John Horne wrote:
On Sat, 2013-10-12 at 20:13 -0700, Sportsman Fishing Adventures wrote:
On a new server with nothing on it except
csf/lfd/mailscanner/modsecurity/rkhunter/chrootkit I am seeing this
warning and when I have tried to whitelist in the confi file it
doesn't seem to work. I tried ALLOWHIDDENFILES="/dev/.udev/queue.bin
but it doesn't seem to work. Is there another place to whitelist
these files or am I doing something wrong?
Warning: Suspicious file types found in /dev:
/dev/.udev/queue.bin: Applesoft BASIC program data
/dev/.udev/db/block:sda1: ASCII text
/dev/.udev/db/block:sda3: ASCII text
/dev/.udev/db/block:sda2: ASCII text
/dev/.udev/db/block:sda: ASCII text
/dev/.udev/db/sound:card1: ASCII text
/dev/.udev/db/input:event16: ASCII text
/dev/.udev/db/input:event15: ASCII text
/dev/.udev/db/input:event14: ASCII text
/dev/.udev/db/input:event13: ASCII text
/dev/.udev/db/input:event0: ASCII text
You need to use the ALLOWDEVFILE option. RKH isn't complaining that the
above entries are hidden, but that they are suspicious.
John.
Thanks to everyone who replied. I used the ALLOWDEVFILE option with the
wildcard and it worked.
--
Paul Smith
Van Isle BC Web Solutions
http://www.vanislebc.com
Sportsman Fishing Adventures Ltd.
http://www.sportsmanfishing.com
cell# 1-778-808-2490
home# 1-250-283-2129
------------------------------------------------------------------------------
October Webinars: Code for Performance
Free Intel webinars can help you accelerate application performance.
Explore tips for MPI, OpenMP, advanced profiling, and more. Get the most from
the latest Intel processors and coprocessors. See abstracts and register >
http://pubads.g.doubleclick.net/gampad/clk?id=60134071&iu=/4140/ostg.clktrk
_______________________________________________
Rkhunter-users mailing list
Rkhunter-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/rkhunter-users
