rkhunter (continued)

[bigmacbb63]

Here's the newest message:

[fedora@localhost ~]$ tar xvf rkhunter-1.2.9.tar
tar: rkhunter-1.2.9.tar: Cannot open: No such file or directory
tar: Error is not recoverable: exiting now
[fedora@localhost ~]$ tar xvf rkhunter-1.2.9.tar
tar: rkhunter-1.2.9.tar: Cannot open: No such file or directory
tar: Error is not recoverable: exiting now
[fedora@localhost ~]$ su -
Password:
[root@localhost ~]# tar xvf rkhunter-1.2.9.tar
tar: rkhunter-1.2.9.tar: Cannot open: No such file or directory
tar: Error is not recoverable: exiting now
[root@localhost ~]#

I am having much more patience, please forgive me. I do want to solve this issue but it seems
not possible despite many and varied attempts? I know when I downloaded loaded it; it was a tar from sourceforge. I downloaded it into my fedora user file. But when I try to cd into it and unpack it; it won't work?

Willing to learn something new - bigmac

bigmac

[JN4OldSchool]

mac, when you go to root leave the dash out. This is screwing up your path. Just "su". Then, make sure the tar is in your user's /home. If it is somewhere else you will have to cd (change directory) to that location.

[leigh123linux]

try ( since you last tried they release a newer version )

Code:

su
wget http://mesh.dl.sourceforge.net/sourceforge/rkhunter/rkhunter-1.3.0.tar.gz
tar xvf rkhunter-1.3.0.tar.gz
cd rkhunter-1.3.0
./installer.sh  --layout /usr/local --install

[bigmacbb63]

What am I doing wrong? It's still not working?

[robert@localhost ~]$ su
Password:
[root@localhost robert]# wget http://mesh.dl.sourceforge.net/sourc...r-1.3.0.tar.gz
--15:44:31-- http://mesh.dl.sourceforge.net/sourc...r-1.3.0.tar.gz
=> `rkhunter-1.3.0.tar.gz'
Resolving mesh.dl.sourceforge.net... 213.203.218.122
Connecting to mesh.dl.sourceforge.net|213.203.218.122|:80... connected.
HTTP request sent, awaiting response... 302 Found
Location: http://prdownloads.sourceforge.net/r...ourceforge.net [following]
--15:44:49-- http://prdownloads.sourceforge.net/r...ourceforge.net
=> `rkhunter-1.3.0.tar.gz?download&failedmirror=mesh.dl.sourcef orge.net'
Resolving prdownloads.sourceforge.net... 66.35.250.217
Connecting to prdownloads.sourceforge.net|66.35.250.217|:80... connected.
HTTP request sent, awaiting response... 301 Moved Permanently
Location: http://downloads.sourceforge.net/rkh...ourceforge.net [following]
--15:45:06-- http://downloads.sourceforge.net/rkh...ourceforge.net
=> `rkhunter-1.3.0.tar.gz?download&failedmirror=mesh.dl.sourcef orge.net'
Resolving downloads.sourceforge.net... 66.35.250.203
Connecting to downloads.sourceforge.net|66.35.250.203|:80... connected.
HTTP request sent, awaiting response... 301 Moved Permanently
Location: http://sourceforge.net/projects/rkhu...0-tar-gz/files [following]
--15:45:16-- http://sourceforge.net/projects/rkhu...0-tar-gz/files
=> `files'
Resolving sourceforge.net... 66.35.250.203
Connecting to sourceforge.net|66.35.250.203|:80... connected.
HTTP request sent, awaiting response... 200 OK
Length: unspecified [text/html]

[ <=> ] 12,032 46.42K/s

15:45:32 (46.35 KB/s) - `files' saved [12032]

[root@localhost robert]# tar xvf rkhunter-1.3.0.tar.gz
tar: rkhunter-1.3.0.tar.gz: Cannot open: No such file or directory
tar: Error is not recoverable: exiting now
[root@localhost robert]# cd rkhunter-1.3.0
bash: cd: rkhunter-1.3.0: No such file or directory
[root@localhost robert]#

Thanks for your help -still very frustrated!!!

bigmac

[Seve]

Hello bigmac:
Here is a rpm that you can download
to install
yum localinstall --nogpgcheck rkhunter-1.3.0-1.noarch.rpm
http://rapidshare.com/files/62832983...oarch.rpm.html

To start the app, from a terminal type
su -

rkhunter

Seve

[aleph]

Quote:

