Rkhunter Warnings Received and Investigated

I received my rkhunter warning email moments ago. Two in fact, namely, a
suspicious shared memory file and and suspicious hidden file. After
googling the subjects I'm convinced they are false positives. With a
name like /usr/lib/thunderbird/thunderbird it should be obvious that my
email program is sharing memory files with other processes for more
efficient use of memory. The other one is named /dev/shm/mono.xxxxx: data.

The two files I have to check out are /var/log/rkhunter.log, of course,
and /etc/rkhunter.conf.

In /etc/rkhunter.conf which I opened in vim, I added a line such as:
ALLOWIPCPROC=/usr/lib/thunderbird/thunderbird

and

ALLOWHIDDENFILE=/dev/shm/mono.*

This is to whitelist these file and process. I hope rkhunter won't freak
out if it encounters these anymore.
Post a Comment

Popular posts from this blog

GnuCash In Arch Linux

America Must Evolve Fast Or Die

Update for Spectre And Meltdown, A Script for Checking Your System