Re: F12 Rkhunter, Have I a rootkit? SOLVED

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]


On Tue, 2010-01-05 at 18:31 -0500, Gene Heskett wrote:
> On Tuesday 05 January 2010, John Horne wrote:
> >On Tue, 2010-01-05 at 11:35 -1000, David Burns wrote:
> >> On Tue, Jan 5, 2010 at 7:46 AM, Frank Murphy (Frankly3D)
> >>
> >> <[email protected]> wrote:
> >> >> This is a false positive.
> >>
> >> rkhunter gave me so many false positives I stopped using it. This is
> >> probably as much (or more) a comment on my character as it is on the
> >> value of rkhunter.
> >
> >Specific tests in RKH can be disabled, and false-positives whitelisted.
> >
> >
> >
> >John.
> >
> _Most_ of the time. Despite some people including me, asking about 
> /usr/sbin/unhide, one of fedora's forensic tools if I read the manpage 
> correctly, no one has managed to come up with a way to add that file to the 
> rkhunter database as a legit file.  So we get at least 2 emails a day mewling 
> about it.  More trouble than its worth if it isn't going to be supported any 
> better than that.
I'm not quite sure what you mean by 'add that file to the rkhunter
database as a legit file'? You mean it is failing the file properties
test? If you email me the error you are getting then I'll take a look at


John Horne, University of Plymouth, UK
Tel: +44 (0)1752 587287    Fax: +44 (0)1752 587001

fedora-list mailing list
[email protected]
To unsubscribe:

[Index of Archives]     [Current Fedora Users]     [Fedora Desktop]     [Fedora SELinux]     [Yosemite News]     [Yosemite Photos]     [KDE Users]     [Fedora Tools]     [Fedora Docs]

  Powered by Linux