On Sun, Apr 14, 2013 at 12:58 PM, Robert Holtzman wrote: > On Sat, Apr 13, 2013 at 10:39:04AM -0700, Dazed_75 wrote: > > I don't really know enough to give a solid answer. But since you've had > no > > responses, I will ask why you think the mails on the desktop are FALSE > > positives and why you think they should be occurring on the laptop as > > well. > > The mails on the desktop warn of a rootkit named "Xzibit Rootkit". This > has benn gone over in the past on the rkhunter list and the devs have > declared them to be false positives. Running rkhunter manually on the > laptop > gives the same warnings. > > > In other words, rkhunter on the desktop is saying something has changed > in > > the two files it is questioning. Just because you copied the .conf file > to > > the laptop does not mean the two files on the laptop should be called > into > > question. > > I Don't believe I called them into question. > The two files I was referring to were the files on which you were getting the false positives. But given your clarification above that running rkhunter manually on the laptop gives the same false positives changes everything. Now the question becomes whether rkhunter is being run the same way on both machines. IOW, perhaps it is a scheduled job (cron or anacron) on the desktop but not on the laptop. If so, then you would not get the daily emails on the laptop. Or perhaps it IS cronned on the laptop but the machine is not ON at the scheduled time. Just thoughts ... > > > Are those files present on the laptop and identical in every way > > to the desktop? > > As I said in my post, since I copied the .conf file to a thumb drive and > then via sneakernet to the laptop, I'm unaware of how they would be > different. Am I missing something? If I am I'll run diff on them but > right now I can't see how the copy could change. > > -- > Bob Holtzman > If you think you're getting free lunch, > check the price of the beer. > Key ID: 8D549279 > > -----BEGIN PGP SIGNATURE----- > Version: GnuPG v1.4.10 (GNU/Linux) > > iEYEARECAAYFAlFrCl8ACgkQv5BYD41UknlRFACg07bofjaHaPNqXni9dMKaKQeQ > sjQAn2UkkghqKeCm6M7Qu5Z5zgpDWr2O > =Jf+c > -----END PGP SIGNATURE----- > > --------------------------------------------------- > PLUG-discuss mailing list - PLUG-discuss@lists.phxlinux.org > To subscribe, unsubscribe, or to change your mail settings: > http://lists.phxlinux.org/mailman/listinfo/plug-discuss > -- Dazed_75 a.k.a. Larry Please protect my address like I protect yours. When sending messages to multiple recipients, use the BCC: (Blind carbon copy). Remove addresses from a forwarded message body before clicking Send.