I received my rkhunter warning email moments ago. Two in fact, namely, a suspicious shared memory file and and suspicious hidden file. After googling the subjects I’m convinced they are false positives. With a name like /usr/lib/thunderbird/thunderbird it should be obvious that my email program is sharing memory files with other processes for more efficient use of memory. The other one is named /dev/shm/mono.xxxxx: data.
The two files I have to check out are /var/log/rkhunter.log, of course, and /etc/rkhunter.conf.
In /etc/rkhunter.conf which I opened in vim, I added a line such as: ALLOWIPCPROC=/usr/lib/thunderbird/thunderbird
This is to whitelist these file and process. I hope rkhunter won’t freak out if it encounters these anymore.