> I can only think that perhaps using the RPM package manager (if > appropriate) might ignore the passwd file.
I am using "PKGMGR=RPM". I guess RPM doesn't solve this issue because the file is "non-standard", i.e. it is a link to jail_safe_passwd. > You should still be able to whitelist the jail_safe_passwd file. No, same issue for this file. It appears to be included in the internal lists as well - it is 1 of only 2 files being scanned during the file properties check in directory /usr/local/cpanel/bin/ (which has lots of files; the other checked file is /usr/local/cpanel/bin/adduser). I find this a bit strange, though: Including jail_safe_passwd in the internal list means that some importance has been placed on it. But then it should be a known fact that the file will cause regular false warnings on any cPanel server, without an option to prevent that? Is jail_safe_passwd really on the internal lists? Besides: Is there really no way to completely ignore a file from the internal lists from the properties test? Can the files be removed from the internal lists (for that test)? Or can such files be excluded for all tests? Well, I could run an automatic "--propupd" on these files just before every run of RKH, but that's probably not the best idea? Thanks! Daniel ------------------------------------------------------------------------------ Dive into the World of Parallel Programming! The Go Parallel Website, sponsored by Intel and developed in partnership with Slashdot Media, is your hub for all things parallel software development, from weekly thought leadership blogs to news, videos, case studies, tutorials and more. Take a look and join the conversation now. http://goparallel.sourceforge.net _______________________________________________ Rkhunter-users mailing list Rkhunter-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/rkhunter-users
