Hi All, Thank You John, RTKT_FILE_WHITELIST="/etc/rc.d/rc.sysinit" does work when put into the correct rkhunter.conf file.
Joe On Tue, 2011-07-19 at 17:51 +0000, White, Joseph wrote: > > Added the following, RTKT_FILE_WHITELIST="/etc/rc.d/rc.sysinit" and > also tried RTKT_FILE_WHITELIST="/etc/rc.d/rc.sysinit:hdparm" still > getting Xzibit Rootkit. > > > > Any ideas? > Hello, Is the warning being caused by the same file (hdparm in rc.sysinit)? Is the config file you put the RTKT_FILE_WHITELIST into actually being used (the log file will show which config files are being used)? If yes to both of the above then I have no idea. I would suggest you run RKH with debug. Run: rkhunter --debug --enable rootkits Then email me the output file created in /tmp. John. -- John Horne, University of Plymouth, UK Tel: +44 (0)1752 587287 Fax: +44 (0)1752 587001 ------------------------------------------------------------------------------ Magic Quadrant for Content-Aware Data Loss Prevention Research study explores the data loss prevention market. Includes in-depth analysis on the changes within the DLP market, and the criteria used to evaluate the strengths and weaknesses of these DLP solutions. http://www.accelacomm.com/jaw/sfnl/114/51385063/ _______________________________________________ Rkhunter-users mailing list Rkhunter-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/rkhunter-users ------------------------------------------------------------------------------ 10 Tips for Better Web Security Learn 10 ways to better secure your business today. Topics covered include: Web security, SSL, hacker attacks & Denial of Service (DoS), private keys, security Microsoft Exchange, secure Instant Messaging, and much more. http://www.accelacomm.com/jaw/sfnl/114/51426210/ _______________________________________________ Rkhunter-users mailing list Rkhunter-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/rkhunter-users
