Description of problem: rkhunter reports PCSd/Pacemaker/Corosync files in /dev/shm as suspicious, see attached log. Version-Release number of selected component (if applicable): rkhunter-1.4.2-7.el7.src.rpm How reproducible: always Steps to Reproduce: 1. install and initialize rkhunter 2. install, configure, use PCSd with Pacemaker/Corosync 3. run rkhunter --check and observe suspicious files in /var/log/rkhunter/rkhunter.log Actual results: rkhunter reports suspicious files Expected results: rkhunter should not report Pacemaker/Corosync's files in /dev/shm as suspicious Additional info: workaround is allowing dev files in /dev/shm: # vi /etc/rkhunter.conf ... # # Allow the specified file to be present in the '/dev' directory, and not # regarded as suspicious. # # This option may be specified more than once, and may use wildcard characters. # # The default value is the null string. # [...] # PCS/Pacemaker/Corosync ALLOWDEVFILE=/dev/shm/qb-attrd-* ALLOWDEVFILE=/dev/shm/qb-cfg-* ALLOWDEVFILE=/dev/shm/qb-cib_rw-* ALLOWDEVFILE=/dev/shm/qb-cib_shm-* ALLOWDEVFILE=/dev/shm/qb-corosync-* ALLOWDEVFILE=/dev/shm/qb-cpg-* ALLOWDEVFILE=/dev/shm/qb-lrmd-* ALLOWDEVFILE=/dev/shm/qb-pengine-* ALLOWDEVFILE=/dev/shm/qb-quorum-* ALLOWDEVFILE=/dev/shm/qb-stonith-* or just ALLOWDEVFILE=/dev/shm/qb-*
I would be much happier to add specific files instead of qb-* .. kevin? Unless, the list becomes too long, of course.
Yeah, sounds fine to me...
excellent. I will add the files to the patch and update.
Can you please test this scratch build? https://koji.fedoraproject.org/koji/taskinfo?taskID=17227315 If everything is ok, I will build this and submit an update.
rkhunter-1.4.2-8.el7 rkhunter-1.4.2-8.el7 has been submitted as an update to Fedora EPEL 7. https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2017-a9679aec00
rkhunter-1.4.2-12.fc25 has been submitted as an update to Fedora 25. https://bodhi.fedoraproject.org/updates/FEDORA-2017-600553ca54
rkhunter-1.4.2-8.el7 has been pushed to the Fedora EPEL 7 testing repository. If problems still persist, please make note of it in this bug report. See https://fedoraproject.org/wiki/QA:Updates_Testing for instructions on how to install test updates. You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2017-a9679aec00
rkhunter-1.4.2-12.fc25 has been pushed to the Fedora 25 testing repository. If problems still persist, please make note of it in this bug report. See https://fedoraproject.org/wiki/QA:Updates_Testing for instructions on how to install test updates. You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2017-600553ca54
rkhunter-1.4.2-12.fc25 has been pushed to the Fedora 25 stable repository. If problems still persist, please make note of it in this bug report.
rkhunter-1.4.2-8.el7 has been pushed to the Fedora EPEL 7 stable repository. If problems still persist, please make note of it in this bug report.