On Sat, 2013-01-05 at 02:02 -0600, Eric Wingate wrote: > Is it possible to change the default paths RKhunter searches in? I am > trying to get rkhunter to totally ignore anything within /dev/shm, > because we have large amounts of cache files in /dev/shm/ that are > constantly being written, so it takes rkhunter a long time to run and > check these cache files. I know i can whitelist these files, but > rkhunter still has to check them and this causes problems for us > because rkhunter can take up to several days to complete a single run. > > > It has to search through 20GB of cache data sometimes. If i can get > rkhunter to ignore even looking in /dev/shm, that would be perfect! > Hello,
Well as far as I remember there are two tests that might look in '/dev/shm'. One is the 'suspscan' test, but that is disabled by default. The other is the 'filesystem' test. You can either disable the entire test (see DISABLE_TESTS in the config file), or run the test only on files actually in '/dev' (not the sub-directories). To do this set SCAN_MODE_DEV=LAZY in the config file. John. -- John Horne, Plymouth University, UK Tel: +44 (0)1752 587287 Fax: +44 (0)1752 587001 ------------------------------------------------------------------------------ Master Visual Studio, SharePoint, SQL, ASP.NET, C# 2012, HTML5, CSS, MVC, Windows 8 Apps, JavaScript and much more. Keep your skills current with LearnDevNow - 3,200 step-by-step video tutorials by Microsoft MVPs and experts. SALE $99.99 this month only -- learn more at: http://p.sf.net/sfu/learnmore_122912 _______________________________________________ Rkhunter-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/rkhunter-users
