mail from root

Robert Holtzman holtzm at cox.net
Tue Apr 16 13:13:30 MST 2013 

On Sun, Apr 14, 2013 at 01:14:24PM -0700, Dazed_75 wrote:
> On Sun, Apr 14, 2013 at 12:58 PM, Robert Holtzman <holtzm at cox.net> wrote:
> 
> > On Sat, Apr 13, 2013 at 10:39:04AM -0700, Dazed_75 wrote:
> > > I don't really know enough to give a solid answer.  But since you've had
> > no
> > > responses, I will ask why you think the mails on the desktop are FALSE
> > > positives and why you think they should be occurring on the laptop as
> > > well.
> >
> > The mails on the desktop warn of a rootkit named "Xzibit Rootkit". This
> > has benn gone over in the past on the rkhunter list and the devs have
> > declared them to be false positives. Running rkhunter manually on the
> > laptop
> > gives the same warnings.
> >
> > > In other words, rkhunter on the desktop is saying something has changed
> > in
> > > the two files it is questioning.  Just because you copied the .conf file
> > to
> > > the laptop does not mean the two files on the laptop should be called
> > into
> > > question.
> >
> > I Don't believe I called them into question.
> >
> 
> The two files I was referring to were the files on which you were getting
> the false positives.  But given your clarification above that running
> rkhunter manually on the laptop gives the same false positives changes
> everything.  Now the question becomes whether rkhunter is being run the
> same way on both machines.  IOW, perhaps it is a scheduled job (cron or
> anacron) on the desktop but not on the laptop.  If so, then you would not
> get the daily emails on the laptop.  Or perhaps it IS cronned on the laptop
> but the machine is not ON at the scheduled time.  Just thoughts ...

Damn! That never occurred to me. It makes sense since the desktop is on
24/7 and the laptop is on and off thru the day and off all night. Just
as a check I'll leave it on tonight on AC and see what happens. If I get
mail I'll dive into the cron files. 

Thanks for the tip. I'll keep you posted.

-- 
Bob Holtzman
If you think you're getting free lunch, 
check the price of the beer.
Key ID: 8D549279
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 198 bytes
Desc: Digital signature
URL: <http://lists.phxlinux.org/pipermail/plug-discuss/attachments/20130416/dcab1351/attachment.pgp>

More information about the PLUG-discuss mailing list