[Rkhunter-users] Little problem with rkhunter

Fri, 23 Aug 2013 13:53:23 -0700 

Hi all,

I am running rkhunter on a centos 6.4 VPS. When I run rkhunter, I get 2
warnings:

- passwordless account
- Suspicious files in /dev

The passwordless account is correct; I use a passwordless login with ssh
keys and disabled the password for the one account that is allowed to
login. I suppose I can whitelist that somewhere ?

The next warning is a little bit strange, but I suppose I forgot something.
When I look in the rkhunter.log file, I see this:

  /dev/.udev/queue.bin: data
[22:33:48]          /dev/.udev/db/block:vda1: ASCII text
[22:33:48]          /dev/.udev/db/block:vda2: ASCII text
[22:33:48]          /dev/.udev/db/input:event0: ASCII text
[22:33:48]          /dev/.udev/db/input:event4: ASCII text
[22:33:48]          /dev/.udev/db/input:mouse2: ASCII text
[22:33:48]          /dev/.udev/db/input:event1: ASCII text
[22:33:48]          /dev/.udev/db/input:event3: ASCII text
[22:33:48]          /dev/.udev/db/input:mouse1: ASCII text
[22:33:48]          /dev/.udev/db/sound:card0: ASCII text
[22:33:48]          /dev/.udev/db/input:event2: ASCII text
[22:33:48]          /dev/.udev/db/sound:controlC0: ASCII text
[22:33:49]          /dev/.udev/db/sound:midiC0D0: ASCII text
etc...

However, in the rkhunter.conf.local file, I have:

ALLOWHIDDENDIR="/dev/.udev /dev/.udevdb /dev/.udev.tdb"
ALLOWHIDDENDIR="/dev/.mdadm /dev/.udev/db /dev/.udev/rules.d"
#ALLOWHIDDENDIR="/dev/.static"
#ALLOWHIDDENDIR="/dev/.initramfs"
#ALLOWHIDDENDIR="/dev/.SRC-unix"
ALLOWHIDDENDIR="/dev/.mdadm"

I already tried putting each entry on a separate line, but I stll got the
warnings.

So in my opinion it is kind of strange that the /dev/.udev/db entries keep
popping up as a Warning.  Anyone who can shed a light on this ??


cheers,
Andy

------------------------------------------------------------------------------
Introducing Performance Central, a new site from SourceForge and 
AppDynamics. Performance Central is your source for news, insights, 
analysis and resources for efficient Application Performance Management. 
Visit us today!
http://pubads.g.doubleclick.net/gampad/clk?id=48897511&iu=/4140/ostg.clktrk
_______________________________________________
Rkhunter-users mailing list
Rkhunter-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/rkhunter-users

Reply via email to