How do you whitelist files for chkrootkit
I ran chkrootkit and got
Code:
Searching for suspicious files and dirs, it may take a while... The following suspicious files and directories were found: Code:
IGNORE="/usr/lib/jvm/.java-1.6.0-openjdk-amd64.jinfo" OH. |
As far as I'm aware Chkrootkit doesn't come with a "/etc/chkrootkit.conf" so this must be functionality either you or your distribution has added. Apart from that Chkrootkit hasn't been updated in ages.
|
...and it doesn't come with a 'man page' either. What it does have is a 'README' file in, eg, /usr/share/doc/packages/chkrootkit, and that has, for example
Quote:
Just as an example, something like 'rkthunter' has, on the same distro, a last update date of 28 Jan 2013, so there is quite a difference. |
Quote:
Thanks, OH. |
Maybe it's time to step back and first review the security posture of your machine as a whole?
Like in what services do you run? What risks do you (think you) run? How do you protect the machine, users and data? Something for a new thread?.. |
Quote:
I run a web site using a Linux-based DMZ where the web server runs Ubuntu 11.4 and the app. server runs Debian 7.0. I aim to limit my ports to 80 and 443. Both servers are protected by maldet, iptables, rkhunter and chkrootkit. On the app server I also have Snort, WireShark and Samhain. The sort of things I wish to prevent are spyware, root kits, DOS attacks and hackers reverse engineering my executables. Thanks, OH. |
Quote:
Quote:
Quote:
Long story short: a gill of preventive measures is worth more than a pint of cure. |
Quote:
Quote:
Quote:
Quote:
Code:
$ ps -aux | grep logwatch Code:
$ fail2ban-client start Quote:
Quote:
Quote:
Quote:
Quote:
Thank you so much for your very helpful information, OH |
Quote:
Quote:
Quote:
Quote:
Quote:
Quote:
Quote:
Quote:
Quote:
Quote:
Quote:
Quote:
|
Sorry about my slow reply. I have been working on the issues that you mentioned. There is one question I have about something I am working on just now.
Quote:
Thanks, OH. |
First of all you'll realize this will be an atrociously slow process, that the intent of posts can only be analyzed by a human user understanding the context in which comments are made and that this process should be made unnecessary by preventive measures and early warnings, right? IIRC there's a RBL-like extension for iptables called "packetbl", might look into that. (EDIT: as in method because of the nfnetlink_queue / libnetfilter_queue stuff it uses.)
|
sorry delete this message
|
Quote:
Thanks, OH. |
Quote:
|
Quote:
Code:
[**] [1:2012648:3] ET POLICY Dropbox Client Broadcasting [**] OH. |
All times are GMT -5. The time now is 02:53 PM. |