Hello, My understanding is that the USER_FILEPROP_FILES_DIRS option is meant to exclude files from the file properties database and, as a consequence, from the file properties check. So using the examples from the rkhunter.conf:
1. USER_FILEPROP_FILES_DIRS="/etc/rkhunter.conf" 2. USER_FILEPROP_FILES_DIRS="/etc/rkhunter.conf.local" 3. USER_FILEPROP_FILES_DIRS="/var/lib/rkhunter/db/*" 4. USER_FILEPROP_FILES_DIRS="!/var/lib/rkhunter/db/mirrors.dat" 5. USER_FILEPROP_FILES_DIRS="!/var/lib/rkhunter/db/rkhunter*" 6. USER_FILEPROP_FILES_DIRS="/var/lib/rkhunter/db/i18n/*" The logic here is that 1, 2, 3 and 6 may change relatively often and including them in the file properties check may trigger false positives. 4 and 5 might (and will) change - rkhunter.dat will change with each --propup - but they are critical enough to warrant occasional false positive. If I'm correct with the above assumptions the rule of the thumb for USER_FILEPROP_FILES_DIRS is to not assign any values to it if there is no false-positives warnings. In general only files that change frequently (thus changing the hash value) should be included here. I just started to use RKH recently which means that I might be *very* wrong with all what I just said and so I will appreciate any insight regarding USER_FILEPROP_FILES_DIRS. Tom ------------------------------------------------------------------------------ AppSumo Presents a FREE Video for the SourceForge Community by Eric Ries, the creator of the Lean Startup Methodology on "Lean Startup Secrets Revealed." This video shows you how to validate your ideas, optimize your ideas and identify your business strategy. http://p.sf.net/sfu/appsumosfdev2dev _______________________________________________ Rkhunter-users mailing list Rkhunter-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/rkhunter-users
