Description of problem: rkhunter does not like files in /dev/shm Version-Release number of selected component (if applicable): rkhunter-1.3.8-6.fc15.noarch Additional info: Could you add these to rkhunter.conf: # tomboy creates this one ALLOWDEVFILE="/dev/shm/mono.*" # created by libv4l ALLOWDEVFILE="/dev/shm/libv4l-*
rkhunter-1.3.8-7.fc15 has been submitted as an update for Fedora 15. https://admin.fedoraproject.org/updates/rkhunter-1.3.8-7.fc15
rkhunter-1.3.8-8.fc15 has been submitted as an update for Fedora 15. https://admin.fedoraproject.org/updates/rkhunter-1.3.8-8.fc15
Package rkhunter-1.3.8-8.fc15: * should fix your issue, * was pushed to the Fedora 15 testing repository, * should be available at your local mirror within two days. Update it with: # su -c 'yum update --enablerepo=updates-testing rkhunter-1.3.8-8.fc15' as soon as you are able to. Please go to the following url: https://admin.fedoraproject.org/updates/rkhunter-1.3.8-8.fc15 then log in and leave karma (feedback).
rkhunter-1.3.8-8.fc15 has been pushed to the Fedora 15 stable repository. If problems still persist, please make note of it in this bug report.
Unfortunately there is some quoting problem left: In /etc/rkhunter.conf: # created by libv4l ALLOWDEVFILE="/dev/shm/libv4l-*" Now, the actual "suspicious" file is named libv4l-moschny:usb-0000:00:1d.7-2.1.4:093a:2600:VGA Single Chip causing rkhunter to preoduce these two warnings: Invalid ALLOWDEVFILE configuration option: Invalid pathname: Single Invalid ALLOWDEVFILE configuration option: Invalid pathname: Chip Seems there's a problem with rkhunter expanding the wildcard in case matching files contain a space.
Even worse, despite the messages being labelled 'warning' rkhunter does not seem to perform any real checks.
Please see: https://bugzilla.redhat.com/show_bug.cgi?id=984180#c1 In short, upstream is aware of the issue, but it will require redoing a lot to get everything working as it should be.
Ok, I subscribed to the other bug, closing this one.