我从rkhunter收到以下错误。我最近将服务器从lenny升级到挤压状态,这可能是造成问题的原因。如何解决此问题或隐藏错误消息?
Warning: The modules file '/proc/modules' is missing.
Warning: Suspicious file types found in /dev:
/dev/shm/network/ifstate: ASCII text
Warning: Hidden directory found: /dev/.udev
我也没有收到第二封电子邮件:Please inspect this machine, because it may be infected.请问有人能指出正确的方向吗?
Answers:
首先,它们只是警告,不是错误。
Warning: The modules file '/proc/modules' is missing.
rkhunter正在尝试检查内核模块,但是无法执行,因为文件/proc/modules不存在。您可以通过更改以下行来禁用测试:
DISABLE_TESTS="suspscan hidden_procs deleted_files packet_cap_apps"
至:
DISABLE_TESTS="suspscan hidden_procs deleted_files packet_cap_apps os_specific"
关于第二个警告:
Warning: Suspicious file types found in /dev:
/dev/shm/network/ifstate: ASCII text
如果/dev/shm/network/ifstate是已知的好文件,则可以通过在中添加以下行将其列入白名单/etc/rkhunter.conf:
ALLOWDEVFILE=/dev/shm/network/ifstate
关于第三行:
Warning: Hidden directory found: /dev/.udev
与上述类似,为避免此警告,您可以重新配置rkhunter以忽略此目录:
ALLOWHIDDENDIR=/dev/.udev