I know you are probably going to (gently) remind me that this is probably an issue for the Fedora list, but following Kevin Fenzi's reply to my previous thread, in which he said that the the latest updates were shortly about to go into the Fedora stable repository, I decided to to a yum update. Whilst I am not afraid of installing packages from source, where possible I prefer to keep to Fedora packages.
Anyway, the latest Fedora RKH does indeed deal with the "not a script" problem, but now I get this on every run: Warning: The following processes are using deleted files: Process: /usr/sbin/dovecot PID: 709 File: /run/dovecot/login-master-notifyb6a920783290559f Process: /usr/bin/python PID: 743 File: /tmp/ffixWTeCg Process: /usr/libexec/mysqld PID: 1278 File: /tmp/ibNuqKo8 Process: /usr/bin/pulseaudio PID: 1738 File: /usr/bin/pulseaudio Process: /usr/sbin/anacron PID: 27592 File: /tmp/fileqBEyva Process: /bin/bash PID: 27935 File: /tmp/fileqBEyva Process: /usr/libexec/dovecot/imap-login PID: 29074 File: /run/dovecot/login-master-notifyf79914a30abb39fe Process: /bin/gawk PID: 29155 File: /tmp/fileqBEyva Not in itself a problem, except when you look at my (unchanged for months) /etc/rkhunter.conf.local file which is displayed in full below. Note that almost all of the above should be allowed. Have I messed something up, or is this version of RKH simply not reading .conf.local ? Thanks Mark # cat /etc/rkhunter.conf.local ======================8<======================================================= #DISABLE_TESTS="suspscan hidden_ports hidden_procs deleted_files packet_cap_apps" DISABLE_TESTS="apps" PKGMGR=RPM ALLOWHIDDENDIR="/etc/.java" ALLOWHIDDENDIR="/dev/.udev" ALLOWHIDDENDIR="/dev/.mdadm" ALLOWHIDDENFILE="/usr/share/man/man1/..1.gz" ALLOWHIDDENFILE="/usr/share/man/man5/.k5login.5.gz" ALLOWHIDDENFILE="/usr/bin/.fipscheck.hmac" ALLOWHIDDENFILE="/usr/bin/.ssh.hmac" ALLOWHIDDENFILE="/usr/sbin/.sshd.hmac" ALLOWPROCDELFILE="/usr/libexec/mysqld" ALLOWPROCDELFILE="/bin/mailx" ALLOWPROCDELFILE="/usr/bin/mlogc" ALLOWPROCDELFILE="/usr/bin/python" ALLOWPROCDELFILE="/usr/sbin/dovecot" ALLOWPROCDELFILE="/usr/libexec/dovecot/imap-login" ALLOWPROCDELFILE="/usr/sbin/anacron" ALLOWPROCDELFILE="/bin/bash /tmp/file*" ALLOWPROCDELFILE="/bin/gawk /tmp/file*" ALLOWDEVFILE="/dev/shm/pulse-shm-*" SUSPSCAN_DIRS="/tmp /var/tmp" ======================8<=======================================================
signature.asc
Description: This is a digitally signed message part
------------------------------------------------------------------------------ Got Input? Slashdot Needs You. Take our quick survey online. Come on, we don't ask for help often. Plus, you'll get a chance to win $100 to spend on ThinkGeek. http://p.sf.net/sfu/slashdot-survey
_______________________________________________ Rkhunter-users mailing list Rkhunter-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/rkhunter-users