Rkhunter Warnings Received and Investigated

I received my rkhunter warning email moments ago. Two in fact, namely, a suspicious shared memory file and and suspicious hidden file. After googling the subjects I’m convinced they are false positives. With a name like /usr/lib/thunderbird/thunderbird it should be obvious that my email program is sharing memory files with other processes for more efficient use of memory. The other one is named /dev/shm/mono.xxxxx: data.

The two files I have to check out are /var/log/rkhunter.log, of course, and /etc/rkhunter.conf.

In /etc/rkhunter.conf which I opened in vim, I added a line such as: ALLOWIPCPROC=/usr/lib/thunderbird/thunderbird

and

ALLOWHIDDENFILE=/dev/shm/mono.*

This is to whitelist these file and process. I hope rkhunter won’t freak out if it encounters these anymore.

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s