Russ Fineman wrote:
On Sunday 25 January 2009 06:55:39 pm Russ Fineman wrote:
I'm getting the following warns from rkhuner. I know you can white list them, etc. My question is: how does the everyday user know if the command script found is a valid warning or a valid change that should be white listed?
Thanks for any help. -- Russ Forgot to attach messages: Warning: The command '/usr/bin/ldd' has been replaced by a script: /usr/ bin/ldd: Bourne-Again shell script text
Warning: The command '/sbin/chkconfig' has been replaced by a script: /s bin/chkconfig: a /usr/bin/perl script text
[11:23:37] Warning: The command '/sbin/ifup' has been replaced by a [script: /sbin/i fup: Bourne-Again shell script text
Warning: Suspicious file types found in /dev: [11:24:41] /dev/shm/sysconfig/ifup-eth0: ASCII text [11:24:41] /dev/shm/sysconfig/if-eth0: ASCII text [11:24:41] /dev/shm/sysconfig/ifup-lo: ASCII text [11:24:41] /dev/shm/sysconfig/if-lo: ASCII text [11:24:41] /dev/shm/sysconfig/network: ASCII text [11:24:42] /dev/shm/sysconfig/config-lo: ASCII text [11:24:42] /dev/shm/sysconfig/config-eth0: ASCII text [11:24:42] /dev/shm/sysconfig/new-stamp-2: ASCII text [11:24:42] Checking for hidden files and directories [ Warning ] [11:24:42] Warning: Hidden directory found: /dev/.udev
Thanks, I'll add the check method to my list of tech tips I keep. Patrick mentioned that rootkit will not detect some of these problems. Is there another program you would recommend instead of rkhunter to to supplement it?? Thanks to all who responded. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org