CentOS

See the RKH FAQ or rkhunter-users mailing list archive for "ALLOWHIDDENFILE".

I'm no expert but sure you could ditch CUPS that way. Problem is it might return as dependency on upgrade and I have no idea if adding it as an "exclude=cups" yum.conf will work or b0rk upgrading. (You'll have to test that yourself.)

//Bit stale but since it is a 0-reply thread... My problem is that auditd does not accept "*" character. I can watch the whole directory but not only the .conf files. Apparently auditctl doesn't support shell globbing then. Apart from the fact the practice of watching user-owned files seems question...

//Bit old but since it is a 0-reply thread... If I attempt to use the hosts.deny file to ban an IP address - sometimes it doesn't seem to work - and the hacking continues after fail2ban reports the IP is banned. Please use iptables rules (or better: ipset which fail2ban supports) and not tcp_wrapper...

Compromises leaving .IptabLes and .IptabLex binaries (with or without dot) in /, /boot, /etc and or /usr seem to be quite common: http://ubuntuforums.org/showthread.php?t=2226673 http://www.linuxquestions.org/questions/slackware-14/slackware-box-possibly-infected-how-do-i-monitor-tcp-connections-417...

What is the best way to secure CentOS whilst allowing Tomcat to Service http requests? See the CentOS documentation (security, hardening, auditing), use a benchmark (CISecurity, OWASP) and test your setup (OpenVAS?). Wrt Tomcat see its own security documentation and ponder if running it behind a re...

Running the AVC messages through audit2allow yields four rules: allow crond_t local_login_t:file execute; allow unconfined_t local_login_t:file execute; allow xdm_t local_login_t:file execute; allow local_login_t self:file execute_no_trans; basically allowing three domains, including unconfined_t, t...

Please be aware OpenSSH seems intent on removing tcp_wrappers support, as does Fedora. Maybe that could be your cue to investigate alternatives like fail2ban.

We have seen an increasing number of server crashes and after various checks of the logs, (..) installation of ClamAV, LMD and RKHunter (which did find some Trojans and Suspect software), It would have been helpful if you actually posted what it found. I have traced it down to some external Http ac...

Has anyone got any idea whether or not logging from several client machines running auditd can send their audit_log results to a central server? See the 'audisp-remote' plugin? I would prefer to keep all auditing protected from prying eyes Check netstat for the protocol it uses to relay data, then ...