Joh*_*lia 9 linux rkhunter debian-squeeze
我从 rkhunter 收到以下错误。我最近将我的服务器从 lenny 升级到了挤压,这可能导致了问题。如何解决此问题或隐藏错误消息?
Warning: The modules file '/proc/modules' is missing.
Warning: Suspicious file types found in /dev:
/dev/shm/network/ifstate: ASCII text
Warning: Hidden directory found: /dev/.udev
我也没有收到第二封电子邮件:Please inspect this machine, because it may be infected.请问有人能指出我正确的方向来找出这些错误的原因吗?
qua*_*nta 14
首先,它们只是警告,而不是错误。
Warning: The modules file '/proc/modules' is missing.
rkhunter正在尝试检查内核模块,但无法检查,因为该文件/proc/modules不存在。您可以通过更改以下行来禁用测试:
DISABLE_TESTS="suspscan hidden_procs deleted_files packet_cap_apps"
到:
DISABLE_TESTS="suspscan hidden_procs deleted_files packet_cap_apps os_specific"
关于第二个警告:
Warning: Suspicious file types found in /dev:
/dev/shm/network/ifstate: ASCII text
如果/dev/shm/network/ifstate是已知好的文件,您可以通过在 中添加以下行将其列入白名单/etc/rkhunter.conf:
ALLOWDEVFILE=/dev/shm/network/ifstate
关于第三行:
Warning: Hidden directory found: /dev/.udev
与上面类似,为避免此警告,您可以重新配置rkhunter以忽略此目录:
ALLOWHIDDENDIR=/dev/.udev