El Domingo, 21 de Octubre de 2007 07:33, bob.smith@xxxxxxxxxxx escribió: > hi, > well, I found rkhunter, ran it, and it did output a few warnings. Now...I > feel more comfortable knowing about rkhunter, which I did not know before > this thread. > As someone point out in a previus email, running an anti-rootkit is not the final solution and you may not feel the safest person accros the earth, cause you should know that there're quite a lot rootkits that look for the those anti-rootkits, and if they found them the I'd patch then in order to do not show themlselves in the results. > A good thing would be to (for each distro) somehow document what is normal > on a default installation(if such exists). For example the numerous unix > sockets that are in use on my box worried me a lot. Of course they as > someone mentioned "don't leave the system", but that didn't occur to me. > > regarding the /tmp directory, there is an entry /tmp/keyring-something. > Does anyone know what the term keyring means in the security context? Most likely it's always related with the GPG, so nothing to worry about. Manuel. -- Manuel Arostegui Ramirez. Electronic Mail is not secure, may not be read every day, and should not be used for urgent or sensitive issues.