Tanstaafl wrote:
[...]
> So, I'm wondering... what checks do others run? Which are the most
> reliable/effective, but minimize false positives?
Well, Mr. "No Free Lunch", that's sort of a personal decision.
The thing is to understand exactly what the test you run is
checking for. As with any test there are benefits to taking it,
and there are benefits to not taking it. I suggest that you ask
yourself these questions:
What does this test look for?
How vulnerable do I consider myself to be to this sort
of compromise or attack?
How likely do I consider a false positive?
How likely do I consider a false negative?
What action would I take if I got a false positive?
What action would I take if I got a true positive?
In regards to that last question, my answer to the test for
"your software is too old in the opinion of the tool", my
answer is "I do nothing", so I don't run that test. I was just
ignoring the positives, but it just got to be too annoying.
In re "TANSTAAFL", just remember, any time government gives you
something, it had to take it away from someone else, first.
Mike
--
p="p=%c%s%c;main(){printf(p,34,p,34);}";main(){printf(p,34,p,34);}
Oppose globalization and One World Governments like the UN.
This message made from 100% recycled bits.
You have found the bank of Larn.
I speak only for myself, and I am unanimous in that!
------------------------------------------------------------------------------
Join us December 9, 2009 for the Red Hat Virtual Experience,
a free event focused on virtualization and cloud computing.
Attend in-depth sessions from your desk. Your couch. Anywhere.
http://p.sf.net/sfu/redhat-sfdev2dev
_______________________________________________
Rkhunter-users mailing list
Rkhunter-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/rkhunter-users
