Package: rkhunter Version: 1.4.0-1 Severity: normal When unhide.rb (recommended by rkhunter) is installed, this results in a spurious warning because unhide.rb is a ruby script and not a binary file: [09:47:05] /usr/bin/unhide.rb [ Warning ] [09:47:05] Warning: The command '/usr/bin/unhide.rb' has been replaced by a script: /usr/bin/unhide.rb: Ruby script, ASCII text
I had to add: SCRIPTWHITELIST=/usr/bin/unhide.rb to rkhunter.conf to stop this warning. This should probably be done by default. -- System Information: Debian Release: wheezy/sid APT prefers testing APT policy: (300, 'testing'), (200, 'unstable') Architecture: amd64 (x86_64) Kernel: Linux 3.2.0-3-amd64 (SMP w/1 CPU core) Locale: LANG=en_GB.UTF-8, LC_CTYPE=en_GB.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Versions of packages rkhunter depends on: ii binutils 2.22-7.1 ii debconf [debconf-2.0] 1.5.46 ii file 5.11-2 ii net-tools 1.60-24.2 ii perl 5.14.2-15 ii ucf 3.0025+nmu3 Versions of packages rkhunter recommends: ii curl 7.28.0-3 ii elinks 0.12~pre5-9 ii exim4-daemon-light [mail-transport-agent] 4.80-5.1 ii iproute 20120521-3 ii lsof 4.86+dfsg-1 ii unhide.rb 13-1 ii wget 1.14-1 Versions of packages rkhunter suggests: ii bsd-mailx [mailx] 8.1.2-0.20111106cvs-1 pn libdigest-whirlpool-perl <none> pn liburi-perl <none> pn libwww-perl <none> pn powermgmt-base <none> pn tripwire <none> -- Configuration Files: /etc/rkhunter.conf changed: ROTATE_MIRRORS=1 UPDATE_MIRRORS=1 MIRRORS_MODE=0 MAIL-ON-WARNING="root" MAIL_CMD=mail -s "[rkhunter] Warnings found for ${HOST_NAME}" TMPDIR=/var/lib/rkhunter/tmp DBDIR=/var/lib/rkhunter/db SCRIPTDIR=/usr/share/rkhunter/scripts UPDATE_LANG="" LOGFILE=/var/log/rkhunter.log APPEND_LOG=0 COPY_LOG_ON_ERROR=0 COLOR_SET2=0 AUTO_X_DETECT=1 WHITELISTED_IS_WHITE=0 ALLOW_SSH_ROOT_USER=no ALLOW_SSH_PROT_V1=0 ENABLE_TESTS="all" DISABLE_TESTS="suspscan deleted_files packet_cap_apps apps" SCRIPTWHITELIST=/bin/egrep SCRIPTWHITELIST=/bin/fgrep SCRIPTWHITELIST=/bin/which SCRIPTWHITELIST=/usr/bin/groups SCRIPTWHITELIST=/usr/bin/ldd SCRIPTWHITELIST=/usr/bin/lwp-request SCRIPTWHITELIST=/usr/sbin/adduser SCRIPTWHITELIST=/usr/sbin/prelink SCRIPTWHITELIST=/usr/bin/unhide.rb IMMUTABLE_SET=0 PHALANX2_DIRTEST=0 ALLOW_SYSLOG_REMOTE_LOGGING=0 SUSPSCAN_TEMP=/dev/shm SUSPSCAN_MAXSIZE=10240000 SUSPSCAN_THRESH=200 USE_LOCKING=0 LOCK_TIMEOUT=300 SHOW_LOCK_MSGS=1 DISABLE_UNHIDE=1 INSTALLDIR="/usr" -- debconf information: * rkhunter/apt_autogen: true * rkhunter/cron_daily_run: true * rkhunter/cron_db_update: true -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org