Originally Posted by bigmacbb63

[root@localhost robert]# tar xvf rkhunter-1.3.0.tar.gz
tar: rkhunter-1.3.0.tar.gz: Cannot open: No such file or directory
tar: Error is not recoverable: exiting now
[root@localhost robert]# cd rkhunter-1.3.0
bash: cd: rkhunter-1.3.0: No such file or directory
[root@localhost robert]#

Thanks for your help -still very frustrated!!!

bigmac

this should be :

Code:

tar zxvf rkhunter-1.3.0.tar.gz

[leigh123linux]

Quote:

Originally Posted by aleph

this should be :

Code:

tar zxvf rkhunter-1.3.0.tar.gz

It works for me as is

Code:

[root@localhost ~]# wget http://mesh.dl.sourceforge.net/sourceforge/rkhunter/rkhunter-1.3.0.tar.gz
--10:56:04--  http://mesh.dl.sourceforge.net/sourceforge/rkhunter/rkhunter-1.3.0.tar.gz
           => `rkhunter-1.3.0.tar.gz.1'
Resolving mesh.dl.sourceforge.net... 213.203.218.122
Connecting to mesh.dl.sourceforge.net|213.203.218.122|:80... connected.
HTTP request sent, awaiting response... 200 OK
Length: 252,011 (246K) [application/x-tar]

100%[====================================>] 252,011      554.17K/s             

10:56:05 (553.63 KB/s) - `rkhunter-1.3.0.tar.gz.1' saved [252011/252011]

[root@localhost ~]# tar xvf rkhunter-1.3.0.tar.gz
rkhunter-1.3.0/
rkhunter-1.3.0/files/
rkhunter-1.3.0/files/contrib/
rkhunter-1.3.0/files/contrib/README.txt
rkhunter-1.3.0/files/contrib/rkhunter_remote_howto.txt
rkhunter-1.3.0/files/contrib/run_rkhunter.sh
rkhunter-1.3.0/files/ACKNOWLEDGMENTS
rkhunter-1.3.0/files/CHANGELOG
rkhunter-1.3.0/files/FAQ
rkhunter-1.3.0/files/LICENSE
rkhunter-1.3.0/files/README
rkhunter-1.3.0/files/WISHLIST
rkhunter-1.3.0/files/backdoorports.dat
rkhunter-1.3.0/files/check_modules.pl
rkhunter-1.3.0/files/check_port.pl
rkhunter-1.3.0/files/check_update.sh
rkhunter-1.3.0/files/defaulthashes.dat
rkhunter-1.3.0/files/filehashmd5.pl
rkhunter-1.3.0/files/filehashsha1.pl
rkhunter-1.3.0/files/md5blacklist.dat
rkhunter-1.3.0/files/mirrors.dat
rkhunter-1.3.0/files/os.dat
rkhunter-1.3.0/files/programs_bad.dat
rkhunter-1.3.0/files/programs_good.dat
rkhunter-1.3.0/files/readlink.sh
rkhunter-1.3.0/files/rkhunter
rkhunter-1.3.0/files/rkhunter.8
rkhunter-1.3.0/files/rkhunter.conf
rkhunter-1.3.0/files/rkhunter.spec
rkhunter-1.3.0/files/showfiles.pl
rkhunter-1.3.0/files/stat.pl
rkhunter-1.3.0/files/suspscan.dat
rkhunter-1.3.0/files/development/
rkhunter-1.3.0/files/development/createfilehashes.pl
rkhunter-1.3.0/files/development/createhashes.sh
rkhunter-1.3.0/files/development/createhashesall.sh
rkhunter-1.3.0/files/development/i18nchk
rkhunter-1.3.0/files/development/osinformation.sh
rkhunter-1.3.0/files/development/rpmhashes.sh
rkhunter-1.3.0/files/development/rpmprelinkhashes.sh
rkhunter-1.3.0/files/development/search_dead_sysmlinks.sh
rkhunter-1.3.0/files/i18n/
rkhunter-1.3.0/files/i18n/cn
rkhunter-1.3.0/files/i18n/en
rkhunter-1.3.0/files/testing/
rkhunter-1.3.0/files/testing/rkhunter.conf
rkhunter-1.3.0/files/testing/rootkitinfo.txt
rkhunter-1.3.0/files/testing/stringscanner.sh
rkhunter-1.3.0/files/tools/
rkhunter-1.3.0/files/tools/README
rkhunter-1.3.0/files/tools/update_client.sh
rkhunter-1.3.0/files/tools/update_server.sh
rkhunter-1.3.0/installer.sh
[root@localhost ~]# cd rkhunter-1.3.0
[root@localhost rkhunter-1.3.0]# ./installer.sh  --layout /usr/local --install

