I hope I’m not asking the obvious, but have you had a look at rkhunter.log?
The will probably give you some very good insight into what you may want to do,
configuration-wise, to stop the false positives.
From: Sivabs via Rkhunter-users [mailto:rkhunter-users@lists.sourceforge.net]
Sent: Tuesday, June 06, 2017 5:41 PM
To: rkhunter-users@lists.sourceforge.net
Subject: [Rkhunter-users] Configuration tips?
Hi,
I run RK on several server (>50).
After every update/upgrade, I receive lots of warnings, but since most OS are
identical in my environment, I can easily determine if there is a false
positive or not.
Anyway, everyday it is a lot of work :)
I wondering if someone wants to share some hints to minimize false positives, I
mean: do you run every test? If not, what test are disabled in your
configuration?
Thank you!
------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________
Rkhunter-users mailing list
Rkhunter-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/rkhunter-users
