Hi there,
On Fri, 15 May 2015, LANCE HOLLAND wrote:
I've started getting the above message every time I run rkhunter on
all my servers on ubuntu 14.04. I don't understand it as /dev/shm
points to /run/shm which appears to be writeable.
lrwxrwxrwx ??1 root root ?? ?? 8 Dec 21 15:35 shm -> /run/shm/
drwxrwxrwt ??2 root ??root ?? 40 Dec 21 15:35 shm/
...
The information you have given is sparse. :(
What version of rkhunter are you using?
Can you confirm that you are running rkhunter as root?
Is there anything that you can tell us about the time at which this
started happening? For example some sort of upgrade?
It is not clear from your post that the link and the directory above
are actually in the /dev/ and /run/ directories. Is that the case?
My Debian systems have a directory at /dev/shm/ and not a symlink.
I do not use Ubuntu so I do not know if the /dev/shm symlink you are
seeing is to be expected; absent some sudden inspiration it might be
worth finding that out.
Have you tried something like
touch /dev/shm/newemptyfile
from the root shell prompt to try to diagnose the problem?
Have you considered modifying the rkhunter shell script to change the
offending directory to some other temporary storage?
Are you using SELinux or AppArmor?
--
73,
Ged.
------------------------------------------------------------------------------
One dashboard for servers and applications across Physical-Virtual-Cloud
Widest out-of-the-box monitoring support with 50+ applications
Performance metrics, stats and reports that give you Actionable Insights
Deep dive visibility with transaction tracing using APM Insight.
http://ad.doubleclick.net/ddm/clk/290420510;117567292;y
_______________________________________________
Rkhunter-users mailing list
Rkhunter-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/rkhunter-users
