I ran into this same issue a year or so ago. Even if you whitelist it, it will still notify you in the logs. Not sure if that is a problem for you, but in my case it was thousands and thousands of temp files for it was definitely a problem.
My solution was to create/use another shared mem mount, i.e. /var/run and have my job write to their. On 04/17/2014 01:06 PM, m.r...@5-cent.us wrote: > Hi, folks, > > We're running CentOS 6.5, and rkhunter 1.4.0-2. My problem that's just > shown up, I think it was with the latest rkhunter update, is this: I've > got a user running jobs in R that run for days (not unusual around here > for jobs to run for days, or weeks). But R appears to use /dev/shm, and > of the three it creates (at least related to one job), one has a > prefix, one a postfix... and the main one has *nothing* other than a > random alphanumeric string as a filename. > > Now, I could just whitelist /dev/shm, but I'm *sure* there's malware > out there that makes use of that. So my question is, *should* I > whitelist /dev/shm, since I can't know in advance what the random name > is, or is there a better solution? > > Thanks in advance. > > mark > > > ------------------------------------------------------------------------------ > Learn Graph Databases - Download FREE O'Reilly Book > "Graph Databases" is the definitive new guide to graph databases and their > applications. Written by three acclaimed leaders in the field, > this first edition is now available. Download your free book today! > http://p.sf.net/sfu/NeoTech > _______________________________________________ > Rkhunter-users mailing list > Rkhunter-users@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/rkhunter-users ------------------------------------------------------------------------------ Learn Graph Databases - Download FREE O'Reilly Book "Graph Databases" is the definitive new guide to graph databases and their applications. Written by three acclaimed leaders in the field, this first edition is now available. Download your free book today! http://p.sf.net/sfu/NeoTech _______________________________________________ Rkhunter-users mailing list Rkhunter-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/rkhunter-users
