Hello, all. This morning, I upgraded to RKH 1.4.0 on one of my CentOS 5.9 boxes. I made appropriate tweaks to rkhunter.conf, but am coming up with the following warnings:
[09:15:12] Info: Starting test name 'filesystem' [09:15:12] Performing filesystem checks [09:15:12] Info: SCAN_MODE_DEV set to 'THOROUGH' [09:15:13] Checking /dev for suspicious file types [ Warning ] [09:15:13] Warning: Suspicious file types found in /dev: [09:15:13] /dev/.udev/db/class@printer@lp0: ASCII text [09:15:13] /dev/.udev/db/block@sda@sda1: ASCII text [09:15:13] /dev/.udev/db/block@sda@sda2: ASCII text [09:15:13] /dev/.udev/db/block@sda@sda3: ASCII text [09:15:13] /dev/.udev/db/block@sda@sda5: ASCII text [09:15:13] /dev/.udev/db/block@sda@sda6: ASCII text [09:15:13] /dev/.udev/db/block@sda@sda7: ASCII text [09:15:13] /dev/.udev/db/block@sda@sda9: ASCII text [09:15:13] /dev/.udev/db/block@sda@sda4: ASCII text [09:15:13] /dev/.udev/db/block@sda@sda8: ASCII text [09:15:13] /dev/.udev/db/block@sda@sda10: ASCII text [09:15:13] /dev/.udev/db/class@usb_device@usbdev2.1: ASCII text [09:15:13] /dev/.udev/db/block@sda: ASCII text [09:15:14] /dev/.udev/db/block@hdc: ASCII text [09:15:14] /dev/.udev/db/class@usb_device@usbdev1.1: ASCII text [09:15:14] /dev/.udev/db/class@input@input1@event1: ASCII text [09:15:14] /dev/.udev/db/class@input@input2@event2: ASCII text [09:15:14] /dev/.udev/db/class@input@input0@event0: ASCII text [09:15:14] /dev/.udev/db/block@fd0: ASCII text [09:15:14] /dev/.udev/db/block@ram0: ASCII text [09:15:14] /dev/.udev/db/block@ram1: ASCII text [09:15:14] /dev/.udev/db/class@input@input1@mouse0: ASCII text [09:15:14] /dev/.udev/db/class@misc@device-mapper: ASCII text [09:15:14] /dev/.udev/db/class@input@mice: ASCII text [09:15:14] /dev/.udev/uevent_seqnum: ASCII text These are legitimate files. I've whitelisted the directory /dev/.udev/db, but to no avail. Can anyone please tell me how to suppress these warnings? Thanks. Dimitri -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. ------------------------------------------------------------------------------ Live Security Virtual Conference Exclusive live event will cover all the ways today's security and threat landscape has changed and how IT managers can respond. Discussions will include endpoint security, mobile security and the latest in malware threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/ _______________________________________________ Rkhunter-users mailing list Rkhunter-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/rkhunter-users
