On Mon, 10 Oct 2011 20:43:20 +0100, John Horne wrote about Re: [Rkhunter-users] How can I check for setUID files in specific directories?:
>On Mon, 2011-10-10 at 14:34 +0100, John Zoidberg wrote: >> Hi, >> >> I noticed that rkhunter is unable to find suspicious setUID files in >> /var for example, at least with the default check. >> >> How can I check for setUID files in specific directories? Or all >> directories (although I would prefer to be able to skip some to reduce >> scanning time)? >> >There is no specific test for SUID files. However, you could enable the >'suspscan' test and set the suspscan_dir (I think) to /var. The test can >be CPU-intensive and give false positives, but it may do what you want. The msec package in Mandriva Linux and Mageia will find them throughout the system and write the result to logs, as well as any changes to the md5sum of each file on the list. Ciao, =Dick Gevers= ------------------------------------------------------------------------------ All the data continuously generated in your IT infrastructure contains a definitive record of customers, application performance, security threats, fraudulent activity and more. Splunk takes this data and makes sense of it. Business sense. IT sense. Common sense. http://p.sf.net/sfu/splunk-d2dcopy1 _______________________________________________ Rkhunter-users mailing list Rkhunter-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/rkhunter-users
