Hi Guys Got a message from rkhunter this morning
Subject: [rkhunter] counter1 - Daily report Warning: The host name has changed since the last run: Old host value: test2 New value: counter1Because of the change(s) the file properties checks may give some false-positive results.You may need to re-run rkhunter with the '--propupd' option.Warning: WARNING! It is the users responsibility to ensure that when the '--propupd' option is used, all the files on their system are known to be genuine, and installed from a reliable source. The rkhunter '--check' option will compare the current file properties against previously stored values, and report if any values differ. However, rkhunter cannot determine what has caused the change, that is for the user to do.Warning: Hidden directory found: /dev/.static/dev/.initramfs Warning: Hidden directory found: /dev/.static/dev/.static Warning: Hidden directory found: /dev/.static/dev/.udev
The first part makes perfect sense - I did change the hostname and forgot to update rkhunter.
The reason for the note is this - I have whitelisted some hidden dirs in rkhunter.conf
ALLOWHIDDENDIR=/dev/.static ALLOWHIDDENDIR=/dev/.udev ALLOWHIDDENDIR=/dev/.initramfsbut the last three warnings confused me at first. I have hidden directories in my hidden directories :-/ I doubt I ever would have noticed that one on my own!
I'm pretty sure it's an artifact of the process I used to clone the machine, but I'm glad that rkhunter picked up on the issue for me.
Brian
PGP.sig
Description: This is a digitally signed message part
------------------------------------------------------------------------- This SF.Net email is sponsored by the Moblin Your Move Developer's challenge Build the coolest Linux based applications with Moblin SDK & win great prizes Grand prize is a trip for two to an Open Source event anywhere in the world http://moblin-contest.org/redirect.php?banner_id=100&url=/
_______________________________________________ Rkhunter-users mailing list Rkhunter-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/rkhunter-users
