Rkhunter /usr/bin/unhide.rb has been replaced by /usr/bin/unhide.rb

I have recently moved over to Rootkit Hunter (rkhunter) instead of using fcheck, one issue that I encountered on all our Ubuntu servers was the error:

Warning: The command '/usr/bin/unhide.rb' has been replaced by a script: /usr/bin/unhide.rb: Ruby script

Googling confirmed that this error was normal on Ubuntu systems, but I found no solution. Fortunately the solution was simple, simply editing /etc/rkhunter.conf and adding the following line at the appropriate place:

SCRIPTWHITELIST=/usr/bin/unhide.rb

 

comments powered by Disqus