Re: [Rkhunter-users] Little problem with rkhunter

Wed, 28 Aug 2013 15:01:03 -0700 

Hi John,

Thanks for the explanation, but I still run into the problem with de
/dev/.udev files/dirs. The hidden password issue is indeed solved.
I added this to the rkhunter.conf.local :

ALLOWDEVFILE="/dev/.udev"
ALLOWDEVFILE="/dev/.udev/db"
ALLOWDEVFILE="/dev/.udev/rules.d"

But when I run rkhunter, the warning about suspicious files in /dev/.udev
keeps appearing.

Any other hints or tips ?

best regards,
Andy Kannberg



2013/8/23 John Horne <john.ho...@plymouth.ac.uk>

> On Fri, 2013-08-23 at 22:50 +0200, Andy Kannberg wrote:
>
>
> > The passwordless account is correct; I use a passwordless login with
> > ssh keys and disabled the password for the one account that is allowed
> > to login. I suppose I can whitelist that somewhere ?
> >
> Take a look at PWDLESS_ACCOUNTS in the config file.
> >
> >
>
> > - Suspicious files in /dev
> >
> > ALLOWHIDDENDIR="/dev/.udev /dev/.udevdb /dev/.udev.tdb"
> > ALLOWHIDDENDIR="/dev/.mdadm /dev/.udev/db /dev/.udev/rules.d"
> > #ALLOWHIDDENDIR="/dev/.static"
> > #ALLOWHIDDENDIR="/dev/.initramfs"
> > #ALLOWHIDDENDIR="/dev/.SRC-unix"
> > ALLOWHIDDENDIR="/dev/.mdadm"
> >
> These relate to 'hidden directories', but your error is for suspicious
> files. Take a look at ALLOWDEVFILE in the config file. Probably
> something like: ALLOWDEVFILE=/dev/.udev/db/*
> >
> >
> >
> >
> John.
>
> --
> John Horne, Plymouth University, UK
> Tel: +44 (0)1752 587287    Fax: +44 (0)1752 587001
>
>
>
> ------------------------------------------------------------------------------
> Introducing Performance Central, a new site from SourceForge and
> AppDynamics. Performance Central is your source for news, insights,
> analysis and resources for efficient Application Performance Management.
> Visit us today!
> http://pubads.g.doubleclick.net/gampad/clk?id=48897511&iu=/4140/ostg.clktrk
> _______________________________________________
> Rkhunter-users mailing list
> Rkhunter-users@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/rkhunter-users
>

------------------------------------------------------------------------------
Learn the latest--Visual Studio 2012, SharePoint 2013, SQL 2012, more!
Discover the easy way to master current and previous Microsoft technologies
and advance your career. Get an incredible 1,500+ hours of step-by-step
tutorial videos with LearnDevNow. Subscribe today and save!
http://pubads.g.doubleclick.net/gampad/clk?id=58040911&iu=/4140/ostg.clktrk
_______________________________________________
Rkhunter-users mailing list
Rkhunter-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/rkhunter-users

Reply via email to