On Sun, 2010-07-11 at 19:49 -0500, Chris wrote: > > > Thanks John, here's what I've done: > > RTKT_FILE_WHITELIST=/etc/init.d/hdparm > RTKT_FILE_WHITELIST=/etc/init.d/pciparm > RTKT_FILE_WHITELIST=/usr/include/file.h > RTKT_FILE_WHITELIST=/etc/rc.d/rc.sysinit > RTKT_FILE_WHITELIST=/etc/rc.d/init.d/bootlogd > RTKT_FILE_WHITELIST=/etc/rc.d/rc.sysinit > This is the problem. At 1.3.6 the RTKT_FILE_WHITELIST option (and several others) can only be specified once (and only the last one seen is used). This is already fixed in the next release when most of the whitelisting options are allowed to be specified more than once.
I'll email you a drop-in corrected version of the 'rkhunter' program (it will still be version 1.3.6), that will allow your configuration above. It also contains the fix for the Mandriva 'rkhunter /bin/sh script' problem. John. -- John Horne, University of Plymouth, UK Tel: +44 (0)1752 587287 Fax: +44 (0)1752 587001 ------------------------------------------------------------------------------ This SF.net email is sponsored by Sprint What will you do first with EVO, the first 4G phone? Visit sprint.com/first -- http://p.sf.net/sfu/sprint-com-first _______________________________________________ Rkhunter-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/rkhunter-users
