Bug 517525

Summary: Rkhunter ans AdobeReader Advice Needed
Product: [Fedora] Fedora Reporter: Frank Murphy <frankly3d>
Component: rkhunterAssignee: Kevin Fenzi <kevin>
Status: CLOSED WORKSFORME QA Contact: Fedora Extras Quality Assurance <extras-qa>
Severity: medium Docs Contact:
Priority: low    
Version: 11CC: devrim, kevin
Target Milestone: ---   
Target Release: ---   
Hardware: x86_64   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2009-08-18 10:07:52 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Frank Murphy 2009-08-14 13:17:52 UTC
Description of problem: Warning for Adobe Files

[13:59:54] Warning: Suspicious file types found in /dev:
[13:59:55]          /dev/shm/sem.ADBE_REL_frank: data
[13:59:55]          /dev/shm/sem.ADBE_WritePrefs_frank: data
[13:59:55]          /dev/shm/sem.ADBE_ReadPrefs_frank: data


Version-Release number of selected component (if applicable):
rkhunter-1.3.4-7.fc11.noarch

How reproducible:
Daily

Steps to Reproduce:
1. Install AdobeReader_enu-9.1.3-1.i486
2.
3.
  
Actual results: warning



Where\what section would I whitelist the above files.

Comment 1 Kevin Fenzi 2009-08-14 23:05:03 UTC
There isn't currently a whitelist for Suspicious files. ;( 

You could have it not check /dev/shm? (see /etc/rkhunter.conf). 
Or just live with these when you are running adobereader ?

Alternately, you could ask upstream to add functionality to whitelist these sorts of files... 

Thoughts?

Comment 2 Frank Murphy 2009-08-18 10:07:52 UTC
SOLVED:

Added wildcard for AdobeReader to  rkhunter.conf 

#
# Allow the specified files to be present in the /dev directory,
# and not regarded as suspicious. One file per line (use multiple
# ALLOWDEVFILE lines).
#
#ALLOWDEVFILE=/dev/abc

ALLOWDEVFILE=/dev/shm/sem.ADBE*