我通过rkhunter得到了一组警告,我似乎无法使用ALLOWDEVFILE进行压制。 这是一个被标记的东西:
Checking /dev for suspicious file types [ Warning ] Warning: Suspicious file types found in /dev: /dev/.udev/db/\x2fdevices\x2fvirtual\x2ftty\x2ftty8: ASCII text /dev/.udev/db/\x2fdevices\x2fvirtual\x2ftty\x2ftty7: ASCII text /dev/.udev/db/\x2fdevices\x2fvirtual\x2ftty\x2ftty6: ASCII text /dev/.udev/db/\x2fdevices\x2fvirtual\x2ftty\x2ftty5: ASCII text /dev/.udev/db/\x2fdevices\x2fvirtual\x2ftty\x2ftty4: ASCII text /dev/.udev/db/\x2fdevices\x2fvirtual\x2ftty\x2ftty3: ASCII text /dev/.udev/db/\x2fdevices\x2fvirtual\x2ftty\x2ftty2: ASCII text 我已经尝试了以下所有技术(带和不带引号):
ALLOWDEVFILE = "/dev/.udev/db/\x2fdevices\x2fvirtual\x2ftty\x2ftty8"
ALLOWDEVFILE = "/dev/.udev/db/\\x2fdevices\\x2fvirtual\\x2ftty\\x2ftty8"
通配符似乎不工作,或者:
ALLOWDEVFILE = "/dev/.udev/db/\x2fdevices\x2fvirtual\*"
在文件名中反斜杠似乎有一些问题,即使正常的标签自动完成的文件名将无法从命令行工作。 关于如何让rkhunter停止投掷警告,并不断发电子邮件给我的这组文件的任何想法?
沟引号:
ALLOWDEVFILE = /dev/.udev/db/*
要抑制这个警告,你可以在/etc/rkhunter.conf.local中添加一个白名单规则:
ALLOWDEVFILE =的/ dev / .udev / rules.d / root.rules