rkhunter

[Tripple]

My fresh ISPConfig 3.0.1.1 installation keeps warning me with rkhunter.

I receive a simple mail with this line:
Please inspect this machine, because it can be infected

No logfile to inspect so I ran rkhunter again:
# rkhunter -c --createlogfile

2 warnings in the logfile:
WARNING, found: /usr/share/man/man1/..1.gz (gzip compressed data, from Unix, max compression) /dev/.udev (directory)
Warning: root login possible. Change for your safety the 'PermitRootLogin'

I can fix the last warning but what about the first one?

[till]

Never seen the first warning. Did you take a look in the .udev directory?

[Tripple]

Fixed it like this:
https://bugzilla.redhat.com/show_bug.cgi?id=190248

When I run rkhunter, no more errors.
However, I'm still receiving those mails.

[Tripple]

I like to start this old topic again because I can't figure out what the problem is.

Every hour at xx:53 there's a mail to root like this:
Subject: [rkhunter] Warnings found for host@domain
Please inspect this machine, because it can be infected

I can't find any cron job that could cause this so the only way to reproduce this is, I guess, with the command #rkhunter -c --createlogfile, but I can't see any errors in the logfile.

[falko]

What's the output of

Code:

ls -la /etc/cron.hourly

?

[Tripple]

It's empty:

# ls -la /etc/cron.hourly/
totaal 24
drwxr-xr-x 2 root root 4096 apr 19 21:19 .
drwxr-xr-x 103 root root 12288 apr 20 17:16 ..