so there is this situation, which is annoying since it sends email with warning during every rkhunter check on some of the servers.
Basically, the error is this:
Warning: Suspicious file types found in /dev: /dev/null : ASCII text
I have no idea how this could happen since this is a special character file:
# /usr/bin/file /dev/null /dev/null: character special
I have already tried to surpress this warning by trying these lines in rkhunter.conf:
EXISTWHITELIST=/dev/null ALLOWHIDDENFILE=/dev/null ALLOWPROCDELFILE=/dev/null ALLOWPROCDELFILE=/dev/null ALLOWDEVFILE=/dev/null
Yet still none of it gets rid of this warning.
Also found this bug raised: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=866373
It is back from 2017 and 1.4.2-6 version, and I get exact warning with 1.4.6.
Does anyone have any idea how to get rid of this warning? I have an idea to "un"-grep the /dev/null from the output and pass it to email but that would require quite an effort and muuuch better approach would be to whitelist it in conf file.
[]# ls -ld /dev/null crw-rw-rw- 1 root root 1, 3 Sep 6 2019 /dev/null
As seen from this output, it is special character indeed.
P.s. this is very easily reproducable:
rkhunter --check --report-warnings-only --no-mail-on-warning --enable filesystem