On Fri, Jul 15, 2011 at 05:15:58PM +0100, John Horne wrote: > On Fri, 2011-07-15 at 17:01 +0100, Tomasz Moskal wrote: > > On Fri, 2011-07-15 at 15:51 +0000, White, Joseph wrote: > > > Hi All > > > > > > Just upgraded to 1.3.8 now I’m getting Xzibit Rootkit. I’m sure it > > > is a false positive, how do I clear this error? > > > > RTKT_FILE_WHITELIST="/etc/rc.d/rc.sysinit:hdparm" > > > > But recently I was very wrong about something else - I would say to wait > > for John to answer on that. > > > What you have put there should work fine :-)
Sorry to be late to the thread, Running Debian Squeeze and rkhunter 1.3.6-4. Also getting the Xzibit Rootkit warning. The problem is that there is no /etc/rc.d/rc.sysinit:hdparm file on my system. The closest I find is /etc/init.d/hdparm. Would whitelisting this work? -- Bob Holtzman If you think you're getting free lunch, check the price of the beer. Key ID: 8D549279
signature.asc
Description: Digital signature
------------------------------------------------------------------------------ Got Input? Slashdot Needs You. Take our quick survey online. Come on, we don't ask for help often. Plus, you'll get a chance to win $100 to spend on ThinkGeek. http://p.sf.net/sfu/slashdot-survey
_______________________________________________ Rkhunter-users mailing list Rkhunter-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/rkhunter-users
