Hi James, > Any one using FCheck on their server care to share info on which > directories to scan. I have > > Directory = /usr/
That's what I usually use as part of the Raqport & Solarspeed security package: Directory = /usr/ Directory = /bin/ Directory = /lib/ Directory = /root/ Directory = /boot/ Directory = /sbin/ Directory = /etc/rc.d/ Directory = /tmp/ #Directory = /opt/ # Remove comment for RaQ4 Exclusion = /root/.mc/ Exclusion = /usr/local/etc/ Exclusion = /usr/local/man/ Exclusion = /usr/local/majordomo/ #Exclusion = /usr/local/psionic/ # uncomment if directory present #Exclusion = /usr/local/demarc/ # uncomment if directory present Exclusion = /usr/admserv/ Exclusion = /usr/admserv/html/.cobalt/ Exclusion = /usr/X11R6/man/ Exclusion = /usr/lib/perl5/man/ Exclusion = /usr/man/ That pretty much covers the system binaries and startscripts. It leaves some important configuration files for the daemons (inetd, bind, ssh) unprotected, though. -- With best regards, Michael Stauber SOLARSPEED.NET _______________________________________________ cobalt-security mailing list [EMAIL PROTECTED] http://list.cobalt.com/mailman/listinfo/cobalt-security
