On Mon, 2010-05-31 at 13:10 -0700, Duane Loftus wrote: > > For some reason I can't eliminated the warnings on "autoinstaller3.log" > and "monitrc.chk". The snippet out of the log is: > > Performing check of files with suspicious contents > [12:32:44] Info: Starting test name 'suspscan' > [12:32:44] Directories to check are: /tmp /var/tmp > [12:32:44] Temporary directory to use: /dev/shm > This is the 'suspscan' test. It is disabled by default because it is very cpu intensive and may well give false-positives. As far as I remember you cannot whitelist what it finds.
> > The other issue is the /dev/shm directory as shown: > > Performing filesystem checks > [12:33:12] Info: Starting test name 'filesystem' > [12:33:12] Info: SCAN_MODE_DEV set to 'THOROUGH' > [12:33:13] Checking /dev for suspicious file types [ Warning ] > [12:33:13] Warning: Suspicious file types found in /dev: > [12:33:13] /dev/shm/suspscan.32223.strings: ASCII English text > That's a bug in 1.3.6 from the suspscan test. It is fixed in the CVS version of rkhunter. You can delete the /dev/shm/suspscan files. > > Lastly, it seems that I have an inordinate amount of "Not Found" and > "Skipped". This is a result of either not have installed some of the > helper apps yet (like skdet) or of having whitelisted so much. At some > point, is anyone willing to take a look at my log and conf.local files > to see if I am going in the right direction ... or not. > That's not really for us to say. If a test is not run because something is missing that is for you to determine for your system. I would tend to go by the colour of the test result. If it's not red then don't worry about it. The skipped tests will be yellow simply to indicate that you may want to install the relevant software so that the test can run. Whether you do or not, is up to you. John. -- John Horne, University of Plymouth, UK Tel: +44 (0)1752 587287 Fax: +44 (0)1752 587001 ------------------------------------------------------------------------------ _______________________________________________ Rkhunter-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/rkhunter-users
