On Wed, 5 May 2010 at 11:47, Helmut Hullen wrote:
> Whitelisted rootkit file does not exist: /etc/init.d/RCS/boot.local.neu
> Whitelisted rootkit file does not exist: v
Apparently rkhunter's get_option() strips all "," off options, despite its
comment stating that it would only remove quotes, spaces and tabs:
# Type 1: A number, single word or pathname.
# Type 2: A space-separated word list.
#
# Typically, single and double-quotes, spaces and tabs will be
# removed. For type 2 options, tabs are converted to spaces, and
# all spaces are squeezed into one. Leading and trailing spaces
# are removed. All other types of options are processed separately.
The fix below allows for commas in RTKT_FILE_WHITELIST, but I get the
feeling that the comma-removing thingy has been added for a reason (w/o
updating the description) and might break other things. It works for the
possible_rkt_files test though.
Christian.
Index: files/rkhunter
===================================================================
RCS file: /cvsroot/rkhunter/rkhunter/files/rkhunter,v
retrieving revision 1.311
diff -u -p -r1.311 rkhunter
--- files/rkhunter 21 Feb 2010 01:27:40 -0000 1.311
+++ files/rkhunter 8 May 2010 11:48:31 -0000
@@ -606,7 +606,7 @@ get_option() {
OPTVAR=`echo "${OPTVAR}" | tr -d '" ' | tr -d "'"`
;;
2)
- OPTVAR=`echo "${OPTVAR}" | tr ',' ' ' | tr ' ' ' ' | tr -s '
'`
+ OPTVAR=`echo "${OPTVAR}" | tr ' ' ' ' | tr -s ' '`
#
# We must handle the MAIL_CMD option specially because it may
--
BOFH excuse #245:
The Borg tried to assimilate your system. Resistance is futile.
------------------------------------------------------------------------------
_______________________________________________
Rkhunter-users mailing list
Rkhunter-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/rkhunter-users
