On Wednesday 02 May 2007 10:05:26 pm John Horne wrote:
> On Wed, 2007-05-02 at 21:57 +0100, Colin J Thomson - G6AVK wrote:
> > Hi,
> >
> > I have just been trying the current (todays) CVS of rkhunter and I like
> > the new changes and additions, however I noticed 5 of these "new"
> > warnings in the log:
> >
> > rkhunter --check --skipkeypress --configfile /etc/rkhunter.conf
> >
> > Snip...
> >
> > [21:42:46] /usr/bin/groups [ Warning ]
> > [21:42:46] Warning: The command '/usr/bin/groups' has been replaced by a
> > script: /usr/bin/groups: Bourne shell script text executable
> >
> > Just one example,
> > Fully updated FC6 box. Has anyone else noticed these, or have an idea
> > what they, I am digging around the Docs/Changelog but not found anything
> > just yet.
>
> It's part of the script replacement check. RKH checks to see if any
> commands have been replaced by scripts. The exceptions, like 'groups'
> above, can be whitelisted - look in the rkhunter.conf file.
>
> >From the CHANGELOG:
>
> Script replacement check now checks for any type of script (perl, awk,
> etc). Previous versions only checked for shell scripts. Commands which
> are supposed to be scripts can be whitelisted in the configuration
> file.
Thanks John, sometimes I can't see for looking.. its been a long day :(
All works like a charm now.
Colin
--
Fedora Core 6 ("Zod")
KDE-Redhat-3.5.6-4.fc6
Registered Linux user number #342953
-------------------------------------------------------------------------
This SF.net email is sponsored by DB2 Express
Download DB2 Express C - the FREE version of DB2 express and take
control of your XML. No limits. Just data. Click to get it now.
http://sourceforge.net/powerbar/db2/
_______________________________________________
Rkhunter-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/rkhunter-users
