Hello the ML,
We are running the rkhunter set up over all our infrastructure but we are
facing a daily recap of false positive which is rather noisy and not necessary.
I was wondering what to whitelist them and ideally the right way to avoid these
type of Warnings from Rkhutner:
On OpenVZ servers:
Warning: User ‘console-string' has been added to the passwd file.
Warning: Group ‘console-string' has been added to the group file
Or on cPanel servers:
Warning: User ‘username' has been removed from the passwd file.
Warning: User ‘username2' has been removed from the passwd file.
Warning: Changes found in the passwd file for user ‘username': The login shell
has changed from '/usr/local/cpanel/bin/noshell' to '/bin/false'
Monitoring users and groups is kind of one of the purposes of rKhunter, but we
have dynamic user / group infrastructure so it is rather time consuming to go
through them all.
With Regards
Vincent
_______________________________________________
Rkhunter-users mailing list
Rkhunter-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/rkhunter-users
