Re: [rkhunter] coyote.coyote.den - Daily report

To: debian-user@lists.debian.org
Subject: Re: [rkhunter] coyote.coyote.den - Daily report
From: Dejan Jocic <jodejka@gmail.com>
Date: Tue, 28 Nov 2017 13:20:52 +0100
Message-id: <[🔎] 20171128122052.7dojfb2qe5dkqcri@ddeb.ddeb.net>
In-reply-to: <[🔎] 201711272145.41401.gheskett@shentel.net>
References: <E1eJPBV-0004pp-2s@coyote.coyote.den> <[🔎] 201711271656.15144.gheskett@shentel.net> <[🔎] 27112017223605.a3678315bc33@desktop.copernicus.org.uk> <[🔎] 201711272145.41401.gheskett@shentel.net>

On 27-11-17, Gene Heskett wrote:
> On Monday 27 November 2017 17:39:45 Brian wrote:
> 
> > On Mon 27 Nov 2017 at 16:56:15 -0500, Gene Heskett wrote:
> > > On Monday 27 November 2017 15:57:34 Brian wrote:
> > > > On Mon 27 Nov 2017 at 15:46:55 -0500, Gene Heskett wrote:
> > > > > On Monday 27 November 2017 14:35:17 root wrote:
> > > > >
> > > > > Installed new firefox-esr yesterday, from the wheezy repos.
> > > > > Today, rkhunter has a cow:
> > > >
> > > > [rkhunter nonsense snipped]
> > > >
> > > > > How should I restore?
> > > >
> > > > Restore what?
> > >
> > > An obviously contaminated firefox-esr. Or whatever in this list is
> > > contaminated: Its to complete list from the last wheezy update.
> > >
> > > Turns out that rkhunter looked over firefox-esr on its previous run
> > > and apparently gave it a passing grade. So I have to assume its
> > > something in yesterdays list:
> >
> > [Long list snipped]
> >
> > I'd ignore it. Better still, purge rkhunter from the system. It is
> > renowned for giving false positives. There is no well-substantiated
> > account of it ever discovering anything of consequence.
> 
That is terrible advice. If you do not understand it, purge it and
warnings will be gone. That rkhunter is approved, tested and well used
and recommended tool by some security experts is of no value at all.

> Thats another possibility, I get tired of its mewling about stuff thats 
> normal here. I use amanda, so yes, xinetd is in use, and other similar 
> crap. I am amazed it doesn't fuss about ~/gene/bin/mailwatcher, which is 
> my coupling between fetchmail and kmail.
> 
> Cheers, Gene Heskett
> -- 
> "There are four boxes to be used in defense of liberty:
>  soap, ballot, jury, and ammo. Please use in that order."
> -Ed Howdershelt (Author)
> Genes Web page <http://geneslinuxbox.net:6309/gene>
> 

If you are tired of its "mewling about stuff thats normal here" then do
something about it. Rkhunter has conf file where you can whitelist that
stuff.

All that rkhunter did was its job. He issued you warnings about some
stuff that according to its conf file is suspicious. Now, it is on you
to investigate that and see if those warnings  are serious, or not.

Reply to:

Follow-Ups:
- Re: [rkhunter] coyote.coyote.den - Daily report
  - From: Michael Stone <mstone@debian.org>

References:
- Re: [rkhunter] coyote.coyote.den - Daily report
  - From: Gene Heskett <gheskett@shentel.net>
- Re: [rkhunter] coyote.coyote.den - Daily report
  - From: Brian <ad44@cityscape.co.uk>
- Re: [rkhunter] coyote.coyote.den - Daily report
  - From: Gene Heskett <gheskett@shentel.net>

Prev by Date: Re: software to do drawings of houses, gardens, etc.
Next by Date: Re: [rkhunter] coyote.coyote.den - Daily report
Previous by thread: Re: [rkhunter] coyote.coyote.den - Daily report
Next by thread: Re: [rkhunter] coyote.coyote.den - Daily report
Index(es):
- Date
- Thread