On Tue, 2012-04-17 at 07:14 -0600, Kevin Fenzi wrote: > On Mon, 09 Apr 2012 19:49:07 +0100 > John Horne <[email protected]> wrote: > > > On Sat, 2012-03-31 at 17:08 -0600, Kevin Fenzi wrote: > > > Greetings. > > > > > > With Fedora 17, Fedora is moving many top level dirs to their /usr > > > equivalent. This causes a rkhunter false positive. On a 32bit > > > install, /lib becomes a link to /usr/lib. There's a number of > > > packages that put files in /usr/lib/java, but due to the symlink, > > > rkhunter sees this as /lib/java/ which is a signature from some > > > rootkit. ;( > > > > > > It would be nice if it could see if /lib is a link and bypass this > > > test? Or if there was a way to whitelist this in config (currently > > > there isn't). > > > > > Using 'RTKT_DIR_WHITELIST=/lib/java' will work (just tested it). > > > > (Although I think we should be able to provide a better solution.) > > Sadly that workaround only works for 32bit installs in Fedora... > > 64bit installs don't have the /lib/java dir (they have /lib64/java), so > adding this results in a 'directory not found'. ;( > Hi,
Sorry for the delay in replying. Still thinking about this; made note to self to look further into problem. I appreciate that F17 is due to be released soon, so hopefully we'll get something sort out before then. John. -- John Horne Tel: +44 (0)1752 587287 Plymouth University, UK Fax: +44 (0)1752 587001 ------------------------------------------------------------------------------ Live Security Virtual Conference Exclusive live event will cover all the ways today's security and threat landscape has changed and how IT managers can respond. Discussions will include endpoint security, mobile security and the latest in malware threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/ _______________________________________________ Rkhunter-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/rkhunter-users
