On Sun, 2009-11-29 at 18:49 +0000, Dick Gevers wrote:
>
> My STARTUP_PATHS includes /etc/rc.d in which the file rc.sysinit contains
> the word 'hdparm', which causes a warning by rkh:
>
> Found string 'hdparm' in file '//etc/rc.d/rc.sysinit'. Possible rootkit:
> Xzibit Rootkit
>
> But rpm finds the file to be in order.
>
> For info:
>
> grep -n hdparm rc.sysinit
> 1132:# after installing the hdparm-RPM. If you need different hdparm
> parameters
> 1153:# resyncing and disks heavily active, because hdparm might hang and
> 1157: if [ -x /sbin/hdparm ]; then
> 1190: action "Setting hard drive parameters for %s:
> " ${disk[$device]} /sbin/hdparm ${HDFLAGS[$device]} /dev/${disk[$device]}
>
> Is there a way I can exclude this file?: I searched, but didn't see an
> option for this check.
>
Look at the RTKT_FILE_WHITELIST option and put it into your
rkhunter.conf.local file.
John.
--
John Horne, University of Plymouth, UK
Tel: +44 (0)1752 587287 Fax: +44 (0)1752 587001
------------------------------------------------------------------------------
Let Crystal Reports handle the reporting - Free Crystal Reports 2008 30-Day
trial. Simplify your report design, integration and deployment - and focus on
what you do best, core application coding. Discover what's new with
Crystal Reports now. http://p.sf.net/sfu/bobj-july
_______________________________________________
Rkhunter-users mailing list
Rkhunter-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/rkhunter-users
