Mailinglist Archive: opensuse (3618 mails)

< Previous Next >
[opensuse] Re: rkhunter related question
  • From: upscope <russbucket@xxxxxxx>
  • Date: Mon, 26 Jan 2009 09:20:58 -0800
  • Message-id: <glkrdq$ukp$1@xxxxxxxxxxxxx>
Russ Fineman wrote:

On Sunday 25 January 2009 06:55:39 pm Russ Fineman wrote:
I'm getting the following warns from rkhuner. I know you can white list
them, etc.
My question is: how does the everyday user know if the command script
found
is a valid warning or a valid change that should be white listed?

Thanks for any help.
--
Russ
Forgot to attach messages:
Warning: The command '/usr/bin/ldd' has been replaced by a script: /usr/
bin/ldd: Bourne-Again shell script text

Warning: The command '/sbin/chkconfig' has been replaced by a script: /s
bin/chkconfig: a /usr/bin/perl script text

[11:23:37] Warning: The command '/sbin/ifup' has been replaced by a
[script:
/sbin/i
fup: Bourne-Again shell script text

Warning: Suspicious file types found in /dev:
[11:24:41] /dev/shm/sysconfig/ifup-eth0: ASCII text
[11:24:41] /dev/shm/sysconfig/if-eth0: ASCII text
[11:24:41] /dev/shm/sysconfig/ifup-lo: ASCII text
[11:24:41] /dev/shm/sysconfig/if-lo: ASCII text
[11:24:41] /dev/shm/sysconfig/network: ASCII text
[11:24:42] /dev/shm/sysconfig/config-lo: ASCII text
[11:24:42] /dev/shm/sysconfig/config-eth0: ASCII text
[11:24:42] /dev/shm/sysconfig/new-stamp-2: ASCII text
[11:24:42] Checking for hidden files and directories [ Warning ]
[11:24:42] Warning: Hidden directory found: /dev/.udev

Thanks, I'll add the check method to my list of tech tips I keep.

Patrick mentioned that rootkit will not detect some of these problems. Is
there another program you would recommend instead of rkhunter to to
supplement it??

Thanks to all who responded.


--
To unsubscribe, e-mail: opensuse+unsubscribe@xxxxxxxxxxxx
For additional commands, e-mail: opensuse+help@xxxxxxxxxxxx

< Previous Next >