On Sun, 2012-07-08 at 12:54 +0100, Douglas Fraser wrote:
>
> when rkhunter was upgraded to 1.4.0-1, files in /dev/.udev/db/ started
> to get marked as suspicious. these files had
> simulated forward slashes in them - e.g. "\x2fclass\x2fvc\x2fvcs1". I
> traced the problem to line 15233 of the rkhunter
> script in the do_dev_whitelist_check() method
>
> FNAMEGREP=`echo "${RKHTMPVAR}" | sed -e 's/\./\\\./g'`
>
> The grep expression below it was failing to deal with the "\x2f' etc
> parts of the filenames, turning that into "x2f" and
> so the match wasn't made. I changed the line to
>
> FNAMEGREP=`echo "${RKHTMPVAR}" | sed -e 's/\\\\/\\\\\\\\/g' | sed -e
> 's/\./\\\./g'`
>
Hi,
Thanks for this. I have added your fix to the CVS version.
John.
--
John Horne, Plymouth University, UK
Tel: +44 (0)1752 587287 Fax: +44 (0)1752 587001
------------------------------------------------------------------------------
Live Security Virtual Conference
Exclusive live event will cover all the ways today's security and
threat landscape has changed and how IT managers can respond. Discussions
will include endpoint security, mobile security and the latest in malware
threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/
_______________________________________________
Rkhunter-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/rkhunter-users
