On Tue, 2007-05-01 at 16:36 +0200, Erik RSCALOVER wrote: > > Yeah but couldn't that abused then i mean if a server is comprised > that feature could be modified to show as "securerd" while it is > actually not secure in that case so a server admin is not > (immediathly) suspicious about it just a thought. > Yes, it could be abused. However, pretty much all of RKH can be abused. All that is required is to replace RKH with a script that returns 'OK' or whatever on the screen without actually doing anything! Alternatively, someone just modifies the programs_good.dat file to include all the known unsecure application numbers. RKH then shows your application as 'OK'. Whitelisting application versions is no more unsecure than most of RKH.
Having said that, it must be remembered that RKH only indicates that something has changed. The application version check is a bit different (it is a lookup based on the version number), and that for one reason is why I don't like it. RKH does not guarantee in any way that your system is secure, but simply that something has changed. Guaranteeing the system security is your job. > GnuPG is the latest one for my os as seen here > https://rhn.redhat.com/errata/RHSA-2007-0106.html those messages are > annoying > With version 1.2.9 you can use the '--skip-application-check' option to disable the check completely. John. -- --------------------------------------------------------------- John Horne, University of Plymouth, UK Tel: +44 (0)1752 233914 E-mail: [EMAIL PROTECTED] Fax: +44 (0)1752 233839 ------------------------------------------------------------------------- This SF.net email is sponsored by DB2 Express Download DB2 Express C - the FREE version of DB2 express and take control of your XML. No limits. Just data. Click to get it now. http://sourceforge.net/powerbar/db2/ _______________________________________________ Rkhunter-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/rkhunter-users
