Description of problem: Warning for Adobe Files
[13:59:54] Warning: Suspicious file types found in /dev:
[13:59:55] /dev/shm/sem.ADBE_REL_frank: data
[13:59:55] /dev/shm/sem.ADBE_WritePrefs_frank: data
[13:59:55] /dev/shm/sem.ADBE_ReadPrefs_frank: data
Version-Release number of selected component (if applicable):
Steps to Reproduce:
1. Install AdobeReader_enu-9.1.3-1.i486
Actual results: warning
Where\what section would I whitelist the above files.
There isn't currently a whitelist for Suspicious files. ;(
You could have it not check /dev/shm? (see /etc/rkhunter.conf).
Or just live with these when you are running adobereader ?
Alternately, you could ask upstream to add functionality to whitelist these sorts of files...
Added wildcard for AdobeReader to rkhunter.conf
# Allow the specified files to be present in the /dev directory,
# and not regarded as suspicious. One file per line (use multiple
# ALLOWDEVFILE lines).