similar to: Security Guide for CentOS/RHEL

I think Jim (the other one) is doing a marvellous job with extras and plus but he needs to expand the size of his tent. A sensible package policy in extras/plus repo will mean fewer temptations to install 3rd party repo's that can break your system. Some of the packages i would like to see are :- - MySQL 5 rpms - php 5 rpms (already provided) - Open Office 2.0 rpms - webmin - rkhunter -

Hi, folks, rkhunter is reporting a broken link on one of our servers. This is quite reasonable, since it's on a drive whose controller card I have declared dead the other day. I've been googling, searching in the manpage, and I've done an rkhunter --propupd, but it still finds the broken link. Anyone know how to remove the link from the rkhunter d/b? mark

Hi list, after a bit of struggling I found out how to cleanly install rkhunter ... maybe this is useful for you: * Download rkhunter (I downloaded v 1.2.8) * mv /etc/rpm/platform /root/etc_rpm_platform * setarch i386 rpmbuild -ta --target=i386 rkhunter-1.2.8.tar.gz * mv /root/etc_rpm_platform /etc/rpm/platform * rpm -ivh /usr/src/redhat/RPMS/noarch/rkhunter-1.2.8-1.noarch.rpm * wget

I have not, I'll look into that one, thanks! On 11/14/2019 9:48 AM, SternData wrote: > Do you run rkhunter? > > On 11/14/19 9:40 AM, Christopher Wensink wrote: >> How do you know when a Linux system has been compromised?? >> >> Every day I watch our systems with all the typical tools, ps, top, who, >> I watch firewall / IPS logs, I have logwatch setup and

Can't remember if I posted this before... We're getting warnings from rkhunterWarning: Checking for prerequisites [ Warning ] All file hash checks will be skipped because: This system uses prelinking, but the hash function command does not look like SHA1 or MD5. Now, googling, I find people saying to rm /etc/prelink.cache, then run rkhunter --propupd. Works. And then,

Hello, I am trying to use SNMP on a CentOS 6.2 server, and am using the 'pass_persist' configuration command: pass_persist .1.3.6.1.4.1.141.1 /usr/local/sbin/snmp-iostat I have set the file context of 'snmpd_exec_t' on the snmp-iostat program. If I disable SELinux, then it all works fine (that is, I can then snmpget/snmpwalk for OIDs in the configured pass_persist OID,

Hello, I installed the ClamAV package onto a CentOS 6.3 server using yum. I then modified the /etc/freshclam.conf file to run a perl script whenever the ClamAV databases were updated: OnUpdateExecute /usr/local/bin/xymon_event ... The 'xymon_event' command is used on several servers, and generally works with no problems. However, on this server when the /etc/cron.daily/freshclam script

Hi all, I need to install an anti-rootkid in a lot of servers. I know that there're several options: tripwire, aide, chkrootkit... ?What do you prefer? Obviously, I have to define my needs: - easy setup and configuration - actively developed -- Thanks, Jordi Espasa Clofent

Hi. On one of my servers aide just reported inode changes to a large bunch of files in a variety of directories, e.g. /usr/bin, /usr/sbin etc. This machine sits behind a couple of firewalls and it would be hard to get to. The day before I updated "clam*" and updated the aide database right after that: -rw------- 1 root root 7407412 Sep 26 10:58 aide.db.gz The problem was that the

Hi, I literally have about 36 machines running CentOS on a private network, and will probably change the remaining 30 or so away from Whitebox or RH in the near term. One thing I just noticed was when I tried to search out Tripwire RPM's, that none seemed evident. Can anyone point me in the direction of an Tripwire RPM that works with CentOS 4.3, or advise me on how to create one from the

I've got a CentOS server that crashes due to a bad hard disk. I have got a spare disk and need to format and reinstall CentOS from the SERVER CD. Backup and reinstall is a major PITA because of some of the customisations that I've done e.g. the DNS Server is set to log queries (the default does not do this). Any tips on :- - backing up and reinstalling (is a script available)? - is the

Dear Friends, I am using CENTOS 4.3 - kernel 2.6.9-42.0.2.EL with rkhunter version 1.2.8, but the rkhunter program show me problem on file /bin/kill. I compare files /bin/kill with other CENTOS 4 and it has same size. ====================== SHOE LOG =========================== Rootkit Hunter 1.2.8 is running Mon, 30 Oct 2006 12:56:44 -0200 Determining OS... Ready Checking binaries *

Hello, when one has physical access to a computer, he can run something like tripwire, with keys and checksum on a separate, write-only media, to verify the integrity of the system. What if the system is a remote one (in my case Centos 4.3 on a User Mode Linux VPS some hundred of KMs from here)? Does it still make sense to run tripwire remotely? If yes, how, since you cannot plug a floppy or

Dear all, I am running squid on centos 5.Is there is any tool to calculate number of ip's hit the server for month wise. Even any command to find out the number of hits is also ok. Regards, Lingu

in my prior message, that should be in rkhunter.conf On Wed, Aug 30, 2017 at 11:43 AM, Tony Schreiner <anthony.schreiner at bc.edu> wrote: > This has come up for me on the most recent upgrade, add the line > > HASH_CMD=sha1sum > > On Wed, Aug 30, 2017 at 11:15 AM, <m.roth at 5-cent.us> wrote: > >> Can't remember if I posted this before... We're getting

Starting with a fresh load and after I finish hardening the load following the Center for Internet Security (CIS) guidance, I'm wondering whether AIDE or OSSEC would be a better intrusion detection system. I installed AIDE and did a quick test of AIDE and after initializing the db and applying the recent cups update, I found that 1700+ files had changed. Those are a lot of changes to wade

On Fri, 2015-08-07 at 09:45 -0400, m.roth at 5-cent.us wrote: > Hi, folks, > > rkhunter is reporting a broken link on one of our servers. This is > quite reasonable, since it's on a drive whose controller card I have > declared dead the other day. I've been googling, searching in the > manpage, and I've done an rkhunter --propupd, but it still finds the >

I updated java-1.7.0-openjdk a few hours ago - it *was* listed as a critical security update, and I don't want yelling from rkhunter. The man page tells me I can tell it rkhunter --propupd <package name>... but it doesn't know the name above as a package. Been googling a bit, and cannot find a good example of a package (other than the manpage's coreutil). Anyone got an example,

Hi, I am having interference with my neighbouring wireless networks. Is there a linux tool that enables me to monitor the ESSID, channel, power output and other information for neighbouring wireless networks? I am especially interested in the channel so I can choose a different one. Thank you, Joe

Guidelines for CentOS Mailing List posts * Mailing List Etiquette * How To Ask Questions The Smart Way * Quoting Style * Why is Bottom-posting better than Top-posting 1. Please turn off HTML in your e-mail client for these mailing lists. We have several subscribers who read the list with text only readers and they can't easily read html formatted e-mails. There is a place (somewhere) for