Package: rkhunter Version: 1.4.0-1 Severity: normal Hello, Running rkhunter on a newly configured wheezy system gives: /usr/bin/unhide.rb [ Warning ] Warning: The command '/usr/bin/unhide.rb' has been replaced by a script: /usr/bin/unhide.rb: Ruby script, ASCII text
That file is a ruby script, sha512sums and md5sums have been compared with another system (which had the following whitelisting configured a long long time ago) and they match. Edit /etc/rkhunter.conf: Add to the bottom of the SCRIPTWHITELIST section: SCRIPTWHITELIST=/usr/bin/unhide.rb This corrects the false positive warning. Thank you -- System Information: Debian Release: 7.1 APT prefers stable-updates APT policy: (500, 'stable-updates'), (500, 'stable') Architecture: amd64 (x86_64) Foreign Architectures: i386 Kernel: Linux 3.2.0-4-amd64 (SMP w/2 CPU cores) Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Versions of packages rkhunter depends on: ii binutils 2.22-8 ii debconf [debconf-2.0] 1.5.49 ii file 5.11-2 ii net-tools 1.60-24.2 ii perl 5.14.2-21 ii ucf 3.0025+nmu3 Versions of packages rkhunter recommends: ii curl 7.26.0-1+wheezy3 ii exim4-daemon-light [mail-transport-agent] 4.80-7 ii iproute 20120521-3+b3 ii lsof 4.86+dfsg-1 ii unhide.rb 13-1.1 ii wget 1.13.4-3 Versions of packages rkhunter suggests: ii heirloom-mailx [mailx] 12.5-2 pn libdigest-whirlpool-perl <none> ii liburi-perl 1.60-1 ii libwww-perl 6.04-1 ii powermgmt-base 1.31 ii tripwire 2.4.2.2-2 -- Configuration Files: /etc/logrotate.d/rkhunter changed [not included] /etc/rkhunter.conf changed [not included] -- debconf information excluded -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org