Checking system for: 
 Rootkit Hunter installer files: found. OK
 Available file retrieval tools: 
    wget: found. OK
Starting installation/update

Checking PREFIX /usr/local: exists, and is writable. OK
Checking installation directories:
 Directory /usr/local/share/doc/rkhunter-1.3.0: creating: OK.
 Directory /usr/local/share/man/man8: exists, and is writable. OK
 Directory /usr/local/etc: exists, and is writable. OK
 Directory /usr/local/bin: exists, and is writable. OK
 Directory /usr/local/lib64: exists, and is writable. OK
 Directory /var/lib: exists, and is writable. OK
 Directory /usr/local/lib64/rkhunter/scripts: creating: OK.
 Directory /var/lib/rkhunter/db: creating: OK.
 Directory /var/lib/rkhunter/tmp: creating: OK.
 Directory /var/lib/rkhunter/db/i18n: creating: OK.
 Installing check_modules.pl: OK.
 Installing check_update.sh: OK.
 Installing check_port.pl: OK.
 Installing filehashmd5.pl: OK.
 Installing filehashsha1.pl: OK.
 Installing showfiles.pl: OK.
 Installing stat.pl: OK.
 Installing readlink.sh: OK.
 Installing backdoorports.dat: OK.
 Installing mirrors.dat: OK.
 Installing os.dat: OK.
 Installing programs_bad.dat: OK.
 Installing programs_good.dat: OK.
 Installing defaulthashes.dat: OK.
 Installing md5blacklist.dat: OK.
 Installing suspscan.dat: OK.
 Installing rkhunter.8: OK.
 Installing ACKNOWLEDGMENTS: OK.
 Installing CHANGELOG: OK.
 Installing FAQ: OK.
 Installing LICENSE: OK.
 Installing README: OK.
 Installing WISHLIST: OK.
 Installing language support files: OK.
 Installing rkhunter: OK.
 Installing rkhunter.conf: OK.
Installation finished.
[root@localhost rkhunter-1.3.0]# rkhunter

Usage: rkhunter {--check | --update | --propupd | --versioncheck |
                 --list [tests | languages | rootkits] |
                 --version | --help} [options]

Current options are:
         --append-log                  Append to the logfile, do not overwrite
         --bindir <directory>...       Use the specified command directories
     -c, --check                       Check the local system
  --cs2, --color-set2                  Use the second color set for output
         --configfile <file>           Use the specified configuration file
         --cronjob                     Run as a cron job
                                       (implies -c, --sk and --nocolors options)
         --dbdir <directory>           Use the specified database directory
         --debug                       Debug mode
                                       (Do not use unless asked to do so)
         --disable <test>[,<test>...]  Disable specific tests
                                       (Default is to disable no tests)
         --display-logfile             Display the logfile at the end
         --enable  <test>[,<test>...]  Enable specific tests
                                       (Default is to enable all tests)
         --hash {MD5 | SHA1 | NONE |   Use the specified file hash function
                 <command>}            (Default is SHA1)
     -h, --help                        Display this help menu, then exit
 --lang, --language <language>         Specify the language to use
                                       (Default is English)
         --list [tests | languages |   List the available test names, languages,
                 rootkits]             or checked for rootkits, then exit
     -l, --logfile [file]              Write to a logfile
                                       (Default is /var/log/rkhunter.log)
         --noappend-log                Do not append to the logfile, overwrite it
         --nocolors                    Use black and white output
         --nolog                       Do not write to a logfile
--nomow, --no-mail-on-warning          Do not send a message if warnings occur
   --ns, --nosummary                   Do not show the summary of check results
 --novl, --no-verbose-logging          No verbose logging
         --pkgmgr {RPM | DPKG | BSD |  Use the specified package manager to obtain or
                   NONE}               verify file hash values. (Default is NONE)
         --propupd                     Update the file properties database
     -q, --quiet                       Quiet mode (no output at all)
  --rwo, --report-warnings-only        Show only warning messages
     -r, --rootdir <directory>         Use the specified root directory
   --sk, --skip-keypress               Don't wait for a keypress after each test
         --summary                     Show the summary of system check results
                                       (This is the default)
         --syslog [facility.priority]  Log the check start and finish times to syslog
                                       (Default level is authpriv.notice)
         --tmpdir <directory>          Use the specified temporary directory
         --update                      Check for updates to database files
   --vl, --verbose-logging             Use verbose logging (on by default)
     -V, --version                     Display the version number, then exit
         --versioncheck                Check for latest version of program
     -x, --autox                       Automatically detect if X is in use
     -X, --no-autox                    Do not automatically detect if X is in use

[root@localhost rkhunter-1.3.0]#

[bigmacbb63]

It still didn't work and I did exactly as you said?
Is there any other way to install this?

bigmac

[bigmacbb63]

this is the latest it won't work!

