Mailinglist Archive: opensuse (3618 mails)

< Previous Next >
Re: [opensuse] rkhunter related question
  • From: Russ Fineman <russbucket@xxxxxxx>
  • Date: Sun, 25 Jan 2009 19:19:19 -0800
  • Message-id: <200901251919.19228.russbucket@xxxxxxx>
On Sunday 25 January 2009 06:55:39 pm Russ Fineman wrote:
I'm getting the following warns from rkhuner. I know you can white list
them, etc.
My question is: how does the everyday user know if the command script
found
is a valid warning or a valid change that should be white listed?

Thanks for any help.
--
Russ
Forgot to attach messages:
Warning: The command '/usr/bin/ldd' has been replaced by a script: /usr/
bin/ldd: Bourne-Again shell script text

Warning: The command '/sbin/chkconfig' has been replaced by a script: /s
bin/chkconfig: a /usr/bin/perl script text

[11:23:37] Warning: The command '/sbin/ifup' has been replaced by a script:
/sbin/i
fup: Bourne-Again shell script text

Warning: Suspicious file types found in /dev:
[11:24:41] /dev/shm/sysconfig/ifup-eth0: ASCII text
[11:24:41] /dev/shm/sysconfig/if-eth0: ASCII text
[11:24:41] /dev/shm/sysconfig/ifup-lo: ASCII text
[11:24:41] /dev/shm/sysconfig/if-lo: ASCII text
[11:24:41] /dev/shm/sysconfig/network: ASCII text
[11:24:42] /dev/shm/sysconfig/config-lo: ASCII text
[11:24:42] /dev/shm/sysconfig/config-eth0: ASCII text
[11:24:42] /dev/shm/sysconfig/new-stamp-2: ASCII text
[11:24:42] Checking for hidden files and directories [ Warning ]
[11:24:42] Warning: Hidden directory found: /dev/.udev

--
Russ
--
To unsubscribe, e-mail: opensuse+unsubscribe@xxxxxxxxxxxx
For additional commands, e-mail: opensuse+help@xxxxxxxxxxxx

< Previous Next >
References