On 2010-05-16 3:11 PM, Tanstaafl wrote: >> The 'hdparm' one is possibly a false-positive, but that's for you to >> check.
> Ok, well, I examined the two scripts, and didn't see anything unusual > about them... but I'm not a forensics expert, just a lowly admin > wanna-be... any other suggestions/pointers? Ok, found a reference in the gentoo firums to these two files as needing to be specified in rkhunter.conf as: USER_FILEPROP_FILES_DIRS="!/etc/init.d/hdparm" USER_FILEPROP_FILES_DIRS="!/etc/init.d/pciparm" Does that look reasonable/right? ------------------------------------------------------------------------------ _______________________________________________ Rkhunter-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/rkhunter-users
