On Fri, Feb 22, 2008 at 11:45 PM, John Horne <[EMAIL PROTECTED]> wrote:
> I'm wondering if this is just a false-positive caused by looking in a > binary file. As unSpawn has said the /dev/dev directory should be > present as well. I suspect you have modified your rkhunter.conf > (SYSTEM_RC_DIR) to look in /etc, whereas usually RKH only looks for > startup files (scripts) typically in /etc/rc.d or /etc/init.d - not > actual system/db files in /etc. John, yes we discussed this earlier. (Open)BSD has its start files in plain /etc/. in order to check, one has to check /etc/. In the end, I wonder how and why rkhunter looks into a binary file (okay, not really binary, partially); but by looking at the source, I will understand. Maybe rkhunter should add another check before opening a file, to see if it is 'binary', and eventually just skip it. No wait, that's also not good. Maybe at the preliminary run, it could display the file name of any binary and ask, if it may skip it in future (whitelist)? I might have reacted even more calmly, had we not had the problem with the 'update', plus I found out that it hadn't run for ages. My mistake, I had added the option '--nocolour'. Since then, it didn't run, for the misspelled option. Actually, I had really preferred the earlier version of sending a mail irrespective. At least, then I could know rkhunter had been run. The current default of not sending, and if sending, then (default) just a general warning, does not make me very happy. Any chance to revert to a default of sending mails, including the warnings, and rather add options for not sending in case of no warnings, and one option more to suppress the warning itself instead of an extra option to display it? My 2 sen, and thanks for the heads-up, Uwe > > > > > > John. > > -- > --------------------------------------------------------------- > John Horne, University of Plymouth, UK Tel: +44 (0)1752 233914 > E-mail: [EMAIL PROTECTED] Fax: +44 (0)1752 233839 > > ------------------------------------------------------------------------- > This SF.net email is sponsored by: Microsoft > Defy all challenges. Microsoft(R) Visual Studio 2008. > http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/ > _______________________________________________ > Rkhunter-users mailing list > [email protected] > https://lists.sourceforge.net/lists/listinfo/rkhunter-users > ------------------------------------------------------------------------- This SF.net email is sponsored by: Microsoft Defy all challenges. Microsoft(R) Visual Studio 2008. http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/ _______________________________________________ Rkhunter-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/rkhunter-users
