On Mon, 2010-09-13 at 14:14 +0300, Nerijus Baliunas wrote: > On Mon, 13 Sep 2010 11:56:03 +0100 John Horne <[email protected]> > wrote: > > > > I have similar problem with wine. When there are no wine apps running, > > > I get no warning, but with wine running I get the warning. > > > I made a diff of lsof output with wine running and not - it seems the > > > following > > > opened directory is guilty: > > > +n/mnt/d/winnt4nowin/windows/system > > > Is it possible to whitelist it somehow? > > > > > Yes, use the rootkit file whitelist option. > > If I use RTKT_FILE_WHITELIST="/mnt/d/winnt4nowin/windows/system" > rkhunter says Whitelisted rootkit file does not exist: > /mnt/d/winnt4nowin/windows/system > If I use RTKT_DIR_WHITELIST="/mnt/d/winnt4nowin/windows/system" (as it is a > directory), > I still get the warning. > In which case probably not much can be done about this for the current release. The next release does allow for files/dirs to exist or not-exist with certain tests, but I'm not sure we would want to do that for known rootkit files. I'll have to think about this.
John. -- John Horne Tel: +44 (0)1752 587287 University of Plymouth, UK Fax: +44 (0)1752 587001 ------------------------------------------------------------------------------ Start uncovering the many advantages of virtual appliances and start using them to simplify application deployment and accelerate your shift to cloud computing http://p.sf.net/sfu/novell-sfdev2dev _______________________________________________ Rkhunter-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/rkhunter-users
