On Wed, 2011-07-20 at 11:51 +0100, John Horne wrote:
> On Wed, 2011-07-20 at 11:37 +0100, Arthur Dent wrote:
> > Hello All,
> >
> > I have a couple of Java applications running on this machine. A bit of
> > googling has shown me that when they run they create a file called
> > hsperfdata_{USER}/{NUMBER} which apparently helps with performance
> > somehow. The location of this file is (again, apparently) hard-coded
> > as /tmp/.
> >
> > RKHunter doesn't like these files.
> >
> > Warning: File '/tmp/hsperfdata_root/954' (score: 230) contains some
> > suspicious content and should be checked.
> > Warning: File '/tmp/hsperfdata_root/954' (score: 230) contains some
> > suspicious content and should be checked.
> >
> > Note that the same file is reported twice for some reason...
> >
> > So how best to deal with these?
> >
> I don't think you can. The warnings come from the 'suspscan' test which
> is not enabled by default because it is cpu intensive and may produce
> false-positives. There is no mechanism (that I can think of) for
> whitelisting entries from that test.
>
> You could, of course, disable the test. Alternatively you could set the
> maximum threshold score below 230, but that may well lead to other
> suspicious files not being detected.
> OK John, I was afraid of that... So - live with it then... Thanks for your help. Much appreciated. Mark
signature.asc
Description: This is a digitally signed message part
------------------------------------------------------------------------------ 10 Tips for Better Web Security Learn 10 ways to better secure your business today. Topics covered include: Web security, SSL, hacker attacks & Denial of Service (DoS), private keys, security Microsoft Exchange, secure Instant Messaging, and much more. http://www.accelacomm.com/jaw/sfnl/114/51426210/
_______________________________________________ Rkhunter-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/rkhunter-users
