Package: rkhunter Version: 1.4.6-11 Severity: normal In /etc/rkhunter.conf, normally arguments that are allowed to be wildcards are documented as such. Reading the source, ALLOWPROMISCIF is interpreted as a regular expression, but nothing mentions that it is a RE.
Perhaps wording in /etc/rkhunter.conf could be (there's no precedent for REs mentioned in /etc/rkhunter.conf, and a quick look through the source tells me everything else is either literal or glob): # # Allow the specified network interfaces to be in promiscuous mode. # # This is a space-separated list of interface names, specified as # regular expressions as interpreted by awk. The option may be # specified more than once. # # The default value is the null string. # -- System Information: Debian Release: 12.11 APT prefers oldstable-updates APT policy: (500, 'oldstable-updates'), (500, 'oldstable-security'), (1, 'oldstable') Architecture: amd64 (x86_64) Foreign Architectures: i386 Kernel: Linux 6.11.5+bpo-amd64 (SMP w/16 CPU threads; PREEMPT) Kernel taint flags: TAINT_OOT_MODULE, TAINT_UNSIGNED_MODULE Locale: LANG=en_AU.UTF-8, LC_CTYPE=en_AU.UTF-8 (charmap=UTF-8), LANGUAGE not set Shell: /bin/sh linked to /usr/bin/dash Init: systemd (via /run/systemd/system) LSM: AppArmor: enabled Versions of packages rkhunter depends on: ii binutils 2.40-2 ii debconf [debconf-2.0] 1.5.82 ii file 1:5.44-3 ii lsof 4.95.0-1 ii net-tools 2.10-0.1+deb12u2 ii perl 5.36.0-7+deb12u2 ii ucf 3.0043+nmu1+deb12u1 Versions of packages rkhunter recommends: ii bsd-mailx [mailx] 8.1.2-0.20220412cvs-1 ii curl 7.88.1-10+deb12u12 ii e2fsprogs 1.47.0-2 ii iproute2 6.1.0-3 ii mailutils [mailx] 1:3.15-4 ii postfix [mail-transport-agent] 3.7.11-0+deb12u1 ii unhide 20220611-1 ii unhide.rb 22-6 ii wget 1.21.3-1+deb12u1 Versions of packages rkhunter suggests: ii liburi-perl 5.17-1 ii libwww-perl 6.68-1 ii powermgmt-base 1.37 -- Configuration Files: /etc/rkhunter.conf changed [not included] -- debconf information: rkhunter/cron_db_update: true rkhunter/apt_autogen: true rkhunter/cron_daily_run: true

