On Sun, 21 Sep 2008 00:48:08 +0200 Daniel González Gasull <[EMAIL PROTECTED]> wrote: >I think they are legit, but I'm not a security expert and I don't know >the purpose of every single file and directory in my system. How do >you decide if a file or directory is legit?
You don't have to be a "security expert" to find out. Like your fellow RKH users pointed out in the rkhunter.conf you'll see some commented out hints for commonly found entities to be whitelisted. If your distribution comes with a package manager you can use that to query it for entities. Some package managers allow you to also verify the integrity of packages, or better: package contents. Searching the rkhunter-users mailing list archive or searching the 'net for similar topics could also help. You can also use utilities like 'file', 'strings' and a visual editor to inspect entities. Finally the integrity of your distribution can be verified otherwise, for instance using a file integrity checker (Aide, Samhain, Osiris, Integrit, et cetera) you configured after installing your OS, that second opinion could also be used to help decide if an entity needs further investigation or not. Regards, unSpawn --- -- Enhance your home's curb appeal with name brand shutters. Click now. http://tagline.hushmail.com/fc/Ioyw6h4dZrjJAh8SY0QYRdPbPKmLFIIi6DYpoUXIaiasMx0MtvKTc8/ ------------------------------------------------------------------------- This SF.Net email is sponsored by the Moblin Your Move Developer's challenge Build the coolest Linux based applications with Moblin SDK & win great prizes Grand prize is a trip for two to an Open Source event anywhere in the world http://moblin-contest.org/redirect.php?banner_id=100&url=/ _______________________________________________ Rkhunter-users mailing list Rkhunter-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/rkhunter-users
