[Logcheck-devel] Bug#511483: logcheck-database: please add rules for rkhunter

Christoph Anton Mitterer calestyo at scientia.net
Sun Jan 11 14:09:06 UTC 2009


Package: logcheck-database
Severity: wishlist

Hi.

Could you please add rules for rkhunter:
>This email is sent by logcheck. If you no longer wish to receive
>such mails, you can either deinstall the logcheck package or modify
>its configuration file (/etc/logcheck/logcheck.conf).
>
>System Events
>=-=-=-=-=-=-=
>       0 Lines skipped (already processed)
>       0 Patterns to ignore
>       0 Ignored lines
>       1 lcg-lrz-admin Rootkit Hunter: Rootkit hunter check started (version 1.3.2)
>       1 lcg-lrz-admin Rootkit Hunter: Scanning took 2 minutes and 13 seconds
>       1 lcg-lrz-admin Rootkit Hunter: Please inspect this machine, because it may be infected.

So lines like these:
Rootkit Hunter: Rootkit hunter check started (version 1.3.2)
Rootkit Hunter: Scanning took 2 minutes and 13 seconds
could be ignored.

This should give a critical warning:
Rootkit Hunter: Please inspect this machine, because it may be infected.


Perhaps this should also be applied upstream?

Thanks,
Chris.


-- System Information:
Debian Release: 5.0
  APT prefers unstable
  APT policy: (500, 'unstable')
Architecture: amd64 (x86_64)

Kernel: Linux 2.6.26 (SMP w/4 CPU cores; PREEMPT)
Locale: LANG=en_DE.UTF-8, LC_CTYPE=en_DE.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash

-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 5108 bytes
Desc: not available
Url : http://lists.alioth.debian.org/pipermail/logcheck-devel/attachments/20090111/b999c9d9/attachment.bin 


More information about the Logcheck-devel mailing list