1 |
On Fri, 15 Apr 2016 10:40:34 +0200, Alan McKinnon wrote: |
2 |
|
3 |
> All these chrootkit and rkhunter warnings are about /dev/shm/ |
4 |
> files/devices. |
5 |
> > Is there something that makes anything in /dev/shm inherently |
6 |
> > suspicious? |
7 |
> |
8 |
> |
9 |
> Nope. It's just a place where shared memory cna be used. |
10 |
> |
11 |
> By far the most likely is that the script you use has an incomplete list |
12 |
> of things that can be found in there |
13 |
|
14 |
I have these entries in /etc/rkhunter.conf.local: |
15 |
|
16 |
ALLOWDEVFILE="/dev/shm/org.chromium.Chromium.shmem.*" |
17 |
ALLOWDEVFILE="/dev/shm/pulse-shm-*" |
18 |
ALLOWHIDDENFILE="/usr/share/man/man5/.k5identity.5.bz2" |
19 |
ALLOWHIDDENFILE="/usr/share/man/man5/.k5login.5.bz2" |
20 |
ALLOWHIDDENFILE="/usr/share/man/man5/.k5identity.5" |
21 |
ALLOWHIDDENFILE="/usr/share/man/man5/.k5login.5" |
22 |
|
23 |
|
24 |
-- |
25 |
Neil Bothwick |
26 |
|
27 |
Znqr lbh ybbx! |