On Thu, Jan 21, 2010 at 05:37:53PM -0600, Rodolfo Martínez wrote: > Hi Matt, > > rkhunter creates a database (MD5SUM's) of some files, if they change > for any reason, like a system upgrade/update, it will complain about > it. rkhunter should be run again to get the new MD5SUM's. This applies > for any Host Intruder Detection System (HIDS) (i.e. tripwire, AIDE, > etc...).
Ah, thought so, thanks. I think it would be worthwhile thing for systems like AIDE to remove dpkg/rpm checkable files from its checks. Perhaps as an option. > > Anyway, this reminded me of an interesting article on ldd I read the other > > day: > > I did read that article too, but who runs ldd as root? :P Well, me, until recently :-). But only with 'trusted' but bizarrely behaving apps on solaris. But running as root doesn't really matter. A malicious app could just stick an alias for say sudo in your .bashrc or any number of similar things - it's just the start of a possible penetration. Matt -- SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/ Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html