Nils and list Many thanks for this tip and I implemented it immediately!
However there remains the issue of generic releases with different distribution names. Some like CentOS essentially repackage the 'upstream provider' distros while others like SL recompile everything to check. It is particularly useful to know that compilers and other things which web servers don't usually use have actually been verified - and who better to do it than FermiLab and CERN? But it would also be good if RKH could check the MD5s etc for the actual distro. Maybe this is a question for the SL list as I suspect many people use RKH. Best wishes John John Logsdon "Try to make things as simple Quantex Research Ltd, Manchester UK as possible but not simpler" [EMAIL PROTECTED] [EMAIL PROTECTED] +44(0)161 445 4951/G:+44(0)7717758675 www.quantex-research.com On Mon, 4 Jun 2007, Nils Breunese (Lemonbit) wrote: > John Logsdon wrote: > > > I have been using RKH for some time now mainly on a CentOS 4.2 box but > > more recently on a Scientific Linux 5.0 box. Both the systems are of > > course derivatives of RHEL. > > > > On my SL5.0 box I get the following message (RKH 1.2.9): > > > > " > > * Filesystem checks > > Checking /dev for suspicious files... [ OK ] > > Scanning for hidden files... [ Warning! ] > > --------------- > > /etc/.pwd.lock > > /etc/.java /usr/share/man/man1/..1.gz /dev/.udev > > --------------- > > Please inspect: /etc/.java (directory) /usr/share/man/man1/..1.gz > > (gzip > > compressed data, from Unix, max compression) /dev/.udev (directory) > > " > > > > I've checked these out and they all look benign. I can deal with the > > /etc/.pwd.lock issue simply by erasing the file and I am pretty > > sure that > > the others are a symptom of RHEL5.0 inherited by SL5.0. > > There's a nicer way to suppress these warnings. Add (or uncomment) > the following in your rkhunter.conf: > > ALLOWHIDDENDIR=/etc/.java > ALLOWHIDDENDIR=/dev/.udev > ALLOWHIDDENFILE=/usr/share/man/man1/..1.gz > ALLOWHIDDENFILE=/etc/.pwd.lock > > Nils Breunese. > ------------------------------------------------------------------------- This SF.net email is sponsored by DB2 Express Download DB2 Express C - the FREE version of DB2 express and take control of your XML. No limits. Just data. Click to get it now. http://sourceforge.net/powerbar/db2/ _______________________________________________ Rkhunter-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/rkhunter-users
