On Tuesday 08 May 2012 8:16:06 am you wrote: > John Horne <john.ho...@plymouth.ac.uk> wrote .. > > > On Mon, 2012-05-07 at 13:22 -0400, Dimitri Yioulos wrote: > > > Hello, all. > > > > > > This morning, I upgraded to RKH 1.4.0 on one of my CentOS 5.9 boxes. > > > I made appropriate tweaks to rkhunter.conf, but am coming up with the > > > following warnings: > > > > > > [09:15:12] Info: Starting test name 'filesystem' > > > [09:15:12] Performing filesystem checks > > > [09:15:12] Info: SCAN_MODE_DEV set to 'THOROUGH' > > > [09:15:13] Checking /dev for suspicious file types [ Warning > > > ] [09:15:13] Warning: Suspicious file types found in /dev: > > > [09:15:13] /dev/.udev/db/class@printer@lp0: ASCII text > > > [09:15:13] /dev/.udev/db/block@sda@sda1: ASCII text > > > [09:15:13] /dev/.udev/db/block@sda@sda2: ASCII text > > > [09:15:13] /dev/.udev/db/block@sda@sda3: ASCII text > > > [09:15:13] /dev/.udev/db/block@sda@sda5: ASCII text > > > [09:15:13] /dev/.udev/db/block@sda@sda6: ASCII text > > > [09:15:13] /dev/.udev/db/block@sda@sda7: ASCII text > > > [09:15:13] /dev/.udev/db/block@sda@sda9: ASCII text > > > [09:15:13] /dev/.udev/db/block@sda@sda4: ASCII text > > > [09:15:13] /dev/.udev/db/block@sda@sda8: ASCII text > > > [09:15:13] /dev/.udev/db/block@sda@sda10: ASCII text > > > [09:15:13] /dev/.udev/db/class@usb_device@usbdev2.1: ASCII > > > text [09:15:13] /dev/.udev/db/block@sda: ASCII text > > > [09:15:14] /dev/.udev/db/block@hdc: ASCII text > > > [09:15:14] /dev/.udev/db/class@usb_device@usbdev1.1: ASCII > > > text [09:15:14] /dev/.udev/db/class@input@input1@event1: ASCII > > > text [09:15:14] /dev/.udev/db/class@input@input2@event2: ASCII > > > text [09:15:14] /dev/.udev/db/class@input@input0@event0: ASCII > > > text [09:15:14] /dev/.udev/db/block@fd0: ASCII text > > > [09:15:14] /dev/.udev/db/block@ram0: ASCII text > > > [09:15:14] /dev/.udev/db/block@ram1: ASCII text > > > [09:15:14] /dev/.udev/db/class@input@input1@mouse0: ASCII text > > > [09:15:14] /dev/.udev/db/class@misc@device-mapper: ASCII text > > > [09:15:14] /dev/.udev/db/class@input@mice: ASCII text > > > [09:15:14] /dev/.udev/uevent_seqnum: ASCII text > > > > > > These are legitimate files. I've whitelisted the directory > > > /dev/.udev/db, but to no avail. > > > > > > Can anyone please tell me how to suppress these warnings? > > > > Something like: > > > > ALLOWDEVFILE=/dev/.udev/db/block* > > ALLOWDEVFILE=/dev/.udev/db/class* > > ALLOWDEVFILE=/dev/.udev/uevent_seqnum > > > > > > > > > > > > John. > > > > -- > > John Horne, Plymouth University, UK > > Tel: +44 (0)1752 587287 Fax: +44 (0)1752 587001 > > > >
Thanks to both John and Dan. Using the ALLOWDEVFILE directive worked a treat! Dimitri -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. ------------------------------------------------------------------------------ Live Security Virtual Conference Exclusive live event will cover all the ways today's security and threat landscape has changed and how IT managers can respond. Discussions will include endpoint security, mobile security and the latest in malware threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/ _______________________________________________ Rkhunter-users mailing list Rkhunter-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/rkhunter-users
