I have been using RKH for some time now mainly on a CentOS 4.2 box but more recently on a Scientific Linux 5.0 box. Both the systems are of course derivatives of RHEL.
On my SL5.0 box I get the following message (RKH 1.2.9): " * Filesystem checks Checking /dev for suspicious files... [ OK ] Scanning for hidden files... [ Warning! ] --------------- /etc/.pwd.lock /etc/.java /usr/share/man/man1/..1.gz /dev/.udev --------------- Please inspect: /etc/.java (directory) /usr/share/man/man1/..1.gz (gzip compressed data, from Unix, max compression) /dev/.udev (directory) " I've checked these out and they all look benign. I can deal with the /etc/.pwd.lock issue simply by erasing the file and I am pretty sure that the others are a symptom of RHEL5.0 inherited by SL5.0. The SL5.0 MD5 sums check out with the SL installation OK (SL recompile everything anyway) so I am not concerned but it does generate a warning message which can be misleading, especially if another (more) valid warning message is generated... So in the RKH configuration, is it possible for aliases to be created so that CentOS, SL (and others) are treated as valid clones of RHEL? Best wishes John John Logsdon "Try to make things as simple Quantex Research Ltd, Manchester UK as possible but not simpler" [EMAIL PROTECTED] [EMAIL PROTECTED] +44(0)161 445 4951/G:+44(0)7717758675 www.quantex-research.com ------------------------------------------------------------------------- This SF.net email is sponsored by DB2 Express Download DB2 Express C - the FREE version of DB2 express and take control of your XML. No limits. Just data. Click to get it now. http://sourceforge.net/powerbar/db2/ _______________________________________________ Rkhunter-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/rkhunter-users
