https://bugzilla.novell.com/show_bug.cgi?id=826276 https://bugzilla.novell.com/show_bug.cgi?id=826276#c0 Summary: rkhunter.conf doesn't contain some files in /dev that should be whitelisted Classification: openSUSE Product: openSUSE 12.3 Version: Final Platform: x86-64 OS/Version: openSUSE 12.3 Status: NEW Severity: Minor Priority: P5 - None Component: Security AssignedTo: security-team@suse.de ReportedBy: arun@gmx.de QAContact: qa-bugs@suse.de Found By: --- Blocker: --- User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:21.0) Gecko/20100101 Firefox/21.0 I'm running 12.3/Tumbleweed and rkhunter gives the following output: Warning: Suspicious file types found in /dev: /dev/.sysconfig/network/if-eth0: ASCII text /dev/.sysconfig/network/ifup-eth0: ASCII text /dev/.sysconfig/network/config-eth0: ASCII text /dev/.sysconfig/network/ifup-lo: ASCII text /dev/.sysconfig/network/if-lo: ASCII text /dev/.sysconfig/network/config-lo: ASCII text /dev/.sysconfig/network/started: ASCII text /dev/.sysconfig/network/new-stamp-2: ASCII text Warning: Hidden directory found: '/dev/.sysconfig' Warning: Hidden file found: /dev/.udev: symbolic link to `/run/udev' /etc/rkhunter.conf does include lines like: ALLOWDEVFILE=/dev/.sysconfig/sysconfig/ifup-eth0 so it looks to me that the above should also be included. As I mentioned I'm running Tumbleweed and haven't done a clean install in a while, so I'm not sure if this issue shows up in 12.3, but since the timestamps on these files are current, I assume that this would be the case. Reproducible: Always Steps to Reproduce: 1. run rkhunter 2. 3. Actual Results: warning about some files in /dev/.sysconfig Expected Results: shouldn't complain about files that are created by a standard system -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.