On Fri, 2012-08-10 at 14:05 +0000, Tony Schreiner wrote: > On Aug 9, 2012, at 2:57 PM, John Horne wrote: > > > On Fri, 2012-06-15 at 09:30 -0400, Tony Schreiner wrote: > >> > >> I've tried adding quotes around the path, and also adding the lines > >> ALLOWDEVFILE="/dev/.udev/db/platform:Generic PHY" > >> ALLOWDEVFILE="/dev/.udev/db/platform:Intel SCB2 BIOS Flash" > >> ALLOWDEVFILE="/dev/.udev/db/platform:Fixed MDIO bus.0" > >> > > Replace the spaces with the '%' character. > > > > > > That fixes that, but > ALLOWDEVFILE=/dev/.udev/db/* > > still causes a failure for those files. > -check works if I comment it out, but obviously gets a lot of > positives from the contents of that directory (minus the above 3) > Hi,
Yes that will still be a problem. Unfortunately this whole area comes down to handling files with spaces in their names (and in particular when wildcarding). It is something we have discussed on the developers list, and there is no easy solution. We have something in mind, but it will take some time. For that reason, I am a bit loathe to try and 'fix' things involving spaces at the moment because it will have to be undone later on. I've had a look at the code, and can see no easy, general, solution for your problem. If you want to edit the 'rkhunter' program itself then you can comment out line 3602 (which says 'check_paths ALLOWDEVFILES ALLOWDEVFILE'). That should then allow your whitelisting to work. John. -- John Horne, Plymouth University, UK Tel: +44 (0)1752 587287 Fax: +44 (0)1752 587001 ------------------------------------------------------------------------------ Live Security Virtual Conference Exclusive live event will cover all the ways today's security and threat landscape has changed and how IT managers can respond. Discussions will include endpoint security, mobile security and the latest in malware threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/ _______________________________________________ Rkhunter-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/rkhunter-users
