On Tue, 2014-12-23 at 19:33 +0100, King Kude wrote: > > when a cPanel server is set up for jailed shell access, cPanel > makes /bin/passwd a link to /usr/local/cpanel/bin/jail_safe_passwd. > > The problem is that jail_safe_passwd is modified quite frequently, > which then leads rkhunter to false warnings in the file properties > test for /bin/passwd and /usr/local/cpanel/bin/jail_safe_passwd. > > I tried to whitelist these two files using > EXCLUDE_USER_FILEPROP_FILES_DIRS=/bin/passwd > EXCLUDE_USER_FILEPROP_FILES_DIRS=/usr/local/cpanel/bin/jail_safe_passwd > > But this did not work (I assume because these are not user-added > files?): With every update of jail_safe_passwd, I continue to get a > warning message, so I need to rkhunter --propupd. This is what I want > to avoid. > > Question: How can I whitelist these files? > >From the RKH configuration file for USER_FILEPROP_FILES_DIRS:
Any files or directories which are already part of the internal lists will be silently ignored from the configuration. So that will include the 'passwd' command. I can only think that perhaps using the RPM package manager (if appropriate) might ignore the passwd file. You should still be able to whitelist the jail_safe_passwd file. John. -- ---------------------------------------------------- John Horne Tel: +44 (0)1752 587287 Plymouth University, UK ------------------------------------------------------------------------------ Dive into the World of Parallel Programming! The Go Parallel Website, sponsored by Intel and developed in partnership with Slashdot Media, is your hub for all things parallel software development, from weekly thought leadership blogs to news, videos, case studies, tutorials and more. Take a look and join the conversation now. http://goparallel.sourceforge.net _______________________________________________ Rkhunter-users mailing list Rkhunter-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/rkhunter-users
