warning ]
[23:59:47] Warning: The file properties have changed:
[23:59:51] /usr/bin/lwp-request [ Warning ]
[23:59:51] Warning: The command '/usr/bin/lwp-request' has been replaced by
a script: /usr/bin/lwp-request: Perl script text executable
[23:59:59] /bin/sed [ Warning ]
[23:59:59] Warning: The file properties have changed:
[00:01:36] Checking if SSH root access is allowed [ Warning ]
[00:01:36] Warning: The SSH and rkhunter configuration options should be
the same:
[00:01:39] Checking for hidden files and directories [ Warning ]
[00:01:39] Warning: Hidden directory found: /etc/.java

winds 7 professional 64 bit
Microsoft dream-spark

Al Varnell

2016-09-19 07:53:53 UTC

Iâm not seeing any âErrors" there, just âWarnings.â

Every time you update your system, you should run rkhunter to see what has changed (âThe file properties have changedâ). After you are satisfied that those files were properly updated, run
sudo rkhunter âpropupd
to store the new file properties for comparison the next time you check.

Is /usr/bin/wp-request supposed to be a Perl script with your platform? If so, then you can whitelist it and not see the warning next time.

Is it OK for SSH root access to be allowed on your system? If so, then configure rkhunter to match. If not then change your system configuration to disallow.

Is it OK for /etc/.java to be a hidden file or was it placed there surreptitiously?

-Al-

Post by kel kintz
[23:59:39] Warning: Checking for prerequisites [ Warning ]
[23:59:44] /usr/bin/diff [ Warning ]
[23:59:44] /usr/bin/dpkg [ Warning ]
[23:59:45] /usr/bin/dpkg-query [ Warning ]
[23:59:47] /usr/bin/perl [ Warning ]
[23:59:51] /usr/bin/lwp-request [ Warning ]
[23:59:51] Warning: The command '/usr/bin/lwp-request' has been replaced by a script: /usr/bin/lwp-request: Perl script text executable
[23:59:59] /bin/sed [ Warning ]
[00:01:36] Checking if SSH root access is allowed [ Warning ]
[00:01:39] Checking for hidden files and directories [ Warning ]
[00:01:39] Warning: Hidden directory found: /etc/.java
[23:59:34] Info: No mail-on-warning address configured
[23:59:35] Info: Using syslog for some logging - facility/priority level is 'authpriv.warning'.
[23:59:39] Warning: Checking for prerequisites [ Warning ]
[23:59:44] /usr/bin/diff [ Warning ]
[23:59:44] /usr/bin/dpkg [ Warning ]
[23:59:45] /usr/bin/dpkg-query [ Warning ]
[23:59:47] /usr/bin/perl [ Warning ]
[23:59:51] /usr/bin/lwp-request [ Warning ]
[23:59:51] Warning: The command '/usr/bin/lwp-request' has been replaced by a script: /usr/bin/lwp-request: Perl script text executable
[23:59:59] /bin/sed [ Warning ]
[00:01:36] Checking if SSH root access is allowed [ Warning ]
[00:01:39] Checking for hidden files and directories [ Warning ]
[00:01:39] Warning: Hidden directory found: /etc/.java
winds 7 professional 64 bit
Microsoft dream-spark

Continue reading on narkive:

Search results for '[Rkhunter-users] help me understand errors' (Questions and Answers)

ATHEISTS, please help me understand.....?

started 2009-05-25 09:15:29 UTC

religion & spirituality

Please help me understand evolution?

started 2010-05-29 09:51:02 UTC

i need help to understand girls better?

started 2009-03-04 13:05:19 UTC

Please help me understand how to proofread a document?

started 2009-07-09 12:22:54 UTC

books & authors

Please help me Understand this?

started 2008-04-21 15:56:49 UTC

1 Reply
138 Views
Permalink to this page
Disable enhanced parsing

Thread Navigation

kel kintz 2016-09-19 05:10:34 UTC

Al Varnell 2016-09-19 07:53:53 UTC

about - legalese

Loading...