Hello. First time posting to list. Our office has been running rkhunter on test
and production servers for several years now. We run with redhat and centos
versions 6 and 7. Recently, we updated rkhunter from versions 1.4.2 to 1.4.4.
We use the epel repository to get rkhunter. The upgrade to rkhunter version
1.4.4 has caused more reports similar to the following:
Warning: The following suspicious shared memory segments have been found:
Process: PID: 13365 Owner: oracle
Process: PID: 13365 Owner: oracle
Process: PID: 13365 Owner: oracle
The "Owner:" is always "oracle", the "PID:" changes from server to server, and
the "Process:" is always blank. We run a lot of oracle apps here. Also, the
"PID:" is not running on the server. I am very sure these warnings are
false-positives and can be ignored. I am looking for a way to whitelist this
warning. My search to find a way to whitelist this warning has not turned up
anything. So I decided to email this list.
These warning reports seemed to start with version 1.4.4. When our office had
few servers with rkhunter at version 1.4.4, the above reports were 3 a day.
However, when we updated all the servers to version 1.4.4 the above reports
jumped to 15 a day. This is another reason I decided to email this list.
Please let me know if you have any suggestions or need any additional
information. Thanks.
------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________
Rkhunter-users mailing list
Rkhunter-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/rkhunter-users
