Hallo, John, Du meintest am 07.02.10 zum Thema Re: [Rkhunter-users] whitelisting "/dev/ida":
>> I can put a line >> >> RTKIT_DIR_WHITELIST=/dev/ida > That should be 'RTKT_DIR_WHITELIST'. Was a typo in my mail, not in "rkhunter.conf" - sorry. >> into "/etc/rkhunter.conf", but then I see two problems: >> >> 1) "rkhunter" finds no entries like "/dev/ida/.inet/logclear" >> > Seems to work fine for me. From my log file: > [20:58:11] Checking for directory '/dev/ida/.inet' [ Found ] > [20:58:11] Warning: Xzibit Rootkit [ Warning > ] [20:58:11] File '/dev/ida/.inet/logclear' found > [20:58:11] Directory '/dev/ida/.inet' found You're right - I hadn't tested this behaviour (with a handmade "/dev/ ida/.inet/logclear") but only assumed. The main problem (in my installations, with hard coded "/dev/ida", without "udev") therefore doesn't exist - ok. >> 2) a comment in "rkhunter.conf" says the directory must exist - if >> "udev" is running and no "ida" device exists then "udev" doesn't >> produce a "/dev/ida" directory. >> >> Any solution? > I'm currently thinking, but have not discussed this with the > developers yet, that maybe we can relax RKH from being so strict, but > provide a 'consistency' option by which RKH will check that all > configured/whitelisted files/dirs/pathnames do exist. [...] Sounds good - thank you! Viele Gruesse! Helmut ------------------------------------------------------------------------------ The Planet: dedicated and managed hosting, cloud storage, colocation Stay online with enterprise data centers and the best network in the business Choose flexible plans and management services without long-term contracts Personal 24x7 support from experience hosting pros just a phone call away. http://p.sf.net/sfu/theplanet-com _______________________________________________ Rkhunter-users mailing list Rkhunter-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/rkhunter-users
