Hi All, Still loving rkhunter and was surprised to get a new error I've never seen before on a new server I was building...
[09:45:54] Suspicious Shared Memory segments [09:45:54] Process: /usr/sbin/php5-fpm PID: 25994 Owner: www-data [ Found ] [09:45:54] Suspicious Shared Memory segments [ Warning ] ... lots of digging later and it seems that the shared memory is most probably due to the APC pool used by PHP and as far as I can tell is not suspicious at all. It looks like rkhunter is flagging up any shared memory that has permissions of 666 and is over 1000000 bytes. Before I whitelist this entry, can anyone tell me why rkhunter is flagging this up? Is there any reason that 666 permissions under this size are ok or non 666 permissions above this size? Just looking for a bit of history regarding this check if possible. It seems rather arbitrary :-) Thank you in advance Dan ------------------------------------------------------------------------------ _______________________________________________ Rkhunter-users mailing list Rkhunter-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/rkhunter-users
