Hi Julien! The reason I added them to USER_FILEPROP_FILES_DIRS was the instructions for the RTKT_FILE_WHITELIST: " # NOTE: It is recommended that if you whitelist any files, then you include # those files in the file properties check. See the USER_FILEPROP_FILES_DIRS # configuration option. # #RTKT_DIR_WHITELIST="" #RTKT_FILE_WHITELIST="" RTKT_FILE_WHITELIST="/etc/init.d/.depend.boot /etc/init.d/checkroot.sh /etc/init.d/hdparm /etc/init.d/bootlogd" "
If those instructions are wrong, they should go as well. Regards //Johan 2009/12/23 Julien Valroff <jul...@kirya.net>: > package rkhunter > forcemerge 562154 559696 > thanks > > Hi Johan, > > On Wed, 23 Dec 2009 09:45:16 +0100, Johan Walles <johan.wal...@gmail.com> > wrote: >> Package: rkhunter >> Version: 1.3.6-2 >> Severity: normal >> >> >> Hi! >> >> I have the following lines in my /etc/rkhunter.conf: >> >> USER_FILEPROP_FILES_DIRS="/etc/init.d/checkroot.sh" >> USER_FILEPROP_FILES_DIRS="/etc/init.d/hdparm" >> USER_FILEPROP_FILES_DIRS="/etc/init.d/bootlogd" >> >> After adding them there, I ran "rkhunter --propupd" as instructed in the >> surrounding comments. >> >> Every time rkhunter runs I now get this: >> >> Warning: The command '/etc/init.d/checkroot.sh' has been replaced by a >> script: /etc/init.d/checkroot.sh: POSIX shell script text executable >> Warning: The command '/etc/init.d/hdparm' has been replaced by a script: >> /etc/init.d/hdparm: POSIX shell script text executable >> Warning: The command '/etc/init.d/bootlogd' has been replaced by a > script: >> /etc/init.d/bootlogd: POSIX shell script text executable >> >> I expected not to get those warnings. >> >> What can I do to get rid of them? > > USER_FILEPROP_FILES_DIRS is not what you are looking for (it is meant to > exclude files from the file properties database). > > I guess you had a warning about the 'hdparm' string found in these > scripts. To whitelist them, first get rid of the USER_FILEPROP_FILES_DIRS > you have added, and use the RTKT_FILE_WHITELIST option. > > They will be added by default (commented) in the configuration file, see > #559696. > > Cheers, > Julien > -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
