Bug 517525 - Rkhunter ans AdobeReader Advice Needed
Summary: Rkhunter ans AdobeReader Advice Needed
Keywords:
Status: CLOSED WORKSFORME
Alias: None
Product: Fedora
Classification: Fedora
Component: rkhunter
Version: 11
Hardware: x86_64
OS: Linux
low
medium
Target Milestone: ---
Assignee: Kevin Fenzi
QA Contact: Fedora Extras Quality Assurance
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2009-08-14 13:17 UTC by Frank Murphy
Modified: 2009-08-18 10:07 UTC (History)
2 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2009-08-18 10:07:52 UTC


Attachments (Terms of Use)

Description Frank Murphy 2009-08-14 13:17:52 UTC
Description of problem: Warning for Adobe Files

[13:59:54] Warning: Suspicious file types found in /dev:
[13:59:55]          /dev/shm/sem.ADBE_REL_frank: data
[13:59:55]          /dev/shm/sem.ADBE_WritePrefs_frank: data
[13:59:55]          /dev/shm/sem.ADBE_ReadPrefs_frank: data


Version-Release number of selected component (if applicable):
rkhunter-1.3.4-7.fc11.noarch

How reproducible:
Daily

Steps to Reproduce:
1. Install AdobeReader_enu-9.1.3-1.i486
2.
3.
  
Actual results: warning



Where\what section would I whitelist the above files.

Comment 1 Kevin Fenzi 2009-08-14 23:05:03 UTC
There isn't currently a whitelist for Suspicious files. ;( 

You could have it not check /dev/shm? (see /etc/rkhunter.conf). 
Or just live with these when you are running adobereader ?

Alternately, you could ask upstream to add functionality to whitelist these sorts of files... 

Thoughts?

Comment 2 Frank Murphy 2009-08-18 10:07:52 UTC
SOLVED:

Added wildcard for AdobeReader to  rkhunter.conf 

#
# Allow the specified files to be present in the /dev directory,
# and not regarded as suspicious. One file per line (use multiple
# ALLOWDEVFILE lines).
#
#ALLOWDEVFILE=/dev/abc

ALLOWDEVFILE=/dev/shm/sem.ADBE*


Note You need to log in before you can comment on or make changes to this bug.