On Mon, 2011-10-10 at 14:34 +0100, John Zoidberg wrote: > Hi, > > I noticed that rkhunter is unable to find suspicious setUID files in > /var for example, at least with the default check. > > How can I check for setUID files in specific directories? Or all > directories (although I would prefer to be able to skip some to reduce > scanning time)? > There is no specific test for SUID files. However, you could enable the 'suspscan' test and set the suspscan_dir (I think) to /var. The test can be CPU-intensive and give false positives, but it may do what you want.
John. -- John Horne, Plymouth University, UK Tel: +44 (0)1752 587287 Fax: +44 (0)1752 587001 ------------------------------------------------------------------------------ All the data continuously generated in your IT infrastructure contains a definitive record of customers, application performance, security threats, fraudulent activity and more. Splunk takes this data and makes sense of it. Business sense. IT sense. Common sense. http://p.sf.net/sfu/splunk-d2dcopy1 _______________________________________________ Rkhunter-users mailing list Rkhunter-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/rkhunter-users
