On Wed, 2007-05-02 at 21:57 +0100, Colin J Thomson - G6AVK wrote: > Hi, > > I have just been trying the current (todays) CVS of rkhunter and I like the > new changes and additions, however I noticed 5 of these "new" warnings in the > log: > > rkhunter --check --skipkeypress --configfile /etc/rkhunter.conf > > Snip... > > [21:42:46] /usr/bin/groups [ Warning ] > [21:42:46] Warning: The command '/usr/bin/groups' has been replaced by a > script: /usr/bin/groups: Bourne shell script text executable > > Just one example, > Fully updated FC6 box. Has anyone else noticed these, or have an idea what > they, I am digging around the Docs/Changelog but not found anything just yet. > It's part of the script replacement check. RKH checks to see if any commands have been replaced by scripts. The exceptions, like 'groups' above, can be whitelisted - look in the rkhunter.conf file.
>From the CHANGELOG: Script replacement check now checks for any type of script (perl, awk, etc). Previous versions only checked for shell scripts. Commands which are supposed to be scripts can be whitelisted in the configuration file. John. -- --------------------------------------------------------------- John Horne, University of Plymouth, UK Tel: +44 (0)1752 233914 E-mail: [EMAIL PROTECTED] Fax: +44 (0)1752 233839 ------------------------------------------------------------------------- This SF.net email is sponsored by DB2 Express Download DB2 Express C - the FREE version of DB2 express and take control of your XML. No limits. Just data. Click to get it now. http://sourceforge.net/powerbar/db2/ _______________________________________________ Rkhunter-users mailing list Rkhunter-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/rkhunter-users