[robert@localhost ~]$ su rkhunter
su: user rkhunter does not exist
[robert@localhost ~]$ su -
Password:
[root@localhost ~]# rkhunter
-bash: rkhunter: command not found
[root@localhost ~]#
[root@localhost ~]# yum localinstall --nogpgcheck rkhunter-1.3.0-1.noarch.rpm
Setting up Local Package Process
Cannot open file: rkhunter-1.3.0-1.noarch.rpm. Skipping.
Nothing to do
[root@localhost ~]#

What is going on?

[bigmacbb63]

As you can see from the latest it still doesn't work and I am doing it correctly?

[robert@localhost ~]$ su
Password:
[root@localhost robert]# [robert@localhost ~]$ su rkhunter
bash: [robert@localhost: command not found
[root@localhost robert]# su: user rkhunter does not exist
bash: su:: command not found
[root@localhost robert]# [robert@localhost ~]$ su -
bash: [robert@localhost: command not found
[root@localhost robert]# Password:
bash: Password:: command not found
[root@localhost robert]# [root@localhost ~]# rkhunter
bash: [root@localhost: command not found
[root@localhost robert]# -bash: rkhunter: command not found
bash: -bash:: command not found
[root@localhost robert]# [root@localhost ~]#
bash: [root@localhost: command not found
[root@localhost robert]# [root@localhost ~]# yum localinstall --nogpgcheck rkhunter-1.3.0-1.noarch.rpm
bash: [root@localhost: command not found
[root@localhost robert]# Setting up Local Package Process
bash: Setting: command not found
[root@localhost robert]# Cannot open file: rkhunter-1.3.0-1.noarch.rpm. Skipping.
bash: Cannot: command not found
[root@localhost robert]# Nothing to do
bash: Nothing: command not found
[root@localhost robert]# [root@localhost ~]#
bash: [root@localhost: command not found
[root@localhost robert]#

[leigh123linux]

try

Code:

su -
wget http://www.linux-ati-drivers.homecall.co.uk/rkhunter-1.3.0-1.noarch.rpm
yum --nogpgcheck localinstall rkhunter-1.3.0-1.noarch.rpm
rkhunter

[bigmacbb63]

It worked I can't believe it! Thank you so very much! This is wonderful.

You guys here in the forum are so incredible. Thank you for your grace and mercy on me.
I am a very impatient man and that is a terrible trait.

Again - thank you,

bigmac

[bigmacbb63]

Does anybody know how to fix this?

Performing system configuration file checks
Checking for SSH configuration file [ Found ]
Checking if SSH root access is allowed [ Warning ]
Checking if SSH protocol v1 is allowed [ Not allowed ]
Checking for running syslog daemon [ Found ]
Checking for syslog configuration file [ Warning ]

Performing filesystem checks
Checking /dev for suspicious file types [ Warning ]
Checking for hidden files and directories [ Warning ]

I would be so grateful for any help I could get.

Thanks - bigmac

[HughA]

Gudday,

The change that rkhunter is looking for in SSH is as follows:

current working directory = /etc/ssh
==========================================
sdiff -sw80 sshd_config sshd_config.orig
PermitRootLogin no <
==========================================

As shown, the output is from 'sdiff', so the text on the left of the 'less than' sign has been added to /etc/ssh/sshd_config. Disabling remote root logins is more secure (that is, of course, assuming that sshd is running on your system, and that SSH is allowed in through your firewall).

There are a few other handy SSH security tweaks, but making the above change will keep rkhunter happy. Don't forget to back up the original version of your configuration file before making any changes ;-)

I'm not sure what rkhunter is looking for vis-a-vis syslog configuration.

Regards,
Hugh

[kurtdriver]

And now that it works you can set it to run automatically.
To set up rkhunter as a cronjob use cron. the manual is at
[you@yourbox~]$man cron
[you@yourbox~]$man crontab you can set it up to run monthly daily, or hourly.
I'd run rkhunter --update monthly and rkhunter --check daily, every 5 hours? No idea.
Good Luck! Kurt