| 1 |
On Fri, 15 Apr 2016 10:40:34 +0200, Alan McKinnon wrote: |
| 2 |
|
| 3 |
> All these chrootkit and rkhunter warnings are about /dev/shm/ |
| 4 |
> files/devices. |
| 5 |
> > Is there something that makes anything in /dev/shm inherently |
| 6 |
> > suspicious? |
| 7 |
> |
| 8 |
> |
| 9 |
> Nope. It's just a place where shared memory cna be used. |
| 10 |
> |
| 11 |
> By far the most likely is that the script you use has an incomplete list |
| 12 |
> of things that can be found in there |
| 13 |
|
| 14 |
I have these entries in /etc/rkhunter.conf.local: |
| 15 |
|
| 16 |
ALLOWDEVFILE="/dev/shm/org.chromium.Chromium.shmem.*" |
| 17 |
ALLOWDEVFILE="/dev/shm/pulse-shm-*" |
| 18 |
ALLOWHIDDENFILE="/usr/share/man/man5/.k5identity.5.bz2" |
| 19 |
ALLOWHIDDENFILE="/usr/share/man/man5/.k5login.5.bz2" |
| 20 |
ALLOWHIDDENFILE="/usr/share/man/man5/.k5identity.5" |
| 21 |
ALLOWHIDDENFILE="/usr/share/man/man5/.k5login.5" |
| 22 |
|
| 23 |
|
| 24 |
-- |
| 25 |
Neil Bothwick |
| 26 |
|
| 27 |
Znqr lbh ybbx! |
Archives