Hello Christian,
On Thu, 11 Mar 2010 23:04:21 +0100 [email protected] wrote:
>On Tue, 2 Feb 2010 at 21:56, [email protected] wrote:
>> Looks like a good addition to me.
>
>It's been a long time, so...what's the process here? Should I
>resend the
>patch to someone special? Or is this still pending review and I
>just have to be patient?
The latter, really. Unlike other projects we're basically a two-man
show...
>>> I could not find a rkhunter routine to check for "suspicious
>>> cronjobs". Would adding such a routine still be within the
>scope
>>> of rkhunter?
>>
>> We could add a test for this one specifically NP.
>
>I was more curious about the general rationale, as I would imagine
that
>*lots* of other malware may be creating suspicious cronjobs as
well.
Actually there's not a lot of malware that does. The last one I
encountered was compromised through the web stack (PHP again of
course) and had the httpd running a cronjob (the OP of course not
having any /etc/cron.{allow,deny}). So since its unexpected and not
something admins would often check it seems reasonable to add such
a check.
Regards,
unSpawn
---
------------------------------------------------------------------------------
Download Intel® Parallel Studio Eval
Try the new software tools for yourself. Speed compiling, find bugs
proactively, and fine-tune applications for parallel performance.
See why Intel Parallel Studio got high marks during beta.
http://p.sf.net/sfu/intel-sw-dev
_______________________________________________
Rkhunter-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/rkhunter-users
