Re: mail from root

Top Page
This message is part of the following thread:
Mthe complete thread tree sorted by date
MDazed_75 at <-
MRobert Holtzman at ->
Attachments:
Message as email
+ (text/plain)
+ signature.asc (application/pgp-signature)
+ (text/plain)
Delete this message
Reply to this message
Author: Robert Holtzman
Date:  
To: plug-discuss
Subject: Re: mail from root
On Sun, Apr 14, 2013 at 01:14:24PM -0700, Dazed_75 wrote:
> On Sun, Apr 14, 2013 at 12:58 PM, Robert Holtzman <> wrote:
>
> > On Sat, Apr 13, 2013 at 10:39:04AM -0700, Dazed_75 wrote:
> > > I don't really know enough to give a solid answer. But since you've had
> > no
> > > responses, I will ask why you think the mails on the desktop are FALSE
> > > positives and why you think they should be occurring on the laptop as
> > > well.
> >
> > The mails on the desktop warn of a rootkit named "Xzibit Rootkit". This
> > has benn gone over in the past on the rkhunter list and the devs have
> > declared them to be false positives. Running rkhunter manually on the
> > laptop
> > gives the same warnings.
> >
> > > In other words, rkhunter on the desktop is saying something has changed
> > in
> > > the two files it is questioning. Just because you copied the .conf file
> > to
> > > the laptop does not mean the two files on the laptop should be called
> > into
> > > question.
> >
> > I Don't believe I called them into question.
> >
>
> The two files I was referring to were the files on which you were getting
> the false positives. But given your clarification above that running
> rkhunter manually on the laptop gives the same false positives changes
> everything. Now the question becomes whether rkhunter is being run the
> same way on both machines. IOW, perhaps it is a scheduled job (cron or
> anacron) on the desktop but not on the laptop. If so, then you would not
> get the daily emails on the laptop. Or perhaps it IS cronned on the laptop
> but the machine is not ON at the scheduled time. Just thoughts ...

Damn! That never occurred to me. It makes sense since the desktop is on
24/7 and the laptop is on and off thru the day and off all night. Just
as a check I'll leave it on tonight on AC and see what happens. If I get
mail I'll dive into the cron files.

Thanks for the tip. I'll keep you posted.

--
Bob Holtzman
If you think you're getting free lunch,
check the price of the beer.
Key ID: 8D549279
---------------------------------------------------
PLUG-discuss mailing list -
To subscribe, unsubscribe, or to change your mail settings:
http://lists.phxlinux.org/mailman/listinfo/plug-discuss
This message was posted to the following mailing lists:
Plug Discuss
Mailing List Info | Nearby Messages		<-Re: reiserfs reliabilityRe: xbmc versus wascily wabbit tv->
Some Mailing List Archive administrated by UnconfiguredLurker (version 2.3)