[Rkhunter-users] Can't whitelist deleted files

SourceForge Headquarters 225 Broadway Suite 1600 San Diego, CA 92101 +1 (858) 454-5900

Hello all,

I just upgraded from 1.3.6 to 1.3.8 on my Fedora 13 system, and on each
RKH run I get a the following warning:

Warning: The following processes are using deleted files:
         Process: /usr/libexec/mysqld    PID: 1499    File: /tmp/ib5ks4lI
         Process: /bin/mailx    PID: 9802    File: /tmp/Rsva0iNT
         Process: /usr/bin/mlogc    PID: 19422    File: /var/tmp/etilqs_pYL81MNhaXiONAm

The thing is, I have this in my /etc/rkhunter.conf:

# This is a space-separated list of process names. The option
# may be specified more than once.
#
#ALLOWPROCDELFILE="/sbin/cardmgr /usr/sbin/gpm:/etc/X11/abc"
#ALLOWPROCDELFILE="/usr/libexec/gconfd-2"
#ALLOWPROCDELFILE="/usr/sbin/mysqld"
ALLOWPROCDELFILE="/usr/libexec/mysqld"
ALLOWPROCDELFILE="/bin/mailx"
ALLOWPROCDELFILE="/usr/bin/mlogc"

In the 1.3.6 .conf file these entries did not have quotes around them.
When the 1.3.8 runs complained I added the quotes but neither way seems
to work.

I even tried creating a /etc/rkhunter.conf.local file with those entries
in, but still the warnings come...

I'm sure it's a PEBKAC [1] problem but could someone please steer me in
the right direction?

Thanks

Mark

[1] Problem Exists Between Keyboard And Chair