On Sun, 29 Nov 2009 17:14:29 +0100, unsp...@hushmail.com wrote about
[Rkhunter-announce] Rootkit Hunter release 1.3.6:
>The Rootkit Hunter project team is pleased to announce the release
>of version 1.3.6 on 2009/11/29.
Thanks v.m. for the new rkhunter!!
However, I believe I found one false positive running Mandriva Linux
(Cooker):
My STARTUP_PATHS includes /etc/rc.d in which the file rc.sysinit contains
the word 'hdparm', which causes a warning by rkh:
Found string 'hdparm' in file '//etc/rc.d/rc.sysinit'. Possible rootkit:
Xzibit Rootkit
But rpm finds the file to be in order.
For info:
grep -n hdparm rc.sysinit
1132:# after installing the hdparm-RPM. If you need different hdparm
parameters
1153:# resyncing and disks heavily active, because hdparm might hang and
1157: if [ -x /sbin/hdparm ]; then
1190: action "Setting hard drive parameters for %s:
" ${disk[$device]} /sbin/hdparm ${HDFLAGS[$device]} /dev/${disk[$device]}
Is there a way I can exclude this file?: I searched, but didn't see an
option for this check.
Thanks & BFN,
=Dick Gevers=
------------------------------------------------------------------------------
Let Crystal Reports handle the reporting - Free Crystal Reports 2008 30-Day
trial. Simplify your report design, integration and deployment - and focus on
what you do best, core application coding. Discover what's new with
Crystal Reports now. http://p.sf.net/sfu/bobj-july
_______________________________________________
Rkhunter-users mailing list
Rkhunter-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/rkhunter-users
