John Logsdon wrote:
I have been using RKH for some time now mainly on a CentOS 4.2 box but more recently on a Scientific Linux 5.0 box. Both the systems are of course derivatives of RHEL.On my SL5.0 box I get the following message (RKH 1.2.9): " * Filesystem checks Checking /dev for suspicious files... [ OK ] Scanning for hidden files... [ Warning! ] --------------- /etc/.pwd.lock /etc/.java /usr/share/man/man1/..1.gz /dev/.udev ---------------Please inspect: /etc/.java (directory) /usr/share/man/man1/..1.gz (gzipcompressed data, from Unix, max compression) /dev/.udev (directory) " I've checked these out and they all look benign. I can deal with the/etc/.pwd.lock issue simply by erasing the file and I am pretty sure thatthe others are a symptom of RHEL5.0 inherited by SL5.0.
There's a nicer way to suppress these warnings. Add (or uncomment) the following in your rkhunter.conf:
ALLOWHIDDENDIR=/etc/.java ALLOWHIDDENDIR=/dev/.udev ALLOWHIDDENFILE=/usr/share/man/man1/..1.gz ALLOWHIDDENFILE=/etc/.pwd.lock Nils Breunese.
PGP.sig
Description: Dit deel van het bericht is digitaal ondertekend
------------------------------------------------------------------------- This SF.net email is sponsored by DB2 Express Download DB2 Express C - the FREE version of DB2 express and take control of your XML. No limits. Just data. Click to get it now. http://sourceforge.net/powerbar/db2/
_______________________________________________ Rkhunter-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/rkhunter-users
