Public bug reported:
When run from the default Ubuntu cron file (/etc/cron.daily/rkhunter),
if the option 'suspscan' is included, rkhunter reports the tmp file
created by its own cron job as suspicious:
Warning: File '/tmp/tmp.Vnv2CeoUes' (score: 230) contains some suspicious
content and should be checked.
Warning: Checking for files with suspicious contents [ Warning ]
This is caused by using 'mktmp' in the cron bash script which by default
puts temp files in '/tmp'. The solution is to change the line
OUTFILE=`mktemp` || exit 1
to
OUTFILE=`mktemp -p /var/lib/rkhunter/tmp` || exit 1
so that the temp file is put in rkhunter's whitelisted tmp directory.
** Affects: rkhunter (Ubuntu)
Importance: Undecided
Status: New
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1342866
Title:
rkhunter Reports Its Own tmp Files As Suspicious When Run From Cron
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/rkhunter/+bug/1342866/+subscriptions
--
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
