On Sat, 18 Aug 2012 22:28:48 +0200 Kevin Fenzi <ke...@scrye.com>
wrote:
>Downstream bug:
>https://bugzilla.redhat.com/show_bug.cgi?id=849251
Thanks for reporting Kevin.
>Seems that FreeIPA has a java process writing to:
>/var/log/pki-ca/system
>which rkhunter tags as a 'unknown rootkit'
>
>Can we add this to the whitelist ?
>Or is there something rkhunter is keeing off of ('system' ?) that
>we can tell FreeIPA people to stop doing?
The file tripped the "suspicious open files" check and as with all
such checks it's prone to false positives.
So, yes, white listing is OK for those running FreeIPA.
Cheers,
unSpawn
---
------------------------------------------------------------------------------
Live Security Virtual Conference
Exclusive live event will cover all the ways today's security and
threat landscape has changed and how IT managers can respond. Discussions
will include endpoint security, mobile security and the latest in malware
threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/
_______________________________________________
Rkhunter-users mailing list
Rkhunter-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/rkhunter-users
