In order for anybody to respond to your statement "I think it can be safely ignored." you need to tell us what OS you are running.
The "ALLOWPROCDELFILE" statement must reference a file name, but you have indicated a directory name. I would have to guess, since this is a tmp directory, that the file names will continually changed so you will need to use a wildcard indicator: ALLOWPROCDELFILE=/bin/dash:/tmp/* ALLOWPROCDELFILE=/usr/sbin/cron:/tmp/* ALLOWPROCDELFILE=/bin/run-parts/:tmp/* -Al- macOS User > On Feb 19, 2019, at 00:27, Marco Strullato <marco.strull...@gmail.com> wrote: > > hi everyone, > > The execution of rkhunter in my system is triggered by the cron daily: during > the check some warning is raised, however I think it can be safely ignored. > > This is the daily report: > Warning: The following processes are using deleted files: > Process: /usr/bin/influxd PID: 586 File: /usr/bin/influxd > Process: /usr/sbin/cron PID: 15569 File: /tmp/tmpfAxob2Y > Process: /bin/dash PID: 15577 File: /tmp/tmpfAxob2Y > Process: /bin/run-parts PID: 15580 File: /tmp/tmpfAxob2Y > In order to skip these checks, I added to the config: > > ALLOWPROCDELFILE=/bin/dash:/tmp > ALLOWPROCDELFILE=/usr/sbin/cron:/tmp > ALLOWPROCDELFILE=/bin/run-parts:/tmp > > The problem is that the exclusion I specify is ignored. > > I think the problem I'm encountering is a kind of know, however I can't find > a solution... Any idea? > > Thanks & Regards > > Marco
smime.p7s
Description: S/MIME cryptographic signature
_______________________________________________ Rkhunter-users mailing list Rkhunter-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/rkhunter-users
