Le jeudi 08 juin 2006 à 16:55 +0200, Sven Mueller a écrit : [...] > This is a valid argument. However, if doing so, rkhunter should probably > allow the local sysadmin to somehow specify overrides (like: don't warn > about /etc/.serial.conf.old or don't warn about SSH root logins being > allowed). Getting a mail every day with the same warnings can get quite > annoying ;-) And in my case, even the sshd root-login warning doesn't > make much sense: sshd is only bound to a specific IP which is only > reachable from one other computer: It's failover peer.
This can be done in /etc/rkhunter.conf Some of the most common false positives are described in /usr/share/doc/rkhunter/README.Debian Cheers, Julien
