this message says that some application on your system has put your network card in ‘promiscuous’ mode – a mode in which it intercepts all network packets, even if they are not intended for it. This is suspicious, because under normal circumstances the network card shouldn’t be running in this mode. However, many applications do this on purpose (for example, traffic analyzers).

To confirm what network card is running in this mode, try running (as root) ‘promisc_check’ in console. This will display you the information about what network card is currently running in this mode.

Next time i will try the –help trick before open my big mouth

Now, focusing on the “profiles”. Maybe can be useful grant to the sysadmin create his own profile. I explain: If a sysadmin selects the “desktop” profile, but needs some fine tunning, after apply changes will be a great option save these changes to re-use (i.e. deploying a large amount of machines) in another installation. So, the idea is implement a “Load/Save” advanced settings or something else..

Thanks for all these msec improvements.

There’s a particular point that I’d like to see improved. It’s the way msec is dealing with the /net special autofs mount point. This special directory is used when configured in /etc/autofs/auto.master as a special mount point that is able to mount every NFS servers’ exported file systems. For example, /net/an-nfs-server/export1 is mounting the /export1 FS of the NFS server named an-nfs-server. The problem is that, even if the NFS mount is auto-unmounted after a given time, the /net/an-nfs-server/export1 mount point stays on the client until the next restart of the autofs service. And, when msec is performing its checks, every remote FS that has been mounted since the last restart of autofs (e.g. since the system is up), are automatically re-mounted, and the checks go across the remote FS…

IMHO, msec should consider /net as an exception, at least if we ensure that autofs is using it for that particular purpose.

As your server does not receives user-generated content, nor has php scripts, it is less likely to be compromised by a php exploit or something like that.

But on the other hand, if you don’t have that much files, you could use the “webserver” level and just run most periodic checks daily.

I run a server (with Mandriva, of course!) with Apache, proftpd, ssh and nx. I don’t use php nor cgi’s, so Apache simply sends totally static webpages. Now, the question: which level do you recommend me? I’m unsure if “webserver” level is the one for me, or I’d rather make a personal one.

Thank you in advance! motitos