#25 RkHunter and '/.. ' directories

closed-later
Rkhunter (37)
5
2011-02-10
2011-01-30
Neill Jones
No

Hello,

I sent this to Michael Boelen and he suggested I repost it here ...

We've just found an exploit on our machine thanks to rkhunter (thank you very much) and now I understand the way it was hidden what I'm suggesting here isn't needed for me. But maybe it would help other people starting off?

The suggestion is that when you say you've found hidden files enclose them in quotes so any spaces that are in there are visible.

We had a message saying inspect /sbin/.. which I did and couldn't see anything wrong. However of course it was '/sbin/.. ' and I didn't notice the space. However with the quotes (or maybe even a warning for this, or '. ' or other tricks stating there is a hidden space) I would have understood the problem quicker.

Anyway just a suggestion. Thanks again for the great tool

Best regards

Neill Jones

Discussion

  • John Horne

    John Horne - 2011-02-10

    Thanks for reporting this. Yes I agree completely that spaces should be made more 'visible' when reporting filenames. Unfortunately rkhunter does not handle filenames with spaces in them too well. This is something that will be looked into, and as part of that the reporting of such filenames will ensure that the name is quoted.

     
  • John Horne

    John Horne - 2011-02-10
    • assigned_to: nobody --> jhorne
    • status: open --> closed-later
     

Log in to post a comment.

Get latest updates about Open Source Projects, Conferences and News.

Sign up for the SourceForge newsletter:





No, thanks