[Logcheck-devel] Bug#511483: logcheck-database: please add rules for rkhunter
Christoph Anton Mitterer
calestyo at scientia.net
Sun Jan 11 14:09:06 UTC 2009
Package: logcheck-database
Severity: wishlist
Hi.
Could you please add rules for rkhunter:
>This email is sent by logcheck. If you no longer wish to receive
>such mails, you can either deinstall the logcheck package or modify
>its configuration file (/etc/logcheck/logcheck.conf).
>
>System Events
>=-=-=-=-=-=-=
> 0 Lines skipped (already processed)
> 0 Patterns to ignore
> 0 Ignored lines
> 1 lcg-lrz-admin Rootkit Hunter: Rootkit hunter check started (version 1.3.2)
> 1 lcg-lrz-admin Rootkit Hunter: Scanning took 2 minutes and 13 seconds
> 1 lcg-lrz-admin Rootkit Hunter: Please inspect this machine, because it may be infected.
So lines like these:
Rootkit Hunter: Rootkit hunter check started (version 1.3.2)
Rootkit Hunter: Scanning took 2 minutes and 13 seconds
could be ignored.
This should give a critical warning:
Rootkit Hunter: Please inspect this machine, because it may be infected.
Perhaps this should also be applied upstream?
Thanks,
Chris.
-- System Information:
Debian Release: 5.0
APT prefers unstable
APT policy: (500, 'unstable')
Architecture: amd64 (x86_64)
Kernel: Linux 2.6.26 (SMP w/4 CPU cores; PREEMPT)
Locale: LANG=en_DE.UTF-8, LC_CTYPE=en_DE.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 5108 bytes
Desc: not available
Url : http://lists.alioth.debian.org/pipermail/logcheck-devel/attachments/20090111/b999c9d9/attachment.bin
More information about the Logcheck-devel
mailing list