# rkhunter update 1.3.4 > 1.3.6 - lots of 'suspect files'

## libertytrek

Hello,

I recently updated rkhunter to 1.3.6 using the ebuild provided in bug 295433.

After upgrading (and running rkhunter --propupd), I took care of a couple of FPs for rootkits by reading this forum post and adding the following to rkhunter.conf.local:

USER_FILEPROP_FILES_DIRS="!/etc/init.d/hdparm"

USER_FILEPROP_FILES_DIRS="!/etc/init.d/pciparm" 

RTKT_FILE_WHITELIST="/etc/init.d/pciparm /etc/init.d/hdparm" 

But...

I'm also getting a bunch (59 in total) of 'suspicious files' warnings for files in /usr/bin and /usr/sbin, like:

```

myhost : Sat May 15, 11:35:08 : /var/log

 # less rkhunter.log | grep Warning

[11:30:28] /usr/bin/chattr                                   [ Warning ]

[11:30:28] Warning: File '/usr/bin/chattr' has the immutable-bit set.

[11:30:28] /usr/bin/curl                                     [ Warning ]

[11:30:28] Warning: File '/usr/bin/curl' has the immutable-bit set.
```

I know I can just whitelist all of these files individually, but I didn't have to do that with rkhunter-1.3.4, and I'm using the same config file (with the addition of the settings above), so I'm wondering why I'm getting them now.

Besides, whitelisting a bunch of individual files just doesn't seem like the right way to fix anything.

Anyone have any ideas?

----------

