I received my rkhunter warning email moments ago. Two in fact, namely, a
suspicious shared memory file and and suspicious hidden file. After
googling the subjects I'm convinced they are false positives. With a
name like /usr/lib/thunderbird/thunderbird it should be obvious that my
email program is sharing memory files with other processes for more
efficient use of memory. The other one is named /dev/shm/mono.xxxxx: data.
The two files I have to check out are /var/log/rkhunter.log, of course,
and /etc/rkhunter.conf.
In /etc/rkhunter.conf which I opened in vim, I added a line such as:
ALLOWIPCPROC=/usr/lib/thunderbird/thunderbird
and
ALLOWHIDDENFILE=/dev/shm/mono.*
This is to whitelist these file and process. I hope rkhunter won't freak
out if it encounters these anymore.
suspicious shared memory file and and suspicious hidden file. After
googling the subjects I'm convinced they are false positives. With a
name like /usr/lib/thunderbird/thunderbird it should be obvious that my
email program is sharing memory files with other processes for more
efficient use of memory. The other one is named /dev/shm/mono.xxxxx: data.
The two files I have to check out are /var/log/rkhunter.log, of course,
and /etc/rkhunter.conf.
In /etc/rkhunter.conf which I opened in vim, I added a line such as:
ALLOWIPCPROC=/usr/lib/thunderbird/thunderbird
and
ALLOWHIDDENFILE=/dev/shm/mono.*
This is to whitelist these file and process. I hope rkhunter won't freak
out if it encounters these anymore.
Comments