On Wed, 2018-01-03 at 10:19 +0000, Bernie Elbourn wrote:
> Hi,
>
> Warning: Found preloaded shared library: libesets_pac.so
>
> I think this warning relates to:
>
> cat /etc/ld.so.preload
> libesets_pac.so
>
> ...caused by the installation of Eset antivirus.
>
> ldconfig -p | grep esets
> libesets_pac.so (libc6,x86-64) => /usr/lib/libesets_pac.so
> libesets_pac.so (libc6) => /usr/lib32/libesets_pac.so
>
> I have ...
>
> cat /etc/rkhunter.conf.local
> SHARED_LIB_WHITELIST=libesets_pac.so
> USER_FILEPROP_FILES_DIRS=/usr/lib/libesets_pac.so
> USER_FILEPROP_FILES_DIRS=/usr/lib32/libesets_pac.s
>
Is that a typo above? The pathname ends in '.s' instead of '.so'.
> but rkhunter -C throws an error:
>
> Invalid SHARED_LIB_WHITELIST configuration option: Simple filename:
> libesets_pac.so
>
> Is there a way to white list this libesets_pac.so please?
>
The test ('shared_libs') expects pathnames in the ld.so.preload file. Seeing a
simple filename it treats it as an error. I suppose really RKH should check the
standard /lib and /lib64 directories if a simple filename is seen.
> or should I be nagging Eset to use full pathnames?
>
Well they may have opted for a simple filename in order to allow differing
system to work out the actual pathname. This makes some sense.
I can only suggest either disabling the test completely, or modifying your
/etc/ld.so.preload file to use pathnames (ldconfig has shown you what these
are). You would then need to add a SHARED_LIB_WHITELIST RKH config line for
each of the shared library pathnames.
IF (a big if) I get time, I'll see about getting the test to search for simple
filenames.
John.
--
John Horne | Senior Operations Analyst | Technology and Information Services
University of Plymouth | Drake Circus | Plymouth | Devon | PL4 8AA | UK
________________________________
[http://www.plymouth.ac.uk/images/email_footer.gif]<http://www.plymouth.ac.uk/worldclass>
This email and any files with it are confidential and intended solely for the
use of the recipient to whom it is addressed. If you are not the intended
recipient then copying, distribution or other use of the information contained
is strictly prohibited and you should not rely on it. If you have received this
email in error please let the sender know immediately and delete it from your
system(s). Internet emails are not necessarily secure. While we take every
care, Plymouth University accepts no responsibility for viruses and it is your
responsibility to scan emails and their attachments. Plymouth University does
not accept responsibility for any changes made after it was sent. Nothing in
this email or its attachments constitutes an order for goods or services unless
accompanied by an official order form.
------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________
Rkhunter-users mailing list
Rkhunter-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/rkhunter-users
