Resending this in plain text. Sorry. --- Hi, when a cPanel server is set up for jailed shell access, cPanel makes /bin/passwd a link to /usr/local/cpanel/bin/jail_safe_passwd. The problem is that jail_safe_passwd is modified quite frequently, which then leads rkhunter to false warnings in the file properties test for /bin/passwd and /usr/local/cpanel/bin/jail_safe_passwd. I tried to whitelist these two files using EXCLUDE_USER_FILEPROP_FILES_DIRS=/bin/passwd EXCLUDE_USER_FILEPROP_FILES_DIRS=/usr/local/cpanel/bin/jail_safe_passwd But this did not work (I assume because these are not user-added files?): With every update of jail_safe_passwd, I continue to get a warning message, so I need to rkhunter --propupd. This is what I want to avoid. Question: How can I whitelist these files? Or: What is the recommended method to deal with this problem? I assume that this behaviour is happening on many machines (cPanel and jailed shell access are rather common). Thanks a lot and Merry Christmas, Daniel
------------------------------------------------------------------------------ Dive into the World of Parallel Programming! The Go Parallel Website, sponsored by Intel and developed in partnership with Slashdot Media, is your hub for all things parallel software development, from weekly thought leadership blogs to news, videos, case studies, tutorials and more. Take a look and join the conversation now. http://goparallel.sourceforge.net _______________________________________________ Rkhunter-users mailing list Rkhunter-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/rkhunter-users
