Hello, I want to integrate rkhunter via check_rootkit into my Nagios installation. But before I'll do this, I want rkhunter to not report any false positives.
I managed to eradicte most of them by setting PKGMGR and doing an --propupd. No all I have left is one warning about processes using deleted files. Checking running processes for deleted files [ Warning ] In the rkhunter.log the following entries are logged: Warning: The following processes are using deleted files: Process: /usr/sbin/mysqld PID: 2205 File: /tmp/ibExV5IK Process: /usr/sbin/apache2 PID: 2855 File: /var/run/apache2/ssl_mutex Process: /home/teamspeak/tss2_rc2/server_linux PID: 16598 File: /var/tmp/sqlite_dcQdgjGUDIDVnoh So I thought that setting the following ALLOWPROCDELFILE-Entries would make the message vanish. ALLOWPROCDELFILE=/usr/sbin/mysqld:/tmp/ibExV5IK ALLOWPROCDELFILE=/usr/sbin/apache2:/var/run/apache2/ssl_mutex ALLOWPROCDELFILE=/home/teamspeak/tss2_rc2/server_linux:/var/tmp/sqlite_dcQdgjGUDIDVnoh But they keep showing up. (Name of the tmp-files didn't change.) I know that listing the programs without the path works. And gives me a: Checking running processes for deleted files [ None found ] But due to security concerns this it not an option for me. Any hints for a solution with full pathnames? Thanks, Christian -- For private mail please use my GPG-Key. ID: 0xB7849C76 ------------------------------------------------------------------------------ The Planet: dedicated and managed hosting, cloud storage, colocation Stay online with enterprise data centers and the best network in the business Choose flexible plans and management services without long-term contracts Personal 24x7 support from experience hosting pros just a phone call away. http://p.sf.net/sfu/theplanet-com _______________________________________________ Rkhunter-users mailing list Rkhunter-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/rkhunter-users
