On Mon, 09 Apr 2012 19:49:07 +0100 John Horne <[email protected]> wrote:
> On Sat, 2012-03-31 at 17:08 -0600, Kevin Fenzi wrote: > > Greetings. > > > > With Fedora 17, Fedora is moving many top level dirs to their /usr > > equivalent. This causes a rkhunter false positive. On a 32bit > > install, /lib becomes a link to /usr/lib. There's a number of > > packages that put files in /usr/lib/java, but due to the symlink, > > rkhunter sees this as /lib/java/ which is a signature from some > > rootkit. ;( > > > > It would be nice if it could see if /lib is a link and bypass this > > test? Or if there was a way to whitelist this in config (currently > > there isn't). > > > Using 'RTKT_DIR_WHITELIST=/lib/java' will work (just tested it). > > (Although I think we should be able to provide a better solution.) Sadly that workaround only works for 32bit installs in Fedora... 64bit installs don't have the /lib/java dir (they have /lib64/java), so adding this results in a 'directory not found'. ;( kevin
signature.asc
Description: PGP signature
------------------------------------------------------------------------------ Better than sec? Nothing is better than sec when it comes to monitoring Big Data applications. Try Boundary one-second resolution app monitoring today. Free. http://p.sf.net/sfu/Boundary-dev2dev
_______________________________________________ Rkhunter-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/rkhunter-users
