[Rkhunter-users] rkhunter ignores wildcard in ALLOWDEVFILE

Tue, 17 Apr 2012 02:06:37 -0700 

Hi, my rkhunter 1.3.8 (fc14,x86_64) ignores ALLOWDEVFILE with a "*" in it.

this is part of my config:
ALLOWDEVFILE=/dev/md/md-device-map
ALLOWDEVFILE=/dev/shm/pulse-shm-*

The first file gets nicely whitelisted, but 2 files are being reported
as supicious. They
change during the runtime of rkhunter quite a lot.

$ rkhunter  --nomow --checkall --rwo
Warning: Suspicious file types found in /dev:
         /dev/shm/pulse-shm-1823465415: data
         /dev/shm/pulse-shm-2880195206: data


This is part of the log file:
[10:28:51] Performing filesystem checks
[10:28:51] Info: SCAN_MODE_DEV set to 'THOROUGH'
[10:28:51] Info: Found file '/dev/md/md-device-map': it is whitelisted.
[10:28:52] Info: Found file '/dev/shm/pulse-shm-304205026': it is
whitelisted.
[10:28:52]   Checking /dev for suspicious file types         [ Warning ]
[10:28:52] Warning: Suspicious file types found in /dev:
[10:28:52]          /dev/shm/pulse-shm-1823465415: data
[10:28:52]          /dev/shm/pulse-shm-2880195206: data


-- 
Ernest Beinrohr, AXON PRO
Ing <http://www.beinrohr.sk/ing.php>, RHCE
<http://www.beinrohr.sk/rhce.php>, RHCVA
<http://www.beinrohr.sk/rhce.php>, LPIC
<http://www.beinrohr.sk/lpic.php>, +421-2--6241-0360
<callto://+421-2--6241-0360>, +421-903--482-603 <callto://+421-903--482-603>
icq:28153343, skype:oernii-work <callto://oernii-work>,
jabber:oer...@jabber.org
------------------------------------------------------------------------
The problem, often not discovered until late in life, is that when you
look for things like love, meaning, motivation, it implies they are
sitting behind a tree or under a rock. The most successful people
recognize, that in life they create their own love, they manufacture
their own meaning, they generate their own motivation. ― Neil deGrasse
Tyson

------------------------------------------------------------------------------
Better than sec? Nothing is better than sec when it comes to
monitoring Big Data applications. Try Boundary one-second 
resolution app monitoring today. Free.
http://p.sf.net/sfu/Boundary-dev2dev
_______________________________________________
Rkhunter-users mailing list
Rkhunter-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/rkhunter-users

Reply via email to