Duane Loftus wrote:
[...]
> [12:33:13] Checking /dev for suspicious file types [ Warning ]
> [12:33:13] Warning: Suspicious file types found in /dev:
> [12:33:13] /dev/shm/suspscan.32223.strings: ASCII English text
> [12:33:13] /dev/shm/suspscan.28538.strings: ASCII text
> [12:33:13] /dev/shm/suspscan.1424.strings: ASCII text
What has happened is that rkhunter is checking for suspicious file
content in shared memory (/dev/shm) and finding it. Unfortunately,
this particular "file" was created by rkhunter itself, and so
should not be scanned. It's a defect in the tool.
I don't run the suspscan check, unless I find something else which
looks bad.
> Lastly, it seems that I have an inordinate amount of "Not Found" and
> "Skipped". This is a result of either not have installed some of the
> helper apps yet (like skdet) or of having whitelisted so much. At some
> point, is anyone willing to take a look at my log and conf.local files
> to see if I am going in the right direction ... or not.
ISTM that you are whitelisting too much.
Mike
--
p="p=%c%s%c;main(){printf(p,34,p,34);}";main(){printf(p,34,p,34);}
Oppose globalization and One World Governments like the UN.
This message made from 100% recycled bits.
You have found the bank of Larn.
I speak only for myself, and I am unanimous in that!
------------------------------------------------------------------------------
_______________________________________________
Rkhunter-users mailing list
Rkhunter-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/rkhunter-users
