On Mon, 2010-05-17 at 17:36 -0400, Tanstaafl wrote: > On 2010-05-17 5:19 PM, John Horne wrote: > > On Sun, 2010-05-16 at 15:11 -0400, Tanstaafl wrote: > >>> You can either whitelist the files or disable the 'immutable' test > >>> completely. > > >> I don't mind disabling the test completely if it isn't very useful (this > >> is what I was told about the 'applications' test a while back)... but is > >> that what you are saying? > > > The test is useful, but only for those systems which do not have the > > immutable bit set. If your system has the bit set on most system > > commands, then you will get a lot of false-positives. In that case the > > test is not useful, so it can be disabled. Having said that I guess it > > could be useful if the test could be reversed - so in your case it would > > report any command which does not have the bit set. I will consider > > that. > > Ok - so, you're saying this is a *new* test that didn't exist in 1.3.4? > Remember, 1.3.4 was running for many months without ever having one > warning like this. > No. The test has been there for a long time (since 1.3.0 at least).
There were changes made to whether the test should run, but as far as I can see these only affected BSD systems. Gentoo is not mentioned at all in this respect. John. -- John Horne, University of Plymouth, UK Tel: +44 (0)1752 587287 Fax: +44 (0)1752 587001 ------------------------------------------------------------------------------ _______________________________________________ Rkhunter-users mailing list Rkhunter-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/rkhunter-users
