On Tue, 2010-01-05 at 18:31 -0500, Gene Heskett wrote: > On Tuesday 05 January 2010, John Horne wrote: > >On Tue, 2010-01-05 at 11:35 -1000, David Burns wrote: > >> On Tue, Jan 5, 2010 at 7:46 AM, Frank Murphy (Frankly3D) > >> > >> <frankly3d@xxxxxxxxx> wrote: > >> >> This is a false positive. > >> > >> rkhunter gave me so many false positives I stopped using it. This is > >> probably as much (or more) a comment on my character as it is on the > >> value of rkhunter. > > > >Specific tests in RKH can be disabled, and false-positives whitelisted. > > > > > > > >John. > > > _Most_ of the time. Despite some people including me, asking about > /usr/sbin/unhide, one of fedora's forensic tools if I read the manpage > correctly, no one has managed to come up with a way to add that file to the > rkhunter database as a legit file. So we get at least 2 emails a day mewling > about it. More trouble than its worth if it isn't going to be supported any > better than that. > I'm not quite sure what you mean by 'add that file to the rkhunter database as a legit file'? You mean it is failing the file properties test? If you email me the error you are getting then I'll take a look at it. John. -- John Horne, University of Plymouth, UK Tel: +44 (0)1752 587287 Fax: +44 (0)1752 587001 -- fedora-list mailing list fedora-list@xxxxxxxxxx To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list Guidelines: http://fedoraproject.org/wiki/Communicate/MailingListGuidelines
