apt-cache policy rkhunter:
rkhunter:
Installed: 1.4.2-0.4
Candidate: 1.4.2-0.4
lsb_release -rd:
Description: Ubuntu 15.04
Release: 15.04
Whitelisting files/directories with wildcards in the ALLOWDEVFILE parameter not working as expected and are still reported as suspicious:
In /etc/rkhunter.conf:
ALLOWDEVFILE=/dev/shm/byobu-*
Output:
Warning: Suspicious file types found in /dev:
/dev/shm/byobu-admin-gxyPtUEs/.last.tmux/updates_available: ASCII text, with no line terminators
/dev/shm/byobu-admin-gxyPtUEs/.last.tmux/hostname: ASCII text, with no line terminators
/dev/shm/byobu-admin-gxyPtUEs/.last.tmux/whoami: ASCII text, with no line terminators
/dev/shm/byobu-admin-gxyPtUEs/.last.tmux/disk: ASCII text, with no line terminators
/dev/shm/byobu-admin-gxyPtUEs/.last.tmux/memory: ASCII text, with no line terminators
/dev/shm/byobu-admin-gxyPtUEs/.last.tmux/cpu_freq: ASCII text, with no line terminators
/dev/shm/byobu-admin-gxyPtUEs/.last.tmux/cpu_count: ASCII text, with no line terminators
/dev/shm/byobu-admin-gxyPtUEs/.last.tmux/load_average: ASCII text, with no line terminators
/dev/shm/byobu-admin-gxyPtUEs/.last.tmux/cpu_temp: ASCII text, with no line terminators
/dev/shm/byobu-admin-gxyPtUEs/.last.tmux/uptime: ASCII text, with no line terminators
/dev/shm/byobu-admin-gxyPtUEs/.last.tmux/users: ASCII text, with no line terminators
/dev/shm/byobu-admin-gxyPtUEs/.last.tmux/session: ASCII text, with no line terminators
/dev/shm/byobu-admin-gxyPtUEs/.last.tmux/arch: ASCII text, with no line terminators
/dev/shm/byobu-admin-gxyPtUEs/.last.tmux/release: ASCII text, with no line terminators
/dev/shm/byobu-admin-gxyPtUEs/.last.tmux/distro: ASCII text, with no line terminators
/dev/shm/byobu-admin-gxyPtUEs/.last.tmux/logo: ASCII text, with no line terminators
/dev/shm/byobu-admin-gxyPtUEs/.last.tmux/network: ASCII text, with no line terminators
/dev/shm/byobu-admin-gxyPtUEs/width: ASCII text, with no line terminators
/dev/shm/byobu-admin-gxyPtUEs/status.tmux/cpu_freq: ASCII text, with no line terminators
/dev/shm/byobu-admin-gxyPtUEs/status.tmux/load_average: ASCII text, with no line terminators
/dev/shm/byobu-admin-gxyPtUEs/status.tmux/cpu_count: ASCII text, with no line terminators
/dev/shm/byobu-admin-gxyPtUEs/status.tmux/users: ASCII text, with no line terminators
/dev/shm/byobu-admin-gxyPtUEs/status.tmux/disk: ASCII text, with very long lines, with no line terminators
/dev/shm/byobu-admin-gxyPtUEs/status.tmux/memory: ASCII text, with no line terminators
/dev/shm/byobu-admin-gxyPtUEs/status.tmux/cpu_temp: ASCII text, with no line terminators
/dev/shm/byobu-admin-gxyPtUEs/status.tmux/uptime: ASCII text, with no line terminators
/dev/shm/byobu-admin-gxyPtUEs/status.tmux/hostname: ASCII text, with no line terminators
/dev/shm/byobu-admin-gxyPtUEs/status.tmux/release: ASCII text, with no line terminators
/dev/shm/byobu-admin-gxyPtUEs/status.tmux/whoami: ASCII text, with no line terminators
/dev/shm/byobu-admin-gxyPtUEs/status.tmux/session: very short file (no magic)
/dev/shm/byobu-admin-gxyPtUEs/status.tmux/arch: ASCII text, with no line terminators
/dev/shm/byobu-admin-gxyPtUEs/status.tmux/distro: ASCII text, with no line terminators
/dev/shm/byobu-admin-gxyPtUEs/status.tmux/logo: UTF-8 Unicode text, with no line terminators
/dev/shm/byobu-admin-gxyPtUEs/cache.tmux/updates-available: ASCII text
/dev/shm/byobu-admin-gxyPtUEs/cache.tmux/network.down: ASCII text, with no line terminators
/dev/shm/byobu-admin-gxyPtUEs/cache.tmux/network.down.dev: ASCII text
/dev/shm/byobu-admin-gxyPtUEs/cache.tmux/network.up: ASCII text, with no line terminators
/dev/shm/byobu-admin-gxyPtUEs/cache.tmux/network.up.dev: ASCII text
Status changed to 'Confirmed' because the bug affects multiple users.