rkhunter warning

General Discussion of atomic repo and development projects.

Ask for help here with anything else not covered by other forums.
User avatar
webfeatus
Forum Regular
Forum Regular
Posts: 196
Joined: Wed Jan 13, 2010 9:11 am
Location: Bali

rkhunter warning

Unread post by webfeatus »

Anyone know what I can do about these rkhunter warnings?

Warning: No output found from the lsmod command or the /proc/modules file:
/proc/modules output:
lsmod output:
Warning: The kernel modules directory '/lib/modules' is missing or empty.
Warning: Found passwordless account in shadow file: atomic
They say that good intentions, pave the road to hell;
If a thing is not worth doing, it's not worth doing well.
paulie
Forum User
Forum User
Posts: 76
Joined: Tue Apr 20, 2010 2:49 am

Re: rkhunter warning

Unread post by paulie »

Hi,

The first two look like they're because you're running within Virtuozzo or OpenVZ, so just disable the checks in the rkhunter.conf .

The last one I haven't a clue on I'm afraid,

Paul.
User avatar
mikeshinn
Atomicorp Staff - Site Admin
Atomicorp Staff - Site Admin
Posts: 4149
Joined: Thu Feb 07, 2008 7:49 pm
Location: Chantilly, VA

Re: rkhunter warning

Unread post by mikeshinn »

Warning: The kernel modules directory '/lib/modules' is missing or empty.
You dont have a kernel, so you wont have any modules. You can ignore that (if thats true for you, which if its a virtual system it would be true)
Warning: Found passwordless account in shadow file: atomic
That means you have given us access to the system and that account uses only keys to log in. You can ignore that.
breun
Long Time Forum Regular
Long Time Forum Regular
Posts: 2813
Joined: Sat Aug 20, 2005 9:30 am
Location: The Netherlands

Re: rkhunter warning

Unread post by breun »

Instead of ignoring it (which might be hard if rkhunter is e-mailing you about it every day) you can also disable the tests that check for kernel modules. You'll want to add 'avail_modules' and 'loaded_modules' to DISABLE_TESTS in /etc/rkhunter.conf or leave /etc/rkhunter.conf unmodified and override DISABLE_TESTS in /etc/rkhunter.conf.local (create that file if it doesn't exist yet).

Maybe ASL could disable these tests automatically if it detects a kernel without modules?
Lemonbit Internet Dedicated Server Management
User avatar
webfeatus
Forum Regular
Forum Regular
Posts: 196
Joined: Wed Jan 13, 2010 9:11 am
Location: Bali

Re: rkhunter warning

Unread post by webfeatus »

breun wrote:Maybe ASL could disable these tests automatically if it detects a kernel without modules?
Sounds like a good idea.
They say that good intentions, pave the road to hell;
If a thing is not worth doing, it's not worth doing well.
Post Reply