Hi, folks,
We're running CentOS 6.5, and rkhunter 1.4.0-2. My problem that's just
shown up, I think it was with the latest rkhunter update, is this: I've
got a user running jobs in R that run for days (not unusual around here
for jobs to run for days, or weeks). But R appears to use /dev/shm, and
of the three it creates (at least related to one job), one has a
prefix, one a postfix... and the main one has *nothing* other than a
random alphanumeric string as a filename.
Now, I could just whitelist /dev/shm, but I'm *sure* there's malware
out there that makes use of that. So my question is, *should* I
whitelist /dev/shm, since I can't know in advance what the random name
is, or is there a better solution?
Thanks in advance.
mark
------------------------------------------------------------------------------
Learn Graph Databases - Download FREE O'Reilly Book
"Graph Databases" is the definitive new guide to graph databases and their
applications. Written by three acclaimed leaders in the field,
this first edition is now available. Download your free book today!
http://p.sf.net/sfu/NeoTech
_______________________________________________
Rkhunter-users mailing list
Rkhunter-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/rkhunter-users
