From aca813ea12c5edc90148c61da1e0ec5437a379e0 Mon Sep 17 00:00:00 2001
From: ddpbsd <ddpbsd@gmail.com>
Date: Wed, 7 Sep 2022 10:00:58 -0400
Subject: [PATCH] Fix issue #2020 /bin/diff returns /dev/full on fedora, so
 remove the /dev check

---
 src/rootcheck/db/rootkit_trojans.txt | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/rootcheck/db/rootkit_trojans.txt b/src/rootcheck/db/rootkit_trojans.txt
index e8b7abfcb..aed630c89 100644
--- a/src/rootcheck/db/rootkit_trojans.txt
+++ b/src/rootcheck/db/rootkit_trojans.txt
@@ -36,7 +36,7 @@ sudo        !satori|vejeta|conf\.inv!
 crond       !/dev/[^nt]|bash!
 gpm         !bash|mingetty!
 ifconfig    !bash|^/bin/sh|/dev/tux|session.null|/dev/[^cludisopt]!
-diff        !bash|^/bin/sh|file\.h|proc\.h|/dev/[^n]|^/bin/.*sh!
+diff        !bash|^/bin/sh|file\.h|proc\.h|^/bin/.*sh!
 md5sum      !bash|^/bin/sh|file\.h|proc\.h|/dev/|^/bin/.*sh!
 hdparm      !bash|/dev/ida!
 ldd         !/dev/[^n]|proc\.h|libshow.so|libproc.a!