On Sat, 2011-07-30 at 14:12 +0100, Arthur Dent wrote:
> I know you are probably going to (gently) remind me that this is
> probably an issue for the Fedora list,
>
No, it's on topic for this list :-)
>
> Have I messed something up, or is this version of RKH simply not
> reading .conf.local ?
>
Look in the rkhunter.log log file. It will say which config files it is
using, including the '.local' one if it sees it. However in answer to
your question, yes, the current version of RKH should be using
the .local config file.
> ALLOWPROCDELFILE="/bin/bash /tmp/file*"
> ALLOWPROCDELFILE="/bin/gawk /tmp/file*"
>
These entries should be colon separated. Although the option allows for
space-separated command pathnames, if a specific filename is to be
whitelisted for that command then it must follow the command name
separated by a colon (:). The main config file (rkhunter.conf) has an
example:
#ALLOWPROCDELFILE="/sbin/cardmgr /usr/sbin/gpm:/etc/X11/abc"
So any files used by 'cardmgr' are whitelisted, but only '/etc/x11/abc'
used by 'gpm' is whitelisted.
In your case any files used by 'bash' or 'gawk' will have been
whitelisted.
John.
--
John Horne Tel: +44 (0)1752 587287
University of Plymouth, UK Fax: +44 (0)1752 587001
------------------------------------------------------------------------------
Got Input? Slashdot Needs You.
Take our quick survey online. Come on, we don't ask for help often.
Plus, you'll get a chance to win $100 to spend on ThinkGeek.
http://p.sf.net/sfu/slashdot-survey
_______________________________________________
Rkhunter-users mailing list
Rkhunter-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/rkhunter-users
