That sounds very interesting as the SL5 machine in question is firewalled down to just a couple of trusted IP numbers. apf reports no attacks at all on it these days so it should be pretty immune whereas before apf-ing there were used to be the usual kiddie-script debris clogging up the log files.
Presumably the MD5 check is against the installed RPMs so it is assumed that these were correctly downloaded or installed from the CD. Or can it access the yum or debian repositories as appropriate? I will download 1.3.whatever it is later in the week when I have a moment and try it for size. Will the new version set the /var/rkhunter/* directories 0700 as well - I noticed that they were not in 1.2.9:-). Mind you I need to clean up all the global reads that are not needed or wanted... I don't know any distro that does this properly. Best wishes John John Logsdon "Try to make things as simple Quantex Research Ltd, Manchester UK as possible but not simpler" [EMAIL PROTECTED] [EMAIL PROTECTED] +44(0)161 445 4951/G:+44(0)7717758675 www.quantex-research.com On Mon, 4 Jun 2007, John Horne wrote: > On Mon, 2007-06-04 at 15:24 +0100, John Logsdon wrote: > > > > But it would also be good if RKH could check the MD5s etc for the actual > > distro. Maybe this is a question for the SL list as I suspect many people > > use RKH. > > > Next release has (some) support for package managers. For RPM-based > systems, this allows RKH to use the info from the RPM database as to > whether the file hash value is correct or not. Support is there for > Debian and BSD systems as well. But it does need testing :-) Get it from > CVS if you want to try it out. > > > John. > > -- > --------------------------------------------------------------- > John Horne, University of Plymouth, UK Tel: +44 (0)1752 233914 > E-mail: [EMAIL PROTECTED] Fax: +44 (0)1752 233839 > > ------------------------------------------------------------------------- > This SF.net email is sponsored by DB2 Express > Download DB2 Express C - the FREE version of DB2 express and take > control of your XML. No limits. Just data. Click to get it now. > http://sourceforge.net/powerbar/db2/ > _______________________________________________ > Rkhunter-users mailing list > [email protected] > https://lists.sourceforge.net/lists/listinfo/rkhunter-users > ------------------------------------------------------------------------- This SF.net email is sponsored by DB2 Express Download DB2 Express C - the FREE version of DB2 express and take control of your XML. No limits. Just data. Click to get it now. http://sourceforge.net/powerbar/db2/ _______________________________________________ Rkhunter-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/rkhunter-users
