I had tried this option before but it only works on USER files. Files like /etc/passwd or group are built in system files. The only option to disable the warnings is to disable file properties testing for ALL files. Security wise I think it is not a good solution but unfortunately there seems to be no alternative.
Peter -----Original Message----- From: John Horne <john.ho...@plymouth.ac.uk> Sent: Donnerstag, 14. Juni 2018 21:46 To: rkhunter-users@lists.sourceforge.net Subject: Re: [Rkhunter-users] DISABE_TESTS=group_accounts still complains about file property changes On Thu, 2018-06-14 at 05:48 +0000, Kielbasiewicz, Peter wrote: > I support >200 RnD Linux Boxes and maintain a local mechanism to > monitor and update passwd and group files. > So I needed to disable the test for group_accounts as changes to these > files occur consolidated on all machines and I want to avoid daily > warnings from every host on this as these are likely to obfuscate real > problems. > Alas rkhunter still complains about file property changes so I needed > to disable the test on file properties too. > In general I think it is good to monitor file property changes but I > did not find a way to disable the test on individual system files. > Is there a trick to do this? > Hi, Take a look at the EXCLUDE_USER_FILEPROP_FILES_DIRS option. John. -- John Horne | Senior Operations Analyst | Technology and Information Services University of Plymouth | Drake Circus | Plymouth | Devon | PL4 8AA | UK ________________________________ [https://emea01.safelinks.protection.outlook.com/?url=http%3A%2F%2Fwww.plymouth.ac.uk%2Fimages%2Femail_footer.gif&data=02%7C01%7Cpeter.kielbasiewicz%40philips.com%7Cce5aeebf234c4571692608d5d231fedc%7C1a407a2d76754d178692b3ac285306e4%7C0%7C1%7C636646034528303378&sdata=8roQtWFJ7P5Xr20LIwgp4P9eC%2FKJosqEEfT%2Fhca8Uwo%3D&reserved=0]<https://emea01.safelinks.protection.outlook.com/?url=http%3A%2F%2Fwww.plymouth.ac.uk%2Fworldclass&data=02%7C01%7Cpeter.kielbasiewicz%40philips.com%7Cce5aeebf234c4571692608d5d231fedc%7C1a407a2d76754d178692b3ac285306e4%7C0%7C1%7C636646034528303378&sdata=usKf8L%2BkQ8d%2BS2Fu4x0bn6fYMapIVarzqrPh%2Bpwt77Y%3D&reserved=0> This email and any files with it are confidential and intended solely for the use of the recipient to whom it is addressed. If you are not the intended recipient then copying, distribution or other use of the information contained is strictly prohibited and you should not rely on it. If you have received this email in error please let the sender know immediately and delete it from your system(s). Internet emails are not necessarily secure. While we take every care, Plymouth University accepts no responsibility for viruses and it is your responsibility to scan emails and their attachments. Plymouth University does not accept responsibility for any changes made after it was sent. Nothing in this email or its attachments constitutes an order for goods or services unless accompanied by an official order form. ------------------------------------------------------------------------------ Check out the vibrant tech community on one of the world's most engaging tech sites, Slashdot.org! https://emea01.safelinks.protection.outlook.com/?url=http%3A%2F%2Fsdm.link%2Fslashdot&data=02%7C01%7Cpeter.kielbasiewicz%40philips.com%7Cce5aeebf234c4571692608d5d231fedc%7C1a407a2d76754d178692b3ac285306e4%7C0%7C1%7C636646034528303378&sdata=deAiRmzRp8hNQrHMXMUmJmq9oGuJvjwf9WpEVo7RUGI%3D&reserved=0 _______________________________________________ Rkhunter-users mailing list Rkhunter-users@lists.sourceforge.net https://emea01.safelinks.protection.outlook.com/?url=https%3A%2F%2Flists.sourceforge.net%2Flists%2Flistinfo%2Frkhunter-users&data=02%7C01%7Cpeter.kielbasiewicz%40philips.com%7Cce5aeebf234c4571692608d5d231fedc%7C1a407a2d76754d178692b3ac285306e4%7C0%7C1%7C636646034528303378&sdata=p%2BxYv%2FyeWG8Vy9KgsSaCJATGRtAP99c9AIf11%2BZ8EaI%3D&reserved=0 ________________________________ The information contained in this message may be confidential and legally protected under applicable law. The message is intended solely for the addressee(s). If you are not the intended recipient, you are hereby notified that any use, forwarding, dissemination, or reproduction of this message is strictly prohibited and may be unlawful. If you are not the intended recipient, please contact the sender by return e-mail and destroy all copies of the original message. ------------------------------------------------------------------------------ Check out the vibrant tech community on one of the world's most engaging tech sites, Slashdot.org! http://sdm.link/slashdot _______________________________________________ Rkhunter-users mailing list Rkhunter-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/rkhunter-users
