Hi, according to RK documentation (rkhunter.conf file): # NOTE: Only files and directories which have been added by the user, and are# not part of the internal lists, can be excluded. So, for example, it is not# possible to exclude the 'ps' command by using '/bin/ps'. These will be# silently ignored from the configuration. So, my understanding is that is it impossible to bypass /bin/su binary (for example), as it is present in internal list: ~# grep -r /bin/su /var/lib/rkhunter/*/var/lib/rkhunter/db/rkhunter.dat:File:0:/bin/su:792c7d91365f75e2d5dde3d1ecb047eae206c0a69294b00645808d2ed2dc4ed4::04755:0:0:34904:1447148635:coreutils:0::./var/lib/rkhunter/db/rkhunter_prop_list.dat:/bin/su
Did I get it right? Is it possible to manually modify values (permission, owner) in /var/lib/rkhunter/db/rkhunter.dat?Or this will results pointless because it will be overwritten during update?Thank you
------------------------------------------------------------------------------
_______________________________________________ Rkhunter-users mailing list Rkhunter-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/rkhunter-users
