Alle,
We have installed rkhunter (V1.3.6-2) from EPEL on our RHEL 5.4 machines and it appears that it does not remove the /dev/shm/suspscan.* files it uses for the SUSPSCAN test, thus triggering a warning for said test. AFAIK, this was a known bug that was supposed to be have been fixed in V1.3.1.
Best Regards, Camron
On Fri, 26 Feb 2010 15:34:16 -1000 "Camron W. Fox" cwfox@us.fujitsu.com wrote:
Alle,
We have installed rkhunter (V1.3.6-2) from EPEL on our RHEL 5.4 machines and it appears that it does not remove the /dev/shm/suspscan.* files it uses for the SUSPSCAN test, thus triggering a warning for said test. AFAIK, this was a known bug that was supposed to be have been fixed in V1.3.1.
It's best to file issues in bugzilla so you know the maintainer gets them.
In this case, I happen to read this list and maintain rkhunter, so I can look into it.
Are you sure the files are new? 'rpm -q rhunter' returns what?
I can't duplcate this hear. I run it daily on a 5.4 machine and it's never showing an issue. Just ran it again and it doesn't leave anything in /dev/shm here.
Perhaps you have an old config file?
Best Regards, Camron
kevin
epel-devel@lists.fedoraproject.org