On Sat, 2012-03-31 at 17:08 -0600, Kevin Fenzi wrote: > Greetings. > > With Fedora 17, Fedora is moving many top level dirs to their /usr > equivalent. This causes a rkhunter false positive. On a 32bit > install, /lib becomes a link to /usr/lib. There's a number of packages > that put files in /usr/lib/java, but due to the symlink, rkhunter sees > this as /lib/java/ which is a signature from some rootkit. ;( > > It would be nice if it could see if /lib is a link and bypass this > test? Or if there was a way to whitelist this in config (currently > there isn't). > Using 'RTKT_DIR_WHITELIST=/lib/java' will work (just tested it).
(Although I think we should be able to provide a better solution.) John. -- John Horne, Plymouth University, UK Tel: +44 (0)1752 587287 Fax: +44 (0)1752 587001 ------------------------------------------------------------------------------ For Developers, A Lot Can Happen In A Second. Boundary is the first to Know...and Tell You. Monitor Your Applications in Ultra-Fine Resolution. Try it FREE! http://p.sf.net/sfu/Boundary-d2dvs2 _______________________________________________ Rkhunter-users mailing list Rkhunter-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/rkhunter-users
