Rootkit Hunter

Tracker: Feature Requests

5 whitelist root users - ID: 1638916

Last Update: Comment added ( jhorne )

Details:

I have a machine with an extra user with root privileges, for legitimate
reasons. I have patched
rkhunter by hand to whitelist the extra user, in this case called pepper,
by altering line 4928:

users_with_uid0=`grep -v '^:0:0:::' ${ROOTDIR}etc/passwd | grep ":0:" |
cut -d ":" -f1,3 | grep '0' | grep -vE '(root|pepper):0'`

of PROGRAM_version="1.2.9".

Of course it would be nicer to make a whitelist entry in the config file
instead of altering the rkhunter script, but I don't know how to do that.

Submitted:

Jim Cline ( jcline666 ) - 2007-01-18 19:47

Priority:

Status:

Closed

Resolution:

Fixed

Assigned:

John Horne

Category:

Rkhunter

Group:

None

Visibility:

Public

Comment ( 1 )

Date: 2007-03-29 16:08 Sender: jhorne Next release will allow whitelisting of root-equivalent accounts. CVS will have the relevant code in a short while - just finishing off some other things before uploading it! :-) John.

Attached File

Changes ( 4 )

Field	Old Value	Date	By
status_id	Open	2007-03-29 16:08	jhorne
resolution_id	None	2007-03-29 16:08	jhorne
assigned_to	nobody	2007-03-29 16:08	jhorne
close_date	-	2007-03-29 16:08	jhorne

Rootkit Hunter

Tracker: Feature Requests

Comment ( 1 )

Attached File

No Files Currently Attached

Changes ( 4 )

About SourceForge

Find Software

Develop Software

Community

Help