Micah Anderson wrote on 08/06/2006 15:52: > Sven Mueller wrote: > >>>Julien Valroff wrote on 07/06/2006 18:23: >>> >>>>May you please explain what is the /etc/.serial.conf.old file? >>>>I cannot find any reference to this file. Is this a file *you* have >>>>chosen to rename? >>> >>>I'm not sure. I might once have renamed it. However, I'm not sure why >>>rkhunter warns about it. The file itself is harmless (just an old copy >>>of the /etc/serial.conf it seems). > > The point of the rkhunter warning is that it found a file with a . > prefix in an unlikely location. This is a common tactic for hackers to > conceal directories or files using dot files (especially dot directories > with spaces in them, or ... which is hard to spot). So any uncommon dot > file it finds it is going to suspect.
This is a valid argument. However, if doing so, rkhunter should probably allow the local sysadmin to somehow specify overrides (like: don't warn about /etc/.serial.conf.old or don't warn about SSH root logins being allowed). Getting a mail every day with the same warnings can get quite annoying ;-) And in my case, even the sshd root-login warning doesn't make much sense: sshd is only bound to a specific IP which is only reachable from one other computer: It's failover peer. Regards, Sven
signature.asc
Description: OpenPGP digital signature
