On Tuesday 05 January 2010, John Horne wrote: >On Tue, 2010-01-05 at 11:35 -1000, David Burns wrote: >> On Tue, Jan 5, 2010 at 7:46 AM, Frank Murphy (Frankly3D) >> >> <frankly3d@xxxxxxxxx> wrote: >> >> This is a false positive. >> >> rkhunter gave me so many false positives I stopped using it. This is >> probably as much (or more) a comment on my character as it is on the >> value of rkhunter. > >Specific tests in RKH can be disabled, and false-positives whitelisted. > > > >John. > _Most_ of the time. Despite some people including me, asking about /usr/sbin/unhide, one of fedora's forensic tools if I read the manpage correctly, no one has managed to come up with a way to add that file to the rkhunter database as a legit file. So we get at least 2 emails a day mewling about it. More trouble than its worth if it isn't going to be supported any better than that. -- Cheers, Gene "There are four boxes to be used in defense of liberty: soap, ballot, jury, and ammo. Please use in that order." -Ed Howdershelt (Author) I can write better than anybody who can write faster, and I can write faster than anybody who can write better. -- A.J. Liebling -- fedora-list mailing list fedora-list@xxxxxxxxxx To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list Guidelines: http://fedoraproject.org/wiki/Communicate/MailingListGuidelines
