On Wed, 2011-07-20 at 11:37 +0100, Arthur Dent wrote:
> Hello All,
>
> I have a couple of Java applications running on this machine. A bit of
> googling has shown me that when they run they create a file called
> hsperfdata_{USER}/{NUMBER} which apparently helps with performance
> somehow. The location of this file is (again, apparently) hard-coded
> as /tmp/.
>
> RKHunter doesn't like these files.
>
> Warning: File '/tmp/hsperfdata_root/954' (score: 230) contains some
> suspicious content and should be checked.
> Warning: File '/tmp/hsperfdata_root/954' (score: 230) contains some
> suspicious content and should be checked.
>
> Note that the same file is reported twice for some reason...
>
> So how best to deal with these?
>
I don't think you can. The warnings come from the 'suspscan' test which
is not enabled by default because it is cpu intensive and may produce
false-positives. There is no mechanism (that I can think of) for
whitelisting entries from that test.
You could, of course, disable the test. Alternatively you could set the
maximum threshold score below 230, but that may well lead to other
suspicious files not being detected.
John.
--
John Horne Tel: +44 (0)1752 587287
University of Plymouth, UK Fax: +44 (0)1752 587001
------------------------------------------------------------------------------
10 Tips for Better Web Security
Learn 10 ways to better secure your business today. Topics covered include:
Web security, SSL, hacker attacks & Denial of Service (DoS), private keys,
security Microsoft Exchange, secure Instant Messaging, and much more.
http://www.accelacomm.com/jaw/sfnl/114/51426210/
_______________________________________________
Rkhunter-users mailing list
Rkhunter-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/rkhunter-users
