I know .. "he's back!" First thank you all for the help with getting rkhunter downloaded, installed and working. I have it reporting at noon every day and even sends a report to my BlackBerry.
Now, having spent the better part of 2 days reading. I think I have a better understanding. However, I also know that it is best to check with you before I screw things up. So, first thing. I am configuring "rkhunter.conf.local" to help get rid of false positives. I have several categories of false positives. In the "file properties" test I have 6 different "warnings". An example of these are: [23:50:32] Warning: The command '/usr/bin/GET' has been replaced by a script: /usr/bin/GET: perl script text executable [23:50:32] Warning: The command '/usr/bin/groups' has been replaced by a script: /usr/bin/groups: Bourne shell script text executable My understanding is to insert a statement in the "rkhunter.conf.local" file (below whitelist) to say by example: #SCRIPTWHITELIST=/usr/bin/GET Is this correct? Also, how do I go about to insure these are safe to whitelist prior to doing this? John wrote: "Copy the DISABLED_TESTS line from /etc/rkhunter.conf, and paste it into /etc/rkhunter.conf.local. Then add onto the end of the line the 'loaded_modules' test name. RKH will then skip that particular test." I'm a little unclear on this. My line is: DISABLE_TESTS="suspscan hidden_procs deleted_files packet_cap_apps" Does this mean it should be: DISABLE_TESTS="suspscan hidden_procs deleted_files packet_cap_apps loaded_modules" cheers, Duane _______________________________________________ Rkhunter-users mailing list Rkhunter-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/rkhunter-users No virus found in this incoming message. Checked by AVG - www.avg.com Version: 9.0.819 / Virus Database: 271.1.1/2894 - Release Date: 05/24/10 11:26:00 ------------------------------------------------------------------------------ _______________________________________________ Rkhunter-users mailing list Rkhunter-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/rkhunter-users
