On Fri, 5 Dec 2008, Mike McCarty wrote:
> Boyd Lynn Gerber wrote:
> Did you intend to reply only to me? I got this off list.

No, I thought I had told my emailer to reply to list only.  I am going to 
send it to you and the list this time.  Sorry.

>> On Fri, 5 Dec 2008, Mike McCarty wrote:
>>> Boyd Lynn Gerber wrote:
>>>>
>>>> I am running openSUSE 11.0 with the same version of rkhunter.
>>>>
>>>>> I am using rkhunter version 1.3.2.
>>>>
>>>> I added to my /etc/rkhunter.conf file the following.
>>>>
>>>> ALLOWDEVFILE=/dev/shm/sysconfig/ifup-lo
>>>> ALLOWDEVFILE=/dev/shm/sysconfig/if-lo
>>>> ALLOWDEVFILE=/dev/shm/sysconfig/network
>>>
>>> [etc.]
>>>
>>> That doesn't explain why you need to do so.
>>
>> I have rkhunter putting temp files in /dev/shm
>>
>> On openSUSE sysconfig uses /dev/shm/sysconfig/  YaST2 runs sysconfig
>> after it installs rpm packages to finish configurations.  On the
>> openSUSE security list we discussed this with SUSE's security people and
>> they are the ones that said this had to be done.  Every time one runs
>> yast2 or sysconfig it can and often does create/change files in
>> /dev/shm.  This is normal on openSUSE 10.3, 11.0, 11.1 and will also be
>> needed for 11.2.  It is also needed for SLES and SLED.
>
> That's interesting. Well, perhaps you do need to relax rkhunter for 
> those files. I'm not one who likes to do that sort of thing, but 
> sometimes it's just what you've got to do. At least, you can relax the 
> checking only for those files which you know are necessary.

I agree.  Rkhunter should be relaxed only for files that are known to be 
OK.  That is why I got the security people envoled.  I did not want to 
have rkhunter to relaxed.

Thanks,


-- 
Boyd Gerber <[EMAIL PROTECTED]> 801 849-0213
ZENEZ   1042 East Fort Union #135, Midvale Utah  84047

------------------------------------------------------------------------------
SF.Net email is Sponsored by MIX09, March 18-20, 2009 in Las Vegas, Nevada.
The future of the web can't happen without you.  Join us at MIX09 to help
pave the way to the Next Web now. Learn more and register at
http://ad.doubleclick.net/clk;208669438;13503038;i?http://2009.visitmix.com/
_______________________________________________
Rkhunter-users mailing list
Rkhunter-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/rkhunter-users

Reply via email to