From owner-freebsd-questions@FreeBSD.ORG Wed Nov 14 17:19:32 2007 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id DC40916A419 for ; Wed, 14 Nov 2007 17:19:32 +0000 (UTC) (envelope-from per-olof.nilsson@comhem.se) Received: from ch-smtp02.sth.basefarm.net (ch-smtp02.sth.basefarm.net [80.76.149.213]) by mx1.freebsd.org (Postfix) with ESMTP id 2D67313C447 for ; Wed, 14 Nov 2007 17:19:32 +0000 (UTC) (envelope-from per-olof.nilsson@comhem.se) Received: from c83-249-53-135.bredband.comhem.se ([83.249.53.135]:60390) by ch-smtp02.sth.basefarm.net with esmtp (Exim 4.68) (envelope-from ) id 1IsLtY-0000xN-7H for freebsd-questions@freebsd.org; Wed, 14 Nov 2007 18:19:20 +0100 From: Peo Nilsson To: freebsd-questions@freebsd.org In-Reply-To: <1194368058.68992.3.camel@zeus.se> References: <1194271235.19142.4.camel@zeus.se> <44sl3jjsw2.fsf@be-well.ilk.org> <1194368058.68992.3.camel@zeus.se> Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="=-B4ZABE3ECCnZ0m9pjF2u" Date: Wed, 14 Nov 2007 18:18:13 +0100 Message-Id: <1195060693.1610.3.camel@zeus.se> Mime-Version: 1.0 X-Mailer: Evolution 2.12.1 FreeBSD GNOME Team Port X-Originating-IP: 83.249.53.135 X-Scan-Result: No virus found in message 1IsLtY-0000xN-7H. X-Scan-Signature: ch-smtp02.sth.basefarm.net 1IsLtY-0000xN-7H 616cede930cd902e1cd3e66add4b9d68 Subject: Re: /usr/bin/whatis replaced by a script (correct?) X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 14 Nov 2007 17:19:33 -0000 --=-B4ZABE3ECCnZ0m9pjF2u Content-Type: text/plain Content-Transfer-Encoding: quoted-printable On Tue, 2007-11-06 at 17:54 +0100, Peo Nilsson wrote: > On Mon, 2007-11-05 at 22:31 -0500, Lowell Gilbert wrote: > > Peo Nilsson writes: > >=20 > > > When running rkhunter 1.3.0 I get those warnings: > > > > > > ... > > > /usr/bin/whatis' has been replaced by a script: /usr/bin/whatis: > > > Bourne shell script text executable >=20 > > They aren't replaced. They are all *supposed* to be scripts. >=20 > Thanks for the info. >=20 > After knowing this, I edited rkhunter.conf like this: > RTKT_FILE_WHITELIST=3D"/usr/bin/whatis /usr/sbin/adduser /usr/local/bin/G= ET /usr/local/sbin/pkgdb" >=20 > When running 'rkhunter -c' I still get the same warnings as before... > What am I missing? Solved, but many thanks anyway. I should have set SCRIPTWHITELIST insteed of RTKT_FILE_WHITELIST, wich I did first. --=20 /Peo ---------------------------------------------- - PGP signed/encrypted emails is prefered -=20 ---------------------------------------------- --=-B4ZABE3ECCnZ0m9pjF2u Content-Type: application/pgp-signature; name=signature.asc Content-Description: This is a digitally signed message part -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.7 (FreeBSD) iD8DBQBHOy3QgWSfflYlIbwRAiyQAJ0UEZyj3/pDbc/IVpD2goy8pEI4RwCfSvg/ oLSNSGENUpmQqQIuvfjSkRA= =3a7M -----END PGP SIGNATURE----- --=-B4ZABE3ECCnZ0m9pjF2u--