On Mon, 2010-09-13 at 02:59 +0300, Nerijus Baliunas wrote: > On Thu, 09 Sep 2010 10:21:56 +0100 John Horne <[email protected]> > wrote: > > > The test is for complete files names, not partial matches - so > > '.../system' matches, but '.../system_bus_socket' will not. Without > > seeing the lsof output, which has obviously changed by now, it is > > impossible to say what was matched. > > I have similar problem with wine. When there are no wine apps running, > I get no warning, but with wine running I get the warning. > I made a diff of lsof output with wine running and not - it seems the > following > opened directory is guilty: > +n/mnt/d/winnt4nowin/windows/system > Is it possible to whitelist it somehow? > Yes, use the rootkit file whitelist option.
> > but then I get a warning: > [02:54:07] /usr/bin/rkhunter [ Warning ] > [02:54:07] Warning: Package manager verification has failed: > [02:54:07] File: /usr/bin/rkhunter > [02:54:07] The file hash value has changed > [02:54:07] The file size has changed > [02:54:07] The file modification time has changed > > The warning remains even after running rkhunter --propupd, why? > Ah, it's because of "Package manager verification". > ...or whitelist rkhunter from the package manager verification. John. -- John Horne Tel: +44 (0)1752 587287 University of Plymouth, UK Fax: +44 (0)1752 587001 ------------------------------------------------------------------------------ Start uncovering the many advantages of virtual appliances and start using them to simplify application deployment and accelerate your shift to cloud computing http://p.sf.net/sfu/novell-sfdev2dev _______________________________________________ Rkhunter-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/rkhunter-users
