Hello Dan, On Tue, 20 Oct 2015 00:35:33 +0200 "Dogsbody" <d...@dogsbody.org> wrote: >Still loving rkhunter Always nice to hear.
>Before I whitelist this entry, can anyone tell me why rkhunter is >flagging this up? Is there any reason that 666 permissions under >this size are ok or non 666 permissions above this size? > >Just looking for a bit of history regarding this check if >possible. It seems rather arbitrary :-) Please see "Ebury Root Kit" nfo: http://plog.sesse.net/blog/tech/2011-11-15-21- 44_ebury_a_new_ssh_trojan.html http://www.webhostingtalk.com/showthread.php?t=1235797 https://isc.sans.edu/diary/SSHD+rootkit+in+the+wild/15229 http://www.welivesecurity.com/2014/02/21/an-in-depth-analysis-of- linuxebury/ Regards, unSpawn --- ------------------------------------------------------------------------------ _______________________________________________ Rkhunter-users mailing list Rkhunter-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/rkhunter-users
