On Sat, 24 Sep 2011 06:04:24 +0200 John Connor <judge...@gmx.de> wrote:
The most important thing is to know about what you run and Rootkit Hunter (RKH) is no exception. RKH comes with documentation (README, FAQ, manual page), there's common examples in rkhunter.conf and users have contributed to the rkhunter-users mailing list archives. So by reading the documentation and the configuration file and searching the archives you will find out *how* to check and confirmation *if* it is a false positive or not. >[12:15:21] Warning: The command '(..)' has been replaced by a script: (..) script text executable Common false positive: check by listing contents of a trusted package from a trusted distribution repository. See SCRIPTWHITELIST examples in rkhunter.conf. >[12:16:21] Warning: Suspicious file types found in /dev: Common false positive. More difficult to get verification right because file naming scheme may be a ruse. (Would require near real- time checking of opened files using say inotify, loggedfs or auditd.) Find examples, based on naming scheme, in rkhunter.conf, see ALLOWDEVFILE. >[12:16:22] Warning: Application '(..)', version '(..)', is out of date, and possibly a security risk. The application check is of no use where distro's backport fixes and can be disabled if you (auto)update your OS timely. Regards, unSpawn --- ------------------------------------------------------------------------------ All of the data generated in your IT infrastructure is seriously valuable. Why? It contains a definitive record of application performance, security threats, fraudulent activity, and more. Splunk takes this data and makes sense of it. IT sense. And common sense. http://p.sf.net/sfu/splunk-d2dcopy2 _______________________________________________ Rkhunter-users mailing list Rkhunter-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/rkhunter-users
