[15:33:39] Info: Starting test name 'running_procs'
[15:33:40] Checking running processes for suspicious files [ Warning ]
[15:33:40] Warning: The following processes are using suspicious files:
[15:33:40] Command: crontab
[15:33:40] UID: 0 PID: 23315
[15:33:40] Pathname:
[15:33:40] Possible Rootkit: Unknown rootkit
[15:33:40] Command: crontab
[15:33:40] UID: 0 PID: 23315
[15:33:40] Pathname: /usr/bin/crontab
[15:33:40] Possible Rootkit: Unknown rootkit
Is there a way I can whitelist the crontab process? I haven't been able to
find a definitive answer to how (besides disabling the running_procs test
obviously), would RTKT_FILE_WHITELIST help? Is there another option in the
conf I missed?
Thanks, Nick
------------------------------------------------------------------------------
Precog is a next-generation analytics platform capable of advanced
analytics on semi-structured data. The platform includes APIs for building
apps and a phenomenal toolset for data science. Developers can use
our toolset for easy data analysis & visualization. Get a free account!
http://www2.precog.com/precogplatform/slashdotnewsletter
_______________________________________________
Rkhunter-users mailing list
Rkhunter-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/rkhunter-users