Package: rkhunter Version: 1.3.8-4 Severity: normal Among other things, when the daily cronjob runs, I get the following processes with open deleted files:
Process: /usr/bin/kdeinit4 PID: 599 File: /dev/pts/2 Process: /usr/bin/gnome-terminal PID: 4971 File: /tmp/vteLAK4UV If I put this in my /etc/rkhunter.conf.local: ALLOWPROCDELFILE="/usr/bin/kdeinit4" then the first one disappears and I'm left with: Process: /usr/bin/gnome-terminal PID: 4971 File: /tmp/vteLAK4UV However, if I put this in my /etc/rkhunter.conf.local: ALLOWPROCDELFILE="/usr/bin/kdeinit4" ALLOWPROCDELFILE="/usr/bin/gnome-terminal" then none of them are filtered and I'm left with the original two: Process: /usr/bin/kdeinit4 PID: 599 File: /dev/pts/2 Process: /usr/bin/gnome-terminal PID: 4971 File: /tmp/vteLAK4UV the same problem exists if I merge the two options into a single option: ALLOWPROCDELFILE="/usr/bin/kdeinit4 /usr/bin/gnome-terminal" Cheers, Francois -- System Information: Debian Release: wheezy/sid APT prefers unstable APT policy: (500, 'unstable'), (1, 'experimental') Architecture: amd64 (x86_64) Kernel: Linux 2.6.38.6-grsec+ (SMP w/2 CPU cores; PREEMPT) Locale: LANG=fr_CA.utf8, LC_CTYPE=fr_CA.utf8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Versions of packages rkhunter depends on: ii binutils 2.21.51.20110421-3 The GNU assembler, linker and bina ii debconf [debconf-2.0] 1.5.39 Debian configuration management sy ii file 5.04-5+b1 Determines file type using "magic" ii net-tools 1.60-23 The NET-3 networking toolkit ii perl 5.10.1-20 Larry Wall's Practical Extraction ii ucf 3.0025+nmu2 Update Configuration File: preserv Versions of packages rkhunter recommends: ii curl 7.21.6-1 Get a file from an HTTP, HTTPS or ii iproute 20110315-1 networking and traffic control too ii lsof 4.81.dfsg.1-1 List open files ii postfix [mail-transport-ag 2.8.3-1 High-performance mail transport ag pn unhide <none> (no description available) pn unhide.rb <none> (no description available) ii wget 1.12-3.1 retrieves files from the web Versions of packages rkhunter suggests: ii libdigest-sha1-perl 2.13-1 NIST SHA-1 message digest algorith pn libdigest-whirlpool-per <none> (no description available) ii liburi-perl 1.58-1 module to manipulate and access UR ii libwww-perl 6.01-3 simple and consistent interface to ii mailutils [mailx] 1:2.2+dfsg1-3+b1 GNU mailutils utilities for handli ii powermgmt-base 1.31 Common utils and configs for power pn tripwire <none> (no description available) -- Configuration Files: /etc/cron.daily/rkhunter changed [not included] /etc/default/rkhunter changed [not included] -- debconf information: * rkhunter/apt_autogen: yes * rkhunter/cron_daily_run: yes * rkhunter/cron_db_update: yes -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
