On Sat, 2013-10-12 at 20:13 -0700, Sportsman Fishing Adventures wrote: > On a new server with nothing on it except > csf/lfd/mailscanner/modsecurity/rkhunter/chrootkit I am seeing this > warning and when I have tried to whitelist in the confi file it > doesn't seem to work. I tried ALLOWHIDDENFILES="/dev/.udev/queue.bin > but it doesn't seem to work. Is there another place to whitelist > these files or am I doing something wrong? > > Warning: Suspicious file types found in /dev: > /dev/.udev/queue.bin: Applesoft BASIC program data > /dev/.udev/db/block:sda1: ASCII text > /dev/.udev/db/block:sda3: ASCII text > /dev/.udev/db/block:sda2: ASCII text > /dev/.udev/db/block:sda: ASCII text > /dev/.udev/db/sound:card1: ASCII text > /dev/.udev/db/input:event16: ASCII text > /dev/.udev/db/input:event15: ASCII text > /dev/.udev/db/input:event14: ASCII text > /dev/.udev/db/input:event13: ASCII text > /dev/.udev/db/input:event0: ASCII text > You need to use the ALLOWDEVFILE option. RKH isn't complaining that the above entries are hidden, but that they are suspicious.
John. -- John Horne Tel: +44 (0)1752 587287 Plymouth University, UK Fax: +44 (0)1752 587001 ------------------------------------------------------------------------------ October Webinars: Code for Performance Free Intel webinars can help you accelerate application performance. Explore tips for MPI, OpenMP, advanced profiling, and more. Get the most from the latest Intel processors and coprocessors. See abstracts and register > http://pubads.g.doubleclick.net/gampad/clk?id=60134071&iu=/4140/ostg.clktrk _______________________________________________ Rkhunter-users mailing list Rkhunter-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/rkhunter-users
