rkhunter warning

webfeatus · **Posted:** Tue Nov 15, 2011 6:05 pm

Anyone know what I can do about these rkhunter warnings?

Warning: No output found from the lsmod command or the /proc/modules file:
/proc/modules output:
lsmod output:
Warning: The kernel modules directory '/lib/modules' is missing or empty.
Warning: Found passwordless account in shadow file: atomic

paulie · **Joined:** Tue Apr 20, 2010 2:49 am **Posts:** 74

Hi,

The first two look like they're because you're running within Virtuozzo or OpenVZ, so just disable the checks in the rkhunter.conf .

The last one I haven't a clue on I'm afraid,

Paul.

mikeshinn · **Posted:** Tue Nov 15, 2011 6:32 pm

Quote:

Warning: The kernel modules directory '/lib/modules' is missing or empty.

You dont have a kernel, so you wont have any modules. You can ignore that (if thats true for you, which if its a virtual system it would be true)

Quote:

Warning: Found passwordless account in shadow file: atomic

That means you have given us access to the system and that account uses only keys to log in. You can ignore that.

breun · **Posted:** Tue Nov 15, 2011 6:57 pm

Instead of ignoring it (which might be hard if rkhunter is e-mailing you about it every day) you can also disable the tests that check for kernel modules. You'll want to add 'avail_modules' and 'loaded_modules' to DISABLE_TESTS in /etc/rkhunter.conf or leave /etc/rkhunter.conf unmodified and override DISABLE_TESTS in /etc/rkhunter.conf.local (create that file if it doesn't exist yet).

Maybe ASL could disable these tests automatically if it detects a kernel without modules?

webfeatus · **Posted:** Sun Jan 27, 2013 9:08 am

breun wrote:

Maybe ASL could disable these tests automatically if it detects a kernel without modules?

Sounds like a good idea.

rkhunter warning

Who is online